unkin/puppet-prod
2
0
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases Wiki Activity

feat: add unkin.net domain (#347)

Browse Source 
- manage the unkin.net domain
- ensure forwarding for unkin.net
- split domain from cname list and set zone correctly
- add fafflix to cnames list for haproxy2

Reviewed-on: #347
This commit is contained in:
Ben Vincent 2025-07-06 20:02:20 +10:00
parent 2814a55df6
commit 2d9faf578f
8 changed files with 63 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
hieradata/country/au/region/syd1/infra/halb/haproxy2.yaml
View File

@ -8,6 +8,7 @@ profiles::haproxy::dns::vrrp_cnames:
- prowlarr.main.unkin.net
- nzbget.main.unkin.net
- git.unkin.net
- fafflix.unkin.net
profiles::haproxy::mappings:
fe_http:

7
hieradata/roles/infra/dns/master.yaml
View File

@ -22,6 +22,12 @@ profiles::dns::master::acls:
- 198.18.29.0/24
profiles::dns::master::zones:
unkin.net:
domain: 'unkin.net'
zone_type: 'master'
dynamic: false
ns_notify: true
source: '/var/named/sources/unkin.net.conf'
main.unkin.net:
domain: 'main.unkin.net'
zone_type: 'master'
@ -129,6 +135,7 @@ profiles::dns::master::views:
master-zones:
recursion: false
zones:
- unkin.net
- main.unkin.net
- 13.18.198.in-addr.arpa
- 14.18.198.in-addr.arpa

6
hieradata/roles/infra/dns/resolver.yaml
View File

@ -81,6 +81,11 @@ profiles::dns::resolver::zones:
- 10.10.16.32
- 10.10.16.33
forward: 'only'
unkin.net-forward:
domain: 'unkin.net'
zone_type: 'forward'
forwarders: "%{alias('profiles_dns_upstream_forwarder_unkin')}"
forward: 'only'
main.unkin.net-forward:
domain: 'main.unkin.net'
zone_type: 'forward'
@ -176,6 +181,7 @@ profiles::dns::resolver::views:
openforwarder:
recursion: true
zones:
- unkin.net-forward
- main.unkin.net-forward
- dmz.unkin.net-forward
- network.unkin.net-forward

33
site/profiles/manifests/dns/master.pp
View File

@ -26,6 +26,18 @@ class profiles::dns::master (
}
}
# create a hash of hostname => ip, which will be used to create glue records
$glue_records_map = $ns_role ? {
undef => {
$facts['networking']['fqdn'] => $facts['networking']['ip']
},
default => $nameservers_array.reduce({}) |$acc, $fqdn| {
$result = query_nodes("networking.fqdn='${fqdn}'", 'networking.ip')
$ip = $result[0]
$acc + { "${fqdn}." => $ip }
}
}
# if nameservers is empty, use the current host, otherwise use nameservers_array as nameservers
$nameservers = empty($nameservers_array) ? {
true => [$facts['networking']['fqdn']],
@ -51,14 +63,23 @@ class profiles::dns::master (
# create zones
$zones.each | String $name, Hash $data | {
# only add glue records when the domain isnt reverse dns, or main.unkin.net
# - since the hosts will already be in main.unkin.net
if $data['zone_type'] == 'master' {
$glue_records = $data['domain'] ? {
/in-addr\.arpa$/ => undef,
'main.unkin.net' => undef,
default => $glue_records_map,
}
profiles::dns::zone { $name:
zone => $data['domain'],
basedir => $basedir,
nameservers => sort($nameservers),
owner => $owner,
group => $group,
before => Bind::Zone[$name]
zone => $data['domain'],
basedir => $basedir,
nameservers => sort($nameservers),
owner => $owner,
group => $group,
before => Bind::Zone[$name],
glue_records => $glue_records,
}
}
}

1
site/profiles/manifests/dns/zone.pp
View File

@ -5,6 +5,7 @@ define profiles::dns::zone (
Stdlib::AbsolutePath $basedir,
String $owner,
String $group,
Optional[Hash[String, String]] $glue_records = {},
) {
# Define the concat resource for the zone file

22
site/profiles/manifests/haproxy/dns.pp
View File

@ -18,11 +18,13 @@ class profiles::haproxy::dns (
# export cnames for haproxy applications
$cnames.each |$cname| {
$parts = split($cname, '\.')
$domain = join($parts[1, $parts.length], '.')
profiles::dns::record { "${::facts['networking']['fqdn']}_${cname}_CNAME":
value => "${location_environment}-halb",
type => 'CNAME',
record => "${cname}.",
zone => $::facts['networking']['domain'],
zone => $domain,
order => $order,
}
}
@ -41,20 +43,24 @@ class profiles::haproxy::dns (
# if this is the first host in the returned filter, export a/cnames for haproxy applications
if $servers_array[0] == $trusted['certname'] {
profiles::dns::record { "${facts['networking']['fqdn']}_vrrp_${location_environment}-halb-vrrp":
value => $ipaddr,
type => 'A',
record => "${location_environment}-halb-vrrp",
zone => $::facts['networking']['domain'],
order => $order,
['main.unkin.net', 'unkin.net'].each |$domain| {
profiles::dns::record { "${facts['networking']['fqdn']}_vrrp_${domain}_${location_environment}-halb-vrrp":
value => $ipaddr,
type => 'A',
record => "${location_environment}-halb-vrrp",
zone => $domain,
order => $order,
}
}
$vrrp_cnames.each |$cname| {
$parts = split($cname, '\.')
$domain = join($parts[1, $parts.length], '.')
profiles::dns::record { "${::facts['networking']['fqdn']}_${cname}_CNAME":
value => "${location_environment}-halb-vrrp",
type => 'CNAME',
record => "${cname}.",
zone => $::facts['networking']['domain'],
zone => $domain,
order => $order,
}
}

1
site/profiles/templates/base/hosts.erb
View File

@ -4,7 +4,6 @@
<%= @facts['networking']['ip'] %> <%= @fqdn %> <%= @hostname %>
127.0.0.1 localhost.localdomain localhost
127.0.0.1 localhost4.localdomain4 localhost4
198.18.19.17 git.unkin.net
<% @additional_hosts.each do |host| -%>
<%= host['ip'] %> <%= host['hostname'] %> <%= host['aliases'].join(' ') if host['aliases'] %>

7
site/profiles/templates/dns/zone_header.erb
View File

@ -8,6 +8,13 @@ $TTL 600
2419200 ; Expire
600 ) ; Negative Cache TTL
<% unless @glue_records.empty? -%>
; Glue records for nameservers
<% @glue_records.each do |fqdn, ip| -%>
<%= fqdn %> IN A <%= ip %>
<% end -%>
<% end -%>
; Name servers
<% @nameservers.each do |ns| -%>
@ IN NS <%= ns %>.