From 42b9c209ab4ee8fc5bf546d8563c46c4a623dc4a Mon Sep 17 00:00:00 2001 From: Ian Wienand Date: Thu, 23 May 2019 17:45:01 +1000 Subject: [PATCH] Zone file validation role This role uses named-checkzone to validate Bind zone.db files it finds in the specified directory. Helps to avoid committing broken DNS configurations. Needed-By: https://review.opendev.org/660888 Change-Id: If3dc95d1348553e5b43683f6a36d324fb978fbed --- doc/source/general-roles.rst | 1 + roles/validate-zone-db/README.rst | 12 ++++++++++++ roles/validate-zone-db/defaults/main.yaml | 2 ++ roles/validate-zone-db/tasks/main.yaml | 17 +++++++++++++++++ 4 files changed, 32 insertions(+) create mode 100644 roles/validate-zone-db/README.rst create mode 100644 roles/validate-zone-db/defaults/main.yaml create mode 100644 roles/validate-zone-db/tasks/main.yaml diff --git a/doc/source/general-roles.rst b/doc/source/general-roles.rst index 0f50d8b9c..02fd736a7 100644 --- a/doc/source/general-roles.rst +++ b/doc/source/general-roles.rst @@ -33,5 +33,6 @@ General Purpose Roles .. zuul:autorole:: upload-git-mirror .. zuul:autorole:: validate-dco-license .. zuul:autorole:: validate-host +.. zuul:autorole:: validate-zone-db .. zuul:autorole:: version-from-git .. zuul:autorole:: write-inventory diff --git a/roles/validate-zone-db/README.rst b/roles/validate-zone-db/README.rst new file mode 100644 index 000000000..8b388d7d2 --- /dev/null +++ b/roles/validate-zone-db/README.rst @@ -0,0 +1,12 @@ +Validate bind zone.db files + +This role uses ``named-checkzone`` to validate Bind ``zone.db`` files. + +**Role Variables** + +.. zuul:rolevar:: zone_files + :default: zuul.project.src_dir + + Look for ``zone.db`` files recursively in this directory. The + layout should be ``domain.xyz/zone.db`` where a parent directory is + named for the zone the child ``zone.db`` file describes. diff --git a/roles/validate-zone-db/defaults/main.yaml b/roles/validate-zone-db/defaults/main.yaml new file mode 100644 index 000000000..fd44e370e --- /dev/null +++ b/roles/validate-zone-db/defaults/main.yaml @@ -0,0 +1,2 @@ +zone_files: '{{ ansible_user_dir }}/{{ zuul.project.src_dir }}' + diff --git a/roles/validate-zone-db/tasks/main.yaml b/roles/validate-zone-db/tasks/main.yaml new file mode 100644 index 000000000..4c2abe01d --- /dev/null +++ b/roles/validate-zone-db/tasks/main.yaml @@ -0,0 +1,17 @@ +- name: Install bind9utils + package: + name: bind9utils + state: present + become: yes + +- name: Find zone files + find: + paths: '{{ zone_files }}' + patterns: 'zone.db' + recurse: yes + file_type: 'file' + register: zone_db_files + +- name: 'Run checkzone' + command: '/usr/sbin/named-checkzone {{ item.path.split("/")[-2] }} {{ item.path }}' + loop: "{{ zone_db_files['files'] }}"