From 65e6abb07c5af84f4ab23c76321dc202d3ce5947 Mon Sep 17 00:00:00 2001
From: Tom Hughes <tom@compton.nu>
Date: Thu, 13 Jun 2019 16:59:25 +0100
Subject: [PATCH] Add support for distributing gdnsd configuration via rsync

---
 cookbooks/dns/recipes/default.rb              |  8 ++++++--
 cookbooks/dns/templates/default/dns-check.erb | 13 +++++++------
 .../dns/templates/default/dns-update.erb      | 13 +++++++------
 cookbooks/geodns/recipes/default.rb           |  6 ++++++
 roles/geodns.rb                               | 19 +++++++++++++++++++
 5 files changed, 45 insertions(+), 14 deletions(-)

diff --git a/cookbooks/dns/recipes/default.rb b/cookbooks/dns/recipes/default.rb
index a78d1d5fc..ddc0eb028 100644
--- a/cookbooks/dns/recipes/default.rb
+++ b/cookbooks/dns/recipes/default.rb
@@ -20,10 +20,14 @@
 include_recipe "git"
 include_recipe "apache"
 
+geoservers = search(:node, "roles:geodns").collect(&:name).sort
+
 passwords = data_bag_item("dns", "passwords")
 
 package %w[
   make
+  parallel
+  rsync
   perl
   libxml-treebuilder-perl
   libxml-writer-perl
@@ -88,7 +92,7 @@ template "/usr/local/bin/dns-update" do
   owner "root"
   group "git"
   mode 0o750
-  variables :passwords => passwords
+  variables :passwords => passwords, :geoservers => geoservers
 end
 
 execute "dns-update" do
@@ -117,7 +121,7 @@ template "/usr/local/bin/dns-check" do
   owner "root"
   group "git"
   mode 0o750
-  variables :passwords => passwords
+  variables :passwords => passwords, :geoservers => geoservers
 end
 
 template "/etc/cron.d/dns" do
diff --git a/cookbooks/dns/templates/default/dns-check.erb b/cookbooks/dns/templates/default/dns-check.erb
index eabf1229b..ca38dddc8 100755
--- a/cookbooks/dns/templates/default/dns-check.erb
+++ b/cookbooks/dns/templates/default/dns-check.erb
@@ -1,9 +1,10 @@
 #!/bin/sh
 
-export RSYNC_PASSWORD=<%= @passwords["rsync"] %>
-export PINGDOM_USERNAME=pingdom@openstreetmap.org
-export PINGDOM_PASSWORD=<%= @passwords["pingdom"] %>
-export STATUSCAKE_USERNAME=OpenStreetMap
-export STATUSCAKE_APIKEY=<%= @passwords["statuscake"] %>
+export RSYNC_PASSWORD="<%= @passwords["rsync"] %>"
+export GEODNS_SERVERS="<%= @geoservers.join(" ") %>"
+export PINGDOM_USERNAME="pingdom@openstreetmap.org"
+export PINGDOM_PASSWORD="<%= @passwords["pingdom"] %>"
+export STATUSCAKE_USERNAME="OpenStreetMap"
+export STATUSCAKE_APIKEY="<%= @passwords["statuscake"] %>"
 
-make --quiet --directory=/var/lib/dns --assume-new=lib/countries.xml update > /dev/null
+make --quiet --jobs --directory=/var/lib/dns --assume-new=lib/countries.xml update > /dev/null
diff --git a/cookbooks/dns/templates/default/dns-update.erb b/cookbooks/dns/templates/default/dns-update.erb
index 93d2e1ee3..401c5c74f 100755
--- a/cookbooks/dns/templates/default/dns-update.erb
+++ b/cookbooks/dns/templates/default/dns-update.erb
@@ -4,11 +4,12 @@
 
 umask 0002
 
-export RSYNC_PASSWORD=<%= @passwords["rsync"] %>
-export PINGDOM_USERNAME=pingdom@openstreetmap.org
-export PINGDOM_PASSWORD=<%= @passwords["pingdom"] %>
-export STATUSCAKE_USERNAME=OpenStreetMap
-export STATUSCAKE_APIKEY=<%= @passwords["statuscake"] %>
+export RSYNC_PASSWORD="<%= @passwords["rsync"] %>"
+export GEODNS_SERVERS="<%= @geoservers.join(" ") %>"
+export PINGDOM_USERNAME="pingdom@openstreetmap.org"
+export PINGDOM_PASSWORD="<%= @passwords["pingdom"] %>"
+export STATUSCAKE_USERNAME="OpenStreetMap"
+export STATUSCAKE_APIKEY="<%= @passwords["statuscake"] %>"
 
 cd /var/lib/dns
 
@@ -19,4 +20,4 @@ fi
 
 git pull -q
 
-make update
+make --jobs update
diff --git a/cookbooks/geodns/recipes/default.rb b/cookbooks/geodns/recipes/default.rb
index 0e20e2a26..9f7c100c5 100644
--- a/cookbooks/geodns/recipes/default.rb
+++ b/cookbooks/geodns/recipes/default.rb
@@ -29,6 +29,12 @@ execute "geoipdate" do
   not_if { ::File.exist?("/var/lib/GeoIP/GeoLite2-Country.mmdb") }
 end
 
+directory "/etc/gdnsd/config.d" do
+  owner "nobody"
+  group "nogroup"
+  mode 0o755
+end
+
 template "/etc/gdnsd/config" do
   source "config.erb"
   owner "root"
diff --git a/roles/geodns.rb b/roles/geodns.rb
index 0d1510710..a31437a69 100644
--- a/roles/geodns.rb
+++ b/roles/geodns.rb
@@ -1,6 +1,25 @@
 name "geodns"
 description "Role applied to all geographic DNS servers"
 
+default_attributes(
+  :rsyncd => {
+    :modules => {
+      :geodns => {
+        :comment => "GeoDNS",
+        :path => "/etc/gdnsd/config.d",
+        :read_only => false,
+        :write_only => true,
+        :list => false,
+        :transfer_logging => false,
+        :hosts_allow => [
+          "193.60.236.20" # sarel
+        ]
+      }
+    }
+  }
+)
+
 run_list(
+  "recipe[rsyncd]",
   "recipe[geodns]"
 )
-- 
2.43.2