nameserver-primary: add notifiers, dirs, docs

We finally update the primary nameserver role to get into production:
- add some more documentation
- include the directory creation of notifiers and zones
- deploy the notifier files via ansible
- remove the depricated dnssec-enable config

Author: mathiashro

roles/nameserver-primary/README.md

@@ -3,11 +3,15 @@ Diese Rolle installiert die Opennet Nameserver Master Rolle.
 
 Enthalten sind:
 * Paketinstallation
+* Grundkonfiguration von BIND
+* Cron-Job für automatische Erstellung Mesh IPv6 Zone
+* Erweiterung des Munin Monitoring
 
 = Konfiguration =
 
 Manuelle Arbeitsschritte:
 * BIND Opennet DNS Key auf Server erstellen (notwendig für Slaves)
+* BIND Opennet DNS Zonen auf Server ablegen - /etc/bind/zones
 
 = TODO =
 * BIND Statistiken verschieben? /var/run/named/stats

roles/nameserver-primary/tasks/bind.yml

@@ -2,6 +2,16 @@
   apt: 
     name: bind9
 
+- name: bind - Nameserver Verzeichnisse anlegen
+  file:
+    path: bind/{{ item }}
+    state: directory
+    owner: bind
+    group: bind
+  with_items:
+    - zones
+    - notifiers
+
 - name: bind - Nameserver konfigurieren
   template:
     src: bind/named.conf.local
@@ -14,6 +24,15 @@
     dest: /etc/bind/
   notify: restart bind
 
+- name: bind - Nameserver Notifier konfigurieren
+  template:
+    src: bind/notifiers/{{ item }}
+    dest: /etc/bin/notifiers/
+  with_items:
+    - opennet-extern.notifiers
+    - opennet-intern.notifiers
+  notify: restart bind
+
 - name: bind - originale Nameserver-Konfiguration deaktivieren
   lineinfile: 
     state: present

roles/nameserver-primary/templates/bind/named.conf.local

@@ -2,12 +2,12 @@
 
 // opennet acls
 acl "internetx" {
-        62.116.132.5;   
-        62.116.131.31;   # a.ns14.net
-        217.160.113.32;  # b.ns14.net
-        83.169.55.5;     # b.ns14.net
-        195.34.161.195;  # c.ns14.net
-        74.208.164.110;  # d.ns14.net
+  62.116.132.5;   
+  62.116.131.31;   # a.ns14.net
+  217.160.113.32;  # b.ns14.net
+  83.169.55.5;     # b.ns14.net
+  195.34.161.195;  # c.ns14.net
+  74.208.164.110;  # d.ns14.net
 };
 
 // opennet keys
@@ -16,20 +16,19 @@ include "/etc/bind/keys/opennet-dyndns-aps.key";
 
 // opennet options
 options {
-	directory "/var/cache/bind";
-	dnssec-validation auto;
-	listen-on-v6 { any; };
-	// opennet
-	version "opennet";
-	recursion no;
-	allow-query { any; };
-	allow-transfer { 
+  directory "/var/cache/bind";
+  dnssec-validation auto;
+  listen-on-v6 { any; };
+  // opennet
+  version "opennet";
+  recursion no;
+  allow-query { any; };
+  allow-transfer { 
     127.0.0.1; 
     key dnskey.opennet;
     internetx;
   };
-	key-directory "/etc/bind/keys";
-	dnssec-enable yes;
+  key-directory "/etc/bind/keys";
 };
 
 // opennet zones

roles/nameserver-primary/templates/bind/notifiers/opennet-extern.notifiers

@@ -0,0 +1,7 @@
+// {{ ansible_managed }}
+
+also-notify {
+  83.169.55.5;       // b.ns14.net (InternetX, Hosteurope)
+  217.160.113.32;    // b.ns14.net (InternetX, Schlundtech)
+  2001:7f0:1000::70; // pns.avxn.de (Schaffhausen, Ralph Oesker)
+};

roles/nameserver-primary/templates/bind/notifiers/opennet-intern.notifiers

@@ -0,0 +1,10 @@
+// {{ ansible_managed }}
+
+also-notify {
+  192.168.0.244;	// itsuki
+  192.168.0.245;	// gai
+  192.168.0.246;	// megumi
+  192.168.0.247;	// erina
+  192.168.0.248;	// subaru
+  192.168.0.254;	// titan
+};