dns: nsupdate host records to the authoritative server
ci/woodpecker/pr/ruby-validate Pipeline was successful
ci/woodpecker/pr/puppet-lint Pipeline was successful
ci/woodpecker/pr/yamllint Pipeline was successful
ci/woodpecker/pr/bolt-validate Pipeline was successful
ci/woodpecker/pr/erb-validate Pipeline was successful
ci/woodpecker/pr/epp-validate Pipeline was successful
ci/woodpecker/pr/puppet-validate Pipeline was successful
ci/woodpecker/pr/ruby-check Pipeline was successful
ci/woodpecker/pr/ruby-validate Pipeline was successful
ci/woodpecker/pr/puppet-lint Pipeline was successful
ci/woodpecker/pr/yamllint Pipeline was successful
ci/woodpecker/pr/bolt-validate Pipeline was successful
ci/woodpecker/pr/erb-validate Pipeline was successful
ci/woodpecker/pr/epp-validate Pipeline was successful
ci/woodpecker/pr/puppet-validate Pipeline was successful
ci/woodpecker/pr/ruby-check Pipeline was successful
Replaces the exported-resources -> puppet DNS master zone-file flow with per-host RFC2136 dynamic updates against the k8s bind-authoritative write endpoint (198.18.200.9), so the master no longer manages zone files. - add profiles::dns::updater: assembles the host's records into a concat file and runs nsupdate via a systemd .path unit that watches it; the dns-update script sends only the delta and deletes removed records - switch profiles::dns::record to write local concat fragments (zone|name|type|ttl|value) instead of exporting to the master - include profiles::dns::updater from profiles::dns::base (all nodes) - inert until profiles::dns::updater::key_secret (TSIG) is set in eyaml - hiera: updater server/key_name/algorithm in common.yaml
This commit is contained in:
@@ -1,4 +1,9 @@
|
||||
# defines the base record that will be exported
|
||||
# profiles::dns::record
|
||||
#
|
||||
# Declares a DNS record for this host. The record is written to the local
|
||||
# dns-updater records file (profiles::dns::updater), which nsupdates it to the
|
||||
# authoritative DNS server. This replaces the old flow that exported a
|
||||
# @@concat::fragment to the puppet DNS master.
|
||||
define profiles::dns::record (
|
||||
String $record,
|
||||
Enum[
|
||||
@@ -13,11 +18,14 @@ define profiles::dns::record (
|
||||
String $value,
|
||||
String $zone,
|
||||
Integer $order,
|
||||
Stdlib::AbsolutePath $basedir = lookup('profiles::dns::master::basedir'),
|
||||
Integer $ttl = 300,
|
||||
) {
|
||||
@@concat::fragment { "${zone}_${name}":
|
||||
target => "${basedir}/${zone}.conf",
|
||||
content => "${record} IN ${type} ${value}\n",
|
||||
order => $order,
|
||||
include profiles::dns::updater
|
||||
|
||||
# zone|name|type|ttl|value (parsed by the dns-update script)
|
||||
concat::fragment { "dns-record-${name}":
|
||||
target => $profiles::dns::updater::records_file,
|
||||
content => "${zone}|${record}|${type}|${ttl}|${value}\n",
|
||||
order => sprintf('%03d', $order),
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user