aurore/ansible
aurore/ansible
11
2
Fork 0
Code Issues 1 Pull requests 13 Releases Wiki Activity

dns: add various hosts

Browse source
This commit is contained in:
jeltz 2025-01-01 14:15:25 +01:00
parent 3b1ae6206f
commit 1d38cb9943
Signed by: jeltz
GPG key ID: 800882B66C0C3326
3 changed files with 172 additions and 193 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

334
host_vars/ns-master.int.infra.auro.re/knotd.yml
View file

@ -99,7 +99,6 @@ knotd__queryacl:
knotd__soa_rname: root@auro.re.
knotd__hosts:
auro.re:
proxy-ovh:
- 92.222.211.195
@ -156,29 +155,10 @@ knotd__hosts:
grocy.bric:
- 45.66.111.133
- 2a09:6840:111::133
adh.auro.re:
hoffman:
- 45.66.110.1
- 2a09:6840:110:0:2d8:61ff:fe56:d7eb
hindley:
- 45.66.110.3
- 2a09:6840:110:0:a6ba:dbff:fe03:1f36
yberreby:
- 45.66.110.5
- 2a09:6840:110:0:d896:1dff:fe59:8381
paon:
- 45.66.110.10
- 2a09:6840:110:0:231:92ff:fe1b:ae22
lovelace:
- 45.66.110.45
- 2a09:6840:110:0:c634:6bff:feb5:7bcc
switch-leo:
- 45.66.110.103
- 2a09:6840:110:0:82cc:9cff:fe82:ca3e
haskell:
- 45.66.110.112
- 2a09:6840:110:0:f4ac:cbff:fe81:7f48
lyshyga0:
- 45.66.110.113
- 2a09:6840:110:0:6af7:28ff:fe91:e8d9
@ -205,15 +185,173 @@ knotd__hosts:
rpijutax:
- 45.66.110.190
- 2a09:6840:110:0:ba27:ebff:fe76:a9bc
lafeychine:
- 45.66.110.200
- 2a09:6840:110:0:46a5:6eff:fe71:1
polaris:
- 45.66.110.245
- 2a09:6840:110:0:dea6:32ff:feb4:d033
infra.auro.re:
services-1.ceph:
- 2a09:6840:214::1:1
- 10.214.1.1
services-2.ceph:
- 2a09:6840:214::1:2
- 10.214.1.2
services-3.ceph:
- 2a09:6840:209::1:3
- 10.214.1.3
services-1.pve:
- 2a09:6840:209::2:1
- 10.209.2.1
services-2.pve:
- 2a09:6840:209::2:2
- 10.209.2.2
network-1.pve:
- 2a09:6840:209::1:1
- 10.209.1.1
network-2.pve:
- 2a09:6840:209::1:2
- 10.209.1.2
services-3.pve:
- 2a09:6840:209::2:3
- 10.209.2.3
caradoc.bmc:
- 2a09:6840:208::1:1
- 10.208.1.1
services-1.bmc:
- 2a09:6840:208::1:2
- 10.208.1.2
services-2.bmc:
- 2a09:6840:208::1:3
- 10.208.1.3
services-3.bmc:
- 2a09:6840:208::1:4
- 10.208.1.4
perceval.bmc:
- 2a09:6840:208::1:5
- 10.208.1.5
chapalux.bmc:
- 2a09:6840:208::1:6
- 10.208.1.6
loki.bmc:
- 2a09:6840:208::1:7
- 10.208.1.7
network-1.bmc:
- 2a09:6840:208::1:8
- 10.208.1.8
network-2.bmc:
- 2a09:6840:208::1:9
- 10.208.1.9
escalope.bmc:
- 2a09:6840:208::1:10
- 10.208.1.10
edge-1.back:
- 2a09:6840:203::1:1
- 10.203.1.1
edge-2.back:
- 2a09:6840:203::1:2
- 10.203.1.2
isp-1.back:
- 2a09:6840:203::1:5
- 10.203.1.5
isp-2.back:
- 2a09:6840:203::1:6
- 10.203.1.6
infra-1.back:
