crans
/
ansible
mirror of http://gitlab.adm.crans.org/nounous/ansible.git
19
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge branch 'dns' into 'newinfra' 

[dns] handle LDAP zones

See merge request nounous/ansible!68
certbot_on_virtu
_benjamin 2020-08-21 16:08:05 +02:00
parent 30557b3776 884e6f8d09
commit dd55b0cf28
5 changed files with 34 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
lookup_plugins/ldap.py
View File

@ -104,6 +104,17 @@ class LookupModule(LookupBase):
result = self.base.result(query_id) result = self.base.result(query_id)
result = result[1][0][1] result = result[1][0][1]
return [str(ipaddress.ip_network('{}/{}'.format(result['ipNetworkNumber'][0].decode('utf-8'), result['ipNetmaskNumber'][0].decode('utf-8'))))] return [str(ipaddress.ip_network('{}/{}'.format(result['ipNetworkNumber'][0].decode('utf-8'), result['ipNetmaskNumber'][0].decode('utf-8'))))]
elif terms[0] == 'zones':
query_id = self.base.search(f"ou=networks,{self.base_dn}", ldap.SCOPE_ONELEVEL, "objectClass=ipNetwork")
result = self.base.result(query_id)
res = []
for _, network in result[1]:
network = network['cn'][0].decode('utf-8')
if network == 'srv':
res.append('crans.org')
else:
res.append(f"{network}.crans.org")
result = res
elif terms[0] == 'vlanid': elif terms[0] == 'vlanid':
network = terms[1] network = terms[1]
query_id = self.base.search(f"cn={network},ou=networks,{self.base_dn}", ldap.SCOPE_BASE, "objectClass=ipNetwork") query_id = self.base.search(f"cn={network},ou=networks,{self.base_dn}", ldap.SCOPE_BASE, "objectClass=ipNetwork")

8
lookup_plugins/re2oapi.py
View File

@ -638,6 +638,14 @@ class LookupModule(LookupBase):
def _getreverse(self, api_client): def _getreverse(self, api_client):
display.v("Getting dns reverse zones") display.v("Getting dns reverse zones")
return [
'76.230.185.in-addr.arpa',
'77.230.185.in-addr.arpa',
'78.230.185.in-addr.arpa',
'79.230.185.in-addr.arpa',
'0.0.7.0.c.0.a.2.ip6.arpa',
]
zones, res = None, None zones, res = None, None
if self._is_cached('dnsreverse'): if self._is_cached('dnsreverse'):

4
plays/dns.yml
View File

@ -1,7 +1,7 @@
#!/usr/bin/env ansible-playbook #!/usr/bin/env ansible-playbook
--- ---
# Deploy recursive DNS cache server # Deploy recursive DNS cache server
- hosts: odlyd.adm.crans.org - hosts: routeur-sam.adm.crans.org,routeur-daniel.adm.crans.org
roles: ["bind-recursive"] roles: ["bind-recursive"]
# Deploy authoritative DNS server # Deploy authoritative DNS server
@ -12,7 +12,7 @@
bind: bind:
masters: "{{ lookup('re2oapi', 'get_role', 'dns-authoritary-master')[0] }}" masters: "{{ lookup('re2oapi', 'get_role', 'dns-authoritary-master')[0] }}"
slaves: "{{ lookup('re2oapi', 'get_role', 'dns-authoritary-slave')[0] }}" slaves: "{{ lookup('re2oapi', 'get_role', 'dns-authoritary-slave')[0] }}"
zones: "{{ lookup('re2oapi', 'dnszones') }}" zones: "{{ (lookup('re2oapi', 'dnszones') + query('ldap', 'zones')) | unique }}"
reverse: "{{ lookup('re2oapi', 'dnsreverse') }}" reverse: "{{ lookup('re2oapi', 'dnsreverse') }}"
roles: ["bind-authoritative"] roles: ["bind-authoritative"]

2
roles/bind-authoritative/tasks/main.yml
View File

@ -17,7 +17,7 @@
- name: Is this the master? - name: Is this the master?
set_fact: set_fact:
is_master: "{{ ansible_all_ipv4_addresses | intersect(masters_ipv4) | length > 0 }}" is_master: "{{ ansible_hostname in query('ldap', 'role', 'dns-primary') }}"
cacheable: true cacheable: true
- name: Deploy Bind9 configuration - name: Deploy Bind9 configuration

12
roles/dns/tasks/main.yml
View File

@ -1,4 +1,16 @@
--- ---
- name: Install dns dependencies
apt:
update_cache: true
install_recommends: false
name:
- python3-iso8601
- python3-jinja2
- python3-ldap
register: apt_result
retries: 3
until: apt_result is succeeded
- name: Create dns directory - name: Create dns directory
file: file:
path: /var/local/dns path: /var/local/dns