forked from EOSC-Lot-1/ansible-role-bind
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathverify.yml
110 lines (98 loc) · 7.27 KB
/
verify.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
---
- name: Verify
hosts: all
gather_facts: false
tasks:
# Only collect network facts to reduce setup time
- name: Gathering Facts
ansible.builtin.setup:
gather_subset:
- 'network'
- name: Set local_dns variable for dig
ansible.builtin.set_fact:
local_dns: "{{ '@' + ansible_default_ipv4.address }}"
dns_port: 53
- name: Set dns port for ns2
ansible.builtin.set_fact:
dns_port: 553
when: "inventory_hostname == 'ns2'"
- name: IPv4 Forward lookups
ansible.builtin.assert:
that:
- lookup('community.general.dig', 'ns1.acme-inc.com', local_dns, port=dns_port) == '10.11.0.1'
- lookup('community.general.dig', 'ns2.acme-inc.com', local_dns, port=dns_port) == '10.11.0.2'
- lookup('community.general.dig', 'srv001.acme-inc.com', local_dns, port=dns_port) == '10.11.1.1'
- lookup('community.general.dig', 'srv002.acme-inc.com', local_dns, port=dns_port) == '10.11.1.2'
- lookup('community.general.dig', 'mail001.acme-inc.com', local_dns, port=dns_port) == '10.11.2.1'
- lookup('community.general.dig', 'mail002.acme-inc.com', local_dns, port=dns_port) == '10.11.2.2'
- lookup('community.general.dig', 'mail003.acme-inc.com', local_dns, port=dns_port) == '10.11.2.3'
- lookup('community.general.dig', 'srv010.acme-inc.com', local_dns, port=dns_port) == '10.11.0.10'
- lookup('community.general.dig', 'srv011.acme-inc.com', local_dns, port=dns_port) == '10.11.0.11'
- lookup('community.general.dig', 'srv012.acme-inc.com', local_dns, port=dns_port) == '10.11.0.12'
- lookup('community.general.dig', 'srv001.example.com', local_dns, port=dns_port) == '192.0.2.1'
- lookup('community.general.dig', 'srv002.example.com', local_dns, port=dns_port) == '192.0.2.2'
- lookup('community.general.dig', 'mail001.example.com', local_dns, port=dns_port) == '192.0.2.10'
- name: IPv4 Reverse lookups
ansible.builtin.assert:
that:
- lookup('community.general.dig', '10.11.0.1/PTR', local_dns, port=dns_port) == 'ns1.acme-inc.com.'
- lookup('community.general.dig', '10.11.0.2/PTR', local_dns, port=dns_port) == 'ns2.acme-inc.com.'
- lookup('community.general.dig', '10.11.1.1/PTR', local_dns, port=dns_port) == 'srv001.acme-inc.com.'
- lookup('community.general.dig', '10.11.1.2/PTR', local_dns, port=dns_port) == 'srv002.acme-inc.com.'
- lookup('community.general.dig', '10.11.2.1/PTR', local_dns, port=dns_port) == 'mail001.acme-inc.com.'
- lookup('community.general.dig', '10.11.2.2/PTR', local_dns, port=dns_port) == 'mail002.acme-inc.com.'
- lookup('community.general.dig', '10.11.2.3/PTR', local_dns, port=dns_port) == 'mail003.acme-inc.com.'
- lookup('community.general.dig', '10.11.0.10/PTR', local_dns, port=dns_port) == 'srv010.acme-inc.com.'
- lookup('community.general.dig', '10.11.0.11/PTR', local_dns, port=dns_port) == 'srv011.acme-inc.com.'
- lookup('community.general.dig', '10.11.0.12/PTR', local_dns, port=dns_port) == 'srv012.acme-inc.com.'
- lookup('community.general.dig', '192.0.2.1/PTR', local_dns, port=dns_port) == 'srv001.example.com.'
- lookup('community.general.dig', '192.0.2.2/PTR', local_dns, port=dns_port) == 'srv002.example.com.'
- lookup('community.general.dig', '192.0.2.10/PTR', local_dns, port=dns_port) == 'mail001.example.com.'
