Created
November 11, 2024 04:40
-
-
Save ngschmidt/33ce644c3873d1fe3e82f91378eaa2fc to your computer and use it in GitHub Desktop.
ansible_netbox_dns
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
- name: "DNS Management" | |
hosts: tags_lab_nameservers | |
vars: | |
reverse_zone: | |
v4_zonename: "10.in-addr.arpa" | |
v6_zonename: ".ip6.arpa" | |
forward_zonename: "example.net" | |
nameservers: | |
- "ns" | |
- "ns2" | |
soa: "ns" | |
settings: | |
ttl: "2d" | |
serial: "2024" | |
refresh: "3600" | |
retry: "600" | |
expiry: "608400" | |
zones: | |
- name: "example.net" | |
zonename: "example.net" | |
soa: "ns" | |
settings: | |
ttl: "2d" | |
serial: "2024" | |
refresh: "3600" | |
retry: "600" | |
expiry: "608400" | |
nameservers: | |
- "ns" | |
- "ns2" | |
tasks: | |
- name: "Try Fetching `example.net` IPv4 GraphQL!" | |
ansible.builtin.uri: | |
url: "https://netbox/graphql/" | |
method: POST | |
body: | |
query: "query { ip_address_list(filters: {dns_name: {i_contains: \"example.net\"}, family: 4}) { dns_name address }}" | |
body_format: "json" | |
headers: | |
Authorization: "Token {{ lookup('ansible.builtin.env', 'NETBOX_TOKEN') }}" | |
Content-Type: "application/json" | |
Accept: "application/json" | |
validate_certs: false | |
register: result_example_net_v4 | |
- name: "Try Fetching `example.net` IPv6 GraphQL!" | |
ansible.builtin.uri: | |
url: "https://netbox.engyak.net/graphql/" | |
method: POST | |
body: | |
query: "query { ip_address_list(filters: {dns_name: {i_contains: \"example.net\"}, family: 6}) { dns_name address }}" | |
body_format: "json" | |
headers: | |
Authorization: "Token {{ lookup('ansible.builtin.env', 'NETBOX_TOKEN') }}" | |
Content-Type: "application/json" | |
Accept: "application/json" | |
validate_certs: false | |
register: result_example_net_v6 | |
- name: "Install Prerequisites" | |
ansible.builtin.apt: | |
pkg: | |
- bind9 | |
- name: "Netbox Render Forward Zone Templates" | |
ansible.builtin.template: | |
src: "netbox_forward_zone.j2" | |
dest: "/tmp/example.net.zone" | |
mode: "0644" | |
with_items: "{{ zones }}" | |
when: item.zonename == "example.net" | |
- name: "Netbox Render Reverse IPv4 Templates" | |
ansible.builtin.template: | |
src: "netbox_rev_zone_v4.j2" | |
dest: "/tmp/10.in-addr.arpa.zone" | |
mode: "0644" | |
- name: "Netbox Render Reverse IPv6 Templates" | |
ansible.builtin.template: | |
src: "netbox_rev_zone_v6.j2" | |
dest: "/tmp/ip6.arpa.zone" | |
mode: "0644" | |
- name: "Test Forward Zonefiles" | |
ansible.builtin.shell: | | |
named-checkzone example.net /tmp/example.net.zone | |
- name: "Test Reverse Zonefiles" | |
ansible.builtin.shell: | | |
named-checkzone 10.in-addr.arpa /tmp/10.in-addr.arpa.zone | |
named-checkzone ip6.arpa /tmp/ip6.arpa.zone | |
- name: "Install Forward zonefiles" | |
ansible.builtin.copy: | |
src: "/tmp/{{ item.name }}.zone" | |
dest: "/etc/unbound/{{ item.name }}.zone" | |
remote_src: true | |
mode: "0644" | |
with_items: "{{ zones }}" | |
- name: "Install v4 Reverse zonefiles" | |
ansible.builtin.copy: | |
src: "/tmp/10.in-addr.arpa.zone" | |
dest: "/etc/unbound/10.in-addr.arpa.zone" | |
remote_src: true | |
mode: "0644" | |
- name: "Install v6 Reverse zonefiles" | |
ansible.builtin.copy: | |
src: "/tmp/ip6.arpa.zone" | |
dest: "/etc/unbound/ip6.arpa.zone" | |
remote_src: true | |
mode: "0644" | |
- name: "Update DNS Config!" | |
ansible.builtin.copy: | |
src: conf.d/ns.example.net/unbound.conf | |
dest: /etc/unbound/unbound.conf | |
mode: "0640" | |
- name: "Restart Unbound!" | |
