Kinesin/sovereign
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
sovereign/roles/dns/molecule/default/verify.yml
T
Ian Roddis 043d315b80 Adding DNS role
2026-04-21 10:07:06 -04:00

195 lines
6.6 KiB
YAML
Raw Permalink Blame History

---
- name: Verify dns role
hosts: localhost
gather_facts: false
vars:
dns_data_dir: /tmp/sovereign_test/dns
tasks:
- name: Check dns data directory exists
ansible.builtin.stat:
path: /tmp/sovereign_test/dns
register: data_dir_stat
- name: Assert dns data directory is present
ansible.builtin.assert:
that: data_dir_stat.stat.isdir
fail_msg: "Data directory /tmp/sovereign_test/dns was not created"
- name: Check dns config directory exists
ansible.builtin.stat:
path: /tmp/sovereign_test/dns/config
register: config_dir_stat
- name: Assert dns config directory is present
ansible.builtin.assert:
that: config_dir_stat.stat.isdir
fail_msg: "Directory /tmp/sovereign_test/dns/config was not created"
- name: Check dns zones directory exists
ansible.builtin.stat:
path: /tmp/sovereign_test/dns/zones
register: zones_dir_stat
- name: Assert dns zones directory is present
ansible.builtin.assert:
that: zones_dir_stat.stat.isdir
fail_msg: "Directory /tmp/sovereign_test/dns/zones was not created"
- name: Check dns cache directory exists
ansible.builtin.stat:
path: /tmp/sovereign_test/dns/cache
register: cache_dir_stat
- name: Assert dns cache directory is present
ansible.builtin.assert:
that: cache_dir_stat.stat.isdir
fail_msg: "Directory /tmp/sovereign_test/dns/cache was not created"
- name: Check named.conf exists
ansible.builtin.stat:
path: /tmp/sovereign_test/dns/config/named.conf
register: named_conf_stat
- name: Assert named.conf was rendered
ansible.builtin.assert:
that: named_conf_stat.stat.exists
fail_msg: "named.conf was not rendered"
- name: Read named.conf
ansible.builtin.slurp:
src: /tmp/sovereign_test/dns/config/named.conf
register: named_conf_raw
- name: Set named.conf content fact
ansible.builtin.set_fact:
named_conf: "{{ named_conf_raw.content | b64decode }}"
- name: Assert zone declaration for base domain in named.conf
ansible.builtin.assert:
that: "'zone \"test.example.com\"' in named_conf"
fail_msg: "Expected zone declaration for test.example.com not found in named.conf"
- name: Assert recursion disabled in named.conf
ansible.builtin.assert:
that: "'recursion no' in named_conf"
fail_msg: "Expected 'recursion no' not found in named.conf"
- name: Check zone file exists
ansible.builtin.stat:
path: /tmp/sovereign_test/dns/zones/test.example.com.zone
register: zone_stat
- name: Assert zone file was rendered
ansible.builtin.assert:
that: zone_stat.stat.exists
fail_msg: "Zone file test.example.com.zone was not rendered"
- name: Read zone file
ansible.builtin.slurp:
src: /tmp/sovereign_test/dns/zones/test.example.com.zone
register: zone_raw
- name: Set zone content fact
ansible.builtin.set_fact:
zone: "{{ zone_raw.content | b64decode }}"
- name: Assert SOA record in zone
ansible.builtin.assert:
that: "'SOA' in zone"
fail_msg: "SOA record not found in zone file"
- name: Assert NS record in zone
ansible.builtin.assert:
that: "'IN NS' in zone"
fail_msg: "NS record not found in zone file"
- name: Assert server IP in zone for ns1 A record
ansible.builtin.assert:
that: "'192.0.2.1' in zone"
fail_msg: "Expected dns_server_ip 192.0.2.1 not found in zone file"
- name: Assert mail A record in zone
ansible.builtin.assert:
that: "'mail IN A' in zone"
fail_msg: "mail A record not found in zone file"
- name: Assert MX record in zone
ansible.builtin.assert:
that: "'IN MX' in zone"
fail_msg: "MX record not found in zone file"
- name: Assert SPF TXT record in zone
ansible.builtin.assert:
that: "'v=spf1 mx ~all' in zone"
fail_msg: "SPF record not found in zone file"
- name: Assert DMARC TXT record in zone
ansible.builtin.assert:
that: "'v=DMARC1' in zone"
fail_msg: "DMARC record not found in zone file"
- name: Assert DMARC policy in zone
ansible.builtin.assert:
that: "'p=quarantine' in zone"
fail_msg: "Expected DMARC policy 'quarantine' not found in zone file"
- name: Assert DMARC rua address in zone
ansible.builtin.assert:
that: "'mailto:dmarc-reports@test.example.com' in zone"
fail_msg: "Expected DMARC rua address not found in zone file"
- name: Assert auth A record in zone
ansible.builtin.assert:
that: "'auth IN A' in zone"
fail_msg: "auth A record not found in zone file"
- name: Assert git A record in zone
ansible.builtin.assert:
that: "'git IN A' in zone"
fail_msg: "git A record not found in zone file"
- name: Check docker-compose.yml exists
ansible.builtin.stat:
path: /tmp/sovereign_test/dns/docker-compose.yml
register: compose_stat
- name: Assert docker-compose.yml was rendered
ansible.builtin.assert:
that: compose_stat.stat.exists
fail_msg: "docker-compose.yml was not rendered for dns"
- name: Read docker-compose.yml
ansible.builtin.slurp:
src: /tmp/sovereign_test/dns/docker-compose.yml
register: compose_raw
- name: Set compose content fact
ansible.builtin.set_fact:
compose: "{{ compose_raw.content | b64decode }}"
- name: Assert bind9 image in compose
ansible.builtin.assert:
that: "'ubuntu/bind9:9.18-22.04_beta' in compose"
fail_msg: "Expected bind9 image not found in docker-compose.yml"
- name: Assert port 53 TCP in compose
ansible.builtin.assert:
that: "'53:53/tcp' in compose"
fail_msg: "Expected port 53/tcp mapping not found in docker-compose.yml"
- name: Assert port 53 UDP in compose
ansible.builtin.assert:
that: "'53:53/udp' in compose"
fail_msg: "Expected port 53/udp mapping not found in docker-compose.yml"
- name: Assert GELF logging address in compose
ansible.builtin.assert:
that: "'udp://127.0.0.1:12201' in compose"
fail_msg: "Expected GELF address udp://127.0.0.1:12201 not found in docker-compose.yml"
- name: Assert sovereign network is external in compose
ansible.builtin.assert:
that: "'external: true' in compose"
fail_msg: "Expected 'external: true' not found in docker-compose.yml"
Reference in New Issue View Git Blame Copy Permalink