Merge branch 'bind-split-zones-by-view' into 'master'

Split zone configs by view

See merge request !301

roles/float-infra-dns/files/in-view.sed

+# Script to convert each zone in a view to a series of in-view declarations
+1i\
+// Automatically generated, do not edit.
+/^zone/{
+a\
+	in-view "internal-in";\
+};
+p
+}
+

roles/float-infra-dns/tasks/main.yml

@@ -29,6 +29,11 @@
   notify: reload bind
   register: dns_config
 
+- name: Install in-view.sed script
+  copy:
+    src: "in-view.sed"
+    dest: "/etc/bind/in-view.sed"
+
 - name: Create bind9 zone dirs
   file:
     path: "/etc/bind/zones"
@@ -60,6 +65,7 @@
   changed_when: false
   with_items:
     - named.conf.zones
+    - named.conf.zones.in-view
     - named.conf.internal-custom-zones
     - named.conf.external-custom-zones
 

roles/float-infra-dns/templates/bind/named.conf.local

@@ -32,6 +32,6 @@ view "external-in" in {
   // Include manually-maintained zones.
   include "/etc/bind/named.conf.external-custom-zones";
 
-// Include zonetool-maintained zones.
-  include "/etc/bind/named.conf.zones";
+  // Include zonetool-maintained zones (in-view references).
+  include "/etc/bind/named.conf.zones.in-view";
 };

roles/float-infra-dns/templates/update-dns

@@ -3,7 +3,9 @@
 # Wrapper for zonetool, with the right options.
 #
 
-exec /usr/bin/zonetool \
+set -e
+
+/usr/bin/zonetool \
      --config /etc/dns/zonetool.yml \
      --named-conf /etc/bind/named.conf.zones \
      --output-dir /etc/bind/zones --delete \
@@ -11,4 +13,10 @@ exec /usr/bin/zonetool \
      --ds-dir /etc/bind/dnssec-ds \
      --nsec3-salt {{ dnssec_nsec3_salt }} \
      --dnssec-refresh \
+     --update-policy 'grant acme zonesub TXT' \
      /etc/dns/manual /etc/dns/auto
+
+sed -n -f /etc/bind/in-view.sed \
+     /etc/bind/named.conf.zones \
+     > /etc/bind/named.conf.zones.in-view
+