Mercurial > code > home > repos > infra
annotate dns_check.py @ 59:fa7a71b8a97f
more dns checks, including from inside containers in k8s`
| author | drewp@bigasterisk.com |
|---|---|
| date | Sun, 01 May 2022 23:30:09 -0700 |
| parents | 8945bf71da22 |
| children | 5ad4b4c712d9 |
| rev | line source |
|---|---|
| 45 | 1 # run key dns lookups everywhere |
| 2 import tempfile | |
| 3 | |
| 4 import requests | |
| 5 from pyinfra import host | |
| 6 from pyinfra.operations import apt, files, server, systemd | |
| 7 | |
|
59
fa7a71b8a97f
more dns checks, including from inside containers in k8s`
drewp@bigasterisk.com
parents:
53
diff
changeset
|
8 |
| 45 | 9 def check(name, addr): |
| 10 server.shell(commands=[ | |
| 11 # note: one big string | |
| 12 f"out=`dnsget -q {name}`; " | |
| 13 f'[ -n "$out" ] || exit 1; ' | |
| 14 f"if [ $out != {addr} ]; then echo got $out >&2 ; exit 1; fi" | |
|
59
fa7a71b8a97f
more dns checks, including from inside containers in k8s`
drewp@bigasterisk.com
parents:
53
diff
changeset
|
15 ]) |
|
fa7a71b8a97f
more dns checks, including from inside containers in k8s`
drewp@bigasterisk.com
parents:
53
diff
changeset
|
16 |
| 45 | 17 |
| 18 ''' | |
| 19 idea: read a file that looks like this: | |
| 20 | |
| 21 on host: bang dash slash prime | |
| 22 lookup: | |
| 23 bang 127.0.1.1 10.1.0.1 10.1.0.1 10.5.0.1 | |
| 24 bang5 10.5.0.1 10.5.0.1 10.5.0.1 10.5.0.1 | |
| 25 dash 10.1.0.5 127.0.1.1 10.1.0.5 10.5.0.5 | |
|
59
fa7a71b8a97f
more dns checks, including from inside containers in k8s`
drewp@bigasterisk.com
parents:
53
diff
changeset
|
26 bang.bigasterisk.com |
|
fa7a71b8a97f
more dns checks, including from inside containers in k8s`
drewp@bigasterisk.com
parents:
53
diff
changeset
|
27 bang.bigasterisk.com. |
|
fa7a71b8a97f
more dns checks, including from inside containers in k8s`
drewp@bigasterisk.com
parents:
53
diff
changeset
|
28 prime |
|
fa7a71b8a97f
more dns checks, including from inside containers in k8s`
drewp@bigasterisk.com
parents:
53
diff
changeset
|
29 projects.bigasterisk.com |
| 45 | 30 etc |
| 31 | |
| 32 (or another idea: wireguard everywhere all the time) | |
| 33 ''' | |
| 34 | |
| 35 if host.name in ['dash', 'bang', 'slash']: | |
|
59
fa7a71b8a97f
more dns checks, including from inside containers in k8s`
drewp@bigasterisk.com
parents:
53
diff
changeset
|
36 check('dash', '10.2.0.77') |
|
fa7a71b8a97f
more dns checks, including from inside containers in k8s`
drewp@bigasterisk.com
parents:
53
diff
changeset
|
37 check('projects.bigasterisk.com', '10.2.0.1') |
| 45 | 38 elif host.name in ['prime']: |
| 39 check('dash', '10.5.0.5') | |
|
53
8945bf71da22
make bang look to itself, not just to ISP, for projects.bigasterisk.com
drewp@bigasterisk.com
parents:
45
diff
changeset
|
40 check('projects.bigasterisk.com', '10.2.0.1') # expected the public addr, but fine |
| 45 | 41 else: |
|
59
fa7a71b8a97f
more dns checks, including from inside containers in k8s`
drewp@bigasterisk.com
parents:
53
diff
changeset
|
42 check('dash', '10.2.0.77') |
|
53
8945bf71da22
make bang look to itself, not just to ISP, for projects.bigasterisk.com
drewp@bigasterisk.com
parents:
45
diff
changeset
|
43 check('projects.bigasterisk.com', '10.2.0.1') |
| 45 | 44 |
|
59
fa7a71b8a97f
more dns checks, including from inside containers in k8s`
drewp@bigasterisk.com
parents:
53
diff
changeset
|
45 if host.name in ['prime']: |
| 45 | 46 check('bang', '10.5.0.1') |
|
59
fa7a71b8a97f
more dns checks, including from inside containers in k8s`
drewp@bigasterisk.com
parents:
53
diff
changeset
|
47 check('slash', '10.5.0.6') |
| 45 | 48 else: |
| 49 check('bang', '10.2.0.1') | |
|
59
fa7a71b8a97f
more dns checks, including from inside containers in k8s`
drewp@bigasterisk.com
parents:
53
diff
changeset
|
50 check('slash', '10.2.0.138') |
| 45 | 51 |
| 52 check('bang5', '10.5.0.1') | |
| 53 check('prime', '10.5.0.2') | |
| 54 |