unkin/puppet-prod
2
0
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases Wiki Activity

feat: deploy dns for all interfaces

Browse Source 
feat: rework profiles::dns::client define

- reworked the profiles::dns::client to use new defaults
- removed static variables

feat: manage secondary interfaces

- define the primary interface for dns
- set primary interface as loopback0 for incus hosts
- add ip_sans for loopback interfaces
- add ssh principals for loopback interfaces
This commit is contained in:
Ben Vincent 2025-05-11 12:18:19 +10:00
parent 3e0141bb1b
commit 19bc2002ee
3 changed files with 45 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
hieradata/roles/infra/incus/node.yaml
View File

@ -13,10 +13,18 @@ profiles::pki::vault::alt_names:
- incus.query.consul - incus.query.consul
- "incus.service.%{facts.country}-%{facts.region}.consul" - "incus.service.%{facts.country}-%{facts.region}.consul"
profiles::pki::vault::ip_sans:
- "%{hiera('networking_loopback0_ip')}"
- "%{hiera('networking_loopback1_ip')}"
- "%{hiera('networking_loopback2_ip')}"
profiles::ssh::sign::principals: profiles::ssh::sign::principals:
- incus.service.consul - incus.service.consul
- incus.query.consul - incus.query.consul
- "incus.service.%{facts.country}-%{facts.region}.consul" - "incus.service.%{facts.country}-%{facts.region}.consul"
- "%{hiera('networking_loopback0_ip')}"
- "%{hiera('networking_loopback1_ip')}"
- "%{hiera('networking_loopback2_ip')}"
# configure consul service # configure consul service
consul::services: consul::services:
@ -65,10 +73,12 @@ profiles::yum::global::repos:
gpgkey: https://packagerepo.service.consul/zfs/rhel9/kmod-daily/%{facts.os.architecture}/os/RPM-GPG-KEY-openzfs-2022 gpgkey: https://packagerepo.service.consul/zfs/rhel9/kmod-daily/%{facts.os.architecture}/os/RPM-GPG-KEY-openzfs-2022
mirrorlist: absent mirrorlist: absent
# dns
profiles::dns::base::primary_interface: loopback0
# networking # networking
systemd::manage_networkd: true systemd::manage_networkd: true
systemd::manage_all_network_files: true systemd::manage_all_network_files: true
#networking::use_networkd: true
networking::interfaces: networking::interfaces:
enp2s0: enp2s0:
type: physical type: physical

21
site/profiles/manifests/dns/base.pp
View File

@ -7,6 +7,7 @@ class profiles::dns::base (
'region', 'region',
'country' 'country'
]] $use_ns = undef, ]] $use_ns = undef,
String $primary_interface = $facts['networking']['primary'],
Optional[String] $ns_role = undef, Optional[String] $ns_role = undef,
){ ){
@ -43,6 +44,24 @@ class profiles::dns::base (
} }
# export dns records for client # export dns records for client
profiles::dns::client {"${facts['networking']['fqdn']}-default":} $facts['networking']['interfaces'].each | $interface, $data | {
# exclude those without ipv4 address, and lo
if $data['ip'] and $interface != 'lo' {
# use defaults for the primary_interface
if $interface == $primary_interface {
profiles::dns::client {"${facts['networking']['fqdn']}-${interface}":
interface => $interface,
}
# update secondary interfaces
}else{
profiles::dns::client {"${facts['networking']['fqdn']}-${interface}":
interface => $interface,
hostname => "${facts['networking']['hostname']}-${interface}",
}
}
}
}
} }

27
site/profiles/manifests/dns/client.pp
View File

@ -1,30 +1,31 @@
# profiles::dns::client # profiles::dns::client
define profiles::dns::client ( define profiles::dns::client (
Boolean $forward = true, Boolean $forward = true,
Boolean $reverse = true, Boolean $reverse = true,
Integer $order = 10, Integer $order = 10,
String $interface = $facts['networking']['primary'],
Stdlib::Fqdn $hostname = $facts['networking']['hostname'],
Stdlib::Fqdn $domain = $facts['networking']['domain'],
){ ){
$intf = $facts['networking']['primary'] $last_octet = regsubst($facts['networking']['interfaces'][$interface]['ip'], '^.*\.', '')
$fqdn = $facts['networking']['fqdn']
$last_octet = regsubst($::facts['networking']['ip'], '^.*\.', '')
if $forward { if $forward {
profiles::dns::record { "${fqdn}_${intf}_A": profiles::dns::record { "${title}_A":
value => $::facts['networking']['ip'], value => $facts['networking']['interfaces'][$interface]['ip'],
type => 'A', type => 'A',
record => $::facts['networking']['hostname'], record => $hostname,
zone => $::facts['networking']['domain'], zone => $domain,
order => $order, order => $order,
} }
} }
if $reverse { if $reverse {
profiles::dns::record { "${fqdn}_${intf}_PTR": profiles::dns::record { "${title}_PTR":
value => "${::facts['networking']['fqdn']}.", value => "${hostname}.${domain}.",
type => 'PTR', type => 'PTR',
record => $last_octet, record => $last_octet,
zone => $::facts['arpa'][$intf]['zone'], zone => $facts['arpa'][$interface]['zone'],
order => $order, order => $order,
} }
} }