diff --git a/public_keys/dns_zone.py b/public_keys/dns_zone.py new file mode 100755 index 0000000..c0e6c5f --- /dev/null +++ b/public_keys/dns_zone.py @@ -0,0 +1,39 @@ +#!/usr/bin/env python3 + +from pathlib import Path +import sys + +class DnsRootNoParentError(Exception): + pass + +def get_dns_parent(domain): + s = domain.split('.', 1) + if len(s) < 2: + raise DnsRootNoParentError() + return domain.split('.', 1)[1] + +def find_dns_zone(map_dir, domain): + dns_file = Path(map_dir) / domain + if dns_file.exists(): + return domain + else: + return find_dns_zone(map_dir, get_dns_parent(domain)) + +def main(): + dns_map_dir = Path(sys.argv[0]).parent / "dns" + if len(sys.argv) >= 1: + domains = sys.argv[1:] + else: + domains = [] + for domain in sys.stdin: + domains.append(domain.strip()) + for domain in domains: + domain = domain.strip('.') + try: + print(find_dns_zone(dns_map_dir, domain)) + except DnsRootNoParentError: + print(f'No dns zone found for "{domain}"', file=sys.stderr) + sys.exit(1) + +if __name__ == "__main__": + main() diff --git a/roles/dns/entries/defaults/main.yml b/roles/dns/entries/defaults/main.yml new file mode 100644 index 0000000..caff8fe --- /dev/null +++ b/roles/dns/entries/defaults/main.yml @@ -0,0 +1,18 @@ +--- + +# domain (of service running) +dns_zone_domain: "{{ lookup('pipe', global_public_key_directory|quote + '/dns_zone.py ' + domain|quote) }}" # domain of dns zone +dns_system_domain: "{{ lookup('file', global_dns_list_directory + '/' + dns_zone_domain) }}" # domain of dns authority server +service_system_domain: "{{ inventory_hostname }}" # domain of server running the service + +domain_environment_directory: "{{ global_dns_zones_environment_directory }}/{{ dns_zone_domain }}" # SYNC role dns/entries +domain_zone_file: "{{ domain_environment_directory }}/{{ domain }}.db" + +all_entries: | + {{ ip_entries }} + {{ custom_entries }} +ip_entries: | + {{ domain }}. IN A {{ hostvars[service_system_domain].ansible_default_ipv4.address }} + {{ domain }}. IN AAAA {{ hostvars[service_system_domain].ansible_default_ipv6.address }} + {{ lookup('pipe', global_public_key_directory|quote + '/ssh_dns_fp.py --host ' + service_system_domain|quote + ' --domain ' + domain|quote) }} +custom_entries: "" diff --git a/roles/dns/entries/tasks/main.yml b/roles/dns/entries/tasks/main.yml new file mode 100644 index 0000000..5d22c66 --- /dev/null +++ b/roles/dns/entries/tasks/main.yml @@ -0,0 +1,26 @@ +--- + +- name: Store dns entries at dns host + copy: + content: "{{ all_entries }}" + dest: "{{ domain_zone_file }}" + owner: root + group: root + mode: u=rw,g=r,o= + register: result_store_entries + delegate_to: "{{ dns_system_domain }}" + +- name: Rebuild zone files + make: + chdir: "{{ global_dns_zones_environment_directory }}" + when: result_store_entries.changed + register: result_rebuild_zone + delegate_to: "{{ dns_system_domain }}" + +- name: Reload bind9 + systemd: + name: bind9 + state: reloaded + when: result_rebuild_zone.changed + delegate_to: "{{ dns_system_domain }}" + diff --git a/roles/dns/handlers/handlers/main.yml b/roles/dns/handlers/handlers/main.yml index f421920..d68302e 100644 --- a/roles/dns/handlers/handlers/main.yml +++ b/roles/dns/handlers/handlers/main.yml @@ -5,6 +5,8 @@ name: bind9 state: restarted +# SYNC following with handlers of role dns/entries + - name: reload bind9 systemd: name: bind9 diff --git a/roles/dns/master/defaults/main.yml b/roles/dns/master/defaults/main.yml index 0af8171..ed0f27c 100644 --- a/roles/dns/master/defaults/main.yml +++ b/roles/dns/master/defaults/main.yml @@ -6,7 +6,7 @@ domain_directory: "{{ zones_directory }}/{{ domain }}" configuration_file: "{{ domain_directory }}/zone.conf" database_file: "{{ domain_directory }}/{{ zones_environment_database_name }}" keys_directory: "{{ domain_directory }}/keys" -domain_environment_directory: "{{ global_dns_zones_environment_directory }}/{{ domain }}" +domain_environment_directory: "{{ global_dns_zones_environment_directory }}/{{ domain }}" # SYNC role dns/entries dns_list_file: "{{ global_dns_list_directory }}/{{ domain }}"