From 40edb5e6ea2a2e71ba862b5c21695fdff15f66d2 Mon Sep 17 00:00:00 2001
From: Adar Nimrod <nimrod@shore.co.il>
Date: Sun, 18 Dec 2016 17:05:53 +0200
Subject: [PATCH] - Change of approch, instead of wrestling with config clauses
 that can only be declared once or multiple times and the config templates,
 have a single config template and have the values (blocks) will populate the
 correct clauses. Update documentation. - Better assertions. - Install missing
 utilities for Testinfra to function.

---
 README.rst                                    | 15 +++---
 defaults/main.yml                             | 14 ++++--
 tasks/main.yml                                | 49 +++++--------------
 templates/nsd.conf.j2                         | 23 +++++++++
 tests/playbook.yml                            | 22 +++------
 .../{nsd_zones => nsd/zones}/testzone         |  0
 tests/templates/nsd_conf_d/testzone.conf      |  3 --
 vars/main.yml                                 |  3 +-
 8 files changed, 61 insertions(+), 68 deletions(-)
 create mode 100644 templates/nsd.conf.j2
 rename tests/templates/{nsd_zones => nsd/zones}/testzone (100%)
 delete mode 100644 tests/templates/nsd_conf_d/testzone.conf

diff --git a/README.rst b/README.rst
index 57d4664..fcb31ac 100644
--- a/README.rst
+++ b/README.rst
@@ -5,14 +5,13 @@ NSD
     :target: https://travis-ci.org/adarnimrod/nsd
 
 Provision an NSD authorative DNS server. By default the role has minimal
-configuration. You can add your own by overriding the default
-:code:`nsd_config` dictionary with your own for configuration under the
-:code:`server` block in :code:`nsd.conf`. For other blocks that can declared
-multiple times (like the :code:`zone` block) add your own templates in the
-:code:`templates/nsd/conf.d` directory either inside the role or next to your
-playbook. Likewise, zone templates can be added by placing them in
-:code:`templates/nsd/zones` (again either inside the role or relative to your
-playbook).
+configuration. Overriding :code:`nsd_server_block` with a text block will
+configure the :code:`server` clause of NSD, same for
+:code:`nsd_remote_control_block` and the :code:`remote-control` block. Multiple
+patterns, zones and keys are provided by overriding :code:`nsd_patterns`,
+:code:`nsd_zones` and :code:`nsd_keys` respectively. Zone file templates can be
+added by placing them in :code:`templates/nsd/zones` either inside the role or
+relative to your playbook.
 
 Requirements
 ------------
diff --git a/defaults/main.yml b/defaults/main.yml
index 69ca08b..9b04799 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -2,7 +2,13 @@
 # defaults file for nsd
 
 nsd_mail_alias: root # Where to send mail for the NSD user.
-nsd_config: # key/value configuration under the server block, for more
-            # information consult the nsd.conf man page.
-    'rrl-ratelimit': 200
-    'rrl-whitelist-ratelimit': 2000
+nsd_server_block: |
+    rrl-ratelimit: 200
+    rrl-whitelist-ratelimit: 2000
+
+nsd_remote_control_block: |
+    control-enable: no
+
+nsd_patterns: []
+nsd_keys: []
+nsd_zones: []
diff --git a/tasks/main.yml b/tasks/main.yml
index e01ddec..4ab4e31 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -6,7 +6,11 @@
     that:
         - ansible_os_family in nsd_user
         - ansible_os_family in aliases_file
-        - nsd_config is iterable
+        - nsd_server_block is defined
+        - nsd_remote_control_block is defined
+        - nsd_patterns is iterable
+        - nsd_keys is iterable
+        - nsd_zones is iterable
 
 - name: APT install NSD
   when: ansible_pkg_mgr == 'apt'
@@ -16,60 +20,31 @@
       update_cache: yes
       cache_valid_time: 3600
 
-- name: Create conf.d directory
+- name: Create zones directory
   file:
-      path: '{{ nsd_conf_d }}'
+      path: '{{ nsd_zones_dir }}'
       state: directory
       owner: root
       group: 0
       mode: 0o755
 
