Overview
I’m running a dynamic Nameservice for my datacenter authorative for example.com. Now i want to add address records and reverse pointer records to dns to be able to resolv names.
Solution
To achieve this i added variables to my inventory:
cat /etc/ansible/hosts [glusterleft] gluster11 fqdn=gluster11.example.com. ipaddress=172.16.20.103 reverse=103.20.16.172.in-addr.arpa. gluster12 fqdn=gluster12.example.com. ipaddress=172.16.20.104 reverse=104.20.16.172.in-addr.arpa. [glusterright] gluster21 fqdn=gluster21.example.com. ipaddress=172.16.20.203 reverse=203.20.16.172.in-addr.arpa. gluster22 fqdn=gluster22.example.com. ipaddress=172.16.20.204 reverse=204.20.16.172.in-addr.arpa. [rhevleft] rhev11 fqdn=rhev11.example.com. ipaddress=172.16.20.101 reverse=101.20.16.172.in-addr.arpa. rhev12 fqdn=rhev12.example.com. ipaddress=172.16.20.102 reverse=102.20.16.172.in-addr.arpa. [rhevright] rhev21 fqdn=rhev21.example.com. ipaddress=172.16.20.201 reverse=201.20.16.172.in-addr.arpa. rhev22 fqdn=rhev22.example.com. ipaddress=172.16.20.202 reverse=202.20.16.172.in-addr.arpa.
Note: It would definitely be possible to get the reverse name created out of the ip automatically. – I leave this as an shell exercise for you.
And wrote the following playbook:
[root@jump ansible]# cat named_addhosts.yml
---
- hosts: servers
gather_facts: False
serial: 1
tasks:
- name: check dns
local_action: shell host {{ fqdn }}
register: dnsout
ignore_errors: yes
- name: add dnsentry
local_action: script /etc/ansible/named_update.sh {{ fqdn }} {{ ipaddress }} {{ reverse }}
when: dnsout.stdout.find('{{ ipaddress }}') == -1
run_once: true
which is supported by a small helper shell script: [root@jump ansible]# cat /etc/ansible/named_update.sh #! /usr/bin/bash # small script which updates dns van nsupdate # needs 3 parameters # hostname - full qualified (with a . at the end) # ipaddress # reverse - reverse ipaddress full qualified (with in-addr.arpa. ) if [ $# -ne 3 ] then echo "usage: $0 hostname ipaddress reverse" >&2 echo " with:" >&2 echo " hostname - full qualified (with a . at the end)" >&2 echo " ipaddress" >&2 echo " reverse - reverse ipaddress full qualified (with in-addr.arpa. ) " >&2 exit 1 fi echo $1 echo $2 echo $3 nsupdate -k /etc/rndc.key << EOF update add $1 3600 A $2 send update add $3 3600 PTR $1 send EOF
It is also necessary to grant access to modify the DNS server:. This access is granted through /etc/rndc.key which i put in place before.
Conclusion
I’m now easily able to add Ansible managed hosts into a dns service.
Markus Schreier 
Hi mdschreier
I really thank you for this playbook but I don’t understand where you specify the DNS ip server. Does it take the one configured on the ansible host itself (/etc/resolv.conf)? If yes how can Ito change the script so that I can specify a different server?
LikeLike
Hi Markus
thanks for this nice playbook. Anyway I have a question: Does it automatically add records against the dns server configured on the ansible server itself (/etc/resolv.conf)? If yes, how could I change your playbook in order to specify another DNS server?
Thanks
Marco
LikeLike
Hi Marco,
my playbook uses nsupdate, which needs to be tweaked:
If you would want to alter a local dns-server you could add “-l” to nsupdate.
If you would want to alter a different name server then you could add a “server ” directive to the nssupdate script. The named_update.sh would look like this:
nsupdate -k /etc/rndc.key << EOF
server 1.2.3.4
update add $1 3600 A $2
send
update add $3 3600 PTR $1
send
EOF
Side note:
Maybe today i would use a module to achieve the same:
https://docs.ansible.com/ansible/latest/collections/community/general/nsupdate_module.html
I hope this helps
Markus
LikeLike
Hi Markus
before all thanks for your kind reply, adding “server” as you suggested worked perfectly!
Anyway I have a strange problem in my lab:
– I have the following ansible inventory:
/etc/ansible/hosts
[prod-k8s-master]
Kubemst01 ansible_ssh_host=192.168.40.31 fqdn=Kubemst01.virtlab.local. ipaddress=192.168.40.31 reverse=31.40.168.192.in-addr.arpa.
Kubemst02 ansible_ssh_host=192.168.40.32 fqdn=Kubemst02.virtlab.local. ipaddress=192.168.40.32 reverse=32.40.168.192.in-addr.arpa.
Kubemst03 ansible_ssh_host=192.168.40.33 fqdn=Kubemst03.virtlab.local. ipaddress=192.168.40.33 reverse=33.40.168.192.in-addr.arpa.
[prod-k8s-workers]
Kubewkn01 ansible_ssh_host=192.168.40.34 fqdn=Kubewkn01.virtlab.local. ipaddress=192.168.40.34 reverse=34.40.168.192.in-addr.arpa.
Kubewkn02 ansible_ssh_host=192.168.40.35 fqdn=Kubewkn02.virtlab.local. ipaddress=192.168.40.35 reverse=35.40.168.192.in-addr.arpa.
Kubewkn03 ansible_ssh_host=192.168.40.36 fqdn=Kubewkn03.virtlab.local. ipaddress=192.168.40.36 reverse=36.40.168.192.in-addr.arpa.
