--- # These are the temporary tasks needed on various machines before classroom build is finished. - name: Fixes required on utility VM. hosts: utility.lab.example.com become: yes gather_subset: min tasks: # XXX DONE XXX - name: Ensure idm is in ocp4.example.com zone. # XXX DONE XXX ansible.builtin.lineinfile: # XXX DONE XXX path: /var/named/ocp4.example.com.db # XXX DONE XXX regex: '^idm[[:space:]]' # XXX DONE XXX insertafter: '.*IN NS dns\.ocp4\.example\.com\.$' # XXX DONE XXX line: 'idm IN A 192.168.50.40' # XXX DONE XXX notify: # XXX DONE XXX - fix forward zone serial # XXX DONE XXX - restart named # XXX DONE XXX - name: Ensure idm is in ocp4.example.com reverse zone. # XXX DONE XXX ansible.builtin.lineinfile: # XXX DONE XXX path: /var/named/ocp4.example.com.reverse.db # XXX DONE XXX regex: '^40[[:space:]]' # XXX DONE XXX insertafter: '.*IN NS dns\.ocp4\.example\.com\.$' # XXX DONE XXX line: '40 IN PTR idm.ocp4.example.com.' # XXX DONE XXX notify: # XXX DONE XXX - fix reverse zone serial # XXX DONE XXX - restart named # XXX DONE??? - name: Ensure utility allows forwarding traffic from external to public/trusted zones. ansible.builtin.copy: dest: /etc/firewalld/policies/fwd-stud-to-ocp.xml mode: 0644 owner: root group: root content: | notify: - reload utility firewalld handlers: - name: reload utility firewalld ansible.builtin.service: name: firewalld state: reloaded - name: fix forward zone serial ansible.builtin.lineinfile: path: /var/named/ocp4.example.com.db regex: '.*; serial$' line: " {{ ansible_facts['date_time']['year'] }}{{ ansible_facts['date_time']['month'] }}{{ ansible_facts['date_time']['day'] }}00" - name: fix reverse zone serial ansible.builtin.lineinfile: path: /var/named/ocp4.example.com.reverse.db regex: '.*; serial$' line: " {{ ansible_facts['date_time']['year'] }}{{ ansible_facts['date_time']['month'] }}{{ ansible_facts['date_time']['day'] }}00" - name: restart named ansible.builtin.service: name: named state: restarted ...