neoloc/loopback_dns (#281)

- manage all interfaces in dns (except lo and anycast) - move loopback0 anycast addresses to be anycast0 Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/281
2025-05-11 16:36:04 +10:00 · 2025-05-11 16:36:04 +10:00 · 87a6c73578
commit 87a6c73578
parent 3e0141bb1b
14 changed files with 67 additions and 37 deletions
--- a/hieradata/nodes/ausyd1nxvm2005.main.unkin.net.yaml
+++ b/hieradata/nodes/ausyd1nxvm2005.main.unkin.net.yaml
@ -11,7 +11,7 @@ networking::interfaces:
    type: physical
    forwarding: true
    dhcp: true
-  loopback0:
+  anycast0:
    type: dummy
    ipaddress: "%{hiera('profiles::consul::server::anycast_ip')}"
    netmask: 255.255.255.255
@ -24,7 +24,7 @@ frrouting::ospfd_redistribute:
 frrouting::ospfd_interfaces:
  eth0:
    area: 0.0.0.0
-  loopback0:
+  anycast0:
    area: 0.0.0.0
 frrouting::daemons:
  ospfd: true
--- a/hieradata/nodes/ausyd1nxvm2006.main.unkin.net.yaml
+++ b/hieradata/nodes/ausyd1nxvm2006.main.unkin.net.yaml
@ -11,7 +11,7 @@ networking::interfaces:
    type: physical
    forwarding: true
    dhcp: true
-  loopback0:
+  anycast0:
    type: dummy
    ipaddress: "%{hiera('profiles::consul::server::anycast_ip')}"
    netmask: 255.255.255.255
@ -24,7 +24,7 @@ frrouting::ospfd_redistribute:
 frrouting::ospfd_interfaces:
  eth0:
    area: 0.0.0.0
-  loopback0:
+  anycast0:
    area: 0.0.0.0
 frrouting::daemons:
  ospfd: true
--- a/hieradata/nodes/ausyd1nxvm2007.main.unkin.net.yaml
+++ b/hieradata/nodes/ausyd1nxvm2007.main.unkin.net.yaml
@ -11,7 +11,7 @@ networking::interfaces:
    type: physical
    forwarding: true
    dhcp: true
-  loopback0:
+  anycast0:
    type: dummy
    ipaddress: "%{hiera('profiles::consul::server::anycast_ip')}"
    netmask: 255.255.255.255
@ -24,7 +24,7 @@ frrouting::ospfd_redistribute:
 frrouting::ospfd_interfaces:
  eth0:
    area: 0.0.0.0
-  loopback0:
+  anycast0:
    area: 0.0.0.0
 frrouting::daemons:
  ospfd: true
--- a/hieradata/nodes/ausyd1nxvm2008.main.unkin.net.yaml
+++ b/hieradata/nodes/ausyd1nxvm2008.main.unkin.net.yaml
@ -11,7 +11,7 @@ networking::interfaces:
    type: physical
    forwarding: true
    dhcp: true
-  loopback0:
+  anycast0:
    type: dummy
    ipaddress: "%{hiera('profiles::consul::server::anycast_ip')}"
    netmask: 255.255.255.255
@ -24,7 +24,7 @@ frrouting::ospfd_redistribute:
 frrouting::ospfd_interfaces:
  eth0:
    area: 0.0.0.0
-  loopback0:
+  anycast0:
    area: 0.0.0.0
 frrouting::daemons:
  ospfd: true
--- a/hieradata/nodes/ausyd1nxvm2009.main.unkin.net.yaml
+++ b/hieradata/nodes/ausyd1nxvm2009.main.unkin.net.yaml
@ -11,7 +11,7 @@ networking::interfaces:
    type: physical
    forwarding: true
    dhcp: true
-  loopback0:
+  anycast0:
    type: dummy
    ipaddress: "%{hiera('profiles::consul::server::anycast_ip')}"
    netmask: 255.255.255.255
@ -24,7 +24,7 @@ frrouting::ospfd_redistribute:
 frrouting::ospfd_interfaces:
  eth0:
    area: 0.0.0.0
-  loopback0:
+  anycast0:
    area: 0.0.0.0
 frrouting::daemons:
  ospfd: true
--- a/hieradata/nodes/ausyd1nxvm2029.main.unkin.net.yaml
+++ b/hieradata/nodes/ausyd1nxvm2029.main.unkin.net.yaml
@ -11,7 +11,7 @@ networking::interfaces:
