rdns: add reverse dns automation for peering lan

hosts/group_vars/rdns/ansible.yml

@@ -0,0 +1 @@
+ansible_ssh_user: root

hosts/rdns.yml

@@ -0,0 +1,3 @@
+rdns:
+  hosts:
+    svc-ns01.dd-ix.net:

plays/deploy.yml

@@ -27,6 +27,15 @@
     - eos_build
     - eos
 
+- name: Build RDNS zone files
+  hosts: localhost
+  roles:
+    - rdns_build
+  tags:
+    - build
+    - rdns_build
+    - rdns
+
 
 - name: Push sflow config
   hosts: sflow
@@ -63,6 +72,17 @@
     - eos_push
     - eos
 
+- name: Push RDNS zone files
+  hosts: rdns
+  roles:
+    - rdns_push
+  vars:
+    ansible_user: ixp-deploy
+  tags:
+    - push
+    - rdns_push
+    - rdns
+
 
 - name: Reload bird
   hosts: bird
@@ -92,3 +112,13 @@
     - engage
     - eos_engage
     - eos
+
+- name: Reload named
+  hosts: rdns
+  roles:
+    - role: rdns_reload
+      when: engage_config|default(False)
+  tags:
+    - engage
+    - rdns_engage
+    - rdns

plays/test.yml

@@ -0,0 +1,9 @@
+#!/usr/bin/env ansible-playbook
+
+
+- name: reload bird
+  hosts: bird
+  serial: 1
+  any_errors_fatal: true
+  roles:
+    - role: bird_reload

roles/rdns_build/meta/main.yml

@@ -0,0 +1,3 @@
+dependencies:
+  - role: com_prepare
+  - role: com_peers

roles/rdns_build/tasks/main.yml

@@ -0,0 +1,24 @@
+- name: Build IPv6 RDNS zone file
+  ansible.builtin.template:
+    src: 9.7.0.0.8.f.7.0.1.0.0.2.ip6.arpa.db.j2
+    dest: "{{ arouteserver_workdir }}/dist/9.7.0.0.8.f.7.0.1.0.0.2.ip6.arpa.db"
+  register: zone_fwd
+
+- name: Update IPv6 RDNS soa file
+  ansible.builtin.template:
+    src: zone.soa.j2
+    dest: "{{ arouteserver_workdir }}/dist/9.7.0.0.8.f.7.0.1.0.0.2.ip6.arpa.soa"
+  when: zone_fwd.changed
+
+
+- name: Build IPv4 RDNS zone file
+  ansible.builtin.template:
+    src: 64.151.201.193.in-addr.arpa.db.j2
+    dest: "{{ arouteserver_workdir }}/dist/64.151.201.193.in-addr.arpa.db"
+  register: zone_fwd
+
+- name: Update IPv4 RDNS soa file
+  ansible.builtin.template:
+    src: zone.soa.j2
+    dest: "{{ arouteserver_workdir }}/dist/64.151.201.193.in-addr.arpa.soa"
+  when: zone_fwd.changed

roles/rdns_build/templates/64.151.201.193.in-addr.arpa.db.j2

@@ -0,0 +1,9 @@
+{{ ansible_managed | comment(decoration="; ") }}
+
+$TTL	3600
+
+$INCLUDE /var/lib/bind/64.151.201.193.in-addr.arpa.soa
+
+{% for peer in ixp_manager_peers %}
+{{ "%-32s"|format(peer.ipv4address|ansible.utils.ipaddr('revdns')) }} PTR  {{ peer.slug|lower }}.peer.dd-ix.net.
+{% endfor %}

roles/rdns_build/templates/9.7.0.0.8.f.7.0.1.0.0.2.ip6.arpa.db.j2

@@ -0,0 +1,9 @@
+{{ ansible_managed | comment(decoration="; ") }}
+
+$TTL	3600
+
+$INCLUDE /var/lib/bind/9.7.0.0.8.f.7.0.1.0.0.2.ip6.arpa.soa
+
+{% for peer in ixp_manager_peers %}
+{{ "%-32s"|format(peer.ipv6address|ansible.utils.ipaddr('revdns')) }} PTR  {{ peer.slug|lower }}.peer.dd-ix.net.
+{% endfor %}

roles/rdns_build/templates/zone.soa.j2

@@ -0,0 +1,13 @@
+{{ ansible_managed | comment(decoration="; ") }}
+
+@	    SOA ns.dd-ix.net. noc.dd-ix.net. (
+			{{ "%-10s"|format(ansible_date_time.epoch) }}     ; serial
+			3600		; Refresh - 1 hour
+			7200		; Retry - 2 hours
+			2592000		; Expire - 1 week
+			1800 )		; Minimum - 1/2 hour
+		NS	ans-01.ibh.de.
+		NS	ans-02.ibh.net.
+		NS	ans-03.ibh.de.
+		NS	ans-04.ibh.services.
+		NS	ans-05.ibh.net.

roles/rdns_push/tasks/main.yml

@@ -0,0 +1,7 @@
+- name: Upload zone files
+  ansible.builtin.copy:
+    src: "{{ hostvars.localhost.arouteserver_workdir }}/dist/{{ item }}"
+    dest: "/var/lib/bind/{{ item }}"
+  loop:
+    - 64.151.201.193.in-addr.arpa.db
+    - 64.151.201.193.in-addr.arpa.soa

roles/rdns_reload/meta/main.yml

@@ -0,0 +1,2 @@
+dependencies:
+  - role: com_secrets

roles/rdns_reload/tasks/main.yml

@@ -0,0 +1,4 @@
+- name: Reload named
+  ansible.builtin.service:
+    name: bind
+    state: reloaded