diff --git a/bundles/powerdns/files/bind.conf b/bundles/powerdns/files/bind.conf new file mode 100644 index 0000000..01775c1 --- /dev/null +++ b/bundles/powerdns/files/bind.conf @@ -0,0 +1,2 @@ +launch+=bind +bind-config=/etc/powerdns/named.conf diff --git a/bundles/powerdns/files/named.conf b/bundles/powerdns/files/named.conf new file mode 100644 index 0000000..925e314 --- /dev/null +++ b/bundles/powerdns/files/named.conf @@ -0,0 +1,6 @@ +% for zone in sorted(zones): +zone "${zone}" { + file "/var/lib/powerdns/zones/${zone}"; + type native; +}; +% endfor diff --git a/bundles/powerdns/files/pdns.conf b/bundles/powerdns/files/pdns.conf index 4c2b1dc..5bb2c83 100644 --- a/bundles/powerdns/files/pdns.conf +++ b/bundles/powerdns/files/pdns.conf @@ -1,3 +1,16 @@ -launch=bind,psql - +launch= include-dir=/etc/powerdns/pdns.d + +api=yes +api-key=${api_key} +webserver=yes + +disable-syslog=yes +log-timestamp=no + +max-tcp-connections=500 +max-tcp-connections-per-client=10 + +security-poll-suffix= + +server-id=${node.name} diff --git a/bundles/powerdns/items.py b/bundles/powerdns/items.py index 30b64d6..45abff3 100644 --- a/bundles/powerdns/items.py +++ b/bundles/powerdns/items.py @@ -1,13 +1,103 @@ +from datetime import datetime +from os import listdir +from os.path import isfile, join +from subprocess import check_output + +zone_path = join(repo.path, 'data', 'powerdns', 'files', 'bind-zones') + +ZONE_HEADER = """ +; _ ____ _ _ _____ _ _ _ _ ____ +; / \\ / ___| | | |_ _| | | | \\ | |/ ___| +; / _ \\| | | |_| | | | | | | | \\| | | _ +; / ___ \\ |___| _ | | | | |_| | |\\ | |_| | +; /_/ \\_\\____|_| |_| |_| \\___/|_| \\_|\\____| +; +; --> Diese Datei wird von BundleWrap verwaltet! <-- + +$TTL 60 +@ IN SOA ns-1.kunbox.net. hostmaster.kunbox.net. ( + {serial} + 3600 + 3600 + 86400 + 300 + ) +@ IN NS bind01.gce.kunbox.net. + IN NS b.ns14.net. + IN NS c.ns14.net. + IN NS d.ns14.net. +""" + +default_attributes = { + 'needs': { + 'pkg_apt:pdns-server', + 'pkg_apt:pdns-backend-bind', + 'pkg_apt:pdns-backend-pgsql', + }, + 'triggers': { + 'svc_systemd:pdns:restart', + }, +} + directories = { '/etc/powerdns/pdns.d': { 'purge': True, + **default_attributes, }, + '/var/lib/powerdns/zones': { + 'purge': True, + **default_attributes + } } files = { '/etc/powerdns/pdns.conf': { + 'content_type': 'mako', + 'context': { + 'api_key': node.metadata['powerdns']['api_key'], + }, + **default_attributes, + }, +} + +svc_systemd = { + 'pdns': { 'needs': { - 'pkg_apt:pdns-server', + 'directory:', + 'file:', }, }, } + +if node.metadata['powerdns'].get('features', {}).get('bind', False): + primary_zones = set() + for zone in listdir(zone_path): + if not isfile(join(zone_path, zone)) or zone.startswith(".") or zone.startswith("_"): + continue + + try: + output = check_output(['git', 'log', '-1', '--pretty=%ci', join(zone_path, zone)]).decode('utf-8').strip() + serial = datetime.strptime(output, '%Y-%m-%d %H:%M:%S %z').strftime('%y%m%d%H%M') + except: + serial = datetime.now().strftime('%y%m%d0000') + + primary_zones.add(zone) + + files["/var/lib/powerdns/zones/{}".format(zone)] = { + 'content_type': 'mako', + 'context': { + 'header': ZONE_HEADER.format(serial=serial), + 'metadata_records': node.metadata.get('powerdns', {}).get('bind-zones', {}).get(zone, {}).get('records', []), + }, + 'source': 'bind-zones/{}'.format(zone), + **default_attributes + } + + files['/etc/powerdns/pdns.d/bind.conf'] = default_attributes + files['/etc/powerdns/named.conf'] = { + 'content_type': 'mako', + 'context': { + 'zones': primary_zones, + }, + **default_attributes + } diff --git a/bundles/powerdns/metadata.py b/bundles/powerdns/metadata.py index dd33090..4e18293 100644 --- a/bundles/powerdns/metadata.py +++ b/bundles/powerdns/metadata.py @@ -7,6 +7,9 @@ defaults = { 'pdns-backend-pgsql': {}, }, }, + 'powerdns': { + 'api_key': repo.vault.password_for('{} powerdns api'.format(node.name)), + }, 'postgresql': { 'users': { 'powerdns': { diff --git a/groups/features.py b/groups/features.py index a468356..1c5009e 100644 --- a/groups/features.py +++ b/groups/features.py @@ -10,4 +10,11 @@ groups['dns'] = { 'postgresql', 'powerdns', }, + 'metadata': { + 'powerdns': { + 'features': { + 'bind': True, + }, + }, + }, }