PowerDNS instead of bind9 #2

Merged
kunsi merged 23 commits from kunsi-feature-powerdns-instead-of-bind into main 2020-10-17 11:12:35 +00:00
6 changed files with 124 additions and 3 deletions
Showing only changes of commit df852e8ef9 - Show all commits

View file

@ -0,0 +1,2 @@
launch+=bind
bind-config=/etc/powerdns/named.conf

View file

@ -0,0 +1,6 @@
% for zone in sorted(zones):
zone "${zone}" {
file "/var/lib/powerdns/zones/${zone}";
type native;
};
% endfor

View file

@ -1,3 +1,16 @@
launch=bind,psql
launch=
include-dir=/etc/powerdns/pdns.d
api=yes
api-key=${api_key}
webserver=yes
disable-syslog=yes
log-timestamp=no
max-tcp-connections=500
max-tcp-connections-per-client=10
security-poll-suffix=
server-id=${node.name}

View file

@ -1,13 +1,103 @@
from datetime import datetime
from os import listdir
from os.path import isfile, join
from subprocess import check_output
zone_path = join(repo.path, 'data', 'powerdns', 'files', 'bind-zones')
ZONE_HEADER = """
; _ ____ _ _ _____ _ _ _ _ ____
; / \\ / ___| | | |_ _| | | | \\ | |/ ___|
; / _ \\| | | |_| | | | | | | | \\| | | _
; / ___ \\ |___| _ | | | | |_| | |\\ | |_| |
; /_/ \\_\\____|_| |_| |_| \\___/|_| \\_|\\____|
;
; --> Diese Datei wird von BundleWrap verwaltet! <--
$TTL 60
@ IN SOA ns-1.kunbox.net. hostmaster.kunbox.net. (
{serial}
3600
3600
86400
300
)
@ IN NS bind01.gce.kunbox.net.
IN NS b.ns14.net.
IN NS c.ns14.net.
IN NS d.ns14.net.
"""
default_attributes = {
'needs': {
'pkg_apt:pdns-server',
'pkg_apt:pdns-backend-bind',
'pkg_apt:pdns-backend-pgsql',
},
'triggers': {
'svc_systemd:pdns:restart',
},
}
directories = {
'/etc/powerdns/pdns.d': {
'purge': True,
**default_attributes,
},
'/var/lib/powerdns/zones': {
'purge': True,
**default_attributes
}
}
files = {
'/etc/powerdns/pdns.conf': {
'content_type': 'mako',
'context': {
'api_key': node.metadata['powerdns']['api_key'],
},
**default_attributes,
},
}
svc_systemd = {
'pdns': {
'needs': {
'pkg_apt:pdns-server',
'directory:',
'file:',
},
},
}
if node.metadata['powerdns'].get('features', {}).get('bind', False):
primary_zones = set()
for zone in listdir(zone_path):
if not isfile(join(zone_path, zone)) or zone.startswith(".") or zone.startswith("_"):
continue
try:
output = check_output(['git', 'log', '-1', '--pretty=%ci', join(zone_path, zone)]).decode('utf-8').strip()
serial = datetime.strptime(output, '%Y-%m-%d %H:%M:%S %z').strftime('%y%m%d%H%M')
except:
serial = datetime.now().strftime('%y%m%d0000')
primary_zones.add(zone)
files["/var/lib/powerdns/zones/{}".format(zone)] = {
'content_type': 'mako',
'context': {
'header': ZONE_HEADER.format(serial=serial),
'metadata_records': node.metadata.get('powerdns', {}).get('bind-zones', {}).get(zone, {}).get('records', []),
},
'source': 'bind-zones/{}'.format(zone),
**default_attributes
}
files['/etc/powerdns/pdns.d/bind.conf'] = default_attributes
files['/etc/powerdns/named.conf'] = {
'content_type': 'mako',
'context': {
'zones': primary_zones,
},
**default_attributes
}

View file

@ -7,6 +7,9 @@ defaults = {
'pdns-backend-pgsql': {},
},
},
'powerdns': {
'api_key': repo.vault.password_for('{} powerdns api'.format(node.name)),
},
'postgresql': {
'users': {
'powerdns': {

View file

@ -10,4 +10,11 @@ groups['dns'] = {
'postgresql',
'powerdns',
},
'metadata': {
'powerdns': {
'features': {
'bind': True,
},
},
},
}