add almost working primary play

2024-01-22 16:22:08 +01:00 · 2024-01-22 16:22:08 +01:00 · cd0d7495ae
commit cd0d7495ae
parent c5a6635ef5
10 changed files with 250 additions and 5 deletions
--- a/.vscode/launch.json
+++ b/.vscode/launch.json
@ -0,0 +1,15 @@
 {
    // Use IntelliSense to learn about possible attributes.
    // Hover to view descriptions of existing attributes.
    // For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387
    "version": "0.2.0",
    "configurations": [
        {
            "name": "Python: Attach using Process Id",
            "type": "python",
            "request": "attach",
            "processId": "${command:pickProcess}",
            "justMyCode": true
        }
    ]
 }
--- a/hidden_primary.yml
+++ b/hidden_primary.yml
@ -0,0 +1,4 @@
 - hosts: hidden_primary
  gather_facts: no
  roles:
    - hidden_primary
--- a/library/build_axfr_list.py
+++ b/library/build_axfr_list.py
@ -0,0 +1,135 @@
 #!/usr/bin/python
 # Copyright: (c) 2023, Adora Laura Kalb <dev@lauka.net>
 # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
 from __future__ import (absolute_import, division, print_function)
 __metaclass__ = type
 DOCUMENTATION = r'''
 ---
 module: build_axfr_list
 short_description: builds list of IPs for AXFR allow list
 # If this is part of a collection, you need to use semantic versioning,
 # i.e. the version is of the form "2.5.0" and not "2.4".
 version_added: "0.0.1"
 description: This is my longer description explaining my test module.
 options:
    key:
        description: This is the dictionary key to use for building the list.
        required: true
        type: str
    group:
        description: This is the user group that we use to get the relevant hosts.
        required: true
        type: str
 # Specify this value according to your collection
 # in format of namespace.collection.doc_fragment_name
 # extends_documentation_fragment:
 #     - my_namespace.my_collection.my_doc_fragment_name
 author:
    - Adora Kalb (@lauralani)
 '''
 EXAMPLES = r'''
 # Pass in a message
 - name: Test with a message
  my_namespace.my_collection.my_test:
    name: hello world
 # pass in a message and have changed true
 - name: Test with a message and changed output
  my_namespace.my_collection.my_test:
    name: hello world
    new: true
 # fail the module
 - name: Test failure of the module
  my_namespace.my_collection.my_test:
    name: fail me
 '''
 RETURN = r'''
 # These are examples of possible return values, and in general should use other names for return values.
 original_message:
    description: The original name param that was passed in.
    type: str
    returned: always
    sample: 'hello world'
 message:
    description: The output message that the test module generates.
    type: str
    returned: always
    sample: 'goodbye'
 '''
 from ansible.module_utils.basic import AnsibleModule
 def run_module():
    # define available arguments/parameters a user can pass to the module
    module_args = dict(
        key=dict(type='str', required=True),
        group=dict(type='str', required=True),
        hostvars=dict(type='dict', required=True),
        hosts=dict(type='list', required=True)
    )
    # seed the result dict in the object
    # we primarily care about changed and state
    # changed is if this module effectively modified the target
    # state will include any data that you want your module to pass back
    # for consumption, for example, in a subsequent task
    result = dict(
        changed=False,
        axfr_list=[]
    )
    # the AnsibleModule object will be our abstraction working with Ansible
    # this includes instantiation, a couple of common attr would be the
    # args/params passed to the execution, as well as if the module
    # supports check mode
    module = AnsibleModule(
        argument_spec=module_args,
        supports_check_mode=False # TODO
    )
    # if the user is working with this module in only check mode we do not
