From d15c6166c3b51c9e14a6af93bf3a32dcb78da74f Mon Sep 17 00:00:00 2001
From: "James E. Blair" <jeblair@redhat.com>
Date: Mon, 5 Nov 2018 09:02:55 -0800
Subject: [PATCH] adns: Set zone directory permissions

Bind needs to be able to write to the zone directories in order
to sign the zones.

Change-Id: I5649c28c6f7d8d98e0eca3c9c4da5d7312198b5c
---
 playbooks/roles/master-nameserver/tasks/main.yaml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/playbooks/roles/master-nameserver/tasks/main.yaml b/playbooks/roles/master-nameserver/tasks/main.yaml
index b6f4fa93b4..87fc571dba 100644
--- a/playbooks/roles/master-nameserver/tasks/main.yaml
+++ b/playbooks/roles/master-nameserver/tasks/main.yaml
@@ -19,6 +19,9 @@
   synchronize:
     src: "/opt/source/{{ item.source }}"
     dest: "/var/lib/bind/zones/{{ item.name }}"
+    rsync_opts:
+      - "--chmod=u+rwX,g+rX,o+rX"
+      - "--chown=bind:bind"
   loop: "{{ dns_zones }}"
   notify: Reload named
 - name: Install tsig key