bundles/powerdns: add support for zone transfers

2020-10-16 23:02:47 +02:00 · 2020-10-16 23:02:47 +02:00 · ca1646d394
parent f2073e72ed
commit ca1646d394
5 changed files with 78 additions and 0 deletions
--- a/bundles/powerdns/files/pdns.conf
+++ b/bundles/powerdns/files/pdns.conf
@ -16,3 +16,18 @@ security-poll-suffix=
 server-id=${node.name}

 default-ttl=86400
+
+% if is_secondary:
+# Primary server: ${my_primary_server['node']}
+slave=yes
+superslave=yes
+allow-notify-from=${','.join(my_primary_server['ips'])}
+% else:
+allow-notify-from=
+% endif
+
+% if node.metadata['powerdns'].get('my_secondary_servers'):
+# This server is a primary server for the following nodes:
+# ${', '.join(node.metadata['powerdns']['my_secondary_servers'])}
+master=yes
+% endif
--- a/bundles/powerdns/items.py
+++ b/bundles/powerdns/items.py
@ -53,6 +53,8 @@ files = {
        'content_type': 'mako',
        'context': {
            'api_key': node.metadata['powerdns']['api_key'],
+            'is_secondary': node.metadata['powerdns'].get('is_secondary', False),
+            'my_primary_server': node.metadata['powerdns'].get('my_primary_server', {}),
        },
        'needs': {
            'pkg_apt:pdns-server',
--- a/bundles/powerdns/metadata.py
+++ b/bundles/powerdns/metadata.py
@ -1,3 +1,5 @@
+from bundlewrap.exceptions import NoSuchGroup
+
 defaults = {
    'apt': {
        'packages': {
@ -23,3 +25,56 @@ defaults = {
        },
    },
 }
+
+
+@metadata_reactor
+def get_ips_of_secondary_nameservers(metadata):
+    # Secondary Nameservers can't be a primary nameserver at the same
+    # time. Return early if this is a secondary server.
+    if metadata.get('powerdns/is_secondary', False):
+        return {}
+
+    try:
+        nameservers = repo.nodes_in_group(metadata.get('powerdns/secondary_nameservers', ''))
+    except NoSuchGroup:
+        # This probably is no primary nameserver, either. Should be fine.
+        return {}
+
+    nodes = set()
+    for rnode in nameservers:
+        if rnode.name == node.name:
+            # We can't be primary and secondary at the same time
+            continue
+
+        nodes.add(rnode.name)
+
+    return {
+        'powerdns': {
+            'my_secondary_servers': nodes,
+        },
+    }
+
+
+@metadata_reactor
+def get_ips_of_primary_nameserver(metadata):
+    if not metadata.get('powerdns/is_secondary', False):
+        return {}
+
+    ips = set()
+    for rnode in repo.nodes:
+        if not node.has_bundle('powerdns'):
+            continue
+
+        if node.name in rnode.metadata.get('powerdns/my_secondary_servers', set()):
+            return {
+                'powerdns': {
+                    'my_primary_server': {
+                        'ips': {
+                            str(ip) for ip in repo.libs.tools.resolve_identifier(repo, rnode.name)
+                        },
+                        'node': rnode.name,
+                    },
+                },
+            }
+
+    return {}
--- a/groups/features.py
+++ b/groups/features.py
@ -16,6 +16,8 @@ groups['dns'] = {
                'bind': True,
                'pgsql': True,
            },
+            # Overridden in node metadata for primary server
+            'is_secondary': True,
        },
    },
 }
--- a/nodes/gce/bind01.py
+++ b/nodes/gce/bind01.py
@ -31,6 +31,10 @@ nodes['gce.bind01'] = {
                },
            },
        },
+        'powerdns': {
+            'is_secondary': False,
+            'secondary_nameservers': 'dns',
+        },
        'vm': {
            'cpu': 1,
            'ram': 1,