Browse Source

bind: allow for multiple bind hosts

keep-around/dd06aabd7ecaecca291d5c6ef97c5d2cfc0d54e8
Loïc Dachary 5 months ago
parent
commit
13b3d5b618
Signed by: dachary GPG Key ID: 992D23B392F9E4F2
  1. 16
      docs/release-notes.rst
  2. 15
      enough/common/dotenough.py
  3. 5
      enough/common/libvirt.py
  4. 6
      inventory/services.yml
  5. 2
      playbooks/bind/bind-client-dhcp-playbook.yml
  6. 2
      playbooks/bind/conftest.py
  7. 3
      playbooks/bind/inventory/all.yml
  8. 6
      playbooks/bind/inventory/services.yml
  9. 8
      playbooks/bind/roles/install_ssh_records/tasks/main.yml
  10. 2
      playbooks/bind/roles/monitoring-bind/tasks/main.yml
  11. 18
      playbooks/bind/tests/test_bind.py
  12. 5
      tests/__init__.py
  13. 6
      tests/enough/common/test_common_service.py

16
docs/release-notes.rst

@ -1,6 +1,22 @@
Release Notes
=============
2.1.17
------
* When using the libvirt infrastructure driver, the name of the host
running the bind service is `bind-host` by default and can be
changed. The following should be set in the
`~/.enough/example.com/inventory/services.yml`::
bind-service-group:
hosts:
bindother-host:
This is useful when running more than one Enough instance from a single libvirt
instance. When using the OpenStack infrastructure driver the bind service must
run from a host named `bind-host`.
2.1.16
------

15
enough/common/dotenough.py

@ -117,6 +117,21 @@ class DotEnough(object):
if not os.path.exists(f'{d}/certificate.yml'):
self.set_certificate(certificate_authority)
self.set_bind_service_group()
def set_bind_service_group(self):
i = f'{self.config_dir}/inventory'
if not os.path.exists(f'{i}/services.yml'):
open(f'{i}/services.yml', 'w').write(textwrap.dedent(f"""\
---
essential-service-group:
hosts:
bind-host:
bind-service-group:
hosts:
bind-host:
"""))
@staticmethod
def service2group(service):
return f'{service}-service-group'

5
enough/common/libvirt.py

@ -145,6 +145,11 @@ class Libvirt(object):
def get_definition(self, name, definition):
r = {}
#
# This hardcoded MAC is convenient for testing purposes.
# It helps to have a fixed IP for the bind server. It
# is not a requirement.
#
if name == 'bind-host':
r['mac'] = f',mac={Libvirt.BIND_MAC}'
else:

6
inventory/services.yml

@ -1,7 +1,6 @@
---
essential-service-group:
hosts:
bind-host:
hosts: {}
essential-service-hosts:
children:
@ -11,8 +10,7 @@ essential-service-hosts:
icinga-service-group:
bind-service-group:
hosts:
bind-host:
hosts: {}
bind-service-hosts:
children:

2
playbooks/bind/bind-client-dhcp-playbook.yml

@ -6,7 +6,7 @@
roles:
- role: dhclient
vars:
dns_nameservers: [ '{{ hostvars["bind-host"]["ansible_host"] }}' ]
dns_nameservers: [ '{{ hostvars[groups["bind-service-group"][0]]["ansible_host"] }}' ]
dns_search: "{{ domain }}"
dns_domain: "{{ domain }}"

2
playbooks/bind/conftest.py

@ -2,7 +2,7 @@ def pytest_addoption(parser):
parser.addoption(
"--enough-hosts",
action="store",
default="bind-host,bind-client-host,external-host,icinga-host,deleted-host",
default="bind-host,otherbind-host,bind-client-host,external-host,icinga-host,deleted-host",
help="list of hosts"
)
parser.addoption(

3
playbooks/bind/inventory/all.yml

@ -0,0 +1,3 @@
all-hosts:
hosts:
otherbind-host:

6
playbooks/bind/inventory/services.yml

@ -2,3 +2,9 @@
icinga-service-group:
hosts:
icinga-host:
bind-service-group:
hosts:
bind-host:
otherbind-host:

8
playbooks/bind/roles/install_ssh_records/tasks/main.yml

@ -6,14 +6,14 @@
loop:
- default
- openssh-client
delegate_to: bind-host
delegate_to: "{{groups['bind-service-group'][0]}}"
run_once: true
- name: install openssh-client
apt:
name: openssh-client
state: latest
delegate_to: bind-host
delegate_to: "{{groups['bind-service-group'][0]}}"
run_once: true
# The retries should not be necessary but proved useful May 2020
register: output
@ -30,7 +30,7 @@
echo "'$value',"
done
echo '] ]'
delegate_to: bind-host
delegate_to: "{{groups['bind-service-group'][0]}}"
changed_when: false
register: cmd
@ -44,5 +44,5 @@
value: "{{ sshfp.1 }}"
vars:
sshfp: "{{ cmd.stdout }}"
delegate_to: bind-host
delegate_to: "{{groups['bind-service-group'][0]}}"
notify: reload bind

2
playbooks/bind/roles/monitoring-bind/tasks/main.yml

@ -4,7 +4,7 @@
name: [ whois, libdate-manip-perl ]
state: present
- name: declare zone {{ domain }} on bind-host
- name: declare zone {{ domain }} on {{ inventory_hostname }}
template:
src: icinga-zones.conf
dest: '/etc/icinga2/zones.d/master/{{ inventory_hostname }}/conf.d/bind_{{ bind_zone_name }}.conf'

18
playbooks/bind/tests/test_bind.py

@ -1,9 +1,12 @@
import pytest
testinfra_hosts = ['ansible://icinga-host']
def test_bind(host):
domain = host.run("hostname -d").stdout.strip()
bind_host = host.get_host('ansible://bind-host',
bind_host = host.get_host(f'ansible://bind-host',
ansible_inventory=host.backend.ansible_inventory)
address = bind_host.ansible.get_variables()['ansible_host']
for h in ('ns1', 'bind', 'bind-host'):
@ -20,6 +23,19 @@ def test_bind(host):
assert h + "." + domain in cmd.stdout.strip()
@pytest.mark.parametrize("bindhost", ('bind-host', 'otherbind-host'))
def test_dig_icinga(host, bindhost):
domain = host.run("hostname -d").stdout.strip()
bind_host = host.get_host(f'ansible://{bindhost}',
ansible_inventory=host.backend.ansible_inventory)
icinga_address = host.ansible.get_variables()['ansible_host']
cmd = bind_host.run(f'dig @127.0.0.1 icinga.{domain}')
print(cmd.stdout)
print(cmd.stderr)
assert 0 == cmd.rc
assert icinga_address in cmd.stdout.strip()
def test_recursion(host):
cmd = host.run("getent hosts fsf.org")
assert 0 == cmd.rc

5
tests/__init__.py

@ -4,7 +4,7 @@ import shutil
import textwrap
import time
from enough.common.dotenough import DotEnoughLibvirt
from enough.common.dotenough import DotEnoughLibvirt, DotEnoughOpenStack
from enough.common import libvirt
from enough.common.openstack import OpenStack
from enough import settings
@ -87,6 +87,8 @@ class InfrastructureOpenStack(Infrastructure):
def prepare_config_dir(self, enough_dot_dir):
super().prepare_config_dir(enough_dot_dir)
dotenough = DotEnoughOpenStack(self.config_dir, self.domain)
dotenough.set_bind_service_group()
shutil.copyfile('tests/clouds.yml', f'{self.all_dir}/clouds.yml')
shutil.copyfile('inventory/group_vars/all/provision.yml', f'{self.all_dir}/provision.yml')
open(f'{self.all_dir}/certificate.yml', 'w').write(textwrap.dedent(f"""\
@ -138,6 +140,7 @@ class InfrastructureLibvirt(Infrastructure):
---
infrastructure_driver: libvirt
"""))
dotenough.set_bind_service_group()
def config_dir_set(self, enough_dot_dir):
super().config_dir_set(enough_dot_dir)

6
tests/enough/common/test_common_service.py

@ -49,9 +49,9 @@ def test_service_from_host(tmpdir):
def test_set_service_info(tmpdir):
s = service.Service(config_dir=tmpdir, share_dir=settings.SHARE_DIR,
domain='test.com')
assert 'bind-host' in s.service2hosts['bind']
assert len(s.service2hosts['bind']) > 0
assert ['bind-host'] == s.service2group['bind']
assert 'forum-host' in s.service2hosts['forum']
assert len(s.service2hosts['forum']) > 0
assert 'forum-host' in s.service2group['forum']
def test_update_vpn_dependencies(tmpdir):

Loading…
Cancel
Save