nosmoht / ansible-module-powerdns Goto Github PK

TXT is missing as an RR type. Can you add it to the type choices list and documentation?

It should just work as is, but additional quotes are required or the following error triggers:

HTTP 422: Record txt.example.org./TXT 'this is txt content': Parsing record content (try 'pdnsutil check-zone'): Data field in DNS should start with quote (") at position 0 of 'this is txt content'"

To work around this I've used content: "\"this is txt content\"".

My Playbook:

- powerdns_record:
    name: "{{ item.hostname | default(inventory_hostname) }}"
    zone: "{{ domain }}."
    type: "{{ powerdns.type }}"
    content: "{{ item.ip }}"
    ttl: "{{ powerdns.ttl }}"
    pdns_host: "{{ powerdns.host }}"
    pdns_port: "{{ powerdns.port }}"
    pdns_api_key: "{{ powerdns.api_key }}"
    pdns_prot: "{{ powerdns.prot }}"
    strict_ssl_checking: "{{ powerdns.strict_ssl_checking }}"
  with_items:
    - "{{ deployment.networks }}"

changed is always true, the dns record gets created and is present. Is there a switch I'm missing or sth?

Hi,
I use python3 for ansible with var ansible_python_interpreter=/usr/bin/python3 on my mac.
I got msg when ansible was trying to create A-record in DNS server:

requests must be installed to use this module.

Requests of course is installed.

❯ python3 -m pip list  | grep requests
requests     2.25.1

what is wrong?

Hi,
thank you for this module.

I would like to suggest to mofiy the code so that content can set a list.

The MX Example (from README.md) would then look like this:

- powerdns_record:
    name: zone01.internal.example.com.
    zone: zone01.internal.example.com
    type: MX
    content: 
      - 10 mx1.zone01.internal.example.com
      - 10 mx2.zone01.internal.example.com
    pdns_host: powerdns.example.com
    pdns_port: 80
    pdns_api_key: topsecret
    pdns_prot: http
  loop:

And will even delete a wrong mx record if it was there before. Doing this from outside (without python with ansible and a dig look is not very fine, as you make sure the dig lookup will use the right resolver without caching.

See https://help.github.com/articles/licensing-a-repository/

Would be nice if this module supported the creation of NS records.

Usually they are created automatically, but sometimes manual creation is necessary, for example when DNS delegation needs to be configured.

Would be nice if your script powerdns_record.py supports some rfc checks.

For example:
You are not allowed to create an A and CNAME record for one subdomain.

Maybe you can add this check, and some other common configuration error checks.
Because PowerDNS API is not supporting any of this checks.

see: https://tools.ietf.org/html/rfc1912#section-2.4

Apparently, python's URLib/requests library at the version ansible uses is not very good at recognizing modern, high-tech certificates specifically the kind which can get a "B" or above in the SSLLabs SSL test. It would be good to have a way to disable certificate checking until upstream have fixed or otherwise addressed this issue.

This can be done by adding verify=False to the requests calls. I'll submit a patch in the morning.

Hi,
I was wondering if there is a way for using this module without search-data endpoint available (my powerdns deployment does not provide it).
I was digging over earlier commits, and am trying to use versions before get_record method was implemented.

EDIT:
Got it working, if there are more people needing this, ping me.
Closing for now

I'm trying to add SRV records with the module. However, it appears the module will only add one record total.

[jodewey:~/git/engx-ansible]   : DNACENGEX-2083-dns(+28/-28)+ ± dig _mysql._udp.dnac.xxx.com SRV

; <<>> DiG 9.10.6 <<>> _mysql._udp.dnac.xxx.com SRV
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25306
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1280
;; QUESTION SECTION:
;_mysql._udp.dnac.xxx.com.        IN      SRV

;; ANSWER SECTION:
_mysql._udp.dnac.xxx.com. 300 IN  SRV     0 5 9104 dnac-dashboard-mysql-slave.dnac-dashboard-staging.svc.cluster.local.

