[dns] handle LDAP zones

2020-08-11 14:05:24 +02:00 · 2020-08-11 14:05:24 +02:00 · 884e6f8d09
parent b5e7002141
commit 884e6f8d09
5 changed files with 34 additions and 3 deletions
--- a/lookup_plugins/ldap.py
+++ b/lookup_plugins/ldap.py
@ -87,6 +87,17 @@ class LookupModule(LookupBase):
            result = self.base.result(query_id)
            result = result[1][0][1]
            return [str(ipaddress.ip_network('{}/{}'.format(result['ipNetworkNumber'][0].decode('utf-8'), result['ipNetmaskNumber'][0].decode('utf-8'))))]
+        elif terms[0] == 'zones':
+            query_id = self.base.search(f"ou=networks,{self.base_dn}", ldap.SCOPE_ONELEVEL, "objectClass=ipNetwork")
+            result = self.base.result(query_id)
+            res = []
+            for _, network in result[1]:
+                network = network['cn'][0].decode('utf-8')
+                if network == 'srv':
+                    res.append('crans.org')
+                else:
+                    res.append(f"{network}.crans.org")
+            result = res
        elif terms[0] == 'vlanid':
            network = terms[1]
            query_id = self.base.search(f"cn={network},ou=networks,{self.base_dn}", ldap.SCOPE_BASE, "objectClass=ipNetwork")
--- a/lookup_plugins/re2oapi.py
+++ b/lookup_plugins/re2oapi.py
@ -638,6 +638,14 @@ class LookupModule(LookupBase):
    def _getreverse(self, api_client):
        display.v("Getting dns reverse zones")

+        return [
+            '76.230.185.in-addr.arpa',
+            '77.230.185.in-addr.arpa',
+            '78.230.185.in-addr.arpa',
+            '79.230.185.in-addr.arpa',
+            '0.0.7.0.c.0.a.2.ip6.arpa',
+        ]
+
        zones, res = None, None

        if self._is_cached('dnsreverse'):
--- a/plays/dns.yml
+++ b/plays/dns.yml
@ -1,7 +1,7 @@
 #!/usr/bin/env ansible-playbook
 ---
 # Deploy recursive DNS cache server
- hosts: odlyd.adm.crans.org
+- hosts: routeur-sam.adm.crans.org,routeur-daniel.adm.crans.org
  roles: ["bind-recursive"]

 # Deploy authoritative DNS server
@ -12,7 +12,7 @@
    bind:
      masters: "{{ lookup('re2oapi', 'get_role', 'dns-authoritary-master')[0] }}"
      slaves: "{{ lookup('re2oapi', 'get_role', 'dns-authoritary-slave')[0] }}"
-      zones: "{{ lookup('re2oapi', 'dnszones') }}"
+      zones: "{{ (lookup('re2oapi', 'dnszones') + query('ldap', 'zones')) | unique }}"
      reverse: "{{ lookup('re2oapi', 'dnsreverse') }}"
  roles: ["bind-authoritative"]

--- a/roles/bind-authoritative/tasks/main.yml
+++ b/roles/bind-authoritative/tasks/main.yml
@ -17,7 +17,7 @@

 - name: Is this the master?
  set_fact:
-    is_master: "{{ ansible_all_ipv4_addresses | intersect(masters_ipv4) | length > 0 }}"
+    is_master: "{{ ansible_hostname in query('ldap', 'role', 'dns-primary') }}"
    cacheable: true

 - name: Deploy Bind9 configuration
--- a/roles/dns/tasks/main.yml
+++ b/roles/dns/tasks/main.yml
@ -1,4 +1,16 @@
 ---
+- name: Install dns dependencies
+  apt:
+    update_cache: true
+    install_recommends: false
+    name:
+      - python3-iso8601
+      - python3-jinja2
+      - python3-ldap
+  register: apt_result
+  retries: 3
+  until: apt_result is succeeded
+
 - name: Create dns directory
  file:
    path: /var/local/dns