Skip to content

fix-901: Fix CI #2

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
fluuflute merged 1 commit into from
Apr 13, 2026
Merged

fix-901: Fix CI #2

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions .github/workflows/ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,9 @@ jobs:
- name: Install test dependencies.
run: pip3 install ansible molecule "molecule-plugins[docker]" docker netaddr dnspython

- name: Install Ansible collections.
run: ansible-galaxy collection install ansible.utils

- name: Run Molecule Primary/Secondary/Forwarder tests
run: molecule test
env:
Expand Down
2 changes: 1 addition & 1 deletion defaults/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -84,7 +84,7 @@ bind_statistics_allow:

# DNSSEC configuration
bind_dnssec_enable: true
bind_dnssec_validation: true
bind_dnssec_validation: auto

bind_extra_include_files: []

Expand Down
2 changes: 1 addition & 1 deletion meta/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
---
galaxy_info:
namespace: rgsystemes
role_name: bind
namespace: bertvv
author: Bert Van Vreckem
description: >
Sets up ISC BIND as an authoritative DNS server for one or more domains
Expand Down
3 changes: 3 additions & 0 deletions molecule/default/collections.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
---
collections:
- name: ansible.utils
2 changes: 1 addition & 1 deletion molecule/default/converge.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,4 +5,4 @@
hosts: all

roles:
- role: "bertvv.bind"
- role: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') }}"
2 changes: 1 addition & 1 deletion molecule/default/group_vars/all.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,4 +26,4 @@ bind_zone_ttl: "2W"
bind_zone_time_to_refresh: "2D"
bind_zone_time_to_retry: "2H"
bind_zone_time_to_expire: "2W"
bind_statistics_host: "{{ ansible_default_ipv4.address }}"
bind_statistics_host: "{{ ansible_facts['default_ipv4']['address'] }}"
26 changes: 11 additions & 15 deletions molecule/default/molecule.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
---
role_name_check: 1
dependency:
name: galaxy
driver:
Expand All @@ -18,13 +19,11 @@ platforms:
command: ${MOLECULE_DOCKER_COMMAND:-""}
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:rw
- ${PWD}:/etc/ansible/roles/bertvv.bind:ro
- ${PWD}:/etc/ansible/roles/ansible-role-bind:ro
- ${PWD}/library:/root/.ansible/plugins/modules:ro
cgroupns_mode: host
privileged: true
pre_build_image: true
tty: true
environment:
container: docker
- name: ns2
hostname: ns2
networks:
Expand All @@ -34,13 +33,11 @@ platforms:
command: ${MOLECULE_DOCKER_COMMAND:-""}
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:rw
- ${PWD}:/etc/ansible/roles/bertvv.bind:ro
- ${PWD}:/etc/ansible/roles/ansible-role-bind:ro
- ${PWD}/library:/root/.ansible/plugins/modules:ro
cgroupns_mode: host
privileged: true
pre_build_image: true
tty: true
environment:
container: docker
- name: ns3
hostname: ns3
networks:
Expand All @@ -50,20 +47,19 @@ platforms:
command: ${MOLECULE_DOCKER_COMMAND:-""}
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:rw
- ${PWD}:/etc/ansible/roles/bertvv.bind:ro
- ${PWD}:/etc/ansible/roles/ansible-role-bind:ro
- ${PWD}/library:/root/.ansible/plugins/modules:ro
cgroupns_mode: host
privileged: true
pre_build_image: true
tty: true
environment:
container: docker
provisioner:
name: ansible
config_options:
defaults:
interpreter_python: auto_legacy_silent
callback_whitelist: profile_tasks
deprecation_warnings: false
remote_tmp: /tmp
ssh_connection:
pipelining: true
verifier:
name: ansible
playbooks:
converge: ${MOLECULE_PLAYBOOK:-converge.yml}
24 changes: 19 additions & 5 deletions molecule/default/verify.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@

- name: Set local_dns variable for dig
ansible.builtin.set_fact:
local_dns: "{{ '@' + ansible_default_ipv4.address }}"
local_dns: "{{ '@' + ansible_facts['default_ipv4']['address'] }}"

- name: IPv4 Forward lookups
ansible.builtin.assert:
Expand Down Expand Up @@ -82,16 +82,30 @@
- lookup('dig', '2001:db9::1/PTR', local_dns) == 'srv001.example.com.'

