Add reverse zones
parent
bd9a7ef4e9
commit
450be99ada
|
|
@ -13,6 +13,7 @@ import requests
|
||||||
import stat
|
import stat
|
||||||
import json
|
import json
|
||||||
import collections
|
import collections
|
||||||
|
import netaddr
|
||||||
from configparser import ConfigParser
|
from configparser import ConfigParser
|
||||||
|
|
||||||
from ansible.module_utils._text import to_native
|
from ansible.module_utils._text import to_native
|
||||||
|
|
@ -312,6 +313,9 @@ class LookupModule(LookupBase):
|
||||||
- dnszones: Queries the re2o API and returns the list of all dns zones
|
- dnszones: Queries the re2o API and returns the list of all dns zones
|
||||||
nicely formatted to be rendered in a template.
|
nicely formatted to be rendered in a template.
|
||||||
|
|
||||||
|
- dnsreverse: Queries the re2o API and returns the list of all reverse
|
||||||
|
dns zones, formatted to be rendered in a template.
|
||||||
|
|
||||||
- get_role, role_name: Works in pair. Fails if role_name not provided.
|
- get_role, role_name: Works in pair. Fails if role_name not provided.
|
||||||
Queries the re2o API and returns the list of
|
Queries the re2o API and returns the list of
|
||||||
all machines whose role_type is role_name.
|
all machines whose role_type is role_name.
|
||||||
|
|
@ -402,6 +406,8 @@ class LookupModule(LookupBase):
|
||||||
display.v("\nLookup for {} \n".format(term))
|
display.v("\nLookup for {} \n".format(term))
|
||||||
if term == 'dnszones':
|
if term == 'dnszones':
|
||||||
res.append(self._getzones(api_client))
|
res.append(self._getzones(api_client))
|
||||||
|
elif term == 'dnsreverse':
|
||||||
|
res.append(self._getreverse(api_client))
|
||||||
elif term == 'get_role':
|
elif term == 'get_role':
|
||||||
try:
|
try:
|
||||||
role_name = dterms.popleft()
|
role_name = dterms.popleft()
|
||||||
|
|
@ -429,6 +435,47 @@ class LookupModule(LookupBase):
|
||||||
zones_name = [zone["name"][1:] for zone in zones]
|
zones_name = [zone["name"][1:] for zone in zones]
|
||||||
return zones_name
|
return zones_name
|
||||||
|
|
||||||
|
def _getreverse(self, api_client):
|
||||||
|
display.v("Getting dns reverse zones")
|
||||||
|
display.vvv("Contacting the API, endpoint dns/reverse-zones...")
|
||||||
|
zones = api_client.list('dns/reverse-zones')
|
||||||
|
display.vvv("...Done")
|
||||||
|
res = []
|
||||||
|
for zone in zones:
|
||||||
|
if zone['ptr_records']:
|
||||||
|
display.vvv('Found PTR records')
|
||||||
|
subnets = []
|
||||||
|
for net in zone['cidrs']:
|
||||||
|
net = netaddr.IPNetwork(net)
|
||||||
|
if net.prefixlen > 24:
|
||||||
|
subnets.extend(net.subnet(32))
|
||||||
|
elif net.prefixlen > 16:
|
||||||
|
subnets.extend(net.subnet(24))
|
||||||
|
elif net.prefixlen > 8:
|
||||||
|
subnets.extend(net.subnet(16))
|
||||||
|
else:
|
||||||
|
subnets.extend(net.subnet(8))
|
||||||
|
for subnet in subnets:
|
||||||
|
_address = netaddr.IPAddress(subnet.first)
|
||||||
|
rev_dns_a = _address.reverse_dns.split('.')[:-1]
