cronekorkn/bundlewrap
1
0
Fork 0
Code Issues Pull requests 8 Projects Releases Wiki Activity

wip

Browse source
This commit is contained in:
mwiegand 2021-11-07 14:39:56 +01:00
parent 454d71e0d9
commit 6899c30459
2 changed files with 16 additions and 21 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
bundles/bind/files/named.conf.local
View file

@ -7,11 +7,13 @@ acl "${view_name}" {
% endfor % endfor
% for view_name, view_conf in views.items(): % for view_name, view_conf in views.items():
% for name, token in view_conf['keys'].items(): % for zone_name, zone_conf in view_conf['zones'].items():
key "${name}" { % if zone_conf.get('key', False):
key "${view_name}.${zone_name}" {
algorithm hmac-sha512; algorithm hmac-sha512;
secret "${token}"; secret "${zone_conf['key']}";
}; };
% endif
% endfor % endfor
% endfor % endfor
@ -38,17 +40,16 @@ view "${view_name}" {
8.8.8.8; 8.8.8.8;
}; };
% for zone, conf in sorted(zones.items()): % for zone_name, zone_conf in sorted(view_conf['zones'].items()):
<% if view_name not in conf.get('views', ['internal', 'external']): continue %> zone "${zone_name}" {
zone "${zone}" {
type ${type}; type ${type};
% if type == 'slave': % if type == 'slave':
masters { ${master_ip}; }; masters { ${master_ip}; };
% endif % endif
% if type == 'master' and f'{view_name}.{zone}' in view_conf['keys']: % if type == 'master' and zone_conf.get('key', False):
allow-update { key "${zone}"; }; allow-update { key "${view_name}.${zone_name}"; };
% endif % endif
file "/var/lib/bind/${view_name}/db.${zone}"; file "/var/lib/bind/${view_name}/db.${zone_name}";
}; };
% endfor % endfor

18
bundles/bind/items.py
View file

@ -75,11 +75,9 @@ files['/etc/bind/named.conf.local'] = {
'type': node.metadata.get('bind/type'), 'type': node.metadata.get('bind/type'),
'master_ip': master_ip, 'master_ip': master_ip,
'views': dict(sorted( 'views': dict(sorted(
master_node.metadata.get('bind/hostname'), master_node.metadata.get('bind/views').items(),
key=lambda e: (e[1].get('default', False), e[0]), key=lambda e: (e[1].get('default', False), e[0]),
)), )),
'zones': zones,
'hostname': node.metadata.get('bind/hostname'),
}, },
'owner': 'root', 'owner': 'root',
'group': 'bind', 'group': 'bind',
@ -107,8 +105,8 @@ for view_name, view_conf in node.metadata.get('bind/views').items():
], ],
} }
for zone, conf in view_conf['zones'].items(): for zone_name, zone_conf in view_conf['zones'].items():
files[f"/var/lib/bind/{view_name}/db.{zone}"] = { files[f"/var/lib/bind/{view_name}/db.{zone_name}"] = {
'owner': 'bind', 'owner': 'bind',
'group': 'bind', 'group': 'bind',
'needs': [ 'needs': [
@ -122,19 +120,15 @@ for view_name, view_conf in node.metadata.get('bind/views').items():
], ],
} }
#FIXME: slave doesnt get updated if db doesnt get rewritten on each apply #FIXME: slave doesnt get updated if db doesnt get rewritten on each apply
files[f"/var/lib/bind/{view_name}/db.{zone}"].update({ files[f"/var/lib/bind/{view_name}/db.{zone_name}"].update({
'source': 'db', 'source': 'db',
'content_type': 'mako', 'content_type': 'mako',
'unless': f"test -f /var/lib/bind/{view_name}/db.{zone}" if conf.get('dynamic', False) else 'false', 'unless': f"test -f /var/lib/bind/{view_name}/db.{zone_name}" if zone_conf.get('dynamic', False) else 'false',
'context': { 'context': {
'serial': datetime.now().strftime('%Y%m%d%H'), 'serial': datetime.now().strftime('%Y%m%d%H'),
'records': list(filter( 'records': zone_conf['records'],
lambda record: record_matches_view(record, records, view_name),
unique_records
)),
'hostname': node.metadata.get('bind/hostname'), 'hostname': node.metadata.get('bind/hostname'),
'type': node.metadata.get('bind/type'), 'type': node.metadata.get('bind/type'),
'keys': node.metadata.get('bind/keys'),
}, },
}) })