    type: physical
    forwarding: true
    dhcp: true
-  loopback0:
+  anycast0:
    type: dummy
    ipaddress: "%{hiera('dns_master_anycast_ip')}"
    netmask: 255.255.255.255
@ -24,7 +24,7 @@ frrouting::ospfd_redistribute:
 frrouting::ospfd_interfaces:
  eth0:
    area: 0.0.0.0
-  loopback0:
+  anycast0:
    area: 0.0.0.0
 frrouting::daemons:
  ospfd: true
--- a/hieradata/nodes/ausyd1nxvm2030.main.unkin.net.yaml
+++ b/hieradata/nodes/ausyd1nxvm2030.main.unkin.net.yaml
@ -11,7 +11,7 @@ networking::interfaces:
    type: physical
    forwarding: true
    dhcp: true
-  loopback0:
+  anycast0:
    type: dummy
    ipaddress: "%{hiera('dns_master_anycast_ip')}"
    netmask: 255.255.255.255
@ -24,7 +24,7 @@ frrouting::ospfd_redistribute:
 frrouting::ospfd_interfaces:
  eth0:
    area: 0.0.0.0
-  loopback0:
+  anycast0:
    area: 0.0.0.0
 frrouting::daemons:
  ospfd: true
--- a/hieradata/nodes/ausyd1nxvm2031.main.unkin.net.yaml
+++ b/hieradata/nodes/ausyd1nxvm2031.main.unkin.net.yaml
@ -11,7 +11,7 @@ networking::interfaces:
    type: physical
    forwarding: true
    dhcp: true
-  loopback0:
+  anycast0:
    type: dummy
    ipaddress: "%{hiera('dns_master_anycast_ip')}"
    netmask: 255.255.255.255
@ -24,7 +24,7 @@ frrouting::ospfd_redistribute:
 frrouting::ospfd_interfaces:
  eth0:
    area: 0.0.0.0
-  loopback0:
+  anycast0:
    area: 0.0.0.0
 frrouting::daemons:
  ospfd: true
--- a/hieradata/nodes/ausyd1nxvm2032.main.unkin.net.yaml
+++ b/hieradata/nodes/ausyd1nxvm2032.main.unkin.net.yaml
@ -11,7 +11,7 @@ networking::interfaces:
    type: physical
    forwarding: true
    dhcp: true
-  loopback0:
+  anycast0:
    type: dummy
    ipaddress: "%{hiera('dns_resolver_anycast_ip')}"
    netmask: 255.255.255.255
@ -24,7 +24,7 @@ frrouting::ospfd_redistribute:
 frrouting::ospfd_interfaces:
  eth0:
    area: 0.0.0.0
-  loopback0:
+  anycast0:
    area: 0.0.0.0
 frrouting::daemons:
  ospfd: true
--- a/hieradata/nodes/ausyd1nxvm2033.main.unkin.net.yaml
+++ b/hieradata/nodes/ausyd1nxvm2033.main.unkin.net.yaml
@ -11,7 +11,7 @@ networking::interfaces:
    type: physical
    forwarding: true
    dhcp: true
-  loopback0:
+  anycast0:
    type: dummy
    ipaddress: "%{hiera('dns_resolver_anycast_ip')}"
    netmask: 255.255.255.255
@ -24,7 +24,7 @@ frrouting::ospfd_redistribute:
 frrouting::ospfd_interfaces:
  eth0:
    area: 0.0.0.0
-  loopback0:
+  anycast0:
    area: 0.0.0.0
 frrouting::daemons:
  ospfd: true
--- a/hieradata/nodes/ausyd1nxvm2034.main.unkin.net.yaml
+++ b/hieradata/nodes/ausyd1nxvm2034.main.unkin.net.yaml
@ -11,7 +11,7 @@ networking::interfaces:
    type: physical
    forwarding: true
    dhcp: true
-  loopback0:
+  anycast0:
    type: dummy
    ipaddress: "%{hiera('dns_resolver_anycast_ip')}"
    netmask: 255.255.255.255
@ -24,7 +24,7 @@ frrouting::ospfd_redistribute:
 frrouting::ospfd_interfaces:
  eth0:
    area: 0.0.0.0
-  loopback0:
+  anycast0:
    area: 0.0.0.0
 frrouting::daemons:
  ospfd: true
--- a/hieradata/roles/infra/incus/node.yaml
+++ b/hieradata/roles/infra/incus/node.yaml
@ -13,10 +13,18 @@ profiles::pki::vault::alt_names:
  - incus.query.consul
  - "incus.service.%{facts.country}-%{facts.region}.consul"