- name: NS records lookup
vars:
acme_ns: >-
{{ lookup('dig', 'acme-inc.com/NS', local_dns)
.split(',') | sort | join(',') }}
example_ns: >-
{{ lookup('dig', 'example.com/NS', local_dns)
.split(',') | sort | join(',') }}
ansible.builtin.assert:
that:
- lookup('dig', 'acme-inc.com/NS', local_dns).split(',') | sort | join(',') == 'ns1.acme-inc.com.,ns2.acme-inc.com.'
- lookup('dig', 'example.com/NS', local_dns).split(',') | sort | join(',') == 'ns1.acme-inc.com.,ns2.acme-inc.com.'
- acme_ns == 'ns1.acme-inc.com.,ns2.acme-inc.com.'
- example_ns == 'ns1.acme-inc.com.,ns2.acme-inc.com.'

- name: MX records lookup
vars:
acme_mx: >-
{{ lookup('dig', 'acme-inc.com/MX', local_dns)
.split(',') | sort | join(',') }}
example_mx: >-
{{ lookup('dig', 'example.com/MX', local_dns)
.split(',') | sort | join(',') }}
ansible.builtin.assert:
that:
- lookup('dig', 'acme-inc.com/MX', local_dns).split(',') | sort | join(',') == '10 mail001.acme-inc.com.,20 mail002.acme-inc.com.'
- lookup('dig', 'example.com/MX', local_dns).split(',') | sort | join(',') == '10 mail001.example.com.'
- acme_mx == '10 mail001.acme-inc.com.,20 mail002.acme-inc.com.'
- example_mx == '10 mail001.example.com.'

- name: Service records lookup
ansible.builtin.assert:
Expand Down
3 changes: 3 additions & 0 deletions molecule/shared_inventory/collections.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
---
collections:
- name: ansible.utils
2 changes: 1 addition & 1 deletion molecule/shared_inventory/converge.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,4 +6,4 @@
hosts: dns

roles:
- role: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') | basename }}"
- role: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') }}"
18 changes: 7 additions & 11 deletions molecule/shared_inventory/molecule.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,8 +1,7 @@
---
role_name_check: 1
dependency:
name: galaxy
options:
ignore-errors: true
driver:
name: docker
platforms:
Expand All @@ -24,11 +23,9 @@ platforms:
- /sys/fs/cgroup:/sys/fs/cgroup:rw
- ${PWD}:/etc/ansible/roles/bertvv.bind:ro
- ${PWD}/library:/root/.ansible/plugins/modules:ro
cgroupns_mode: host
privileged: true
pre_build_image: true
tty: true
environment:
container: docker
- name: ns5
hostname: ns5
groups:
Expand All @@ -42,18 +39,17 @@ platforms:
- /sys/fs/cgroup:/sys/fs/cgroup:rw
- ${PWD}:/etc/ansible/roles/bertvv.bind:ro
- ${PWD}/library:/root/.ansible/plugins/modules:ro
cgroupns_mode: host
privileged: true
pre_build_image: true
tty: true
environment:
container: docker
provisioner:
name: ansible
config_options:
defaults:
interpreter_python: auto_legacy_silent
callback_whitelist: profile_tasks
deprecation_warnings: false
remote_tmp: /tmp
ssh_connection:
pipelining: true
verifier:
name: ansible
playbooks:
converge: ${MOLECULE_PLAYBOOK:-converge.yml}
24 changes: 19 additions & 5 deletions molecule/shared_inventory/verify.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@

- name: Set local_dns variable for dig
ansible.builtin.set_fact:
local_dns: "{{ '@' + ansible_default_ipv4.address }}"
local_dns: "{{ '@' + ansible_facts['default_ipv4']['address'] }}"

- name: IPv4 Forward lookups
ansible.builtin.assert:
Expand Down Expand Up @@ -82,16 +82,30 @@
- lookup('dig', '2001:db9::1/PTR', local_dns) == 'srv001.example.com.'