[kubernetesnodes:children]
prod-k8s-master
prod-k8s-workers
– I changed the “hosts” in the dns_addhosts.yml”
[root@nlnxmi1 dnsregistration]# cat dns_addhosts.yml
—
– hosts: kubernetesnodes
gather_facts: False
serial: 1
tasks:
– name: check dns
local_action: shell host {{ fqdn }}
register: dnsout
ignore_errors: yes
– name: add dnsentry
local_action: script /ansible/dnsregistration/named_update.sh {{ fqdn }} {{ ipaddress }} {{ reverse }}
when: dnsout.stdout.find(‘{{ ipaddress }}’) == -1
run_once: true
– I added the “server” parameter in “named_update.sh”
[root@nlnxmi1 dnsregistration]# cat named_update.sh
#! /usr/bin/bash
# small script which updates dns van nsupdate
# needs 3 parameters
# hostname – full qualified (with a . at the end)
# ipaddress
# reverse – reverse ipaddress full qualified (with in-addr.arpa. )
if [ $# -ne 3 ]
then
echo “usage: $0 hostname ipaddress reverse” >&2
echo ” with:” >&2
echo ” hostname – full qualified (with a . at the end)” >&2
echo ” ipaddress” >&2
echo ” reverse – reverse ipaddress full qualified (with in-addr.arpa. ) ” >&2
exit 1
fi
echo $1
echo $2
echo $3
#nsupdate -k /etc/rndc.key << EOF
nsupdate < {“changed”: true, “cmd”: “host Kubemst01.virtlab.local.”, “delta”: “0:00:00.025950”, “end”: “2020-11-11 17:06:03.029799”, “msg”: “non-zero return code”, “rc”: 1, “start”: “2020-11-11 17:06:03.003849”, “stderr”: “”, “stderr_lines”: [], “stdout”: “Host Kubemst01.virtlab.local. not found: 3(NXDOMAIN)”, “stdout_lines”: [“Host Kubemst01.virtlab.local. not found: 3(NXDOMAIN)”]}
…ignoring
TASK [add dnsentry] ************************************************************************************************************************************************
[WARNING]: conditional statements should not include jinja2 templating delimiters such as {{ }} or {% %}. Found: dnsout.stdout.find(‘{{ ipaddress }}’) == -1
fatal: [Kubemst01]: FAILED! => {“changed”: true, “msg”: “non-zero return code”, “rc”: 1, “stderr”: “response to SOA query was unsuccessful\n”, “stderr_lines”: [“response to SOA query was unsuccessful”], “stdout”: “Kubemst01.virtlab.local.\n192.168.40.31\n31.40.168.192.in-addr.arpa.\n”, “stdout_lines”: [“Kubemst01.virtlab.local.”, “192.168.40.31”, “31.40.168.192.in-addr.arpa.”]}
NO MORE HOSTS LEFT *************************************************************************************************************************************************
PLAY RECAP *********************************************************************************************************************************************************
Kubemst01 : ok=1 changed=1 unreachable=0 failed=1 skipped=0 rescued=0 ignored=1
Problem:
Only the first host is added in my dns server (a windows 2016 with DNS option “secure and not secure” enabled).
In order to add the other ones, I must re-run the the playbox six times. Where am I wrong?
LikeLike
Hi Marco,
most likely the mistake is at my side: Please remove the “run_once: true”. I’m quite confident this will do the trick.
Markus
LikeLike
Hi Markus
I removed the “run_once:true” but always the same problem:
[root@nlnxmi1 dnsregistration]# ansible-playbook dns_addhosts.yml
[WARNING]: Invalid characters were found in group names but not replaced, use -vvvv to see details
PLAY [kubernetesnodes] *********************************************************************************************************************************************
TASK [check dns] ***************************************************************************************************************************************************
fatal: [Kubemst01]: FAILED! => {“changed”: true, “cmd”: “host Kubemst01.virtlab.local.”, “delta”: “0:00:12.029931”, “end”: “2020-11-12 15:21:52.992248”, “msg”: “non-zero return code”, “rc”: 1, “start”: “2020-11-12 15:21:40.962317”, “stderr”: “”, “stderr_lines”: [], “stdout”: “;; connection timed out; no servers could be reached”, “stdout_lines”: [“;; connection timed out; no servers could be reached”]}
…ignoring
TASK [add dnsentry] ************************************************************************************************************************************************
[WARNING]: conditional statements should not include jinja2 templating delimiters such as {{ }} or {% %}. Found: dnsout.stdout.find(‘{{ ipaddress }}’) == -1
fatal: [Kubemst01]: FAILED! => {“changed”: true, “msg”: “non-zero return code”, “rc”: 1, “stderr”: “response to SOA query was unsuccessful\n”, “stderr_lines”: [“response to SOA query was unsuccessful”], “stdout”: “Kubemst01.virtlab.local.\n192.168.40.31\n31.40.168.192.in-addr.arpa.\n”, “stdout_lines”: [“Kubemst01.virtlab.local.”, “192.168.40.31”, “31.40.168.192.in-addr.arpa.”]}
PLAY RECAP *********************************************************************************************************************************************************
Kubemst01 : ok=1 changed=1 unreachable=0 failed=1 skipped=0 rescued=0 ignored=1
LikeLike
Hi Marco,
both tasks execute shell commands, which seem to fail somehow. For troubleshooting purposes i’d suggest to run these commands from command line. You could then add debugging options easily and get a better understanding of what is going on. The reasons why this is failing could be many……
So first command to try out should be:
host Kubemst01.virtlab.local.
This should not have a connection timed out – issue. Such issues might be caused by firewalling or a somehow unreachable or unavailable DNS server. Review your /etc/resolv.conf for this.
Best Regards
Markus
LikeLike
Hi Markus
yes I agree that is something strange in my lab. ‘ll check
Thanks a lot for your kind support, this is the only place where I found a playbook related to add dns entries 🙂
bye
Marco
LikeLike