diff --git a/group_vars/all/vars.yml b/group_vars/all/vars.yml index 8eecca6..5b6d714 100644 --- a/group_vars/all/vars.yml +++ b/group_vars/all/vars.yml @@ -37,7 +37,6 @@ global_credentials_directory: "credentials" global_public_key_directory: "public_keys" global_dns_list_directory: "{{ global_public_key_directory }}/dns" -global_dns_changes_directory: "{{ global_configuration_environment_directory }}/dns_changes" global_dns_session_key_name: "local-ddns" global_dns_session_key_path: "/var/run/named/session.key" global_dns_session_key_algorithm: "hmac-sha512" diff --git a/roles/dns/application/tasks/main.yml b/roles/dns/application/tasks/main.yml index 4eac1b7..93c8a3a 100644 --- a/roles/dns/application/tasks/main.yml +++ b/roles/dns/application/tasks/main.yml @@ -38,24 +38,6 @@ mode: "u=rw,g=r,o=r" notify: reload bind9 -- name: Create directory for dynamic DNS changes - file: - path: "{{ global_dns_changes_directory }}" - state: directory - owner: root - group: root - mode: u=rwx,g=r,o= - tags: dns_debug - -- name: Store makefile for dynamic DNS changes - template: - src: nsupdate.makefile - dest: "{{ global_dns_changes_directory }}/makefile" - owner: root - group: root - mode: u=rw,g=r,o= - tags: dns_debug - - name: Enable bind9 service systemd: name: "{{ global_bind_service_name }}" diff --git a/roles/dns/application/templates/nsupdate.makefile b/roles/dns/application/templates/nsupdate.makefile deleted file mode 100644 index cf00b27..0000000 --- a/roles/dns/application/templates/nsupdate.makefile +++ /dev/null @@ -1,8 +0,0 @@ -#targets := $(addsuffix ~DONE,$(wildcard *~update)) -# -#.PHONY: all -#all: $(targets) - -%~update~DONE: %~update - nsupdate -l "$<" - touch "$@" diff --git a/roles/dns/entries/defaults/main.yml b/roles/dns/entries/defaults/main.yml index 78e9e64..e76a04e 100644 --- a/roles/dns/entries/defaults/main.yml +++ b/roles/dns/entries/defaults/main.yml @@ -4,12 +4,6 @@ dns_zone_domain: "{{ lookup('pipe', global_public_key_directory|quote + '/dns_zone.py ' + domain|quote) }}" # domain of dns zone dns_system_domain: "{{ lookup('file', global_dns_list_directory + '/' + dns_zone_domain) }}" # domain of dns authority server -entries_name_prefix: "server" -entries_name: "{{ entries_name_prefix }}:{{ effective_domain }}" # Name for zone part file -entries_file: "{{ global_dns_changes_directory }}/{{ entries_name }}~update" - ttl_default: "{{ global_dns_ttl }}" # TTL for all entries where none was given -# entries (example: [{domain: "example.com.", ttl: 86400, class: "IN", type: "A", data: "0.0.0.0"},"example.com. IN AAAA ::",…], type/data or raw required) -entries_delete: yes # delete similar records as given before -entries_delete_all_types: no # For all given domains delete all records, not just of the types set +# entries (example: [{domain: "example.com.", ttl: 86400, class: "IN", type: "A", data: "0.0.0.0"},"example.com. IN AAAA ::",…], type/data or raw required, class will be ignored) diff --git a/roles/dns/entries/tasks/main.yml b/roles/dns/entries/tasks/main.yml index fd7c623..1da5ea9 100644 --- a/roles/dns/entries/tasks/main.yml +++ b/roles/dns/entries/tasks/main.yml @@ -1,32 +1,27 @@ --- -- name: Store changes in dns entries on the remote - copy: - content: | - #jinja2:trim_blocks: False - zone {{ dns_zone_domain }}. - ttl {{ ttl_default }} - {%- if entries_delete %}{% for entry in entries %}{% if entry|mapping %} - update delete {{ entry.domain | default('@') | domain_relative_to(domain) }} 0 {{ entry.class | default('IN') }}{% if not entries_delete_all_types %} {{ entry.type }}{% endif %} - {%- endif %}{% endfor %}{% endif %} - {% for entry in entries %}{% if entry|mapping -%} - update add {{ entry.domain | default('@') | domain_relative_to(domain) }} {{ entry.ttl | default(ttl_default) }} {{ entry.class | default('IN') }} {{ entry.type }} {{ entry.data }} - {% else -%} - {% if not entry|regex_search('^(update )?(add|del(ete)?) ') %}update add {% endif %}{{ entry }} - {% endif %}{% endfor %} - send - dest: "{{ entries_file }}" - owner: "{{ global_local_user }}" - group: "{{ global_local_user }}" - mode: u=rw,g=r,o=r +- name: Gain TSIG key to apply DNS record changes + tsig_interpreter: + path: "{{ global_dns_session_key_path }}" + register: tsig_key delegate_to: "{{ dns_system_domain }}" tags: - dns_entries -- name: Update dns entries at dns host - make: - chdir: "{{ global_dns_changes_directory }}" - target: "{{ entries_file | basename }}~DONE" +- name: Apply changes in DNS records + nsupdate: + server: "127.0.0.1" # delegated to correct system + key_algorithm: "{{ tsig_key.key_algorithm }}" + key_name: "{{ tsig_key.key_name }}" + key_secret: "{{ tsig_key.key_secret }}" + zone: "{{ dns_zone_domain }}" + record: "{{ item.domain | default('@') | domain_relative_to(effective_domain) }}." + ttl: "{{ item.ttl | default(ttl_default) }}" + type: "{{ item.type }}" + value: "{{ item.data }}" + loop: "{{ entries | dns_entries_interpreter }}" + loop_control: + label: "{{ item.domain | default('@') | domain_relative_to(effective_domain) }}. {{ item.type }}" delegate_to: "{{ dns_system_domain }}" tags: - dns_entries diff --git a/roles/dns/master/tasks/main.yml b/roles/dns/master/tasks/main.yml index 167aba7..140ae5c 100644 --- a/roles/dns/master/tasks/main.yml +++ b/roles/dns/master/tasks/main.yml @@ -70,6 +70,5 @@ import_role: name: dns/entries vars: - entries_name_prefix: initial # domain # entries diff --git a/roles/dns/server_entries/defaults/main.yml b/roles/dns/server_entries/defaults/main.yml index 1620710..bcbe694 100644 --- a/roles/dns/server_entries/defaults/main.yml +++ b/roles/dns/server_entries/defaults/main.yml @@ -5,7 +5,6 @@ service_system_domain: "{{ inventory_hostname }}" # domain of server running the entries: "{{ ip_entries + sshfp_entries + custom_entries }}" ip_entries: - - update delete {{ domain }}. IN SSHFP # delete all SSHFP records for this host before - domain: "{{ domain }}." type: "A" data: "{{ hostvars[service_system_domain].ansible_default_ipv4.address }}"