- name: NS records lookup
vars:
acme_ns: >-
{{ lookup('dig', 'acme-inc.com/NS', local_dns)
.split(',') | sort | join(',') }}
example_ns: >-
{{ lookup('dig', 'example.com/NS', local_dns)
.split(',') | sort | join(',') }}
ansible.builtin.assert:
that:
- lookup('dig', 'acme-inc.com/NS', local_dns).split(',') | sort | join(',') == 'ns1.acme-inc.com.,ns2.acme-inc.com.'
- lookup('dig', 'example.com/NS', local_dns).split(',') | sort | join(',') == 'ns1.acme-inc.com.,ns2.acme-inc.com.'
- acme_ns == 'ns1.acme-inc.com.,ns2.acme-inc.com.'
- example_ns == 'ns1.acme-inc.com.,ns2.acme-inc.com.'

- name: MX records lookup
vars:
acme_mx: >-
{{ lookup('dig', 'acme-inc.com/MX', local_dns)
.split(',') | sort | join(',') }}
example_mx: >-
{{ lookup('dig', 'example.com/MX', local_dns)
.split(',') | sort | join(',') }}
ansible.builtin.assert:
that:
- lookup('dig', 'acme-inc.com/MX', local_dns).split(',') | sort | join(',') == '10 mail001.acme-inc.com.,20 mail002.acme-inc.com.'
- lookup('dig', 'example.com/MX', local_dns).split(',') | sort | join(',') == '10 mail001.example.com.'
- acme_mx == '10 mail001.acme-inc.com.,20 mail002.acme-inc.com.'
- example_mx == '10 mail001.example.com.'

- name: Service records lookup
ansible.builtin.assert:
Expand Down
14 changes: 7 additions & 7 deletions tasks/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,12 +3,12 @@
- name: Source specific variables
ansible.builtin.include_vars: "{{ item }}"
with_first_found:
- "{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml"
- "{{ ansible_distribution }}.yml"
- "{{ ansible_os_family }}-{{ ansible_distribution_major_version }}.yml"
- "{{ ansible_os_family }}.yml"
- "{{ ansible_distribution_file_variety }}-{{ ansible_distribution_major_version }}.yml"
- "{{ ansible_distribution_file_variety }}.yml"
- "{{ ansible_facts['distribution'] }}-{{ ansible_facts['distribution_major_version'] }}.yml"
- "{{ ansible_facts['distribution'] }}.yml"
- "{{ ansible_facts['os_family'] }}-{{ ansible_facts['distribution_major_version'] }}.yml"
- "{{ ansible_facts['os_family'] }}.yml"
- "{{ ansible_facts['distribution_file_variety'] }}-{{ ansible_facts['distribution_major_version'] }}.yml"
- "{{ ansible_facts['distribution_file_variety'] }}.yml"
tags: bind

- name: Check `primaries` or `forwarders` was set for each zone
Expand All @@ -27,7 +27,7 @@
update_cache: true
become: true
changed_when: false
when: ansible_os_family == 'Debian'
when: ansible_facts["os_family"] == 'Debian'
tags: bind

- name: Assert that all XFR keys exist in the key list
Expand Down
37 changes: 29 additions & 8 deletions tasks/zones.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
---
- name: Set list of all host IP addresses
ansible.builtin.set_fact:
host_all_addresses: "{{ ansible_all_ipv4_addresses | union(ansible_all_ipv6_addresses) }}"
host_all_addresses: "{{ ansible_facts['all_ipv4_addresses'] | union(ansible_facts['all_ipv6_addresses']) }}"
tags: bind

- name: Read forward zone hashes
Expand All @@ -27,7 +27,12 @@
tags: bind

- name: Read reverse ipv4 zone hashes
ansible.builtin.shell: "grep -s \"^; Hash:\" {{ bind_zone_dir }}/{{ ('.'.join(item.1.replace(item.1+'.','').split('.')[::-1])) }}.in-addr.arpa || true"
vars:
reverse_ipv4_zone: >-
{{ item.1.replace(item.1 + '.', '')
.split('.') | reverse | join('.') }}.in-addr.arpa
ansible.builtin.shell: >
grep -s "^; Hash:" {{ bind_zone_dir }}/{{ reverse_ipv4_zone }} || true
changed_when: false
check_mode: false
register: reverse_hashes_temp
Expand All @@ -53,7 +58,12 @@
tags: bind

