Skip to content

Instantly share code, notes, and snippets.

@ngschmidt
Created November 11, 2024 04:40
Show Gist options
  • Save ngschmidt/33ce644c3873d1fe3e82f91378eaa2fc to your computer and use it in GitHub Desktop.
Save ngschmidt/33ce644c3873d1fe3e82f91378eaa2fc to your computer and use it in GitHub Desktop.
ansible_netbox_dns
---
- name: "DNS Management"
hosts: tags_lab_nameservers
vars:
reverse_zone:
v4_zonename: "10.in-addr.arpa"
v6_zonename: ".ip6.arpa"
forward_zonename: "example.net"
nameservers:
- "ns"
- "ns2"
soa: "ns"
settings:
ttl: "2d"
serial: "2024"
refresh: "3600"
retry: "600"
expiry: "608400"
zones:
- name: "example.net"
zonename: "example.net"
soa: "ns"
settings:
ttl: "2d"
serial: "2024"
refresh: "3600"
retry: "600"
expiry: "608400"
nameservers:
- "ns"
- "ns2"
tasks:
- name: "Try Fetching `example.net` IPv4 GraphQL!"
ansible.builtin.uri:
url: "https://netbox/graphql/"
method: POST
body:
query: "query { ip_address_list(filters: {dns_name: {i_contains: \"example.net\"}, family: 4}) { dns_name address }}"
body_format: "json"
headers:
Authorization: "Token {{ lookup('ansible.builtin.env', 'NETBOX_TOKEN') }}"
Content-Type: "application/json"
Accept: "application/json"
validate_certs: false
register: result_example_net_v4
- name: "Try Fetching `example.net` IPv6 GraphQL!"
ansible.builtin.uri:
url: "https://netbox.engyak.net/graphql/"
method: POST
body:
query: "query { ip_address_list(filters: {dns_name: {i_contains: \"example.net\"}, family: 6}) { dns_name address }}"
body_format: "json"
headers:
Authorization: "Token {{ lookup('ansible.builtin.env', 'NETBOX_TOKEN') }}"
Content-Type: "application/json"
Accept: "application/json"
validate_certs: false
register: result_example_net_v6
- name: "Install Prerequisites"
ansible.builtin.apt:
pkg:
- bind9
- name: "Netbox Render Forward Zone Templates"
ansible.builtin.template:
src: "netbox_forward_zone.j2"
dest: "/tmp/example.net.zone"
mode: "0644"
with_items: "{{ zones }}"
when: item.zonename == "example.net"
- name: "Netbox Render Reverse IPv4 Templates"
ansible.builtin.template:
src: "netbox_rev_zone_v4.j2"
dest: "/tmp/10.in-addr.arpa.zone"
mode: "0644"
- name: "Netbox Render Reverse IPv6 Templates"
ansible.builtin.template:
src: "netbox_rev_zone_v6.j2"
dest: "/tmp/ip6.arpa.zone"
mode: "0644"
- name: "Test Forward Zonefiles"
ansible.builtin.shell: |
named-checkzone example.net /tmp/example.net.zone
- name: "Test Reverse Zonefiles"
ansible.builtin.shell: |
named-checkzone 10.in-addr.arpa /tmp/10.in-addr.arpa.zone
named-checkzone ip6.arpa /tmp/ip6.arpa.zone
- name: "Install Forward zonefiles"
ansible.builtin.copy:
src: "/tmp/{{ item.name }}.zone"
dest: "/etc/unbound/{{ item.name }}.zone"
remote_src: true
mode: "0644"
with_items: "{{ zones }}"
- name: "Install v4 Reverse zonefiles"
ansible.builtin.copy:
src: "/tmp/10.in-addr.arpa.zone"
dest: "/etc/unbound/10.in-addr.arpa.zone"
remote_src: true
mode: "0644"
- name: "Install v6 Reverse zonefiles"
ansible.builtin.copy:
src: "/tmp/ip6.arpa.zone"
dest: "/etc/unbound/ip6.arpa.zone"
remote_src: true
mode: "0644"
- name: "Update DNS Config!"
