initial version of the playbook

.gitignore

@@ -0,0 +1 @@
+.*.swp

ansible.cfg

@@ -0,0 +1,7 @@
+[defaults]
+remote_user = devops
+inventory = ./hosts/
+
+[privilege_escalation]
+become_method = sudo
+become_ask_pass = no

deploy-dns.yml

@@ -0,0 +1,65 @@
+---
+- name: make sure required software is installed
+  hosts: all
+  become: yes
+  tasks:
+    - name: ensure the software is there
+      yum:
+        name: "{{ packages }}"
+        state: latest
+
+- name: deploy corresponding dns service and configuration
+  hosts: dnsservers,caching_ns
+  become: yes
+  tasks:
+    - name: process any templates and publish them
+      template:
+        src: "{{ item.src }}"
+        dest: "{{ item.dest }}"
+        owner: "{{ item.owner }}"
+        group: "{{ item.group }}"
+        mode: "{{ item.mode }}"
+      notify:
+        - test configuration validity
+        - reload or restart the service
+      loop: "{{ configs }}"
+
+    - name: deploy the static files as well
+      copy:
+        src: "{{ item.src }}"
+        dest: "{{ item.dest }}"
+        owner: "{{ item.owner }}"
+        group: "{{ item.group }}"
+        mode: "{{ item.mode }}"
+      notify: them handlerz
+      loop: "{{ staticfiles }}"
+
+    - name: execute handlers if necessary
+      meta: flush_handlers
+
+    - name: ensure the service is started and enabled to start automatically
+      service:
+        name: "{{ service }}"
+        state: started
+        enabled: yes
+
+    - name: ensure firewall is open for the service
+      firewalld:
+        service: "{{ fwsvc }}"
+        state: enabled
+        immediate: yes
+        permanent: yes
+
+  handlers:
+    - name: test configuration validity
+      listen: them handlerz
+      command: "{{ item }}"
+      changed_when: false
+      loop: "{{ test_programs }}"
+
+    - name: restart the service
+      listen: them handlerz
+      service:
+        name: "{{ service }}"
+        state: restarted
+

hosts/caching.yml

@@ -0,0 +1,23 @@
+all:
+  children:
+    caching_ns:
+      hosts:
+        servera.lab.example.com:
+      vars:
+        packages:
+          - unbound
+        configs:
+          - src: unbound.conf.j2
+            dest: /etc/unbound/unbound.conf
+            owner: root
+            group: root
+            mode: 0640
+          - src: unbound-sysconf.j2
+            dest: /etc/sysconfig/unbound
+            owner: root
+            group: root
+            mode: 0640
+        service: unbound
+        fwsvc: dns
+        test_programs:
+          - unbound-checkconf

hosts/clients.yml

@@ -0,0 +1,7 @@
+all:
+  children:
+    dnsclients:
+      hosts:
+        workstation.lab.example.com:
+          packages:
+            - bind-utils

hosts/dnsservers.yml

@@ -0,0 +1,36 @@
+all:
+  children:
+    dnsservers:
+      children:
+        primary:
+          hosts:
+            serverd.lab.example.com:
+              staticfiles:
+                - src: int.example.com.zone
+                  dest: /var/named/int.example.com.zone
+                  owner: named
+                  group: named
+                  mode: 0640
+          vars:
+            test_programs:
+              - named-checkconf
+              - named-checkzone int.example.com.zone /var/named/int.example.com.zone
+        secondary:
+          hosts:
+            serverb.lab.example.com:
+            serverc.lab.example.com:
+          vars:
+            test_programs:
+              - named-checkconf
+      vars:
+        packages:
+          - bind
+          - bind-utils
+        configs:
+          - src: named.conf.j2
+            dest: /etc/named.conf
+            owner: named
+            group: named
+            mode: 0640
+        service: bind
+        fwsvc: dns