;; AUTHORITY SECTION:
xxx

;; ADDITIONAL SECTION:
xxx

;; Query time: 48 msec
;; SERVER: 171.70.168.183#53(171.70.168.183)
;; WHEN: Wed Sep 18 18:17:06 PDT 2019
;; MSG SIZE  rcvd: 240

E.g.: fatal: [nicola.noflag.org.uk]: FAILED! => {"changed": false, "failed": true, "msg": "Could not get zone noflag.org.uk: HTTP 404: Not found"}

I believe this is because the URL the library uses to address the API should be {prot}://{host}:{port}/api/v1 and not {prot}://{host}:{port}. When I make the afore-mentioned change to lines 90 and 82, the library works as expected. I'll submit a patch in the morning.

Although the library (or possibly the PDNS API) correctly interprets "test" to mean "test.example.org", it causes a "DNS Record is not canonical" error to be returned:

fatal: [nicola.noflag.org.uk]: FAILED! => {"changed": false, "failed": true, "msg": "Could not create record test..noflag.org.uk: HTTP 422: DNS Name 'test.example.org' is not canonical"}

This exact error occurs when the domain record is both "test" and "test.example.org", the returned string is identical in both cases (!!)

The only reference to this error is here where they suggest adding a dot and it looks from the source code here (line 412) that its tripping a function which expects the domain record to end in a "." as well. When I submitted the domain record as "test.example.org." instead of "test", the library worked more or less as expected.

I believe the documentation should be updated to reflect this --- will submit a patch in the morning.

`Ensure A record

• powerdns_record:
  name: host01.internal.example.com.
  zone: zone01.internal.example.com
  type: A
  content: 192.168.1.234
  ttl: 1440
  pdns_host: powerdns.example.com
  pdns_port: 8081
  pdns_api_key: topsecret`

This also effects zones with an error like {"msg": "Could not create zone example.org: HTTP 422: https://ns0.noflag.org.uk:443/api/v1/servers/localhost/zones: DNS Name 'example.org' is not canonical", "failed": true, "invocation": {"module_args": {"pdns_port": 443, "pdns_api_key": "xxx", "kind": "master", "name": "example.org", "nameservers": ["ns2.noflag.org.uk.", "n1.noflag.org.uk."], "masters": null, "pdns_host": "ns0.noflag.org.uk", "state": "present", "pdns_prot": "https", "server": "localhost"}}}

And nameservers with an error like {"msg": "Could not create zone example.org.: HTTP 422: https://ns0.noflag.org.uk:443/api/v1/servers/localhost/zones: Nameserver is not canonical: 'ns2.noflag.org.uk'", "failed": true, "invocation": {"module_args": {"pdns_port": 443, "pdns_api_key": "xxx", "kind": "master", "name": "example.org.", "nameservers": ["ns2.noflag.org.uk", "n1.noflag.org.uk"], "masters": null, "pdns_host": "ns0.noflag.org.uk", "state": "present", "pdns_prot": "https", "server": "localhost"}}}

It would perhaps be best to have the library itself check for the presence or absence of a dot at the end of the string for zones, records and nameservers.

• Close pls -

Example: fatal: [nicola.noflag.org.uk]: FAILED! => {"changed": false, "failed": true, "msg": "Error: No JSON object could be decoded"}

Yet PowerDNS admin shows the new record as expected.

I believe this is caused by the request body being empty on a successful run, but for some reason req.text doesn't always evaluate to False on lines 98 and 90.

