dns: nsupdate host records to the authoritative server
ci/woodpecker/pr/ruby-validate Pipeline was successful
ci/woodpecker/pr/puppet-lint Pipeline was successful
ci/woodpecker/pr/yamllint Pipeline was successful
ci/woodpecker/pr/bolt-validate Pipeline was successful
ci/woodpecker/pr/erb-validate Pipeline was successful
ci/woodpecker/pr/epp-validate Pipeline was successful
ci/woodpecker/pr/puppet-validate Pipeline was successful
ci/woodpecker/pr/ruby-check Pipeline was successful
ci/woodpecker/pr/ruby-validate Pipeline was successful
ci/woodpecker/pr/puppet-lint Pipeline was successful
ci/woodpecker/pr/yamllint Pipeline was successful
ci/woodpecker/pr/bolt-validate Pipeline was successful
ci/woodpecker/pr/erb-validate Pipeline was successful
ci/woodpecker/pr/epp-validate Pipeline was successful
ci/woodpecker/pr/puppet-validate Pipeline was successful
ci/woodpecker/pr/ruby-check Pipeline was successful
Replaces the exported-resources -> puppet DNS master zone-file flow with per-host RFC2136 dynamic updates against the k8s bind-authoritative write endpoint (198.18.200.9), so the master no longer manages zone files. - add profiles::dns::updater: assembles the host's records into a concat file and runs nsupdate via a systemd .path unit that watches it; the dns-update script sends only the delta and deletes removed records - switch profiles::dns::record to write local concat fragments (zone|name|type|ttl|value) instead of exporting to the master - include profiles::dns::updater from profiles::dns::base (all nodes) - inert until profiles::dns::updater::key_secret (TSIG) is set in eyaml - hiera: updater server/key_name/algorithm in common.yaml
This commit is contained in:
@@ -11,9 +11,12 @@ class profiles::dns::base (
|
||||
Optional[String] $ns_role = undef,
|
||||
){
|
||||
|
||||
# install bind_utils
|
||||
# install bind_utils (provides nsupdate)
|
||||
include bind::updater
|
||||
|
||||
# assemble the host's DNS records and nsupdate them to the authoritative server
|
||||
include profiles::dns::updater
|
||||
|
||||
# if ns_role is set, find all hosts matching that enc_role
|
||||
$nameserver_array = $ns_role ? {
|
||||
undef => $nameservers,
|
||||
|
||||
Reference in New Issue
Block a user