diff --git a/lookup_plugins/ldap.py b/lookup_plugins/ldap.py index 7810204e..05a5493d 100644 --- a/lookup_plugins/ldap.py +++ b/lookup_plugins/ldap.py @@ -104,6 +104,17 @@ class LookupModule(LookupBase): result = self.base.result(query_id) result = result[1][0][1] return [str(ipaddress.ip_network('{}/{}'.format(result['ipNetworkNumber'][0].decode('utf-8'), result['ipNetmaskNumber'][0].decode('utf-8'))))] + elif terms[0] == 'zones': + query_id = self.base.search(f"ou=networks,{self.base_dn}", ldap.SCOPE_ONELEVEL, "objectClass=ipNetwork") + result = self.base.result(query_id) + res = [] + for _, network in result[1]: + network = network['cn'][0].decode('utf-8') + if network == 'srv': + res.append('crans.org') + else: + res.append(f"{network}.crans.org") + result = res elif terms[0] == 'vlanid': network = terms[1] query_id = self.base.search(f"cn={network},ou=networks,{self.base_dn}", ldap.SCOPE_BASE, "objectClass=ipNetwork") diff --git a/lookup_plugins/re2oapi.py b/lookup_plugins/re2oapi.py index 7202b30a..cfcc2757 100644 --- a/lookup_plugins/re2oapi.py +++ b/lookup_plugins/re2oapi.py @@ -638,6 +638,14 @@ class LookupModule(LookupBase): def _getreverse(self, api_client): display.v("Getting dns reverse zones") + return [ + '76.230.185.in-addr.arpa', + '77.230.185.in-addr.arpa', + '78.230.185.in-addr.arpa', + '79.230.185.in-addr.arpa', + '0.0.7.0.c.0.a.2.ip6.arpa', + ] + zones, res = None, None if self._is_cached('dnsreverse'): diff --git a/plays/dns.yml b/plays/dns.yml index aa9b0a56..dd5f2a5a 100755 --- a/plays/dns.yml +++ b/plays/dns.yml @@ -1,7 +1,7 @@ #!/usr/bin/env ansible-playbook --- # Deploy recursive DNS cache server -- hosts: odlyd.adm.crans.org +- hosts: routeur-sam.adm.crans.org,routeur-daniel.adm.crans.org roles: ["bind-recursive"] # Deploy authoritative DNS server @@ -12,7 +12,7 @@ bind: masters: "{{ lookup('re2oapi', 'get_role', 'dns-authoritary-master')[0] }}" slaves: "{{ lookup('re2oapi', 'get_role', 'dns-authoritary-slave')[0] }}" - zones: "{{ lookup('re2oapi', 'dnszones') }}" + zones: "{{ (lookup('re2oapi', 'dnszones') + query('ldap', 'zones')) | unique }}" reverse: "{{ lookup('re2oapi', 'dnsreverse') }}" roles: ["bind-authoritative"] diff --git a/roles/bind-authoritative/tasks/main.yml b/roles/bind-authoritative/tasks/main.yml index b5bbb4a8..40fe1963 100644 --- a/roles/bind-authoritative/tasks/main.yml +++ b/roles/bind-authoritative/tasks/main.yml @@ -17,7 +17,7 @@ - name: Is this the master? set_fact: - is_master: "{{ ansible_all_ipv4_addresses | intersect(masters_ipv4) | length > 0 }}" + is_master: "{{ ansible_hostname in query('ldap', 'role', 'dns-primary') }}" cacheable: true - name: Deploy Bind9 configuration diff --git a/roles/dns/tasks/main.yml b/roles/dns/tasks/main.yml index 1c1e16d8..eb3d9958 100644 --- a/roles/dns/tasks/main.yml +++ b/roles/dns/tasks/main.yml @@ -1,4 +1,16 @@ --- +- name: Install dns dependencies + apt: + update_cache: true + install_recommends: false + name: + - python3-iso8601 + - python3-jinja2 + - python3-ldap + register: apt_result + retries: 3 + until: apt_result is succeeded + - name: Create dns directory file: path: /var/local/dns