    # want to make any changes to the environment, just return the current
    # state with no modifications
    # TODO
    #if module.check_mode:
    #    module.exit_json(**result)
    # manipulate or modify the state as needed (this is going to be the
    # part where your module will do what it needs to do)
    host_ips = []
    for hostname in module.params['hosts']:
        axfr_ip = module.params['hostvars'][hostname][module.params['key']]
        host_ips.append(axfr_ip)
    result['axfr_list'] = host_ips
    # in the event of a successful module execution, you will want to
    # simple AnsibleModule.exit_json(), passing the key/value results
    module.exit_json(**result)
 def main():
    run_module()
 if __name__ == '__main__':
    main()
--- a/roles/powerdns-install/tasks/main.yml
+++ b/roles/powerdns-install/tasks/main.yml
--- a/roles/powerdns-install/templates/pdns.conf.j2
+++ b/roles/powerdns-install/templates/pdns.conf.j2
@ -4,7 +4,7 @@ local-port=1053
 secondary=yes
-autosecondary=no
+autosecondary=yes
 log-dns-details=yes
 log-dns-queries=yes
--- a/roles/hidden_primary/filter_plugins/custom_filters.py
+++ b/roles/hidden_primary/filter_plugins/custom_filters.py
@ -0,0 +1,13 @@
 #!/usr/bin/env python3
 class FilterModule(object):
    def filters(self):
        return {
            'axfr_to_list': self.axfr_to_list
        }
    def axfr_to_list(self, host_facts):
        host_ips = []
        for host in host_facts:
            host_ips.append(host['ipv6'])
        return ",".join(host_ips)
--- a/roles/hidden_primary/tasks/main.yml
+++ b/roles/hidden_primary/tasks/main.yml
@ -0,0 +1,57 @@
 #- name: Create /etc/apt/keyrings directory
 #  ansible.builtin.file:
 #    path: /etc/apt/keyrings
 #    state: directory
 #    mode: '0755'
 #
 #- name: Download PowerDNS Repo Signing Key
 #  ansible.builtin.get_url:
 #    url: https://repo.powerdns.com/FD380FBB-pub.asc
 #    dest: /etc/apt/keyrings/auth-48-pub.asc
 #    mode: '0644'
 #
 #- name: Add PowerDNS Repository
 #  ansible.builtin.apt_repository:
 #    repo: deb [signed-by=/etc/apt/keyrings/auth-48-pub.asc arch=amd64] http://repo.powerdns.com/debian bookworm-auth-48 main
 #    state: present
 #
 #- name: Install PowerDNS
 #  ansible.builtin.apt:
 #    pkg:
 #      - pdns-server
 #      - pdns-backend-sqlite3
 #    state: latest
 #    update_cache: yes
 #  register: package_install
 - name: Print groups
  ansible.builtin.debug:
    var: groups['autosecondaries']
    verbosity: 2
 - name: Print hostvars
  ansible.builtin.debug:
    var: hostvars
    verbosity: 2
 - name: Get AXFR IP List
  build_axfr_list:
    key: ipv6
    group: autosecondaries
    hostvars: "{{ hostvars }}"
    hosts: "{{ groups['autosecondaries'] }} "
  register: axfr_list
 - name: Print return information from the previous task
  ansible.builtin.debug:
    var: axfr_list
    verbosity: 2
 - name: Configure PowerDNS
  ansible.builtin.template:
    src: pdns.conf.j2
    dest: /etc/powerdns/pdns.conf
    owner: root
    group: root
    mode: '0640'
  register: rsyslog_config
--- a/roles/hidden_primary/templates/pdns.conf.j2
+++ b/roles/hidden_primary/templates/pdns.conf.j2
@ -0,0 +1,13 @@
 launch=gsqlite3
 gsqlite3-database=/var/lib/powerdns/powerdns.db
 local-port=36419
 allow-axfr-ips={{ axfr_list.axfr_list | join(",") }}
 secondary=no
 autosecondary=no
 log-dns-details=yes
 log-dns-queries=yes
 log-timestamp=yes
 loglevel=6
--- a/roles/hidden_primary/vars/main.yml
+++ b/roles/hidden_primary/vars/main.yml
--- a/staging.yaml
+++ b/staging.yaml
@ -1,7 +1,15 @@
-primaries:
+autosecondaries:
  hosts:
    auth-dns-01.test.lauka-home.net:
-dbservers:
+      ipv4: 130.61.98.23
-  hosts:
+      ipv6: 2603:c020:8008:753:d361:ad83:51fd:3644
    auth-dns-02.test.lauka-home.net:
      ipv4: 5.250.191.170
      ipv6: 2001:ba0:217:e400::1
    auth-dns-03.test.lauka-home.net:
      ipv4: 194.164.17.227
      ipv6: 2a00:da00:f218:6300::1
 hidden_primary:
  hosts:
    queer-primary.lauka-home.net:
      public_v6: 2a00:da00:f218:6300::1 # TODO