Add role-level package state controls for PowerDNS, debug symbols, ba… (#261)

* Add role-level package state controls for PowerDNS, debug symbols, backend packages, and backend dependency packages

Author: SrX

CHANGELOG.md

@@ -1,3 +1,18 @@
+## v1.10.0 (Unreleased)
+
+NEW FEATURES:
+- Add role-level package state controls for PowerDNS, debug symbols, backend packages, and backend dependency packages:
+  `pdns_package_state`, `pdns_debug_symbols_package_state`, `pdns_backends_packages_state`,
+  `pdns_mysql_packages_state`, `pdns_pgsql_packages_state`, and `pdns_sqlite_package_state`.
+- Add role documentation section describing standard tags (`install`, `config`, `service`, `repository`).
+
+IMPROVEMENTS:
+- Add explicit task/handler tags across installation, repository, configuration, and service flows to support predictable partial runs.
+- Refactor MySQL, PostgreSQL, and SQLite database tasks into clearer management blocks with explicit package-state handling.
+- Improve role behavior when `pdns_package_state: absent` by skipping runtime configuration/service tasks while still allowing dependency/package removal paths.
+- Normalize defaults/documentation booleans (`true`/`false`) and fix minor typos.
+- Include `hostname` in the EL Molecule Docker image package set.
+
 ## v1.9.0 (2026-02-23)
 
 NEW FEATURES:

README.md

@@ -83,7 +83,7 @@ If `apt_version` is omitted, the legacy `apt_repo` string is used with `ansible.
 ```
 
 By default, install EPEL to satisfy some PowerDNS Authoritative Server dependencies like `protobuf`.
-To skip the installation of EPEL set `pdns_install_epel` to `False`.
+To skip the installation of EPEL set `pdns_install_epel` to `false`.
 
 ```yaml
 pdns_package_name: "{{ default_pdns_package_name }}"
@@ -97,6 +97,13 @@ pdns_package_version: ""
 
 Optionally, allow to set a specific version of the PowerDNS Authoritative Server package to be installed.
 
+```yaml
+pdns_package_state: "present"
+```
+
+Desired package state for `pdns_package_name`. Supported values include `present`, `latest`, and `absent`.
+When set to `absent`, the role removes packages and skips runtime configuration tasks.
+
 ```yaml
 pdns_install_debug_symbols_package: false
 ```
@@ -107,9 +114,15 @@ Install the PowerDNS Authoritative Server debug symbols.
 pdns_debug_symbols_package_name: "{{ default_pdns_debug_symbols_package_name }}"
 ```
 
-The name of the PowerDNS Authoritative Server debug package to be installed when `pdns_install_debug_symbols_package` is `True`,
+The name of the PowerDNS Authoritative Server debug package to be installed when `pdns_install_debug_symbols_package` is `true`,
 `pdns-debuginfo` on RedHat-like systems and `pdns-server-dbg` on Debian-like systems.
 
+```yaml
+pdns_debug_symbols_package_state: "{{ pdns_package_state }}"
+```
+
+Desired package state for the debug symbols package when it is managed by this role.
+
 ```yaml
 pdns_user: pdns
 pdns_group: pdns
@@ -129,7 +142,7 @@ Name of the PowerDNS service.
 
 ```yaml
 pdns_service_state: "started"
-pdns_service_enabled: "yes"
+pdns_service_enabled: true
 pdns_service_masked: false
 ```
 
@@ -185,6 +198,7 @@ This can be used to change any systemd settings in the `[Service]` category.
 
 ```yaml
 pdns_backends_packages: "{{ default_pdns_backends_packages }}"
+pdns_backends_packages_state: "{{ pdns_package_state }}"
 pdns_backends:
   bind:
     config: '/dev/null'
@@ -208,11 +222,12 @@ pdns_backends:
     'dbname': dns
   'bind':
     'config': '/etc/named/named.conf'
-    'hybrid':  yes
+    'hybrid': true
     'dnssec-db': '{{ pdns_config_dir }}/dnssec.db'
 ```
 
 By default this role starts just the bind-backend with an empty config file.
+`pdns_backends_packages_state` controls install/update/removal of backend packages.
 
 ```yaml
 pdns_config_additional_dirs: []
@@ -263,6 +278,7 @@ pdns_mysql_cli_extra_args: "{{ default_pdns_mysql_cli_extra_args }}"
 pdns_mysql_auth_plugin: ""
 pdns_mysql_user_update_password: ""
 pdns_mysql_packages: "{{ default_pdns_mysql_packages }}"
+pdns_mysql_packages_state: "present"
 ```
 
