Merge "Zone file validation role"

2019-05-23 13:58:57 +00:00 · 2019-05-23 13:58:57 +00:00 · 9515883f88
parent b86e7153d4 42b9c209ab
commit 9515883f88
4 changed files with 32 additions and 0 deletions
--- a/doc/source/general-roles.rst
+++ b/doc/source/general-roles.rst
@ -33,5 +33,6 @@ General Purpose Roles
 .. zuul:autorole:: upload-git-mirror
 .. zuul:autorole:: validate-dco-license
 .. zuul:autorole:: validate-host
+.. zuul:autorole:: validate-zone-db
 .. zuul:autorole:: version-from-git
 .. zuul:autorole:: write-inventory
--- a/roles/validate-zone-db/README.rst
+++ b/roles/validate-zone-db/README.rst
@ -0,0 +1,12 @@
+Validate bind zone.db files
+
+This role uses ``named-checkzone`` to validate Bind ``zone.db`` files.
+
+**Role Variables**
+
+.. zuul:rolevar:: zone_files
+   :default: zuul.project.src_dir
+
+   Look for ``zone.db`` files recursively in this directory.  The
+   layout should be ``domain.xyz/zone.db`` where a parent directory is
+   named for the zone the child ``zone.db`` file describes.
--- a/roles/validate-zone-db/defaults/main.yaml
+++ b/roles/validate-zone-db/defaults/main.yaml
@ -0,0 +1,2 @@
+zone_files: '{{ ansible_user_dir }}/{{ zuul.project.src_dir }}'
+
--- a/roles/validate-zone-db/tasks/main.yaml
+++ b/roles/validate-zone-db/tasks/main.yaml
@ -0,0 +1,17 @@
+- name: Install bind9utils
+  package:
+    name: bind9utils
+    state: present
+  become: yes
+
+- name: Find zone files
+  find:
+    paths: '{{ zone_files }}'
+    patterns: 'zone.db'
+    recurse: yes
+    file_type: 'file'
+  register: zone_db_files
+
+- name: 'Run checkzone'
+  command: '/usr/sbin/named-checkzone {{ item.path.split("/")[-2] }} {{ item.path }}'
+  loop: "{{ zone_db_files['files'] }}"
				`@ -0,0 +1,2 @@`
				`zone_files: '{{ ansible_user_dir }}/{{ zuul.project.src_dir }}'`