Zone file validation role

This role uses named-checkzone to validate Bind zone.db files it finds
in the specified directory.  Helps to avoid committing broken DNS
configurations.

Needed-By: https://review.opendev.org/660888

Change-Id: If3dc95d1348553e5b43683f6a36d324fb978fbed
This commit is contained in:
Ian Wienand 2019-05-23 17:45:01 +10:00
parent f10241d917
commit 42b9c209ab
4 changed files with 32 additions and 0 deletions

View File

@ -33,5 +33,6 @@ General Purpose Roles
.. zuul:autorole:: upload-git-mirror
.. zuul:autorole:: validate-dco-license
.. zuul:autorole:: validate-host
.. zuul:autorole:: validate-zone-db
.. zuul:autorole:: version-from-git
.. zuul:autorole:: write-inventory

View File

@ -0,0 +1,12 @@
Validate bind zone.db files
This role uses ``named-checkzone`` to validate Bind ``zone.db`` files.
**Role Variables**
.. zuul:rolevar:: zone_files
:default: zuul.project.src_dir
Look for ``zone.db`` files recursively in this directory. The
layout should be ``domain.xyz/zone.db`` where a parent directory is
named for the zone the child ``zone.db`` file describes.

View File

@ -0,0 +1,2 @@
zone_files: '{{ ansible_user_dir }}/{{ zuul.project.src_dir }}'

View File

@ -0,0 +1,17 @@
- name: Install bind9utils
package:
name: bind9utils
state: present
become: yes
- name: Find zone files
find:
paths: '{{ zone_files }}'
patterns: 'zone.db'
recurse: yes
file_type: 'file'
register: zone_db_files
- name: 'Run checkzone'
command: '/usr/sbin/named-checkzone {{ item.path.split("/")[-2] }} {{ item.path }}'
loop: "{{ zone_db_files['files'] }}"