+profiles::pki::vault::ip_sans:
+  - "%{hiera('networking_loopback0_ip')}"
+  - "%{hiera('networking_loopback1_ip')}"
+  - "%{hiera('networking_loopback2_ip')}"
+
 profiles::ssh::sign::principals:
  - incus.service.consul
  - incus.query.consul
  - "incus.service.%{facts.country}-%{facts.region}.consul"
+  - "%{hiera('networking_loopback0_ip')}"
+  - "%{hiera('networking_loopback1_ip')}"
+  - "%{hiera('networking_loopback2_ip')}"

 # configure consul service
 consul::services:
@ -65,10 +73,12 @@ profiles::yum::global::repos:
    gpgkey: https://packagerepo.service.consul/zfs/rhel9/kmod-daily/%{facts.os.architecture}/os/RPM-GPG-KEY-openzfs-2022
    mirrorlist: absent

+# dns
+profiles::dns::base::primary_interface: loopback0
+
 # networking
 systemd::manage_networkd: true
 systemd::manage_all_network_files: true
-#networking::use_networkd: true
 networking::interfaces:
  enp2s0:
    type: physical
--- a/site/profiles/manifests/dns/base.pp
+++ b/site/profiles/manifests/dns/base.pp
@ -7,6 +7,7 @@ class profiles::dns::base (
    'region',
    'country'
  ]]      $use_ns           = undef,
+  String $primary_interface = $facts['networking']['primary'],
  Optional[String] $ns_role = undef,
 ){

@ -43,6 +44,24 @@ class profiles::dns::base (
  }

  # export dns records for client
-  profiles::dns::client {"${facts['networking']['fqdn']}-default":}
+  $facts['networking']['interfaces'].each | $interface, $data | {

+    # exclude those without ipv4 address, lo and anycast addresses
+    if $data['ip'] and $interface != 'lo' and $interface !~ /^anycast[0-9]$/ {
+
+      # use defaults for the primary_interface
+      if $interface == $primary_interface {
+        profiles::dns::client {"${facts['networking']['fqdn']}-${interface}":
+          interface => $interface,
+        }
+
+      # update secondary interfaces
+      }else{
+        profiles::dns::client {"${facts['networking']['fqdn']}-${interface}":
+          interface => $interface,
+          hostname  => "${facts['networking']['hostname']}-${interface}",
+        }
+      }
+    }
+  }
 }
--- a/site/profiles/manifests/dns/client.pp
+++ b/site/profiles/manifests/dns/client.pp
@ -1,30 +1,31 @@
 # profiles::dns::client
 define profiles::dns::client (
-  Boolean   $forward    = true,
-  Boolean   $reverse    = true,
-  Integer   $order      = 10,
+  Boolean   $forward      = true,
+  Boolean   $reverse      = true,
+  Integer   $order        = 10,
+  String    $interface    = $facts['networking']['primary'],
+  Stdlib::Fqdn $hostname  = $facts['networking']['hostname'],
+  Stdlib::Fqdn $domain    = $facts['networking']['domain'],
 ){

-  $intf = $facts['networking']['primary']
-  $fqdn = $facts['networking']['fqdn']
-  $last_octet = regsubst($::facts['networking']['ip'], '^.*\.', '')
+  $last_octet = regsubst($facts['networking']['interfaces'][$interface]['ip'], '^.*\.', '')

  if $forward {
-    profiles::dns::record { "${fqdn}_${intf}_A":
-      value  => $::facts['networking']['ip'],
+    profiles::dns::record { "${title}_A":
+      value  => $facts['networking']['interfaces'][$interface]['ip'],
      type   => 'A',
-      record => $::facts['networking']['hostname'],
-      zone   => $::facts['networking']['domain'],
+      record => $hostname,
+      zone   => $domain,
      order  => $order,
    }
  }

  if $reverse {
-    profiles::dns::record { "${fqdn}_${intf}_PTR":
-      value  => "${::facts['networking']['fqdn']}.",
+    profiles::dns::record { "${title}_PTR":
+      value  => "${hostname}.${domain}.",
      type   => 'PTR',
      record => $last_octet,
-      zone   => $::facts['arpa'][$intf]['zone'],
+      zone   => $facts['arpa'][$interface]['zone'],
      order  => $order,
    }
  }