Mercurial > code > home > repos > infra
annotate dns_check.py @ 53:8945bf71da22
make bang look to itself, not just to ISP, for projects.bigasterisk.com
| author | drewp@bigasterisk.com |
|---|---|
| date | Wed, 06 Apr 2022 19:08:57 -0700 |
| parents | ee00f4b5801a |
| children | fa7a71b8a97f |
| rev | line source |
|---|---|
| 45 | 1 # run key dns lookups everywhere |
| 2 import subprocess | |
| 3 import tempfile | |
| 4 | |
| 5 import requests | |
| 6 from pyinfra import host | |
| 7 from pyinfra.operations import apt, files, server, systemd | |
| 8 | |
| 9 def check(name, addr): | |
| 10 server.shell(commands=[ | |
| 11 # note: one big string | |
| 12 f"out=`dnsget -q {name}`; " | |
| 13 f'[ -n "$out" ] || exit 1; ' | |
| 14 f"if [ $out != {addr} ]; then echo got $out >&2 ; exit 1; fi" | |
| 15 ]) | |
| 16 | |
| 17 ''' | |
| 18 idea: read a file that looks like this: | |
| 19 | |
| 20 on host: bang dash slash prime | |
| 21 lookup: | |
| 22 bang 127.0.1.1 10.1.0.1 10.1.0.1 10.5.0.1 | |
| 23 bang5 10.5.0.1 10.5.0.1 10.5.0.1 10.5.0.1 | |
| 24 dash 10.1.0.5 127.0.1.1 10.1.0.5 10.5.0.5 | |
| 25 etc | |
| 26 | |
| 27 (or another idea: wireguard everywhere all the time) | |
| 28 ''' | |
| 29 | |
| 30 # outside k8s | |
| 31 if host.name in ['dash', 'bang', 'slash']: | |
| 32 check('dash', '10.1.0.5') | |
| 33 elif host.name in ['prime']: | |
| 34 check('dash', '10.5.0.5') | |
|
53
8945bf71da22
make bang look to itself, not just to ISP, for projects.bigasterisk.com
drewp@bigasterisk.com
parents:
45
diff
changeset
|
35 check('projects.bigasterisk.com', '10.2.0.1') # expected the public addr, but fine |
| 45 | 36 else: |
| 37 check('dash', '10.1.0.5') | |
|
53
8945bf71da22
make bang look to itself, not just to ISP, for projects.bigasterisk.com
drewp@bigasterisk.com
parents:
45
diff
changeset
|
38 check('projects.bigasterisk.com', '10.2.0.1') |
| 45 | 39 |
| 40 if host.name in ['bang']: | |
| 41 check('bang', '10.2.0.1') | |
| 42 elif host.name in ['prime']: | |
| 43 check('bang', '10.5.0.1') | |
| 44 else: | |
| 45 check('bang', '10.2.0.1') | |
| 46 | |
| 47 check('bang5', '10.5.0.1') | |
| 48 check('prime', '10.5.0.2') | |
| 49 check('slash', '10.1.0.6') | |
| 50 | |
| 51 # inside k8s |