gheesh / ansible-ovh-dns Goto Github PK

View Code? Open in Web Editor NEW

45.0 7.0 20.0 58 KB

Ansible module for accessing the OVH DNS API

License: GNU General Public License v3.0

Python 100.00%

ansible-ovh-dns's Introduction

ansible-ovh-dns

Ansible module for automating DNS entry creation/deletion using the OVH API and reverse management.

Two modules are provided : ovh_dns (record management) and ovh_reverse (reverse management).

Installation

Install python-ovh using PIP:

pip install ovh
Add the module to Ansible's module directory or simply add the -M /route/to/ovh_dns flag when invoking Ansible.

Configuration

You'll need a valid OVH application key to use this module. If you don't have one, you can follow these steps:

Visit https://eu.api.ovh.com/createApp/ and fill all fields.
You'll obtain an Application Key and an Application Secret.

Launch python or ipython in a terminal (/domain/ endpoints are for ovh_dns module, /ip/ for ovh_reverse):

client = ovh.Client('ovh-eu', 'YOUR_APPLICATION_KEY', 'YOUR_APPLICATION_SECRET')
access_rules = [
  {'method': 'GET', 'path': '/domain/*'},
  {'method': 'POST', 'path': '/domain/*'},
  {'method': 'PUT', 'path': '/domain/*'},
  {'method': 'DELETE', 'path': '/domain/*'},
  {'method': 'GET', 'path': '/ip/*'},
  {'method': 'POST', 'path': '/ip/*'},
  {'method': 'DELETE', 'path': '/ip/*'}
]
client.request_consumerkey(access_rules)

The reply to the last command is:

{
    u'consumerKey': u'GENERATED_CONSUMER_KEY',
    u'state': u'pendingValidation',
    u'validationUrl': u'https://eu.api.ovh.com/auth/?credentialToken=XXXXXXXX'
}

After visiting the validationUrl, the GENERATED_CONSUMER_KEY will be valid.

Setup your shell so it exports the following values:

OVH_ENDPOINT=ovh-eu
OVH_APPLICATION_KEY=YOUR_APPLICATION_KEY
OVH_APPLICATION_SECRET=YOUR_APPLICATION_SECRET
OVH_CONSUMER_KEY=GENERATED_CONSUMER_KEY

Environment variables can also be passed through Ansible task/playbook:

- name: OVH DNS playbook
  hosts: localhost
  environment:
    OVH_ENDPOINT: ovh-eu
    OVH_APPLICATION_KEY: YOUR_APPLICATION_KEY
    OVH_APPLICATION_SECRET: YOUR_APPLICATION_SECRET
    OVH_CONSUMER_KEY: GENERATED_CONSUMER_KEY

Usage

Create a typical A record:

- ovh_dns: state=present domain=mydomain.com name=db1 type=A value=10.10.10.10

Replace a typical A record if as multi record found with different target/value:

- ovh_dns: state=present domain=mydomain.com name=db1 type=A value=10.20.20.20 replace=10.10.10.10

Replace a typical A record if as multi record found with different target/value and create if not found:

- ovh_dns: state=present domain=mydomain.com name=db1 type=A value=10.20.20.20 replace=10.10.10.[0-9]* create=true

Create a CNAME record:

- ovh_dns: state=present domain=mydomain.com name=dbprod type=cname value=db1

Append a CNAME record:

- ovh_dns: state=append domain=mydomain.com name=dbprod type=cname value=db2

Delete an existing record, specific record:

- ovh_dns: state=absent domain=mydomain.com name=dbprod type=cname value=db1

Delete an existing record, all record same type:

- ovh_dns: state=absent domain=mydomain.com name=dbprod type=cname

Delete an existing record, all record same name:

- ovh_dns: state=absent domain=mydomain.com name=dbprod

Delete all TXT records matching '^_acme-challenge.*$' regex

- ovh_dns: state=absent domain=mydomain.com name='' type=TXT removes='^_acme-challenge.*'

Create a reverse

- ovh_reverse: ip=10.10.10.10 state=present reverse=myhost.mydomain.tld.

