Created
January 7, 2024 20:03
-
-
Save ngschmidt/d0862985e382b052fd3f42bbc4082af3 to your computer and use it in GitHub Desktop.
Ansible Build DNS Zones from SoT
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| - name: "Build DNS Zonefiles" | |
| hosts: localhost | |
| vars: | |
| zones: | |
| - name: "add_here.zone" | |
| zonename: "add_here" | |
| soa: "ns" | |
| settings: | |
| ttl: "2d" | |
| serial: "2024010700" | |
| refresh: "3600" | |
| retry: "600" | |
| expiry: "608400" | |
| nameservers: | |
| - "ns" | |
| reverse_zones: | |
| ip4: "add_here.in-addr.arpa" | |
| ip6: "add_here.ip6.arpa" | |
| records: | |
| - name: "ns" | |
| type: "A" | |
| addr: "1.1.1.1" | |
| - name: "ns" | |
| type: "AAAA" | |
| addr: "3001::53" | |
| tasks: | |
| - name: "Ansible Self-Test!" | |
| ansible.builtin.ping: ~ | |
| - name: "Render Templates" | |
| ansible.builtin.template: | |
| src: "forward_zone.j2" | |
| dest: "{{ item.name }}" | |
| with_items: "{{ zones }}" | |
| - name: "Render Reverse IPv4 Templates" | |
| ansible.builtin.template: | |
| src: "rev_zone_v4.j2" | |
| dest: "{{ item.reverse_zones.ip4 }}.zone" | |
| with_items: "{{ zones }}" | |
| - name: "Render Reverse IPv6 Templates" | |
| ansible.builtin.template: | |
| src: "rev_zone_v6.j2" | |
| dest: "{{ item.reverse_zones.ip6 }}.zone" | |
| with_items: "{{ zones }}" | |
| when: item.reverse_zones.ip6 is defined | |
| - name: "Test Forward Zonefiles" | |
| ansible.builtin.shell: "named-checkzone {{ item.zonename }} {{ item.name }}" | |
| with_items: "{{ zones }}" | |
| - name: "Test Reverse IPv4 Zonefiles" | |
| ansible.builtin.shell: "named-checkzone {{ item.reverse_zones.ip4 }} {{ item.reverse_zones.ip4 }}.zone" | |
| with_items: "{{ zones }}" | |
| - name: "Test Reverse IPv6 Zonefiles" | |
| ansible.builtin.shell: "named-checkzone {{ item.reverse_zones.ip6 }} {{ item.reverse_zones.ip6 }}.zone" | |
| with_items: "{{ zones }}" | |
| when: item.reverse_zones.ip6 is defined |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "On-Commit: Render DNS Zones" | |
| on: | |
| push: | |
| branches: [ "main" ] | |
| permissions: | |
| contents: read | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Test Code! | |
| run: | | |
| cd zonefiles | |
| sudo apt install bind9 | |
| python3 -m venv . | |
| source bin/activate | |
| python3 -m pip install --upgrade pip | |
| python3 -m pip install -r requirements.txt | |
| python3 --version | |
| ansible --version | |
| python3 -m pip install netaddr | |
| echo "$PWD" | |
| ansible-playbook draw_zones.yml | |
| cat *.zone |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $TTL {{ item.settings.ttl }} | |
| @ IN SOA {{ item.soa }}.{{ item.zonename }}. hostmaster.{{ item.zonename }} ( | |
| {{ item.settings.serial }} ; serial | |
| {{ item.settings.refresh }} ; refresh | |
| {{ item.settings.retry }} ; retry | |
| {{ item.settings.expiry }} ; expiry | |
| 3600 ) ; | |
| ; | |
| ; | |
| {% for nameserver in item.nameservers %} | |
| {{ item.zonename }}. IN NS {{ nameserver }}.{{ item.zonename}}. | |
| {% endfor %} | |
| {% for record in item.records %} | |
| {{ record.name }} IN {{ record.type }} {{ record.addr }} | |
| {% endfor %} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $TTL {{ item.settings.ttl }} | |
| @ IN SOA {{ item.soa }}.{{ item.zonename }}. hostmaster.{{ item.zonename }} ( | |
| {{ item.settings.serial }} ; serial | |
| {{ item.settings.refresh }} ; refresh | |
| {{ item.settings.retry }} ; retry | |
| {{ item.settings.expiry }} ; expiry | |
| 3600 ) ; | |
| ; | |
| ; | |
| ; authoritative servers | |
| {% for nameserver in item.nameservers %} | |
| IN NS {{ nameserver }}.{{ item.zonename }}. | |
| {% endfor %} | |
| ; Reverse zone name: {{ item.reverse_zones.ip4 }} | |
| ; Forward zone name: {{ item.zonename }} | |
| {% for record in item.records %} | |
| {% if item.reverse_zones.ip4 in record.addr|ansible.utils.ipaddr('revdns')|string %} | |
| {{ record.addr |ansible.utils.ipaddr('revdns') | replace(item.reverse_zones.ip4, '') | replace('..','') }} IN PTR {{ record.name }}.{{ item.zonename }}. | |
| {% endif %} | |
| {% endfor %} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $TTL {{ item.settings.ttl }} | |
| @ IN SOA {{ item.soa }}.{{ item.zonename }}. hostmaster.{{ item.zonename }} ( | |
| {{ item.settings.serial }} ; serial | |
| {{ item.settings.refresh }} ; refresh | |
| {{ item.settings.retry }} ; retry | |
| {{ item.settings.expiry }} ; expiry | |
| 3600 ) ; | |
| ; | |
| ; | |
| ; authoritative servers | |
| {% for nameserver in item.nameservers %} | |
| IN NS {{ nameserver }}.{{ item.zonename }}. | |
| {% endfor %} | |
| ; Reverse zone name: {{ item.reverse_zones.ip6 }} | |
| ; Forward zone name: {{ item.zonename }} | |
| {% for record in item.records %} | |
| {% if item.reverse_zones.ip6 in record.addr|ansible.utils.ipaddr('revdns')|string %} | |
| {{ record.addr |ansible.utils.ipaddr('revdns') | replace(item.reverse_zones.ip6, '') | replace('..','') }} IN PTR {{ record.name }}.{{ item.zonename }}. | |
| {% endif %} | |
| {% endfor %} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment