From c93a4d0a99332310fed7532c8b2e098b5a70ee5e Mon Sep 17 00:00:00 2001 From: Franziska Kunsmann Date: Sun, 29 Jan 2023 08:35:08 +0100 Subject: [PATCH] powerdns: switch to AXFR for secondarie --- bundles/powerdns/files/named.conf | 2 +- bundles/powerdns/files/pdns.conf | 2 ++ bundles/powerdns/items.py | 26 ++++++++++++++++++-------- groups/features.py | 4 ---- nodes/gce/bind01.py | 3 +++ 5 files changed, 24 insertions(+), 13 deletions(-) diff --git a/bundles/powerdns/files/named.conf b/bundles/powerdns/files/named.conf index 196e3f5..4154935 100644 --- a/bundles/powerdns/files/named.conf +++ b/bundles/powerdns/files/named.conf @@ -1,6 +1,6 @@ % for zone in sorted(zones): zone "${zone}" { file "/var/lib/powerdns/zones/${zone}"; - type native; + type master; }; % endfor diff --git a/bundles/powerdns/files/pdns.conf b/bundles/powerdns/files/pdns.conf index c88246f..7fcb1ca 100644 --- a/bundles/powerdns/files/pdns.conf +++ b/bundles/powerdns/files/pdns.conf @@ -27,6 +27,8 @@ superslave=yes api=yes api-key=${api_key} webserver=yes +webserver-address=0.0.0.0 +webserver-allow-from=0.0.0.0/0 allow-notify-from= diff --git a/bundles/powerdns/items.py b/bundles/powerdns/items.py index a6db93a..9444c2f 100644 --- a/bundles/powerdns/items.py +++ b/bundles/powerdns/items.py @@ -50,11 +50,11 @@ files = { '/etc/powerdns/pdns.conf': { 'content_type': 'mako', 'context': { - 'api_key': node.metadata['powerdns']['api_key'], - 'my_hostname': node.metadata['powerdns'].get('my_hostname', node.metadata.get('hostname')), - 'is_secondary': node.metadata['powerdns'].get('is_secondary', False), - 'my_primary_servers': node.metadata['powerdns'].get('my_primary_servers', set()), - 'my_secondary_servers': node.metadata['powerdns'].get('my_secondary_servers', set()), + 'api_key': node.metadata.get('powerdns/api_key'), + 'my_hostname': node.metadata.get('powerdns/my_hostname', node.metadata.get('hostname')), + 'is_secondary': node.metadata.get('powerdns/is_secondary', False), + 'my_primary_servers': node.metadata.get('powerdns/my_primary_servers', set()), + 'my_secondary_servers': node.metadata.get('powerdns/my_secondary_servers', set()), }, 'needs': { 'pkg_apt:pdns-server', @@ -142,12 +142,22 @@ if node.metadata.get('powerdns/features/bind', False): 'action:powerdns_reload_zones', }, } +else: + files['/etc/powerdns/named.conf'] = { + 'delete': True, + 'needed_by': { + 'svc_systemd:pdns', + }, + 'triggers': { + 'action:powerdns_reload_zones', + }, + } -if node.metadata.get('powerdns/features/pgsql', False): +if node.metadata.get('powerdns/features/pgsql', node.has_bundle('postgresql')): files['/etc/powerdns/pdns.d/pgsql.conf'] = { 'content_type': 'mako', 'context': { - 'password': node.metadata['postgresql']['roles']['powerdns']['password'], + 'password': node.metadata.get('postgresql/roles/powerdns/password'), }, 'needs': { 'pkg_apt:pdns-backend-pgsql', @@ -163,7 +173,7 @@ if node.metadata.get('powerdns/features/pgsql', False): files['/etc/powerdns/schema.pgsql.sql'] = {} actions['powerdns_load_pgsql_schema'] = { - 'command': node.metadata['postgresql']['roles']['powerdns']['password'].format_into('PGPASSWORD={} psql -h 127.0.0.1 -d powerdns -U powerdns -w < /etc/powerdns/schema.pgsql.sql'), + 'command': node.metadata.get('postgresql/roles/powerdns/password').format_into('PGPASSWORD={} psql -h 127.0.0.1 -d powerdns -U powerdns -w < /etc/powerdns/schema.pgsql.sql'), 'unless': 'sudo -u postgres psql -d powerdns -c "\dt" | grep domains 2>&1 >/dev/null', 'needs': { 'bundle:postgresql', diff --git a/groups/features.py b/groups/features.py index 4605270..54a58a7 100644 --- a/groups/features.py +++ b/groups/features.py @@ -12,10 +12,6 @@ groups['dns'] = { }, 'metadata': { 'powerdns': { - 'features': { - 'bind': True, - 'pgsql': True, - }, # Overridden in node metadata for primary server 'is_secondary': True, }, diff --git a/nodes/gce/bind01.py b/nodes/gce/bind01.py index a18d923..1575237 100644 --- a/nodes/gce/bind01.py +++ b/nodes/gce/bind01.py @@ -47,6 +47,9 @@ nodes['gce.bind01'] = { 'version': '15', }, 'powerdns': { + 'features': { + 'bind': True, + }, 'is_secondary': False, 'secondary_nameservers': 'dns', 'my_hostname': 'ns-1.kunbox.net',