Catching a JSON format exception at this point and always returning the empty dict fixes the problem and causes the library to work as expected -- will submit a patch in the morning.

if req.status_code in [200, 201, 204]: if req.text: try: return json.loads(req.text) except Exception as e: print(e) # an empty body is also expected behaviour but for some reason this doesnt always evalue to False return dict()

But I'm not sure if its a bug in PowerDNS. Here's my task:

- name: "Add domain record {{ domain }}" powerdns_record: name: "{{ domain }}" # (e.g. "test" and "test.example.org" produce the same error) zone: "{{ zone }}" # e.g. ("example.org") state: "{{ state }}" # e.g. "present" type: A content: "{{ web_server }}" # Actually an IP like 192.168.1.1 pdns_host: "{{ pdns_host }}" # e.g. "ns0.noflag.org.uk" pdns_port: "{{ pdns_port }}" # e.g. "443" pdns_api_key: "{{ pdns_key }}" # e.g. "xxx" pdns_prot: "{{ pdns_prot }}" # e.g. "https"

It seems to be raised by line 412 of misc.hh (https://github.com/PowerDNS/pdns/blob/8b3f9b4d2e4936ea929021e74813a9ff5e3f1cd0/pdns/misc.hh) which seems to be looking for a "." at the end of the domain record:

inline bool isCanonical(const string& qname) { if(qname.empty()) return false; return qname[qname.size()-1]=='.'; }

However when I mutate the "domain" variable to add a dot at the end, I get this:

Error is fatal: [nicola.noflag.org.uk]: FAILED! => {"changed": false, "failed": true, "msg": "Could not create record test..noflag.org.uk: HTTP 422: DNS Name 'test..noflag.org.uk' is not canonical"}

Without it, I just get this:

fatal: [nicola.noflag.org.uk]: FAILED! => {"changed": false, "failed": true, "msg": "Could not create record test..noflag.org.uk: HTTP 422: DNS Name 'test.noflag.org.uk' is not canonical"}

hi
I got below error. Could you please help me to solve issue?

The full traceback is:
  File "/var/folders/24/w6k0_g_s1vq5c4xvprz1_ck80000gp/T/ansible_powerdns_record_payload_fg0t06jz/ansible_powerdns_record_payload.zip/ansible/modules/powerdns_record.py", line 429, in main
  File "/var/folders/24/w6k0_g_s1vq5c4xvprz1_ck80000gp/T/ansible_powerdns_record_payload_fg0t06jz/ansible_powerdns_record_payload.zip/ansible/modules/powerdns_record.py", line 309, in ensure
  File "/var/folders/24/w6k0_g_s1vq5c4xvprz1_ck80000gp/T/ansible_powerdns_record_payload_fg0t06jz/ansible_powerdns_record_payload.zip/ansible/modules/powerdns_record.py", line 187, in get_record
  File "/var/folders/24/w6k0_g_s1vq5c4xvprz1_ck80000gp/T/ansible_powerdns_record_payload_fg0t06jz/ansible_powerdns_record_payload.zip/ansible/modules/powerdns_record.py", line 142, in _handle_request
[WARNING]: Module did not set no_log for pdns_api_password
fatal: [SWITCH1]: FAILED! => changed=false 
  invocation:
    module_args:
      content: 10.15.8.254
      disabled: false
      exclusive: true
      name: fsdfsdf.local
      pdns_api_key: null
      pdns_api_password: <password>
      pdns_api_username: <user_name>
      pdns_host: ns-master.local
      pdns_port: 80
      pdns_prot: http
      server: localhost
      set_ptr: false
      state: present
      strict_ssl_checking: true
      ttl: 600
      type: A
      zone: local
  msg: 'Error: '

https://doc.powerdns.com/authoritative/changelog/4.4.html?highlight=set%20ptr#change-4.4.0-alpha3-Removed-Features

set-ptr is not working anymore. How to set this record now?
"Auto PTR creation - Allow automatic reverse pointer creation on record updates?" is enabled but has no effect when creating records with this module.

The corresponding PTR domain exists and is working fine when configuring a ptr record via the PowerDNS Admin UI. I realise that this module is talking to the pdns and not the pdns admin API.

Would it be possible to extend this module to try adding a PTR record the same way it creates the DNS record itself?
Of course the corresponding zone has to exist prior to creating PTR entries. Since the module knows the IP address itself it could easily convert it into reverse format.

Thanks!