 `pdns_mysql_manage_database` controls whether this role performs MySQL/MariaDB bootstrap operations
@@ -295,11 +311,13 @@ When `pdns_mysql_query_use_socket` is set to `true`, role-internal MySQL operati
 `pdns_mysql_unix_socket` instead of TCP host/port.
 `pdns_backends_mysql_cmd` and `pdns_mysql_cli_extra_args` control the MySQL/MariaDB CLI invocation used for schema checks/import.
 `pdns_mysql_packages` allows overriding OS-specific MySQL dependency package lists.
+`pdns_mysql_packages_state` controls install/update/removal of those dependency packages.
 
 ```yaml
 pdns_pgsql_manage_database: true
 pdns_pgsql_databases_credentials: {}
 pdns_pgsql_packages: "{{ default_pdns_pgsql_packages }}"
+pdns_pgsql_packages_state: "present"
 ```
 
 `pdns_pgsql_manage_database` controls whether this role performs PostgreSQL bootstrap operations
@@ -328,6 +346,7 @@ When `pdns_pgsql_query_use_socket` is set to `true`, role-internal PostgreSQL op
 (database/user creation and schema load checks/import) use the UNIX socket path defined by
 `pdns_pgsql_unix_socket` instead of TCP host/port.
 `pdns_pgsql_packages` allows overriding OS-specific PostgreSQL dependency package lists.
+`pdns_pgsql_packages_state` controls install/update/removal of those dependency packages.
 
 ```yaml
 pdns_sqlite_databases_locations: []
@@ -336,6 +355,12 @@ pdns_sqlite_databases_locations: []
 Locations of the SQLite3 databases that have to be created if using the
 `gsqlite3` backend.
 
+```yaml
+pdns_sqlite_package_state: "present"
+```
+
+Desired package state for the SQLite CLI dependency used during schema bootstrap.
+
 ```yaml
 pdns_lmdb_databases_locations: []
 ```
@@ -371,6 +396,18 @@ pdns_verbose: "{{ ansible_verbosity | int >= 2 }}"
 Enable verbose/debug role behavior. This currently controls whether sensitive SQL task details
 are hidden in logs (`false`) or visible for troubleshooting (`true`).
 
+## Role Tags
+
+This role uses the following standard tags so filtered runs stay predictable with `--tags` / `--skip-tags`:
+
+- `install`: package/module installation or software provisioning.
+- `config`: configuration/state changes (templates, files, directories, settings, data bootstrap).
+- `service`: service state management and service-related handlers.
+- `repository`: repository/key/pinning setup and repository cache refresh.
+
+Some prerequisite tasks intentionally have multiple tags (for example `install` + `repository`,
+or `install` + `config`) so filtered runs include the dependencies required by the selected path.
+
 ## Example Playbooks
 
 Run as a primary using the bind backend (when you already have a `named.conf` file):

defaults/main.yml

@@ -59,12 +59,20 @@ pdns_package_name: "{{ default_pdns_package_name }}"
 #     where each YUM repository can contains multiple versions of the same package.
 pdns_package_version: ""
 
+# Desired state of the PowerDNS Authoritative Server package.
+# Supported values include present, latest and absent.
+pdns_package_state: "present"
+
 # Install the PowerDNS Authoritative Server debug symbols package
 pdns_install_debug_symbols_package: false
 
 # The name of the PowerDNS Authoritative Server debug symbols package
 pdns_debug_symbols_package_name: "{{ default_pdns_debug_symbols_package_name }}"
 
+# Desired state of the debug symbols package when managed by this role.
+# Supported values include present, latest and absent.
+pdns_debug_symbols_package_state: "{{ pdns_package_state }}"
+
 # The user and group the PowerDNS Authoritative Server process will run as.
 # NOTE: at the moment, we don't create a user as we assume the package creates
 # a "pdns" user and group. If you change these variables, make sure to create
@@ -79,7 +87,7 @@ pdns_service_name: "pdns"
 
 # State of the PowerDNS Authoritative Server service
 pdns_service_state: "started"
-pdns_service_enabled: "yes"
+pdns_service_enabled: true
 pdns_service_masked: false
 
 # When True, disable the automated restart of the PowerDNS service
@@ -92,7 +100,7 @@ pdns_manage_selinux: true
 pdns_config_dir: "{{ default_pdns_config_dir }}"
 pdns_config_file: "pdns.conf"
 
-# Ddict containing all configuration options, except for backend
+# Dict containing all configuration options, except for backend
 # configuration and the "config-dir", "setuid" and "setgid" directives.
 pdns_config: {}
 # pdns_config:
@@ -111,6 +119,10 @@ pdns_service_overrides: "{{ default_pdns_service_overrides }}"
 # backendname: packagename
 pdns_backends_packages: "{{ default_pdns_backends_packages }}"
 
+# Desired state of backend packages.
