Added role dns/entries for configuring dns entries

4 years ago · 979abba1aa
parent eff48f1773
commit 979abba1aa
5 changed files with 86 additions and 1 deletions
--- a/public_keys/dns_zone.py
+++ b/public_keys/dns_zone.py
@ -0,0 +1,39 @@
+#!/usr/bin/env python3
+
+from pathlib import Path
+import sys
+
+class DnsRootNoParentError(Exception):
+    pass
+
+def get_dns_parent(domain):
+    s = domain.split('.', 1)
+    if len(s) < 2:
+        raise DnsRootNoParentError()
+    return domain.split('.', 1)[1]
+
+def find_dns_zone(map_dir, domain):
+    dns_file = Path(map_dir) / domain
+    if dns_file.exists():
+        return domain
+    else:
+        return find_dns_zone(map_dir, get_dns_parent(domain))
+
+def main():
+    dns_map_dir = Path(sys.argv[0]).parent / "dns"
+    if len(sys.argv) >= 1:
+        domains = sys.argv[1:]
+    else:
+        domains = []
+        for domain in sys.stdin:
+            domains.append(domain.strip())
+    for domain in domains:
+        domain = domain.strip('.')
+        try:
+            print(find_dns_zone(dns_map_dir, domain))
+        except DnsRootNoParentError:
+            print(f'No dns zone found for "{domain}"', file=sys.stderr)
+            sys.exit(1)
+
+if __name__ == "__main__":
+    main()
--- a/roles/dns/entries/defaults/main.yml
+++ b/roles/dns/entries/defaults/main.yml
@ -0,0 +1,18 @@
+---
+
+# domain (of service running)
+dns_zone_domain: "{{ lookup('pipe', global_public_key_directory|quote + '/dns_zone.py ' + domain|quote) }}" # domain of dns zone
+dns_system_domain: "{{ lookup('file', global_dns_list_directory + '/' + dns_zone_domain) }}" # domain of dns authority server
+service_system_domain: "{{ inventory_hostname }}" # domain of server running the service
+
+domain_environment_directory: "{{ global_dns_zones_environment_directory }}/{{ dns_zone_domain }}" # SYNC role dns/entries
+domain_zone_file: "{{ domain_environment_directory }}/{{ domain }}.db"
+
+all_entries: |
+  {{ ip_entries }}
+  {{ custom_entries }}
+ip_entries: |
+  {{ domain }}. IN A {{ hostvars[service_system_domain].ansible_default_ipv4.address }}
+  {{ domain }}. IN AAAA {{ hostvars[service_system_domain].ansible_default_ipv6.address }}
+  {{ lookup('pipe', global_public_key_directory|quote + '/ssh_dns_fp.py --host ' + service_system_domain|quote + ' --domain ' + domain|quote) }}
+custom_entries: ""
--- a/roles/dns/entries/tasks/main.yml
+++ b/roles/dns/entries/tasks/main.yml
@ -0,0 +1,26 @@
+---
+
+- name: Store dns entries at dns host
+  copy:
+    content: "{{ all_entries }}"
+    dest: "{{ domain_zone_file }}"
+    owner: root
+    group: root
+    mode: u=rw,g=r,o=
+  register: result_store_entries
+  delegate_to: "{{ dns_system_domain }}"
+
+- name: Rebuild zone files
+  make:
+    chdir: "{{ global_dns_zones_environment_directory }}"
+  when: result_store_entries.changed
+  register: result_rebuild_zone
+  delegate_to: "{{ dns_system_domain }}"
+
+- name: Reload bind9
+  systemd:
+    name: bind9
+    state: reloaded
+  when: result_rebuild_zone.changed
+  delegate_to: "{{ dns_system_domain }}"
+
--- a/roles/dns/handlers/handlers/main.yml
+++ b/roles/dns/handlers/handlers/main.yml
@ -5,6 +5,8 @@
    name: bind9
    state: restarted

+# SYNC following with handlers of role dns/entries
+
 - name: reload bind9
  systemd:
    name: bind9
--- a/roles/dns/master/defaults/main.yml
+++ b/roles/dns/master/defaults/main.yml
@ -6,7 +6,7 @@ domain_directory: "{{ zones_directory }}/{{ domain }}"
 configuration_file: "{{ domain_directory }}/zone.conf"
 database_file: "{{ domain_directory }}/{{ zones_environment_database_name }}"
 keys_directory: "{{ domain_directory }}/keys"
-domain_environment_directory: "{{ global_dns_zones_environment_directory }}/{{ domain }}"
+domain_environment_directory: "{{ global_dns_zones_environment_directory }}/{{ domain }}" # SYNC role dns/entries

 dns_list_file: "{{ global_dns_list_directory }}/{{ domain }}"