- name: IPv4 Alias lookups
ansible.builtin.assert:
that:
- lookup('community.general.dig', 'www.acme-inc.com', local_dns, port=dns_port) == '10.11.1.1'
- lookup('community.general.dig', 'mysql.acme-inc.com', local_dns, port=dns_port) == '10.11.1.2'
- lookup('community.general.dig', 'smtp.acme-inc.com', local_dns, port=dns_port) == '10.11.2.1'
- lookup('community.general.dig', 'mail-in.acme-inc.com', local_dns, port=dns_port) == '10.11.2.1'
- lookup('community.general.dig', 'imap.acme-inc.com', local_dns, port=dns_port) == '10.11.2.3'
- lookup('community.general.dig', 'mail-out.acme-inc.com', local_dns, port=dns_port) == '10.11.2.3'
- lookup('community.general.dig', 'www.example.com', local_dns, port=dns_port) == '192.0.2.1'
- name: IPv6 Forward lookups
ansible.builtin.assert:
that:
- lookup('community.general.dig', 'srv001.acme-inc.com/AAAA', local_dns, port=dns_port) == '2001:db8::1'
- lookup('community.general.dig', 'srv002.acme-inc.com/AAAA', local_dns, port=dns_port) == '2001:db8::2'
- lookup('community.general.dig', 'mail001.acme-inc.com/AAAA', local_dns, port=dns_port) == '2001:db8::d:1'
- lookup('community.general.dig', 'mail002.acme-inc.com/AAAA', local_dns, port=dns_port) == '2001:db8::d:2'
- lookup('community.general.dig', 'mail003.acme-inc.com/AAAA', local_dns, port=dns_port) == '2001:db8::d:3'
- lookup('community.general.dig', 'srv001.example.com/AAAA', local_dns, port=dns_port) == '2001:db9::1'
- name: IPv6 Reverse lookups
ansible.builtin.assert:
that:
- lookup('community.general.dig', '2001:db8::1/PTR', local_dns, port=dns_port) == 'srv001.acme-inc.com.'
- lookup('community.general.dig', '2001:db8::2/PTR', local_dns, port=dns_port) == 'srv002.acme-inc.com.'
- lookup('community.general.dig', '2001:db8::d:1/PTR', local_dns, port=dns_port) == 'mail001.acme-inc.com.'
- lookup('community.general.dig', '2001:db8::d:2/PTR', local_dns, port=dns_port) == 'mail002.acme-inc.com.'
- lookup('community.general.dig', '2001:db8::d:3/PTR', local_dns, port=dns_port) == 'mail003.acme-inc.com.'
- lookup('community.general.dig', '2001:db8::d:3/PTR', local_dns, port=dns_port) == 'mail003.acme-inc.com.'
- lookup('community.general.dig', '2001:db9::1/PTR', local_dns, port=dns_port) == 'srv001.example.com.'
- name: NS records lookup
ansible.builtin.assert:
that:
- lookup('community.general.dig', 'acme-inc.com/NS', local_dns, port=dns_port).split(',') | sort | join(',') == 'ns1.acme-inc.com.,ns2.acme-inc.com.'
- lookup('community.general.dig', 'example.com/NS', local_dns, port=dns_port).split(',') | sort | join(',') == 'ns1.acme-inc.com.,ns2.acme-inc.com.'
- name: MX records lookup
ansible.builtin.assert:
that:
- lookup('community.general.dig', 'acme-inc.com/MX', local_dns, port=dns_port).split(',') | sort | join(',') == '10 mail001.acme-inc.com.,20 mail002.acme-inc.com.'
- lookup('community.general.dig', 'example.com/MX', local_dns, port=dns_port).split(',') | sort | join(',') == '10 mail001.example.com.'
- name: Service records lookup
ansible.builtin.assert:
that:
- lookup('community.general.dig', '_ldap._tcp.acme-inc.com/SRV', local_dns, port=dns_port) == '0 100 88 srv010.acme-inc.com.'
- name: TXT records lookup
ansible.builtin.assert:
that:
- lookup('community.general.dig', '_kerberos.acme-inc.com/TXT', local_dns, port=dns_port) == 'KERBEROS.ACME-INC.COM'
- lookup('community.general.dig', 'acme-inc.com/TXT', local_dns, port=dns_port).split(',') | sort | join(',') == 'more text,some text'