|
||||||
|
if subnet.prefixlen == 8:
|
||||||
|
zone_name = '.'.join(rev_dns_a[3:])
|
||||||
|
elif subnet.prefixlen == 16:
|
||||||
|
zone_name = '.'.join(rev_dns_a[2:])
|
||||||
|
elif subnet.prefixlen == 24:
|
||||||
|
zone_name = '.'.join(rev_dns_a[1:])
|
||||||
|
res.append(zone_name)
|
||||||
|
display.vvv("Found reverse zone {}".format(zone_name))
|
||||||
|
if zone['ptr_v6_records']:
|
||||||
|
display.vvv("Found PTR v6 record")
|
||||||
|
net = netaddr.IPNetwork(zone['prefix_v6']+'/'+str(zone['prefix_v6_length']))
|
||||||
|
net_class = max(((net.prefixlen -1) // 4) +1, 1)
|
||||||
|
zone6_name = ".".join(
|
||||||
|
netaddr.IPAddress(net.first).reverse_dns.split('.')[32 - net_class:])[:-1]
|
||||||
|
res.append(zone6_name)
|
||||||
|
display.vvv("Found reverse zone {}".format(zone6_name))
|
||||||
|
return res
|
||||||
|
|
||||||
def _rawquery(self, api_client, endpoint):
|
def _rawquery(self, api_client, endpoint):
|
||||||
display.v("Make a raw query to endpoint {}".format(endpoint))
|
display.v("Make a raw query to endpoint {}".format(endpoint))
|
||||||
return api_client.list(endpoint)
|
return api_client.list(endpoint)
|
||||||
|
|
|
||||||
|
|
@ -44,6 +44,7 @@
|
||||||
masters: "{{ lookup('re2oapi', 'get_role', 'dns-authoritary-master')[0] }}"
|
masters: "{{ lookup('re2oapi', 'get_role', 'dns-authoritary-master')[0] }}"
|
||||||
slaves: "{{ lookup('re2oapi', 'get_role', 'dns-authoritary-slave')[0] }}"
|
slaves: "{{ lookup('re2oapi', 'get_role', 'dns-authoritary-slave')[0] }}"
|
||||||
zones: "{{ lookup('re2oapi', 'dnszones') }}"
|
zones: "{{ lookup('re2oapi', 'dnszones') }}"
|
||||||
|
reverse: "{{ lookup('re2oapi', 'dnsreverse') }}"
|
||||||
roles:
|
roles:
|
||||||
- bind-authoritative
|
- bind-authoritative
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -77,3 +77,37 @@ zone "{{ zone }}" {
|
||||||
};
|
};
|
||||||
|
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
|
||||||
|
// Crans reverse zones
|
||||||
|
{% for zone in bind.reverse %}
|
||||||
|
zone "{{ zone }}" {
|
||||||
|
{% if is_master -%}
|
||||||
|
type master;
|
||||||
|
// Apparmor: Need to ln -s /var/cache/bind/generated /var/local/re2o-services/dns/generated
|
||||||
|
file "generated/dns.{{ zone }}.zone";
|
||||||
|
allow-transfer {
|
||||||
|
{% for ip in slaves_ipv4 -%}
|
||||||
|
{{ ip }};
|
||||||
|
{% endfor -%}
|
||||||
|
{% for ip in slaves_ipv6 -%}
|
||||||
|
{{ ip }};
|
||||||
|
{% endfor -%}
|
||||||
|
};
|
||||||
|
notify yes;
|
||||||
|
{% else -%}
|
||||||
|
type slave;
|
||||||
|
file "bak.{{ zone }}";
|
||||||
|
masters {
|
||||||
|
{% for ip in masters_ipv4 -%}
|
||||||
|
{{ ip }};
|
||||||
|
{% endfor -%}
|
||||||
|
{% for ip in masters_ipv6 -%}
|
||||||
|
{{ ip }};
|
||||||
|
{% endfor -%}
|
||||||
|
};
|
||||||
|
allow-transfer { "none"; };
|
||||||
|
notify no;
|
||||||
|
{% endif -%}
|
||||||
|
};
|
||||||
|
|
||||||
|
{% endfor %}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue