nosmoht / ansible-module-powerdns Goto Github PK
View Code? Open in Web Editor NEWAnsible module to manage PowerDNS entries
License: Apache License 2.0
Ansible module to manage PowerDNS entries
License: Apache License 2.0
TXT is missing as an RR type. Can you add it to the type choices list and documentation?
It should just work as is, but additional quotes are required or the following error triggers:
HTTP 422: Record txt.example.org./TXT 'this is txt content': Parsing record content (try 'pdnsutil check-zone'): Data field in DNS should start with quote (") at position 0 of 'this is txt content'"
To work around this I've used content: "\"this is txt content\""
.
My Playbook:
- powerdns_record:
name: "{{ item.hostname | default(inventory_hostname) }}"
zone: "{{ domain }}."
type: "{{ powerdns.type }}"
content: "{{ item.ip }}"
ttl: "{{ powerdns.ttl }}"
pdns_host: "{{ powerdns.host }}"
pdns_port: "{{ powerdns.port }}"
pdns_api_key: "{{ powerdns.api_key }}"
pdns_prot: "{{ powerdns.prot }}"
strict_ssl_checking: "{{ powerdns.strict_ssl_checking }}"
with_items:
- "{{ deployment.networks }}"
changed is always true, the dns record gets created and is present. Is there a switch I'm missing or sth?
Hi,
I use python3 for ansible with var ansible_python_interpreter=/usr/bin/python3 on my mac.
I got msg when ansible was trying to create A-record in DNS server:
requests must be installed to use this module.
Requests of course is installed.
❯ python3 -m pip list | grep requests
requests 2.25.1
what is wrong?
Hi,
thank you for this module.
I would like to suggest to mofiy the code so that content can set a list.
The MX Example (from README.md) would then look like this:
- powerdns_record:
name: zone01.internal.example.com.
zone: zone01.internal.example.com
type: MX
content:
- 10 mx1.zone01.internal.example.com
- 10 mx2.zone01.internal.example.com
pdns_host: powerdns.example.com
pdns_port: 80
pdns_api_key: topsecret
pdns_prot: http
loop:
And will even delete a wrong mx record if it was there before. Doing this from outside (without python with ansible and a dig look is not very fine, as you make sure the dig lookup will use the right resolver without caching.
Would be nice if this module supported the creation of NS records.
Usually they are created automatically, but sometimes manual creation is necessary, for example when DNS delegation needs to be configured.
Would be nice if your script powerdns_record.py supports some rfc checks.
For example:
You are not allowed to create an A and CNAME record for one subdomain.
Maybe you can add this check, and some other common configuration error checks.
Because PowerDNS API is not supporting any of this checks.
Apparently, python's URLib/requests library at the version ansible uses is not very good at recognizing modern, high-tech certificates specifically the kind which can get a "B" or above in the SSLLabs SSL test. It would be good to have a way to disable certificate checking until upstream have fixed or otherwise addressed this issue.
This can be done by adding verify=False
to the requests calls. I'll submit a patch in the morning.
Hi,
I was wondering if there is a way for using this module without search-data endpoint available (my powerdns deployment does not provide it).
I was digging over earlier commits, and am trying to use versions before get_record method was implemented.
EDIT:
Got it working, if there are more people needing this, ping me.
Closing for now
I'm trying to add SRV records with the module. However, it appears the module will only add one record total.
[jodewey:~/git/engx-ansible] : DNACENGEX-2083-dns(+28/-28)+ ± dig _mysql._udp.dnac.xxx.com SRV
; <<>> DiG 9.10.6 <<>> _mysql._udp.dnac.xxx.com SRV
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25306
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1280
;; QUESTION SECTION:
;_mysql._udp.dnac.xxx.com. IN SRV
;; ANSWER SECTION:
_mysql._udp.dnac.xxx.com. 300 IN SRV 0 5 9104 dnac-dashboard-mysql-slave.dnac-dashboard-staging.svc.cluster.local.
;; AUTHORITY SECTION:
xxx
;; ADDITIONAL SECTION:
xxx
;; Query time: 48 msec
;; SERVER: 171.70.168.183#53(171.70.168.183)
;; WHEN: Wed Sep 18 18:17:06 PDT 2019
;; MSG SIZE rcvd: 240
E.g.: fatal: [nicola.noflag.org.uk]: FAILED! => {"changed": false, "failed": true, "msg": "Could not get zone noflag.org.uk: HTTP 404: Not found"}
I believe this is because the URL the library uses to address the API should be {prot}://{host}:{port}/api/v1
and not {prot}://{host}:{port}
. When I make the afore-mentioned change to lines 90 and 82, the library works as expected. I'll submit a patch in the morning.
Although the library (or possibly the PDNS API) correctly interprets "test" to mean "test.example.org", it causes a "DNS Record is not canonical" error to be returned:
fatal: [nicola.noflag.org.uk]: FAILED! => {"changed": false, "failed": true, "msg": "Could not create record test..noflag.org.uk: HTTP 422: DNS Name 'test.example.org' is not canonical"}
This exact error occurs when the domain record is both "test" and "test.example.org", the returned string is identical in both cases (!!)
The only reference to this error is here where they suggest adding a dot and it looks from the source code here (line 412) that its tripping a function which expects the domain record to end in a "." as well. When I submitted the domain record as "test.example.org." instead of "test", the library worked more or less as expected.
I believe the documentation should be updated to reflect this --- will submit a patch in the morning.
`Ensure A record
This also effects zones with an error like {"msg": "Could not create zone example.org: HTTP 422: https://ns0.noflag.org.uk:443/api/v1/servers/localhost/zones: DNS Name 'example.org' is not canonical", "failed": true, "invocation": {"module_args": {"pdns_port": 443, "pdns_api_key": "xxx", "kind": "master", "name": "example.org", "nameservers": ["ns2.noflag.org.uk.", "n1.noflag.org.uk."], "masters": null, "pdns_host": "ns0.noflag.org.uk", "state": "present", "pdns_prot": "https", "server": "localhost"}}}
And nameservers with an error like {"msg": "Could not create zone example.org.: HTTP 422: https://ns0.noflag.org.uk:443/api/v1/servers/localhost/zones: Nameserver is not canonical: 'ns2.noflag.org.uk'", "failed": true, "invocation": {"module_args": {"pdns_port": 443, "pdns_api_key": "xxx", "kind": "master", "name": "example.org.", "nameservers": ["ns2.noflag.org.uk", "n1.noflag.org.uk"], "masters": null, "pdns_host": "ns0.noflag.org.uk", "state": "present", "pdns_prot": "https", "server": "localhost"}}}
It would perhaps be best to have the library itself check for the presence or absence of a dot at the end of the string for zones, records and nameservers.
Example: fatal: [nicola.noflag.org.uk]: FAILED! => {"changed": false, "failed": true, "msg": "Error: No JSON object could be decoded"}
Yet PowerDNS admin shows the new record as expected.
I believe this is caused by the request body being empty on a successful run, but for some reason req.text doesn't always evaluate to False on lines 98 and 90.
Catching a JSON format exception at this point and always returning the empty dict fixes the problem and causes the library to work as expected -- will submit a patch in the morning.
if req.status_code in [200, 201, 204]: if req.text: try: return json.loads(req.text) except Exception as e: print(e) # an empty body is also expected behaviour but for some reason this doesnt always evalue to False return dict()
But I'm not sure if its a bug in PowerDNS. Here's my task:
- name: "Add domain record {{ domain }}" powerdns_record: name: "{{ domain }}" # (e.g. "test" and "test.example.org" produce the same error) zone: "{{ zone }}" # e.g. ("example.org") state: "{{ state }}" # e.g. "present" type: A content: "{{ web_server }}" # Actually an IP like 192.168.1.1 pdns_host: "{{ pdns_host }}" # e.g. "ns0.noflag.org.uk" pdns_port: "{{ pdns_port }}" # e.g. "443" pdns_api_key: "{{ pdns_key }}" # e.g. "xxx" pdns_prot: "{{ pdns_prot }}" # e.g. "https"
It seems to be raised by line 412 of misc.hh (https://github.com/PowerDNS/pdns/blob/8b3f9b4d2e4936ea929021e74813a9ff5e3f1cd0/pdns/misc.hh) which seems to be looking for a "." at the end of the domain record:
inline bool isCanonical(const string& qname) { if(qname.empty()) return false; return qname[qname.size()-1]=='.'; }
However when I mutate the "domain" variable to add a dot at the end, I get this:
Error is fatal: [nicola.noflag.org.uk]: FAILED! => {"changed": false, "failed": true, "msg": "Could not create record test..noflag.org.uk: HTTP 422: DNS Name 'test..noflag.org.uk' is not canonical"}
Without it, I just get this:
fatal: [nicola.noflag.org.uk]: FAILED! => {"changed": false, "failed": true, "msg": "Could not create record test..noflag.org.uk: HTTP 422: DNS Name 'test.noflag.org.uk' is not canonical"}
hi
I got below error. Could you please help me to solve issue?
The full traceback is:
File "/var/folders/24/w6k0_g_s1vq5c4xvprz1_ck80000gp/T/ansible_powerdns_record_payload_fg0t06jz/ansible_powerdns_record_payload.zip/ansible/modules/powerdns_record.py", line 429, in main
File "/var/folders/24/w6k0_g_s1vq5c4xvprz1_ck80000gp/T/ansible_powerdns_record_payload_fg0t06jz/ansible_powerdns_record_payload.zip/ansible/modules/powerdns_record.py", line 309, in ensure
File "/var/folders/24/w6k0_g_s1vq5c4xvprz1_ck80000gp/T/ansible_powerdns_record_payload_fg0t06jz/ansible_powerdns_record_payload.zip/ansible/modules/powerdns_record.py", line 187, in get_record
File "/var/folders/24/w6k0_g_s1vq5c4xvprz1_ck80000gp/T/ansible_powerdns_record_payload_fg0t06jz/ansible_powerdns_record_payload.zip/ansible/modules/powerdns_record.py", line 142, in _handle_request
[WARNING]: Module did not set no_log for pdns_api_password
fatal: [SWITCH1]: FAILED! => changed=false
invocation:
module_args:
content: 10.15.8.254
disabled: false
exclusive: true
name: fsdfsdf.local
pdns_api_key: null
pdns_api_password: <password>
pdns_api_username: <user_name>
pdns_host: ns-master.local
pdns_port: 80
pdns_prot: http
server: localhost
set_ptr: false
state: present
strict_ssl_checking: true
ttl: 600
type: A
zone: local
msg: 'Error: '
set-ptr
is not working anymore. How to set this record now?
"Auto PTR creation - Allow automatic reverse pointer creation on record updates?" is enabled but has no effect when creating records with this module.
The corresponding PTR domain exists and is working fine when configuring a ptr record via the PowerDNS Admin UI. I realise that this module is talking to the pdns and not the pdns admin API.
Would it be possible to extend this module to try adding a PTR record the same way it creates the DNS record itself?
Of course the corresponding zone has to exist prior to creating PTR entries. Since the module knows the IP address itself it could easily convert it into reverse format.
Thanks!
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.