ansible.builtin.service: | |
name: "unbound" | |
state: "restarted" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: "On-Commit: Update Configurations" | |
on: | |
push: | |
branches: ["main"] | |
permissions: | |
contents: read | |
jobs: | |
build: | |
runs-on: self-hosted | |
env: | |
NETBOX_TOKEN: ${{ secrets.NETBOX_TOKEN }} | |
NETBOX_API: ${{ vars.NETBOX_URL }} | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Execute Ansible Management Playbook | |
run: | | |
python3 -m venv . | |
source bin/activate | |
python3 -m pip install --upgrade pip | |
python3 -m pip install -r requirements.txt | |
ansible-playbook -i local.netbox.netbox.nb_inventory.yml dns-management.yml |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$TTL {{ item.settings.ttl }} | |
@ IN SOA {{ item.soa }}.{{ item.zonename }}. hostmaster.{{ item.zonename }} ( | |
{{ item.settings.serial }} ; serial | |
{{ item.settings.refresh }} ; refresh | |
{{ item.settings.retry }} ; retry | |
{{ item.settings.expiry }} ; expiry | |
3600 ) ; | |
; | |
; | |
{% for nameserver in item.nameservers %} | |
{{ item.zonename }}. IN NS {{ nameserver }}.{{ item.zonename}}. | |
{% endfor %} | |
{% for record in result_lab_engyak_net_v4.json.data.ip_address_list %} | |
{{ record.dns_name |replace(".lab.engyak.net","") }} IN A {{ record.address |ansible.utils.ipaddr('address') }} | |
{% endfor %} | |
{% for record in result_lab_engyak_net_v6.json.data.ip_address_list %} | |
{{ record.dns_name |replace(".lab.engyak.net","") }} IN AAAA {{ record.address |ansible.utils.ipaddr('address') }} | |
{% endfor %} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$TTL {{ reverse_zone.settings.ttl }} | |
@ IN SOA {{ reverse_zone.soa }}.{{ reverse_zone.forward_zonename }}. hostmaster.{{ reverse_zone.forward_zonename }} ( | |
{{ reverse_zone.settings.serial }} ; serial | |
{{ reverse_zone.settings.refresh }} ; refresh | |
{{ reverse_zone.settings.retry }} ; retry | |
{{ reverse_zone.settings.expiry }} ; expiry | |
3600 ) ; | |
; | |
; | |
; authoritative servers | |
{% for nameserver in reverse_zone.nameservers %} | |
IN NS {{ nameserver }}.{{ reverse_zone.forward_zonename }}. | |
{% endfor %} | |
{% for record in result_lab_engyak_net_v4.json.data.ip_address_list %} | |
{% if reverse_zone.v4_zonename in record.address|ansible.utils.ipaddr('revdns')|string %} | |
{{ record.address |ansible.utils.ipaddr('revdns') | replace(reverse_zone.v4_zonename, '') | replace('..','') }} IN PTR {{ record.dns_name }}. | |
{% endif %} | |
{% endfor %} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$TTL {{ reverse_zone.settings.ttl }} | |
@ IN SOA {{ reverse_zone.soa }}.{{ reverse_zone.forward_zonename }}. hostmaster.{{ reverse_zone.forward_zonename }} ( | |
{{ reverse_zone.settings.serial }} ; serial | |
{{ reverse_zone.settings.refresh }} ; refresh | |
{{ reverse_zone.settings.retry }} ; retry | |
{{ reverse_zone.settings.expiry }} ; expiry | |
3600 ) ; | |
; | |
; | |
; authoritative servers | |
{% for nameserver in reverse_zone.nameservers %} | |
IN NS {{ nameserver }}.{{ reverse_zone.forward_zonename }}. | |
{% endfor %} | |
{% for record in result_lab_engyak_net_v6.json.data.ip_address_list %} | |
{% if reverse_zone.v6_zonename in record.address|ansible.utils.ipaddr('revdns')|string %} | |
{{ record.address |ansible.utils.ipaddr('revdns') | replace(reverse_zone.v6_zonename, '') | replace('..','') }} IN PTR {{ record.dns_name }}. | |
{% endif %} | |
{% endfor %} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment