powerdns: switch to AXFR for secondarie

2023-01-29 08:35:08 +01:00 · 2023-01-29 08:35:08 +01:00 · c93a4d0a99
parent 31e614ab3b
commit c93a4d0a99
5 changed files with 24 additions and 13 deletions
--- a/bundles/powerdns/files/named.conf
+++ b/bundles/powerdns/files/named.conf
@ -1,6 +1,6 @@
 % for zone in sorted(zones):
 zone "${zone}" {
    file "/var/lib/powerdns/zones/${zone}";
-    type native;
+    type master;
 };
 % endfor
--- a/bundles/powerdns/files/pdns.conf
+++ b/bundles/powerdns/files/pdns.conf
@ -27,6 +27,8 @@ superslave=yes
 api=yes
 api-key=${api_key}
 webserver=yes
+webserver-address=0.0.0.0
+webserver-allow-from=0.0.0.0/0

 allow-notify-from=

--- a/bundles/powerdns/items.py
+++ b/bundles/powerdns/items.py
@ -50,11 +50,11 @@ files = {
    '/etc/powerdns/pdns.conf': {
        'content_type': 'mako',
        'context': {
-            'api_key': node.metadata['powerdns']['api_key'],
-            'my_hostname': node.metadata['powerdns'].get('my_hostname', node.metadata.get('hostname')),
-            'is_secondary': node.metadata['powerdns'].get('is_secondary', False),
-            'my_primary_servers': node.metadata['powerdns'].get('my_primary_servers', set()),
-            'my_secondary_servers': node.metadata['powerdns'].get('my_secondary_servers', set()),
+            'api_key': node.metadata.get('powerdns/api_key'),
+            'my_hostname': node.metadata.get('powerdns/my_hostname', node.metadata.get('hostname')),
+            'is_secondary': node.metadata.get('powerdns/is_secondary', False),
+            'my_primary_servers': node.metadata.get('powerdns/my_primary_servers', set()),
+            'my_secondary_servers': node.metadata.get('powerdns/my_secondary_servers', set()),
        },
        'needs': {
            'pkg_apt:pdns-server',
@ -142,12 +142,22 @@ if node.metadata.get('powerdns/features/bind', False):
            'action:powerdns_reload_zones',
        },
    }
+else:
+    files['/etc/powerdns/named.conf'] = {
+        'delete': True,
+        'needed_by': {
+            'svc_systemd:pdns',
+        },
+        'triggers': {
+            'action:powerdns_reload_zones',
+        },
+    }

-if node.metadata.get('powerdns/features/pgsql', False):
+if node.metadata.get('powerdns/features/pgsql', node.has_bundle('postgresql')):
    files['/etc/powerdns/pdns.d/pgsql.conf'] = {
        'content_type': 'mako',
        'context': {
-            'password': node.metadata['postgresql']['roles']['powerdns']['password'],
+            'password': node.metadata.get('postgresql/roles/powerdns/password'),
        },
        'needs': {
            'pkg_apt:pdns-backend-pgsql',
@ -163,7 +173,7 @@ if node.metadata.get('powerdns/features/pgsql', False):
    files['/etc/powerdns/schema.pgsql.sql'] = {}

    actions['powerdns_load_pgsql_schema'] = {
-        'command': node.metadata['postgresql']['roles']['powerdns']['password'].format_into('PGPASSWORD={} psql -h 127.0.0.1 -d powerdns -U powerdns -w < /etc/powerdns/schema.pgsql.sql'),
+        'command': node.metadata.get('postgresql/roles/powerdns/password').format_into('PGPASSWORD={} psql -h 127.0.0.1 -d powerdns -U powerdns -w < /etc/powerdns/schema.pgsql.sql'),
        'unless': 'sudo -u postgres psql -d powerdns -c "\dt" | grep domains 2>&1 >/dev/null',
        'needs': {
            'bundle:postgresql',
--- a/groups/features.py
+++ b/groups/features.py
@ -12,10 +12,6 @@ groups['dns'] = {
    },
    'metadata': {
        'powerdns': {
-            'features': {
-                'bind': True,
-                'pgsql': True,
-            },
            # Overridden in node metadata for primary server
            'is_secondary': True,
        },
--- a/nodes/gce/bind01.py
+++ b/nodes/gce/bind01.py
@ -47,6 +47,9 @@ nodes['gce.bind01'] = {
            'version': '15',
        },
        'powerdns': {
+            'features': {
+                'bind': True,
+            },
            'is_secondary': False,
            'secondary_nameservers': 'dns',
            'my_hostname': 'ns-1.kunbox.net',