Merge "Zone file validation role"

doc/source/general-roles.rst

@@ -33,5 +33,6 @@ General Purpose Roles
 .. zuul:autorole:: upload-git-mirror
 .. zuul:autorole:: validate-dco-license
 .. zuul:autorole:: validate-host
+.. zuul:autorole:: validate-zone-db
 .. zuul:autorole:: version-from-git
 .. zuul:autorole:: write-inventory

roles/validate-zone-db/README.rst

@@ -0,0 +1,12 @@
+Validate bind zone.db files
+
+This role uses ``named-checkzone`` to validate Bind ``zone.db`` files.
+
+**Role Variables**
+
+.. zuul:rolevar:: zone_files
+   :default: zuul.project.src_dir
+
+   Look for ``zone.db`` files recursively in this directory.  The
+   layout should be ``domain.xyz/zone.db`` where a parent directory is
+   named for the zone the child ``zone.db`` file describes.

roles/validate-zone-db/defaults/main.yaml

@@ -0,0 +1,2 @@
+zone_files: '{{ ansible_user_dir }}/{{ zuul.project.src_dir }}'
+

roles/validate-zone-db/tasks/main.yaml

@@ -0,0 +1,17 @@
+- name: Install bind9utils
+  package:
+    name: bind9utils
+    state: present
+  become: yes
+
+- name: Find zone files
+  find:
+    paths: '{{ zone_files }}'
+    patterns: 'zone.db'
+    recurse: yes
+    file_type: 'file'
+  register: zone_db_files
+
+- name: 'Run checkzone'
+  command: '/usr/sbin/named-checkzone {{ item.path.split("/")[-2] }} {{ item.path }}'
+  loop: "{{ zone_db_files['files'] }}"