- name: Read reverse ipv6 zone hashes
ansible.builtin.shell: 'grep -s "^; Hash:" {{ bind_zone_dir }}/{{ (item.1 | ansible.utils.ipaddr("revdns"))[-(9+(item.1|regex_replace("^.*/","")|int)//2):-1] }} || true'
vars:
reverse_ipv6_zone: >-
{{ (item.1 | ansible.utils.ipaddr('revdns'))
[-(9 + (item.1 | regex_replace('^.*/', '') | int) // 2):-1] }}
ansible.builtin.shell: >
grep -s "^; Hash:" {{ bind_zone_dir }}/{{ reverse_ipv6_zone }} || true
changed_when: false
check_mode: false
register: reverse_hashes_ipv6_temp
Expand All @@ -69,7 +79,10 @@

- name: Create dict of reverse ipv6 hashes
ansible.builtin.set_fact:
reverse_hashes_ipv6: "{{ reverse_hashes_ipv6|default([]) + [ {'hash': item.0.stdout|default(), 'network': item.1} ] }}"
reverse_hashes_ipv6: >-
{{ reverse_hashes_ipv6 | default([])
+ [ {'hash': item.0.stdout | default(),
'network': item.1 } ] }}
with_subelements:
- "{{ reverse_hashes_ipv6_temp.results }}"
- item
Expand Down Expand Up @@ -101,14 +114,18 @@
tags: bind

- name: Create reverse lookup zone file
vars:
check_zone: >-
{{ item.1.replace(item.1 + '.', '')
.split('.') | reverse | join('.') }}.in-addr.arpa
ansible.builtin.template:
src: reverse_zone.j2
dest: "{{ bind_zone_dir }}/{{ ('.'.join(item.1.replace(item.1+'.','').split('.')[::-1])) }}.in-addr.arpa"
dest: "{{ bind_zone_dir }}/{{ check_zone }}"
owner: "{{ bind_owner }}"
group: "{{ bind_group }}"
mode: "{{ bind_zone_file_mode }}"
setype: named_zone_t
validate: "named-checkzone {{ ('.'.join(item.1.replace(item.1+'.','').split('.')[::-1])) }}.in-addr.arpa %s"
validate: "named-checkzone {{ check_zone }} %s"
become: true
with_subelements:
- "{{ bind_zones }}"
Expand All @@ -126,14 +143,18 @@
tags: bind

- name: Create reverse IPv6 lookup zone file
vars:
reverse_ipv6_zone: >-
{{ (item.1 | ansible.utils.ipaddr('revdns'))
[-(9 + (item.1 | regex_replace('^.*/', '') | int) // 2):-1] }}
ansible.builtin.template:
src: reverse_zone_ipv6.j2
dest: "{{ bind_zone_dir }}/{{ (item.1 | ansible.utils.ipaddr('revdns'))[-(9+(item.1|regex_replace('^.*/','')|int)//2):-1] }}"
dest: "{{ bind_zone_dir }}/{{ reverse_ipv6_zone }}"
owner: "{{ bind_owner }}"
group: "{{ bind_group }}"
mode: "{{ bind_zone_file_mode }}"
setype: named_zone_t
validate: "named-checkzone {{ (item.1 | ansible.utils.ipaddr('revdns'))[-(9+(item.1|regex_replace('^.*/','')|int)//2):] }} %s"
validate: "named-checkzone {{ reverse_ipv6_zone }} %s"
become: true
with_subelements:
- "{{ bind_zones }}"
Expand Down
2 changes: 1 addition & 1 deletion templates/auth_transfer.j2
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ server {{ primary }} {
{% endfor %}

{% endif %}
server {{ ansible_default_ipv4.address }} {
server {{ ansible_facts['default_ipv4']['address'] }} {
keys { {% for mykey in bind_dns_keys %} {{ mykey.name }}; {% endfor %} };
};

Expand Down
Loading