dnsmasq: add script for dynamic DNS updates

roles/dnsmasq/templates/00-options.conf.j2

@@ -9,3 +9,5 @@ dhcp-proxy
 
 dhcp-option = option:dns-server,{{ dns | join(',') }}
 dhcp-option = option:ntp-server,{{ ntp | join(',') }}
+
+dhcp-script = /usr/local/bin/dns-update

roles/dnsmasq/templates/dns-update.j2

@@ -0,0 +1,29 @@
+#!/bin/sh
+
+domain={{ domain }}
+ldap_user={{ password.ldap_user }}
+ttl=3600
+
+address="${3}"
+
+case "${1}" in
+add)
+	host="${4}"
+	kinit -k "${ldap_user}"
+	nsupdate -g <<EOF
+update add ${host}.${domain} ${ttl} A ${address}
+send
+EOF
+	;;
+old)
+	if [ -n "${DNSMASQ_OLD_HOSTNAME}" -a -n "${DNSMASQ_SUPPLIED_HOSTNAME}" ] ; then
+		kinit -k "${ldap_user}"
+		nsupdate -g <<EOF
+update del ${DNSMASQ_OLD_HOSTNAME}.${domain}
+update add ${DNSMASQ_SUPPLIED_HOSTNAME}.${domain} ${ttl} A ${address}
+send
+EOF
+	fi
+	;;
+# TODO del, probably
+esac

roles/dnsmasq/templates/krb5.conf.j2

@@ -0,0 +1,18 @@
+[libdefaults]
+dns_lookup_realm = false
+ticket_lifetime = 24h
+renew_lifetime = 7d
+#forwardable = true
+rdns = false
+default_realm = {{ domain | upper }}
+
+[realms]
+{{ domain | upper }} = {
+{% for server in dns %}
+  kdc = {{ server }}
+{% endfor %}
+}
+
+[domain_realm]
+.{{ domain }} = {{ domain | upper }}
+{{ domain }} = {{ domain | upper }}