Check a reverse exists, else triggers a failure

- ovh_reverse: ip=10.10.10.10 state=present

Delete a reverse

- ovh_reverse: ip=10.10.10.10 state=absent

Module supports --diff switch; it displays a YAML diff between removed and added records:

  - ovh_dns: state=present domain=mydomain.com name=db1 type=A value=10.20.20.20 replace=10.10.10.10

 - domain: kobalt.fr
   fieldType: A
   subDomain: db1
-  target: 10.10.10.10
+  target: 10.20.20.20
   ttl: 3600

Parameters

ovh_dns

Parameter	Required	Default	Choices	Comments
domain	yes			Name of the domain zone
name	yes			Name of the DNS record
value	no			Value of the DNS record (i.e. what it points to)
ttl	no	3600	integer value	DNS record TTL value in seconds (defaults to 3600)
type	no		See comments	Type of DNS record (A, AAAA, CAA, CNAME, DKIM, LOC, MX, NAPTR, NS, PTR, SPF, SRV, SSHFP, TLSA, TXT)
state	no	present	present,absent,append	Determines wether the record is to be created/modified or deleted
removes	no		regex pattern	specifies a regex pattern to match for bulk deletion
replace	no			Old value of the DNS record (i.e. what it points to now)
create	no		true,false	Used with replace for forced creation

ovh_reverse

Parameter	Required	Default	Choices	Comments
ip	yes			IP (NNN.NNN.NNN.NNN) we want to check the associated reverse
state	no	present	present, absent	present with empty reverse to only check a reverse record exists, present with a reverse to check existence and value, absent to check no reverse exists
reverse	no			Expected reverse. Not used if state=absent. If state=present and reverse empty or not set, module only checks reverse existence (whatever value is set). OVH API checks that provided reverse resolves to the appropriate IP.

ansible-ovh-dns's People

Contributors

Stargazers

Watchers

ansible-ovh-dns's Issues

Pull request to ansible-modules-extra

Hey! Haven't you thought about creating a pull request with your module to ansible-modues-extra?

Reverse IPv6 record is supported?

Hello. I quick see the code and find that ip_reverse only supports IPv4?
Is there planned support for IPv6 reverse records?

python-ovh

Thanks for the module is what I search. But it will not work. There is no ovh module installed but it is.

(.py_ansible) 18:31:07[siefke]{ansible} $  ansible-playbook playbooks/service/ovh_dns.yml -vv
ansible-playbook [core 2.12.6]
  config file = /home/siefke/Öffentlich/projects/coding/ansible/ansible.cfg
  configured module search path = ['/home/siefke/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /home/siefke/.py_ansible/lib/python3.10/site-packages/ansible
  ansible collection location = /home/siefke/.ansible/collections:/usr/share/ansible/collections
  executable location = /home/siefke/.py_ansible/bin/ansible-playbook
  python version = 3.10.4 (main, May 14 2022, 05:21:19) [GCC 12.1.0]
  jinja version = 3.1.2
  libyaml = True
Using /home/siefke/Öffentlich/projects/coding/ansible/ansible.cfg as config file
redirecting (type: callback) ansible.builtin.yaml to community.general.yaml
redirecting (type: callback) ansible.builtin.yaml to community.general.yaml
Skipping callback 'default', as we already have a stdout callback.
Skipping callback 'minimal', as we already have a stdout callback.
Skipping callback 'oneline', as we already have a stdout callback.

PLAYBOOK: ovh_dns.yml ************************************************************************************************************************************************************************************************************************
1 plays in playbooks/service/ovh_dns.yml

PLAY [localhost] *****************************************************************************************************************************************************************************************************************************
META: ran handlers

TASK [Create a A record for subdomain] *******************************************************************************************************************************************************************************************************
task path: /home/siefke/Öffentlich/projects/coding/ansible/playbooks/service/ovh_dns.yml:7
fatal: [localhost]: FAILED! => changed=false 
  msg: ovh python module is required to run this module.
	to retry, use: --limit @/home/siefke/.ansible/retry-files/ovh_dns.retry

PLAY RECAP ***********************************************************************************************************************************************************************************************************************************
localhost                  : ok=0    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0

(.py_ansible) 18:31:17[siefke]{ansible} $  pip show ovh
Name: ovh
Version: 1.0.0
Summary: "Official module to perform HTTP requests to the OVHcloud APIs"
Home-page: https://api.ovh.com
Author: OVHcloud team - Romain Beuque
Author-email: [email protected]
License: BSD
Location: /home/siefke/.py_ansible/lib/python3.10/site-packages
Requires: requests
Required-by:

Need the module a specific version of Ansible / python-ovh?