+# Supported values include present, latest and absent.
+pdns_backends_packages_state: "{{ pdns_package_state }}"
+
 # A dict with all the backends you'd like to configure.
 # This default starts just the bind-backend with an empty config file
 pdns_backends:
@@ -130,7 +142,7 @@ pdns_backends:
 #     'dbname': dns
 #   'bind':
 #     'config': '/etc/named/named.conf'
-#     'hybrid':  yes
+#     'hybrid': true
 #     'check-interval': 60
 #     'dnssec-db': '{{ pdns_config_dir }}/dnssec.db'
 
@@ -193,6 +205,10 @@ pdns_mysql_query_use_socket: false
 # By default, OS-specific vars files provide the actual package list.
 pdns_mysql_packages: "{{ default_pdns_mysql_packages }}"
 
+# Desired state of MySQL dependency packages.
+# Supported values include present, latest and absent.
+pdns_mysql_packages_state: "{{ pdns_package_state }}"
+
 # UNIX socket path used when pdns_mysql_query_use_socket is true.
 pdns_mysql_unix_socket: "/var/run/mysqld/mysqld.sock"
 
@@ -232,18 +248,26 @@ pdns_pgsql_query_use_socket: false
 # By default, OS-specific vars files provide the actual package list.
 pdns_pgsql_packages: "{{ default_pdns_pgsql_packages }}"
 
+# Desired state of PostgreSQL dependency packages.
+# Supported values include present, latest and absent.
+pdns_pgsql_packages_state: "{{ pdns_package_state }}"
+
 # UNIX socket path used when pdns_pgsql_query_use_socket is true.
 pdns_pgsql_unix_socket: "/var/run/postgresql"
 
 # This will create the PowerDNS Authoritative Server backend SQLite database
 # in the given locations.
-# NOTE: Requries the SQLite CLI tools to be available in the machine and the gsqlite3
+# NOTE: Requires the SQLite CLI tools to be available in the machine and the gsqlite3
 # backend to be installed on the machine.
 pdns_sqlite_databases_locations: []
 
+# Desired state of the SQLite CLI dependency package.
+# Supported values include present, latest and absent.
+pdns_sqlite_package_state: "{{ pdns_package_state }}"
+
 # This will create the PowerDNS Authoritative Server backend LMDB database
 # in the given locations.
-# NOTE: Requries lmdb backend to be installed on the machine.
+# NOTE: Requires lmdb backend to be installed on the machine.
 pdns_lmdb_databases_locations: []
 
 # By default, we'll load the MySQL default schema. Set this to false to disable loading the schema

handlers/main.yml

@@ -4,6 +4,8 @@
     daemon_reload: true
   listen: reload systemd
   when: not pdns_disable_handlers
+  tags:
+    - service
 
 - name: Restart PowerDNS
   ansible.builtin.systemd:
@@ -13,8 +15,13 @@
   when:
     - not pdns_disable_handlers
     - pdns_service_state != 'stopped'
+  tags:
+    - service
 
 - name: Update the apt cache
   ansible.builtin.apt:
     update_cache: true
   listen: update the apt cache
+  tags:
+    - install
+    - repository

molecule/pdns-48/molecule.yml

@@ -96,6 +96,7 @@ provisioner:
     ssh_connection:
       pipelining: true
   playbooks:
+    # cleanup: ../resources/cleanup.yml
     create: ../resources/create.yml
     destroy: ../resources/destroy.yml
     prepare: ../resources/prepare.yml

molecule/pdns-49/molecule.yml

@@ -107,6 +107,7 @@ provisioner:
     ssh_connection:
       pipelining: true
   playbooks:
+    # cleanup: ../resources/cleanup.yml
     create: ../resources/create.yml
     destroy: ../resources/destroy.yml
     prepare: ../resources/prepare.yml

molecule/pdns-50/molecule.yml

@@ -116,6 +116,7 @@ provisioner:
     ssh_connection:
       pipelining: true
   playbooks:
+    # cleanup: ../resources/cleanup.yml
     create: ../resources/create.yml
     destroy: ../resources/destroy.yml
     prepare: ../resources/prepare.yml

molecule/pdns-master/molecule.yml

@@ -102,6 +102,7 @@ provisioner:
     ssh_connection:
       pipelining: true
   playbooks:
+    # cleanup: ../resources/cleanup.yml
     create: ../resources/create.yml
     destroy: ../resources/destroy.yml
     prepare: ../resources/prepare.yml

molecule/pdns-os-repos/molecule.yml

@@ -56,6 +56,7 @@ provisioner:
     ssh_connection:
       pipelining: true
   playbooks:
+    # cleanup: ../resources/cleanup.yml
     create: ../resources/create.yml
     destroy: ../resources/destroy.yml
     prepare: ../resources/prepare.yml

molecule/resources/Dockerfile.el-systemd.j2

@@ -5,7 +5,7 @@ FROM {{ item.image }}
 ENV container docker
 
 RUN dnf makecache && \
-    dnf install -y systemd python3 python3-pip sudo bash vim iproute procps-ng && \
+    dnf install -y systemd python3 python3-pip sudo bash vim iproute procps-ng hostname && \
     rm -Rf /usr/share/doc && \
     rm -Rf /usr/share/man && \
     dnf clean all