add almost working primary play

This commit is contained in:
Adora Laura Kalb 2024-01-22 16:22:08 +01:00
parent c5a6635ef5
commit cd0d7495ae
Signed by: adoralaura
GPG key ID: 7A4552166FC8C056
10 changed files with 250 additions and 5 deletions

15
.vscode/launch.json vendored Normal file
View file

@ -0,0 +1,15 @@
{
// Use IntelliSense to learn about possible attributes.
// Hover to view descriptions of existing attributes.
// For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387
"version": "0.2.0",
"configurations": [
{
"name": "Python: Attach using Process Id",
"type": "python",
"request": "attach",
"processId": "${command:pickProcess}",
"justMyCode": true
}
]
}

4
hidden_primary.yml Normal file
View file

@ -0,0 +1,4 @@
- hosts: hidden_primary
gather_facts: no
roles:
- hidden_primary

135
library/build_axfr_list.py Normal file
View file

@ -0,0 +1,135 @@
#!/usr/bin/python
# Copyright: (c) 2023, Adora Laura Kalb <dev@lauka.net>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
DOCUMENTATION = r'''
---
module: build_axfr_list
short_description: builds list of IPs for AXFR allow list
# If this is part of a collection, you need to use semantic versioning,
# i.e. the version is of the form "2.5.0" and not "2.4".
version_added: "0.0.1"
description: This is my longer description explaining my test module.
options:
key:
description: This is the dictionary key to use for building the list.
required: true
type: str
group:
description: This is the user group that we use to get the relevant hosts.
required: true
type: str
# Specify this value according to your collection
# in format of namespace.collection.doc_fragment_name
# extends_documentation_fragment:
# - my_namespace.my_collection.my_doc_fragment_name
author:
- Adora Kalb (@lauralani)
'''
EXAMPLES = r'''
# Pass in a message
- name: Test with a message
my_namespace.my_collection.my_test:
name: hello world
# pass in a message and have changed true
- name: Test with a message and changed output
my_namespace.my_collection.my_test:
name: hello world
new: true
# fail the module
- name: Test failure of the module
my_namespace.my_collection.my_test:
name: fail me
'''
RETURN = r'''
# These are examples of possible return values, and in general should use other names for return values.
original_message:
description: The original name param that was passed in.
type: str
returned: always
sample: 'hello world'
message:
description: The output message that the test module generates.
type: str
returned: always
sample: 'goodbye'
'''
from ansible.module_utils.basic import AnsibleModule
def run_module():
# define available arguments/parameters a user can pass to the module
module_args = dict(
key=dict(type='str', required=True),
group=dict(type='str', required=True),
hostvars=dict(type='dict', required=True),
hosts=dict(type='list', required=True)
)
# seed the result dict in the object
# we primarily care about changed and state
# changed is if this module effectively modified the target
# state will include any data that you want your module to pass back
# for consumption, for example, in a subsequent task
result = dict(
changed=False,
axfr_list=[]
)
# the AnsibleModule object will be our abstraction working with Ansible
# this includes instantiation, a couple of common attr would be the
# args/params passed to the execution, as well as if the module
# supports check mode
module = AnsibleModule(
argument_spec=module_args,
supports_check_mode=False # TODO
)
# if the user is working with this module in only check mode we do not
# want to make any changes to the environment, just return the current
# state with no modifications
# TODO
#if module.check_mode:
# module.exit_json(**result)
# manipulate or modify the state as needed (this is going to be the
# part where your module will do what it needs to do)
host_ips = []
for hostname in module.params['hosts']:
axfr_ip = module.params['hostvars'][hostname][module.params['key']]
host_ips.append(axfr_ip)
result['axfr_list'] = host_ips
# in the event of a successful module execution, you will want to
# simple AnsibleModule.exit_json(), passing the key/value results
module.exit_json(**result)
def main():
run_module()
if __name__ == '__main__':
main()

View file

@ -4,7 +4,7 @@ local-port=1053
secondary=yes
autosecondary=no
autosecondary=yes
log-dns-details=yes
log-dns-queries=yes

View file

@ -0,0 +1,13 @@
#!/usr/bin/env python3
class FilterModule(object):
def filters(self):
return {
'axfr_to_list': self.axfr_to_list
}
def axfr_to_list(self, host_facts):
host_ips = []
for host in host_facts:
host_ips.append(host['ipv6'])
return ",".join(host_ips)

View file

@ -0,0 +1,57 @@
#- name: Create /etc/apt/keyrings directory
# ansible.builtin.file:
# path: /etc/apt/keyrings
# state: directory
# mode: '0755'
#
#- name: Download PowerDNS Repo Signing Key
# ansible.builtin.get_url:
# url: https://repo.powerdns.com/FD380FBB-pub.asc
# dest: /etc/apt/keyrings/auth-48-pub.asc
# mode: '0644'
#
#- name: Add PowerDNS Repository
# ansible.builtin.apt_repository:
# repo: deb [signed-by=/etc/apt/keyrings/auth-48-pub.asc arch=amd64] http://repo.powerdns.com/debian bookworm-auth-48 main
# state: present
#
#- name: Install PowerDNS
# ansible.builtin.apt:
# pkg:
# - pdns-server
# - pdns-backend-sqlite3
# state: latest
# update_cache: yes
# register: package_install
- name: Print groups
ansible.builtin.debug:
var: groups['autosecondaries']
verbosity: 2
- name: Print hostvars
ansible.builtin.debug:
var: hostvars
verbosity: 2
- name: Get AXFR IP List
build_axfr_list:
key: ipv6
group: autosecondaries
hostvars: "{{ hostvars }}"
hosts: "{{ groups['autosecondaries'] }} "
register: axfr_list
- name: Print return information from the previous task
ansible.builtin.debug:
var: axfr_list
verbosity: 2
- name: Configure PowerDNS
ansible.builtin.template:
src: pdns.conf.j2
dest: /etc/powerdns/pdns.conf
owner: root
group: root
mode: '0640'
register: rsyslog_config

View file

@ -0,0 +1,13 @@
launch=gsqlite3
gsqlite3-database=/var/lib/powerdns/powerdns.db
local-port=36419
allow-axfr-ips={{ axfr_list.axfr_list | join(",") }}
secondary=no
autosecondary=no
log-dns-details=yes
log-dns-queries=yes
log-timestamp=yes
loglevel=6

View file

View file

@ -1,7 +1,15 @@
primaries:
autosecondaries:
hosts:
auth-dns-01.test.lauka-home.net:
dbservers:
hosts:
ipv4: 130.61.98.23
ipv6: 2603:c020:8008:753:d361:ad83:51fd:3644
auth-dns-02.test.lauka-home.net:
ipv4: 5.250.191.170
ipv6: 2001:ba0:217:e400::1
auth-dns-03.test.lauka-home.net:
ipv4: 194.164.17.227
ipv6: 2a00:da00:f218:6300::1
hidden_primary:
hosts:
queer-primary.lauka-home.net:
public_v6: 2a00:da00:f218:6300::1 # TODO