Issue with multi MX records

Hi,

I try to add multiple google MX entries for a domain, and when I check the result, there is only one MX record in the OVH panel.

Sorry, I have not debugged the code, but do you have any idea?

Thank you

  - name: Add MX 10 alt3.aspmx.l.google.com.
    ovh_dns:
      state: present
      domain: DOMAIN
      name:
      type: MX
      value: "10 alt3.aspmx.l.google.com."

  - name: Add MX 10 alt4.aspmx.l.google.com.
    ovh_dns:
      state: present
      domain: DOMAIN
      name:
      type: MX
      value: "10 alt4.aspmx.l.google.com."

  - name: Add MX 1 aspmx.l.google.com.
    ovh_dns:
      state: present
      domain: DOMAIN
      name:
      type: MX
      value: "1 aspmx.l.google.com."

  - name: Add 5 alt2.aspmx.l.google.com.
    ovh_dns:
      state: present
      domain: DOMAIN
      name:
      type: MX
      value: "5 alt2.aspmx.l.google.com."

  - name: Add 5 alt1.aspmx.l.google.com.
    ovh_dns:
      state: present
      domain: DOMAIN
      name:
      type: MX
      value: "5 alt1.aspmx.l.google.com."

Some insight about PR #11 : diff feature also added

First, thanks for the merge ! (and for this module).

I just want to draw attention on the fact I mistakenly push on the proposed branch another feature that was not described in PR summary. The merged code includes a diff support for the role. Diff is done by dumping before and after dict values as YAML.

I'm fairly confident it is working as I use it to help me to reconciliate an unsynchronized inventory and live state (missing entries, updated live entries, ...). It was not intended to be part of this PR, and I originally think to create a separate PR, but I push it on the wrong branch :-/

If you don't agree with this feature, or think it is not done the right way, feel free to revert 58dd4f1. I'd be glad it fits your needs.

Sorry for the inconvenience.

Setting domain, value and type and leaving name empty flushes all A records and add one

ovh_dns: state=append domain="{{ domain }}" name="{{ tenantName }}" value="{{ appHost }}" type=A

When tenantName is set to "" value module clears all A DNS records.
I think it should clear abc.com A record, not all A records in a zone.

SRV record's failed

Hi,

First, thank you for sharing this.

I am using your module which works well so far for records type A, AAAA.

Now I am facing a different need which is using SRV type and I am getting errors:

item:
  domain: xxxxx.fr
  name: _node-exporter._tcp
  state: present
  type: SRV
  value: 0 8100 server.bonnel.xxxxx.fr
module_stderr: |-
  Traceback (most recent call last):
    File "<stdin>", line 102, in <module>
    File "<stdin>", line 94, in _ansiballz_main
    File "<stdin>", line 40, in invoke_module
    File "/usr/lib/python3.6/runpy.py", line 205, in run_module
      return _run_module_code(code, init_globals, run_name, mod_spec)
    File "/usr/lib/python3.6/runpy.py", line 96, in _run_module_code
      mod_name, mod_spec, pkg_name, script_name)
    File "/usr/lib/python3.6/runpy.py", line 85, in _run_code
      exec(code, run_globals)
    File "/tmp/ansible_ovh_dns_payload_xvfetxji/ansible_ovh_dns_payload.zip/ansible/modules/ovh_dns.py", line 314, in <module>
    File "/tmp/ansible_ovh_dns_payload_xvfetxji/ansible_ovh_dns_payload.zip/ansible/modules/ovh_dns.py", line 297, in main
    File "/usr/local/lib/python3.6/dist-packages/ovh/client.py", line 377, in post
      return self.call('POST', _target, kwargs, _need_auth)
    File "/usr/local/lib/python3.6/dist-packages/ovh/client.py", line 446, in call
      response=result)
  ovh.exceptions.BadParametersError: Destination invalide
  OVH-Query-ID: EU.ext-2.5f904c1a.14365.60c9f130-f42e-432c-bb08-c9cc2c91b895

Have you ever encountered this kind of problem?