Add unbound to nms hosts

group_vars/nms.yml

@@ -13,6 +13,8 @@ network_vip_interfaces:
 firewall_in:
   - {proto: tcp, port: 22, from: [172.20.20.0/22]}
   - {proto: tcp, port: 25, from: [172.20.25.0/24]}
+  - {proto: tcp, port: 53, from: [172.20.25.0/24]}
+  - {proto: udp, port: 53, from: [172.20.25.0/24]}
   - {proto: udp, port: 69, from: [172.20.25.0/24]}
   - {proto: udp, port: 123, from: [172.20.25.0/24]}
   - {proto: udp, port: 514, from: [172.20.25.0/24]}

host_vars/nms01.home.foo.sh.yml

@@ -4,11 +4,13 @@ network_interfaces:
   - device: eth0
     vlan: 20
     mac: "52:54:00:ac:dc:43"
+    nameservers: []
   - device: eth1
     vlan: 25
     ipaddr: 172.20.25.2
     netmask: 255.255.255.0
     proto: static
+    nameservers: [172.20.25.1, 172.20.25.2, 172.20.25.3]
   - device: eth2
     vlan: 103
     ipaddr: 192.168.100.2

host_vars/nms02.home.foo.sh.yml

@@ -4,11 +4,13 @@ network_interfaces:
   - device: eth0
     vlan: 20
     mac: "52:54:00:ac:dc:44"
+    nameservers: []
   - device: eth1
     vlan: 25
     ipaddr: 172.20.25.3
     netmask: 255.255.255.0
     proto: static
+    nameservers: [172.20.25.1, 172.20.25.2, 172.20.25.3]
   - device: eth2
     vlan: 103
     ipaddr: 192.168.100.3

playbooks/nms.yml

@@ -36,6 +36,20 @@
       vars:
         relay_domains: [foo.sh]
 
+    - name: copy dns zone files
+      copy:
+        dest: "/var/lib/unbound/{{ item }}"
+        src: "/srv/dns/{{ item }}"
+        mode: 0644
+        owner: root
+        group: "{{ ansible_wheel }}"
+      notify: restart unbound
+      with_items:
+        - 25.20.172.in-addr.arpa
+        - oob.foo.sh
+    - import_role:
+        name: unbound
+
     # convert this to role for restart support
     - name: enable ntp server for oob network
       lineinfile:
@@ -55,3 +69,4 @@
         - sslscan
         - unzip
         - wget
+        state: installed