From 347c8600b98c9679826e3b7bb706a7bb50aba1d9 Mon Sep 17 00:00:00 2001 From: L3D Date: Thu, 30 Sep 2021 00:22:27 +0200 Subject: [PATCH] improve validating mechanism --- handlers/main.yml | 10 ---------- tasks/configure.yml | 23 +++++++++++++++++++++++ tasks/install.yml | 13 +++++++++++++ tasks/main.yml | 38 +++----------------------------------- vars/main.yml | 2 +- 5 files changed, 40 insertions(+), 46 deletions(-) create mode 100644 tasks/configure.yml create mode 100644 tasks/install.yml diff --git a/handlers/main.yml b/handlers/main.yml index ef9ce1b..3775613 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -1,14 +1,4 @@ --- -- name: unbound checkconf - become: true - ansible.builtin.command: unbound-checkconf /etc/unbound/unbound.conf - retries: 5 - delay: 3 - register: result - until: result.rc == 0 - - notify: systemctl restart unbound - - name: systemctl restart unbound become: true ansible.builtin.service: diff --git a/tasks/configure.yml b/tasks/configure.yml new file mode 100644 index 0000000..140d77f --- /dev/null +++ b/tasks/configure.yml @@ -0,0 +1,23 @@ +--- +- name: Copy unbound configuration snippets + become: true + ansible.builtin.copy: + src: '{{ item }}' + dest: '/etc/unbound/unbound.conf.d/' + owner: root + group: root + mode: 'u=rw,g=r,o=r' + with_fileglob: + - 'files/snippets/*.conf' + notify: systemctl restart unbound + +- name: Copy main unbound configuration + become: true + ansible.builtin.template: + src: 'files/unbound.conf' + dest: '/etc/unbound/unbound.conf' + owner: root + group: root + mode: 'u=rw,g=r,o=r' + validate: unbound-checkconf %s + notify: systemctl restart unbound diff --git a/tasks/install.yml b/tasks/install.yml new file mode 100644 index 0000000..fc555b2 --- /dev/null +++ b/tasks/install.yml @@ -0,0 +1,13 @@ +--- +- name: update debian cache + become: true + ansible.builtin.apt: + update_cache: true + cache_valid_time: 43200 + when: ansible_pkg_mgr == "apt" + +- name: install unbound + become: true + ansible.builtin.package: + name: unbound + state: "{{ unbound__state }}" diff --git a/tasks/main.yml b/tasks/main.yml index 77b6b5d..cea6bfd 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -3,40 +3,8 @@ ansible.builtin.include_tasks: versioncheck.yml when: submodules_versioncheck|bool -- name: update cache - become: true - ansible.builtin.apt: - state: "{{ unbound__state }}" - update_cache: true - cache_valid_time: 43200 - when: ansible_pkg_mgr == "apt" - - name: install unbound - become: true - ansible.builtin.package: - name: unbound - state: present + ansible.builtin.include_tasks: install.yml -- name: Copy unbound configuration snippets - become: true - ansible.builtin.copy: - src: '{{ item }}' - dest: '/etc/unbound/unbound.conf.d/' - owner: root - group: root - mode: 'u=rw,g=r,o=r' - with_fileglob: - - 'files/snippets/*.conf' - notify: - - unbound checkconf - -- name: Copy main unbound configuration - become: true - ansible.builtin.template: - src: 'files/unbound.conf' - dest: '/etc/unbound/unbound.conf' - owner: root - group: root - mode: 'u=rw,g=r,o=r' - notify: - - unbound checkconf +- name: configure unbound + ansible.builtin.include_tasks: configure.yml diff --git a/vars/main.yml b/vars/main.yml index 9f899ea..861abc1 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -1,3 +1,3 @@ --- -playbook_version_number: 68 # should be integer +playbook_version_number: 69 # should be integer playbook_version_path: 'role-unbound_roles-ansible_github.com.version'