dns/entries: Make "setting entries" be indempotent using makefile

dehydrated
Felix Stupp 4 years ago
parent 79b6e22311
commit 13f3aceb00
Signed by: zocker
GPG Key ID: 93E1BD26F6B02FB7

@ -37,7 +37,7 @@ global_credentials_directory: "credentials"
global_public_key_directory: "public_keys" global_public_key_directory: "public_keys"
global_dns_list_directory: "{{ global_public_key_directory }}/dns" global_dns_list_directory: "{{ global_public_key_directory }}/dns"
global_dns_changes_directory: "{{ global_public_key_directory }}/dns_changes" # TODO merge with global_dns_list_directory global_dns_changes_directory: "{{ global_configuration_environment_directory }}/dns_changes"
global_dns_session_key_name: "local-ddns" global_dns_session_key_name: "local-ddns"
global_dns_session_key_path: "/var/run/named/session.key" global_dns_session_key_path: "/var/run/named/session.key"
global_dns_session_key_algorithm: "hmac-sha512" global_dns_session_key_algorithm: "hmac-sha512"

@ -16,7 +16,6 @@
- "{{ global_credentials_directory }}" - "{{ global_credentials_directory }}"
- "{{ global_public_key_directory }}" - "{{ global_public_key_directory }}"
- "{{ global_dns_list_directory }}" - "{{ global_dns_list_directory }}"
- "{{ global_dns_changes_directory }}"
- "{{ global_ssh_key_directory }}" - "{{ global_ssh_key_directory }}"
- "{{ global_ssh_host_key_directory }}" - "{{ global_ssh_host_key_directory }}"
- "{{ global_wireguard_private_directory }}" - "{{ global_wireguard_private_directory }}"

@ -38,6 +38,24 @@
mode: "u=rw,g=r,o=r" mode: "u=rw,g=r,o=r"
notify: reload bind9 notify: reload bind9
- name: Create directory for dynamic DNS changes
file:
path: "{{ global_dns_changes_directory }}"
state: directory
owner: root
group: root
mode: u=rwx,g=r,o=
tags: dns_debug
- name: Store makefile for dynamic DNS changes
template:
src: nsupdate.makefile
dest: "{{ global_dns_changes_directory }}/makefile"
owner: root
group: root
mode: u=rw,g=r,o=
tags: dns_debug
- name: Enable bind9 service - name: Enable bind9 service
systemd: systemd:
name: "{{ global_bind_service_name }}" name: "{{ global_bind_service_name }}"

@ -4,8 +4,8 @@
dns_zone_domain: "{{ lookup('pipe', global_public_key_directory|quote + '/dns_zone.py ' + domain|quote) }}" # domain of dns zone dns_zone_domain: "{{ lookup('pipe', global_public_key_directory|quote + '/dns_zone.py ' + domain|quote) }}" # domain of dns zone
dns_system_domain: "{{ lookup('file', global_dns_list_directory + '/' + dns_zone_domain) }}" # domain of dns authority server dns_system_domain: "{{ lookup('file', global_dns_list_directory + '/' + dns_zone_domain) }}" # domain of dns authority server
entries_name: "server:{{ domain }}" # Name for zone part file entries_name: "server~{{ domain }}" # Name for zone part file
local_file: "{{ global_dns_changes_directory }}/{{ entries_name }}" entries_file: "{{ global_dns_changes_directory }}/{{ entries_name }}~update"
ttl_default: "{{ global_dns_ttl }}" # TTL for all entries where none was given ttl_default: "{{ global_dns_ttl }}" # TTL for all entries where none was given

@ -1,6 +1,6 @@
--- ---
- name: Store changes in dns entries locally - name: Store changes in dns entries on the remote
copy: copy:
content: | content: |
#jinja2:trim_blocks: False #jinja2:trim_blocks: False
@ -15,20 +15,19 @@
{% if not entry|regex_search('^(update )?(add|del(ete)?) ') %}update add {% endif %}{{ entry }} {% if not entry|regex_search('^(update )?(add|del(ete)?) ') %}update add {% endif %}{{ entry }}
{% endif %}{% endfor %} {% endif %}{% endfor %}
send send
dest: "{{ local_file }}" dest: "{{ entries_file }}"
owner: "{{ global_local_user }}" owner: "{{ global_local_user }}"
group: "{{ global_local_user }}" group: "{{ global_local_user }}"
mode: u=rw,g=r,o=r mode: u=rw,g=r,o=r
delegate_to: localhost delegate_to: "{{ dns_system_domain }}"
register: entries_changes_file register: entries_changes_file
tags: tags:
- dns_entries - dns_entries
- name: Update dns entries at dns host - name: Update dns entries at dns host
command: make:
cmd: nsupdate -l # local mode chdir: "{{ global_dns_changes_directory }}"
stdin: "{{ lookup('file', local_file) }}\n" target: "{{ entries_file | basename }}~DONE"
delegate_to: "{{ dns_system_domain }}" delegate_to: "{{ dns_system_domain }}"
when: entries_changes_file.changed and not ansible_check_mode
tags: tags:
- dns_entries - dns_entries

Loading…
Cancel
Save