From 793220c0ec88c3b2c3eba0ad38cfd3165c7066cc Mon Sep 17 00:00:00 2001 From: Franziska Kunsmann Date: Sat, 17 Oct 2020 12:56:17 +0200 Subject: [PATCH] bundles/powerdns: auto-generate zonefile header based on dns server nodes --- bundles/powerdns/files/pdns.conf | 13 ++++--------- bundles/powerdns/items.py | 9 ++++----- bundles/powerdns/metadata.py | 30 +++++++++++++----------------- nodes/a.ns14.net.py | 11 +++++++++++ nodes/b.ns14.net.py | 11 +++++++++++ nodes/c.ns14.net.py | 11 +++++++++++ nodes/d.ns14.net.py | 11 +++++++++++ nodes/gce/bind01.py | 1 + 8 files changed, 66 insertions(+), 31 deletions(-) create mode 100644 nodes/a.ns14.net.py create mode 100644 nodes/b.ns14.net.py create mode 100644 nodes/c.ns14.net.py create mode 100644 nodes/d.ns14.net.py diff --git a/bundles/powerdns/files/pdns.conf b/bundles/powerdns/files/pdns.conf index dc67064..3bdffcf 100644 --- a/bundles/powerdns/files/pdns.conf +++ b/bundles/powerdns/files/pdns.conf @@ -13,21 +13,16 @@ max-tcp-connections-per-client=10 security-poll-suffix= -server-id=${node.name} +server-id=${my_hostname} -default-ttl=86400 +default-ttl=60 % if is_secondary: -# Primary server: ${my_primary_server['node']} +# Primary servers: ${', '.join(sorted(my_primary_servers['nodes']))} slave=yes superslave=yes -allow-notify-from=${','.join(my_primary_server['ips'])} +allow-notify-from=${','.join(sorted(my_primary_servers['ips']))} % else: allow-notify-from= -% endif - -% if node.metadata['powerdns'].get('my_secondary_servers'): -# This server is a primary server for the following nodes: -# ${', '.join(node.metadata['powerdns']['my_secondary_servers'])} master=yes % endif diff --git a/bundles/powerdns/items.py b/bundles/powerdns/items.py index fd07b14..6fcf13a 100644 --- a/bundles/powerdns/items.py +++ b/bundles/powerdns/items.py @@ -22,11 +22,9 @@ $TTL 60 86400 300 ) -@ IN NS bind01.gce.kunbox.net. - IN NS b.ns14.net. - IN NS c.ns14.net. - IN NS d.ns14.net. """ +for rnode in sorted(repo.nodes_in_group('dns')): + ZONE_HEADER += '@ IN NS {}\n'.format(rnode.metadata.get('powerdns', {}).get('my_hostname', rnode.hostname)) directories = { '/etc/powerdns/pdns.d': { @@ -53,8 +51,9 @@ files = { 'content_type': 'mako', 'context': { 'api_key': node.metadata['powerdns']['api_key'], + 'my_hostname': node.metadata['powerdns'].get('my_hostname', node.name), 'is_secondary': node.metadata['powerdns'].get('is_secondary', False), - 'my_primary_server': node.metadata['powerdns'].get('my_primary_server', {}), + 'my_primary_servers': node.metadata['powerdns'].get('my_primary_servers', {}), }, 'needs': { 'pkg_apt:pdns-server', diff --git a/bundles/powerdns/metadata.py b/bundles/powerdns/metadata.py index 3c28c97..14c0370 100644 --- a/bundles/powerdns/metadata.py +++ b/bundles/powerdns/metadata.py @@ -28,29 +28,25 @@ defaults = { @metadata_reactor -def get_ips_of_secondary_nameservers(metadata): - # Secondary Nameservers can't be a primary nameserver at the same - # time. Return early if this is a secondary server. - if metadata.get('powerdns/is_secondary', False): - return {} - - try: - nameservers = repo.nodes_in_group(metadata.get('powerdns/secondary_nameservers', '')) - except NoSuchGroup: - # This probably is no primary nameserver, either. Should be fine. +def get_ips_of_primary_nameservers(metadata): + if not metadata.get('powerdns/is_secondary', False): return {} + ips = set() nodes = set() - for rnode in nameservers: - if rnode.name == node.name: - # We can't be primary and secondary at the same time - continue - - nodes.add(rnode.name) + for rnode in repo.nodes_in_group('dns'): + if not rnode.metadata.get('powerdns/is_secondary', False): + ips.update({ + str(ip) for ip in repo.libs.tools.resolve_identifier(repo, rnode.name) + }) + nodes.add(rnode.name) return { 'powerdns': { - 'my_secondary_servers': nodes, + 'my_primary_servers': { + 'ips': ips, + 'nodes': nodes, + }, }, } diff --git a/nodes/a.ns14.net.py b/nodes/a.ns14.net.py new file mode 100644 index 0000000..db4d7c8 --- /dev/null +++ b/nodes/a.ns14.net.py @@ -0,0 +1,11 @@ +# This node is not actually part of this repository, it's a DNS server +# managed by AutoDNS. It needs a node file, because we're using that to +# auto-generate DNS configs. + +nodes['a.ns14.net'] = { + 'hostname': 'a.ns14.net', + 'dummy': True, + 'groups': { + 'dns', + }, +} diff --git a/nodes/b.ns14.net.py b/nodes/b.ns14.net.py new file mode 100644 index 0000000..c9ea427 --- /dev/null +++ b/nodes/b.ns14.net.py @@ -0,0 +1,11 @@ +# This node is not actually part of this repository, it's a DNS server +# managed by AutoDNS. It needs a node file, because we're using that to +# auto-generate DNS configs. + +nodes['b.ns14.net'] = { + 'hostname': 'b.ns14.net', + 'dummy': True, + 'groups': { + 'dns', + }, +} diff --git a/nodes/c.ns14.net.py b/nodes/c.ns14.net.py new file mode 100644 index 0000000..58b36c9 --- /dev/null +++ b/nodes/c.ns14.net.py @@ -0,0 +1,11 @@ +# This node is not actually part of this repository, it's a DNS server +# managed by AutoDNS. It needs a node file, because we're using that to +# auto-generate DNS configs. + +nodes['c.ns14.net'] = { + 'hostname': 'c.ns14.net', + 'dummy': True, + 'groups': { + 'dns', + }, +} diff --git a/nodes/d.ns14.net.py b/nodes/d.ns14.net.py new file mode 100644 index 0000000..728c644 --- /dev/null +++ b/nodes/d.ns14.net.py @@ -0,0 +1,11 @@ +# This node is not actually part of this repository, it's a DNS server +# managed by AutoDNS. It needs a node file, because we're using that to +# auto-generate DNS configs. + +nodes['d.ns14.net'] = { + 'hostname': 'd.ns14.net', + 'dummy': True, + 'groups': { + 'dns', + }, +} diff --git a/nodes/gce/bind01.py b/nodes/gce/bind01.py index dc6ae76..9c0230c 100644 --- a/nodes/gce/bind01.py +++ b/nodes/gce/bind01.py @@ -34,6 +34,7 @@ nodes['gce.bind01'] = { 'powerdns': { 'is_secondary': False, 'secondary_nameservers': 'dns', + 'my_hostname': 'ns-1.kunbox.net', }, 'vm': { 'cpu': 1,