- 2a09:6840:203::1:3
- 10.203.1.3
infra-2.back:
- 2a09:6840:203::1:4
- 10.203.1.4
ns-master.int:
- 2a09:6840:128:0::110
- 10.128.0.110
dns-1.int:
- 2a09:6840:206::1:1
- 10.206.1.1
dns-2.int:
- 2a09:6840:206::1:2
- 10.206.1.2
nis2.int:
- 2a09:6840:206::2:1
- 10.206.2.1
ldap-1.int:
- 10.128.10.8
- 2a09:6840:128::10:8
ldap-2.int:
- 10.128.10.108
- 2a09:6840:128::10:108
ntp-1.int:
- 2a09:6840:206::1:5
- 10.206.1.5
ntp-2.int:
- 2a09:6840:206::1:6
- 10.206.1.6
wg-1.vpn:
- 2a09:6840:213::1:3
- 10.213.1.3
wg-2.vpn:
- 2a09:6840:213::1:4
- 10.213.1.4
dhcp-1.isp:
- 2a09:6840:210::1:1
- 10.210.1.1
dhcp-2.isp:
- 2a09:6840:210::1:2
- 10.210.1.2
radius-1.isp:
- 2a09:6840:210::1:3
- 10.210.1.3
radius-2.isp:
- 2a09:6840:210::1:4
- 10.210.1.4
prometheus-1.monit:
- 2a09:6840:204::1:1
- 10.204.1.1
prometheus-2.monit:
- 2a09:6840:204::1:2
- 10.204.1.2
ff-1.core.sw:
- 10.207.1.1
ff-2.core.sw:
- 10.207.1.2
fl-1.core.sw:
- 10.207.1.3
fl-2.core.sw:
- 10.207.1.4
fd-1.core.sw:
- 10.207.1.5
ff-3.core.sw:
- 10.207.1.6
gk-1.core.sw:
- 10.207.2.1
eb-1.core.sw:
- 10.207.3.1
r3-1.core.sw:
- 10.207.4.1
eb-1.ups:
- 2a09:6840:201::3:1
- 10.201.3.1
ec-1.ups:
- 2a09:6840:201::3:2
- 10.201.3.2
mx.test:
- 2a09:6840:211::1:5
- 10.211.1.5
collabora.ext:
- 2a09:6840:211::1:1
- 10.211.1.1
proxy.pub:
- 2a09:6840:215::1:1
- 45.66.111.206
ns-1.pub:
- 2a09:6840:215::1:2
- 45.66.111.205
ns-2.pub:
- 2a09:6840:215::1:3
- 45.66.111.207
ns-3.ovh:
- 92.222.211.194
knotd__zones:
auro.re:
dnssec_policy: public
notify:
@ -329,7 +467,6 @@ knotd__zones:
hosts: "{{ knotd__hosts['auro.re']
| combine(knotd__hosts['adh.auro.re']
| add_origin_keys('adh.auro.re.')) }}"
test.auro.re:
dnssec_policy: public
notify:
@ -362,7 +499,6 @@ knotd__zones:
mx:
- 2a09:6840:211::1:5
- 45.66.111.205
infra.auro.re:
dnssec_policy: infra
notify:
@ -379,147 +515,7 @@ knotd__zones:
- ns-1.pub.infra.auro.re.
- ns-2.pub.infra.auro.re.
- ns-3.ovh.infra.auro.re.
hosts:
services-1.ceph:
- 10.214.1.1
- "2a09:6840:214::1:1"
services-2.ceph:
- 10.214.1.2
- "2a09:6840:214::1:2"
services-3.ceph:
- 10.214.1.3
- "2a09:6840:209::1:3"
services-1.pve:
- 10.209.2.1
- 2a09:6840:209::2:1
services-2.pve:
- 10.209.2.2
- 2a09:6840:209::2:2
services-3.pve:
- 10.209.2.3
- 2a09:6840:209::2:3
ns-master.int:
- 10.128.0.110
- 2a09:6840:128:0::110
network-1.pve:
- 2a09:6840:209::1:1
- 10.209.1.1
network-2.pve:
- 2a09:6840:209::1:2
- 10.209.1.2
edge-1.back:
- 2a09:6840:203::1:1
- 10.203.1.1
edge-2.back:
- 2a09:6840:203::1:2
- 10.203.1.2
dns-1.int:
- 2a09:6840:206::1:1
- 10.206.1.1
dns-2.int:
- 2a09:6840:206::1:2
- 10.206.1.2
nis2.int:
- 2a09:6840:206::2:1
- 10.206.2.1
wg-1.vpn:
- 2a09:6840:213::1:3
- 10.213.1.3
wg-2.vpn:
- 2a09:6840:213::1:4
- 10.213.1.4
infra-1.back:
- 2a09:6840:203::1:3
- 10.203.1.3
infra-2.back:
- 2a09:6840:203::1:4
- 10.203.1.4
isp-1.back:
- 2a09:6840:203::1:5
- 10.203.1.5
isp-2.back:
- 2a09:6840:203::1:6
- 10.203.1.6
dhcp-1.isp:
- 2a09:6840:210::1:1
- 10.210.1.1
dhcp-2.isp:
- 2a09:6840:210::1:2
- 10.210.1.2
radius-1.isp:
- 2a09:6840:210::1:3
- 10.210.1.3
radius-2.isp:
- 2a09:6840:210::1:4
- 10.210.1.4
ldap-1.int:
- 10.128.10.8
- 2a09:6840:128::10:8
ldap-2.int:
- 10.128.10.108
- 2a09:6840:128::10:108
ntp-1.int:
- 2a09:6840:206::1:5
- 10.206.1.5
ntp-2.int:
- 2a09:6840:206::1:6
- 10.206.1.6
prometheus-1.monit:
- 2a09:6840:204::1:1
- 10.204.1.1
prometheus-2.monit:
- 2a09:6840:204::1:2
- 10.204.1.2
ff-1.core.sw:
#- 2a09:6840:207::1:1
- 10.207.1.1
ff-2.core.sw:
#- 2a09:6840:207::1:2
- 10.207.1.2
fl-1.core.sw:
#- 2a09:6840:207::1:3
- 10.207.1.3
fl-2.core.sw:
#- 2a09:6840:207::1:4
- 10.207.1.4
fd-1.core.sw:
#- 2a09:6840:207::1:5
- 10.207.1.5
ff-3.core.sw:
#- 2a09:6840:207::1:6
- 10.207.1.6
gk-1.core.sw:
#- 2a09:6840:207::2:1
- 10.207.2.1
eb-1.core.sw:
#- 2a09:6840:207::3:1
- 10.207.3.1
r3-1.core.sw:
#- 2a09:6840:207::4:1
- 10.207.4.1
eb-1.ups:
- 2a09:6840:201::3:1
- 10.201.3.1
ec-1.ups:
- 2a09:6840:201::3:2
- 10.201.3.2
mx.test:
- 2a09:6840:211::1:5
- 10.211.1.5
collabora.ext:
- 2a09:6840:211::1:1
- 10.211.1.1
proxy.pub:
- 2a09:6840:215::1:1
- 45.66.111.206
ns-1.pub:
- 2a09:6840:215::1:2
- 45.66.111.205
ns-2.pub:
- 2a09:6840:215::1:3
- 45.66.111.207
ns-3.ovh:
- 92.222.211.194
hosts: "{{ knotd__hosts['infra.auro.re'] }}"
108.66.45.in-addr.arpa:
dnssec_policy: ripe
@ -536,7 +532,6 @@ knotd__zones:
- ns-1.pub.infra.auro.re.
- ns-2.pub.infra.auro.re.
- ns-3.ovh.infra.auro.re.
109.66.45.in-addr.arpa:
dnssec_policy: ripe
notify:
@ -552,7 +547,6 @@ knotd__zones:
- ns-1.pub.infra.auro.re.
- ns-2.pub.infra.auro.re.
- ns-3.ovh.infra.auro.re.
110.66.45.in-addr.arpa:
dnssec_policy: ripe
notify:
@ -571,7 +565,6 @@ knotd__zones:
reverse_hosts: "{{ knotd__hosts['adh.auro.re']
| ip_filter(['45.66.110.0/24'])
| add_origin_keys('adh.auro.re.') }}"
111.66.45.in-addr.arpa:
dnssec_policy: ripe
notify:
@ -590,7 +583,6 @@ knotd__zones:
reverse_hosts: "{{ knotd__hosts['auro.re']
| ip_filter(['45.66.111.0/24'])
| add_origin_keys('auro.re.') }}"
0.4.8.6.9.0.a.2.ip6.arpa:
dnssec_policy: ripe
notify:

30
hosts
View file

@ -100,6 +100,15 @@ network-2.pve.infra.auro.re
[pve_services]
services-[1:3].pve.infra.auro.re
[ilo]
services-[1:3].bmc.infra.auro.re
network-[1:2].bmc.infra.auro.re
caradoc.bmc.infra.auro.re
loki.bmc.infra.auro.re
perceval.bmc.infra.auro.re
escalope.bmc.infra.auro.re
chapalux.bmc.infra.auro.re
###############################################################################
# Aurore : main services
@ -143,9 +152,6 @@ infra-2.router.auro.re ansible_host=10.129.0.246
[aurore_testing_vm]
[aurore_ilo]
escalope-ilo.adm.auro.re
###############################################################################
# OVH
@ -193,9 +199,6 @@ unifi-fleming.adm.auro.re
routeur-fleming.adm.auro.re
routeur-fleming-backup.adm.auro.re
[fleming_ilo]
marki-ilo.adm.auro.re
[fleming_unifi]
fa-0-1.borne.auro.re
fa-1-1.borne.auro.re
@ -312,10 +315,6 @@ unifi-pacaterie.adm.auro.re
routeur-pacaterie.adm.auro.re
routeur-pacaterie-backup.adm.auro.re
[pacaterie_ilo]
mordred-ilo.adm.auro.re
titan-ilo.adm.auro.re
[pacaterie_unifi]
pc-1-1.borne.auro.re
pn-0-1.borne.auro.re
@ -371,10 +370,6 @@ radius-edc-backup.adm.auro.re
ldap-replica-edc.adm.auro.re
prometheus-edc.adm.auro.re
[edc_ilo]
caradoc-ilo.adm.auro.re
chapalux-ilo.adm.auro.re
[edc_unifi]
ee-2-1.borne.auro.re
ee-2-2.borne.auro.re
@ -406,10 +401,6 @@ radius-gs-backup.adm.auro.re
prometheus-gs.adm.auro.re
ldap-replica-gs.adm.auro.re
[gs_ilo]
lancelot-ilo.adm.auro.re
odin-ilo.adm.auro.re
[gs_unifi]
ga-0-1.borne.auro.re
ga-1-1.borne.auro.re
@ -479,9 +470,6 @@ dns-rives.adm.auro.re
radius-rives.adm.auro.re
routeur-rives.adm.auro.re
[rives_ilo]
loki-ilo.adm.auro.re
[rives_unifi]
r1-1-1.borne.auro.re
r1-1-2.borne.auro.re

1
roles/knotd/library/dns_zone.py
View file

@ -1,4 +1,3 @@
#!/usr/bin/env python3
import dataclasses
import ipaddress
import itertools