-- name: Use the conf.d directory
-  lineinfile:
-      dest: '{{ nsd_conf }}'
-      line: 'include: "{{ nsd_conf_d }}/*.conf"'
-      insertafter: EOF
-      state: present
-  notify:
-      - Restart NSD
-
-- name: Add server block
-  lineinfile:
-      dest: '{{ nsd_conf }}'
-      line: 'server:'
-      insertbefore: BOF
-      state: present
-
 - name: Configure
-  with_dict: '{{ nsd_config }}'
-  lineinfile:
-      dest: '{{ nsd_conf }}'
-      line: '{{ item.key }}: {{ item.value }}'
-      regexp: '{{ item.key }}:'
-      insertafter: 'server:'
-  notify:
-      - Restart NSD
-
-- name: Copy configuration templates
-  with_fileglob:
-      - '{{ role_path }}/templates/nsd/conf.d/*'
-      - '{{ playbook_dir }}/templates/nsd/conf.d/*'
   template:
-      src: '{{ item }}'
-      dest: '{{ nsd_conf_d }}/'
+      src: nsd.conf.j2
+      dest: '{{ nsd_conf }}'
       owner: root
       group: 0
-      mode: 0o644
+      mode: 0o0644
   notify:
       - Restart NSD
 
-- name: Copy zones
+- name: Copy zone templates
   with_fileglob:
       - '{{ role_path }}/templates/nsd/zones/*'
       - '{{ playbook_dir }}/templates/nsd/zones/*'
   template:
       src: '{{ item }}'
-      dest: '{{ nsd_zones }}/'
+      dest: '{{ nsd_zones_dir }}/'
       owner: root
       group: 0
       mode: 0o644
diff --git a/templates/nsd.conf.j2 b/templates/nsd.conf.j2
new file mode 100644
index 0000000..c248716
--- /dev/null
+++ b/templates/nsd.conf.j2
@@ -0,0 +1,23 @@
+server:
+{{ nsd_server_block }}
+
+remote-control:
+{{ nsd_remote_control_block }}
+
+{% for pattern in nsd_patterns %}
+pattern:
+{{ pattern }}
+
+{% endfor %}
+
+{% for key in nsd_keys %}
+key:
+{{ key }}
+
+{% endfor %}
+
+{% for zone in nsd_zones %}
+zone:
+{{ zone }}
+
+{% endfor %}
diff --git a/tests/playbook.yml b/tests/playbook.yml
index 84aceb6..1c4d460 100644
--- a/tests/playbook.yml
+++ b/tests/playbook.yml
@@ -11,18 +11,12 @@
   strategy: free
   roles:
     - role: nsd
+      nsd_zones:
+          - |
+              name: "testzone"
+              zonefile: "testzone"
   post_tasks:
-      - name: Copy test zone
-        with_items:
-            - src: templates/nsd_conf_d/testzone.conf
-              dest: '{{ nsd_conf_d }}/testzone.conf'
-            - src: templates/nsd_zones/testzone
-              dest: '{{ nsd_zones }}/testzone'
-        template:
-            src: '{{ item.src }}'
-            dest: '{{ item.dest }}'
-            owner: root
-            group: 0
-            mode: 0o0644
-        notify:
-            - Restart NSD
+      - name: APT install test utilities
+        apt:
+            name: [net-tools, dnsutils]
+            state: present
diff --git a/tests/templates/nsd_zones/testzone b/tests/templates/nsd/zones/testzone
similarity index 100%
rename from tests/templates/nsd_zones/testzone
rename to tests/templates/nsd/zones/testzone
diff --git a/tests/templates/nsd_conf_d/testzone.conf b/tests/templates/nsd_conf_d/testzone.conf
deleted file mode 100644
index aa87ffe..0000000
--- a/tests/templates/nsd_conf_d/testzone.conf
+++ /dev/null
@@ -1,3 +0,0 @@
-zone:
-    name: "testzone"
-    zonefile: "testzone"
diff --git a/vars/main.yml b/vars/main.yml
index 872791f..1242f8d 100644
--- a/vars/main.yml
+++ b/vars/main.yml
@@ -2,8 +2,7 @@
 # vars file for nsd
 
 nsd_conf: '{{ "/var/nsd/etc/nsd.conf" if ansible_os_family == "OpenBSD" else "/etc/nsd/nsd.conf" }}'
-nsd_conf_d: '{{ nsd_conf }}.d'
-nsd_zones: '{{ "/var/nsd/zones" if ansible_os_family == "OpenBSD" else "/etc/nsd" }}'
+nsd_zones_dir: '{{ "/var/nsd/zones" if ansible_os_family == "OpenBSD" else "/etc/nsd" }}'
 
 aliases_file:
     OpenBSD: /etc/mail/aliases
-- 
GitLab