Added role dns/entries for configuring dns entries

dehydrated
Felix Stupp 5 years ago
parent eff48f1773
commit 979abba1aa
Signed by: zocker
GPG Key ID: 93E1BD26F6B02FB7

@ -0,0 +1,39 @@
#!/usr/bin/env python3
from pathlib import Path
import sys
class DnsRootNoParentError(Exception):
pass
def get_dns_parent(domain):
s = domain.split('.', 1)
if len(s) < 2:
raise DnsRootNoParentError()
return domain.split('.', 1)[1]
def find_dns_zone(map_dir, domain):
dns_file = Path(map_dir) / domain
if dns_file.exists():
return domain
else:
return find_dns_zone(map_dir, get_dns_parent(domain))
def main():
dns_map_dir = Path(sys.argv[0]).parent / "dns"
if len(sys.argv) >= 1:
domains = sys.argv[1:]
else:
domains = []
for domain in sys.stdin:
domains.append(domain.strip())
for domain in domains:
domain = domain.strip('.')
try:
print(find_dns_zone(dns_map_dir, domain))
except DnsRootNoParentError:
print(f'No dns zone found for "{domain}"', file=sys.stderr)
sys.exit(1)
if __name__ == "__main__":
main()

@ -0,0 +1,18 @@
---
# domain (of service running)
dns_zone_domain: "{{ lookup('pipe', global_public_key_directory|quote + '/dns_zone.py ' + domain|quote) }}" # domain of dns zone
dns_system_domain: "{{ lookup('file', global_dns_list_directory + '/' + dns_zone_domain) }}" # domain of dns authority server
service_system_domain: "{{ inventory_hostname }}" # domain of server running the service
domain_environment_directory: "{{ global_dns_zones_environment_directory }}/{{ dns_zone_domain }}" # SYNC role dns/entries
domain_zone_file: "{{ domain_environment_directory }}/{{ domain }}.db"
all_entries: |
{{ ip_entries }}
{{ custom_entries }}
ip_entries: |
{{ domain }}. IN A {{ hostvars[service_system_domain].ansible_default_ipv4.address }}
{{ domain }}. IN AAAA {{ hostvars[service_system_domain].ansible_default_ipv6.address }}
{{ lookup('pipe', global_public_key_directory|quote + '/ssh_dns_fp.py --host ' + service_system_domain|quote + ' --domain ' + domain|quote) }}
custom_entries: ""

@ -0,0 +1,26 @@
---
- name: Store dns entries at dns host
copy:
content: "{{ all_entries }}"
dest: "{{ domain_zone_file }}"
owner: root
group: root
mode: u=rw,g=r,o=
register: result_store_entries
delegate_to: "{{ dns_system_domain }}"
- name: Rebuild zone files
make:
chdir: "{{ global_dns_zones_environment_directory }}"
when: result_store_entries.changed
register: result_rebuild_zone
delegate_to: "{{ dns_system_domain }}"
- name: Reload bind9
systemd:
name: bind9
state: reloaded
when: result_rebuild_zone.changed
delegate_to: "{{ dns_system_domain }}"

@ -5,6 +5,8 @@
name: bind9 name: bind9
state: restarted state: restarted
# SYNC following with handlers of role dns/entries
- name: reload bind9 - name: reload bind9
systemd: systemd:
name: bind9 name: bind9

@ -6,7 +6,7 @@ domain_directory: "{{ zones_directory }}/{{ domain }}"
configuration_file: "{{ domain_directory }}/zone.conf" configuration_file: "{{ domain_directory }}/zone.conf"
database_file: "{{ domain_directory }}/{{ zones_environment_database_name }}" database_file: "{{ domain_directory }}/{{ zones_environment_database_name }}"
keys_directory: "{{ domain_directory }}/keys" keys_directory: "{{ domain_directory }}/keys"
domain_environment_directory: "{{ global_dns_zones_environment_directory }}/{{ domain }}" domain_environment_directory: "{{ global_dns_zones_environment_directory }}/{{ domain }}" # SYNC role dns/entries
dns_list_file: "{{ global_dns_list_directory }}/{{ domain }}" dns_list_file: "{{ global_dns_list_directory }}/{{ domain }}"

Loading…
Cancel
Save