ansible.builtin.copy:
src: conf.d/ns.example.net/unbound.conf
dest: /etc/unbound/unbound.conf
mode: "0640"
- name: "Restart Unbound!"
ansible.builtin.service:
name: "unbound"
state: "restarted"
---
name: "On-Commit: Update Configurations"
on:
push:
branches: ["main"]
permissions:
contents: read
jobs:
build:
runs-on: self-hosted
env:
NETBOX_TOKEN: ${{ secrets.NETBOX_TOKEN }}
NETBOX_API: ${{ vars.NETBOX_URL }}
steps:
- uses: actions/checkout@v4
- name: Execute Ansible Management Playbook
run: |
python3 -m venv .
source bin/activate
python3 -m pip install --upgrade pip
python3 -m pip install -r requirements.txt
ansible-playbook -i local.netbox.netbox.nb_inventory.yml dns-management.yml
$TTL {{ item.settings.ttl }}
@ IN SOA {{ item.soa }}.{{ item.zonename }}. hostmaster.{{ item.zonename }} (
{{ item.settings.serial }} ; serial
{{ item.settings.refresh }} ; refresh
{{ item.settings.retry }} ; retry
{{ item.settings.expiry }} ; expiry
3600 ) ;
;
;
{% for nameserver in item.nameservers %}
{{ item.zonename }}. IN NS {{ nameserver }}.{{ item.zonename}}.
{% endfor %}
{% for record in result_lab_engyak_net_v4.json.data.ip_address_list %}
{{ record.dns_name |replace(".lab.engyak.net","") }} IN A {{ record.address |ansible.utils.ipaddr('address') }}
{% endfor %}
{% for record in result_lab_engyak_net_v6.json.data.ip_address_list %}
{{ record.dns_name |replace(".lab.engyak.net","") }} IN AAAA {{ record.address |ansible.utils.ipaddr('address') }}
{% endfor %}
$TTL {{ reverse_zone.settings.ttl }}
@ IN SOA {{ reverse_zone.soa }}.{{ reverse_zone.forward_zonename }}. hostmaster.{{ reverse_zone.forward_zonename }} (
{{ reverse_zone.settings.serial }} ; serial
{{ reverse_zone.settings.refresh }} ; refresh
{{ reverse_zone.settings.retry }} ; retry
{{ reverse_zone.settings.expiry }} ; expiry
3600 ) ;
;
;
; authoritative servers
{% for nameserver in reverse_zone.nameservers %}
IN NS {{ nameserver }}.{{ reverse_zone.forward_zonename }}.
{% endfor %}
{% for record in result_lab_engyak_net_v4.json.data.ip_address_list %}
{% if reverse_zone.v4_zonename in record.address|ansible.utils.ipaddr('revdns')|string %}
{{ record.address |ansible.utils.ipaddr('revdns') | replace(reverse_zone.v4_zonename, '') | replace('..','') }} IN PTR {{ record.dns_name }}.
{% endif %}
{% endfor %}
$TTL {{ reverse_zone.settings.ttl }}
@ IN SOA {{ reverse_zone.soa }}.{{ reverse_zone.forward_zonename }}. hostmaster.{{ reverse_zone.forward_zonename }} (
{{ reverse_zone.settings.serial }} ; serial
{{ reverse_zone.settings.refresh }} ; refresh
{{ reverse_zone.settings.retry }} ; retry
{{ reverse_zone.settings.expiry }} ; expiry
3600 ) ;
;
;
; authoritative servers
{% for nameserver in reverse_zone.nameservers %}
IN NS {{ nameserver }}.{{ reverse_zone.forward_zonename }}.
{% endfor %}
{% for record in result_lab_engyak_net_v6.json.data.ip_address_list %}
{% if reverse_zone.v6_zonename in record.address|ansible.utils.ipaddr('revdns')|string %}
{{ record.address |ansible.utils.ipaddr('revdns') | replace(reverse_zone.v6_zonename, '') | replace('..','') }} IN PTR {{ record.dns_name }}.
{% endif %}
{% endfor %}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment