dns/entries: Make "setting entries" be indempotent using makefile

4 years ago · 13f3aceb00
parent 79b6e22311
commit 13f3aceb00
5 changed files with 27 additions and 11 deletions
--- a/group_vars/all/vars.yml
+++ b/group_vars/all/vars.yml
@ -37,7 +37,7 @@ global_credentials_directory: "credentials"
 global_public_key_directory: "public_keys"
 global_dns_list_directory: "{{ global_public_key_directory }}/dns"
-global_dns_changes_directory: "{{ global_public_key_directory }}/dns_changes" # TODO merge with global_dns_list_directory
+global_dns_changes_directory: "{{ global_configuration_environment_directory }}/dns_changes"
 global_dns_session_key_name: "local-ddns"
 global_dns_session_key_path: "/var/run/named/session.key"
 global_dns_session_key_algorithm: "hmac-sha512"
--- a/playbooks/local.yml
+++ b/playbooks/local.yml
@ -16,7 +16,6 @@
        - "{{ global_credentials_directory }}"
        - "{{ global_public_key_directory }}"
        - "{{ global_dns_list_directory }}"
        - "{{ global_dns_changes_directory }}"
        - "{{ global_ssh_key_directory }}"
        - "{{ global_ssh_host_key_directory }}"
        - "{{ global_wireguard_private_directory }}"
--- a/roles/dns/application/tasks/main.yml
+++ b/roles/dns/application/tasks/main.yml
@ -38,6 +38,24 @@
    mode: "u=rw,g=r,o=r"
  notify: reload bind9
 - name: Create directory for dynamic DNS changes
  file:
    path: "{{ global_dns_changes_directory }}"
    state: directory
    owner: root
    group: root
    mode: u=rwx,g=r,o=
  tags: dns_debug
 - name: Store makefile for dynamic DNS changes
  template:
    src: nsupdate.makefile
    dest: "{{ global_dns_changes_directory }}/makefile"
    owner: root
    group: root
    mode: u=rw,g=r,o=
  tags: dns_debug
 - name: Enable bind9 service
  systemd:
    name: "{{ global_bind_service_name }}"
--- a/roles/dns/entries/defaults/main.yml
+++ b/roles/dns/entries/defaults/main.yml
@ -4,8 +4,8 @@
 dns_zone_domain: "{{ lookup('pipe', global_public_key_directory|quote + '/dns_zone.py ' + domain|quote) }}" # domain of dns zone
 dns_system_domain: "{{ lookup('file', global_dns_list_directory + '/' + dns_zone_domain) }}" # domain of dns authority server
-entries_name: "server:{{ domain }}" # Name for zone part file
+entries_name: "server~{{ domain }}" # Name for zone part file
-local_file: "{{ global_dns_changes_directory }}/{{ entries_name }}"
+entries_file: "{{ global_dns_changes_directory }}/{{ entries_name }}~update"
 ttl_default: "{{ global_dns_ttl }}" # TTL for all entries where none was given
--- a/roles/dns/entries/tasks/main.yml
+++ b/roles/dns/entries/tasks/main.yml
@ -1,6 +1,6 @@
 ---
- name: Store changes in dns entries locally
+- name: Store changes in dns entries on the remote
  copy:
    content: |
      #jinja2:trim_blocks: False
@ -15,20 +15,19 @@
      {% if not entry|regex_search('^(update )?(add|del(ete)?) ') %}update add {% endif %}{{ entry }}
      {% endif %}{% endfor %}
      send
-    dest: "{{ local_file }}"
+    dest: "{{ entries_file }}"
    owner: "{{ global_local_user }}"
    group: "{{ global_local_user }}"
    mode: u=rw,g=r,o=r
-  delegate_to: localhost
+  delegate_to: "{{ dns_system_domain }}"
  register: entries_changes_file
  tags:
    - dns_entries
 - name: Update dns entries at dns host
-  command:
+  make:
-    cmd: nsupdate -l # local mode
+    chdir: "{{ global_dns_changes_directory }}"
-    stdin: "{{ lookup('file', local_file) }}\n"
+    target: "{{ entries_file | basename }}~DONE"
  delegate_to: "{{ dns_system_domain }}"
  when: entries_changes_file.changed and not ansible_check_mode
  tags:
    - dns_entries