--- - name: Verify dns role hosts: localhost gather_facts: false vars: dns_data_dir: /tmp/sovereign_test/dns tasks: - name: Check dns data directory exists ansible.builtin.stat: path: /tmp/sovereign_test/dns register: data_dir_stat - name: Assert dns data directory is present ansible.builtin.assert: that: data_dir_stat.stat.isdir fail_msg: "Data directory /tmp/sovereign_test/dns was not created" - name: Check dns config directory exists ansible.builtin.stat: path: /tmp/sovereign_test/dns/config register: config_dir_stat - name: Assert dns config directory is present ansible.builtin.assert: that: config_dir_stat.stat.isdir fail_msg: "Directory /tmp/sovereign_test/dns/config was not created" - name: Check dns zones directory exists ansible.builtin.stat: path: /tmp/sovereign_test/dns/zones register: zones_dir_stat - name: Assert dns zones directory is present ansible.builtin.assert: that: zones_dir_stat.stat.isdir fail_msg: "Directory /tmp/sovereign_test/dns/zones was not created" - name: Check dns cache directory exists ansible.builtin.stat: path: /tmp/sovereign_test/dns/cache register: cache_dir_stat - name: Assert dns cache directory is present ansible.builtin.assert: that: cache_dir_stat.stat.isdir fail_msg: "Directory /tmp/sovereign_test/dns/cache was not created" - name: Check named.conf exists ansible.builtin.stat: path: /tmp/sovereign_test/dns/config/named.conf register: named_conf_stat - name: Assert named.conf was rendered ansible.builtin.assert: that: named_conf_stat.stat.exists fail_msg: "named.conf was not rendered" - name: Read named.conf ansible.builtin.slurp: src: /tmp/sovereign_test/dns/config/named.conf register: named_conf_raw - name: Set named.conf content fact ansible.builtin.set_fact: named_conf: "{{ named_conf_raw.content | b64decode }}" - name: Assert zone declaration for base domain in named.conf ansible.builtin.assert: that: "'zone \"test.example.com\"' in named_conf" fail_msg: "Expected zone declaration for test.example.com not found in named.conf" - name: Assert recursion disabled in named.conf ansible.builtin.assert: that: "'recursion no' in named_conf" fail_msg: "Expected 'recursion no' not found in named.conf" - name: Check zone file exists ansible.builtin.stat: path: /tmp/sovereign_test/dns/zones/test.example.com.zone register: zone_stat - name: Assert zone file was rendered ansible.builtin.assert: that: zone_stat.stat.exists fail_msg: "Zone file test.example.com.zone was not rendered" - name: Read zone file ansible.builtin.slurp: src: /tmp/sovereign_test/dns/zones/test.example.com.zone register: zone_raw - name: Set zone content fact ansible.builtin.set_fact: zone: "{{ zone_raw.content | b64decode }}" - name: Assert SOA record in zone ansible.builtin.assert: that: "'SOA' in zone" fail_msg: "SOA record not found in zone file" - name: Assert NS record in zone ansible.builtin.assert: that: "'IN NS' in zone" fail_msg: "NS record not found in zone file" - name: Assert server IP in zone for ns1 A record ansible.builtin.assert: that: "'192.0.2.1' in zone" fail_msg: "Expected dns_server_ip 192.0.2.1 not found in zone file" - name: Assert mail A record in zone ansible.builtin.assert: that: "'mail IN A' in zone" fail_msg: "mail A record not found in zone file" - name: Assert MX record in zone ansible.builtin.assert: that: "'IN MX' in zone" fail_msg: "MX record not found in zone file" - name: Assert SPF TXT record in zone ansible.builtin.assert: that: "'v=spf1 mx ~all' in zone" fail_msg: "SPF record not found in zone file" - name: Assert DMARC TXT record in zone ansible.builtin.assert: that: "'v=DMARC1' in zone" fail_msg: "DMARC record not found in zone file" - name: Assert DMARC policy in zone ansible.builtin.assert: that: "'p=quarantine' in zone" fail_msg: "Expected DMARC policy 'quarantine' not found in zone file" - name: Assert DMARC rua address in zone ansible.builtin.assert: that: "'mailto:dmarc-reports@test.example.com' in zone" fail_msg: "Expected DMARC rua address not found in zone file" - name: Assert auth A record in zone ansible.builtin.assert: that: "'auth IN A' in zone" fail_msg: "auth A record not found in zone file" - name: Assert git A record in zone ansible.builtin.assert: that: "'git IN A' in zone" fail_msg: "git A record not found in zone file" - name: Check docker-compose.yml exists ansible.builtin.stat: path: /tmp/sovereign_test/dns/docker-compose.yml register: compose_stat - name: Assert docker-compose.yml was rendered ansible.builtin.assert: that: compose_stat.stat.exists fail_msg: "docker-compose.yml was not rendered for dns" - name: Read docker-compose.yml ansible.builtin.slurp: src: /tmp/sovereign_test/dns/docker-compose.yml register: compose_raw - name: Set compose content fact ansible.builtin.set_fact: compose: "{{ compose_raw.content | b64decode }}" - name: Assert bind9 image in compose ansible.builtin.assert: that: "'ubuntu/bind9:9.18-22.04_beta' in compose" fail_msg: "Expected bind9 image not found in docker-compose.yml" - name: Assert port 53 TCP in compose ansible.builtin.assert: that: "'53:53/tcp' in compose" fail_msg: "Expected port 53/tcp mapping not found in docker-compose.yml" - name: Assert port 53 UDP in compose ansible.builtin.assert: that: "'53:53/udp' in compose" fail_msg: "Expected port 53/udp mapping not found in docker-compose.yml" - name: Assert GELF logging address in compose ansible.builtin.assert: that: "'udp://127.0.0.1:12201' in compose" fail_msg: "Expected GELF address udp://127.0.0.1:12201 not found in docker-compose.yml" - name: Assert sovereign network is external in compose ansible.builtin.assert: that: "'external: true' in compose" fail_msg: "Expected 'external: true' not found in docker-compose.yml"