From bb6f6cbd49309546f68b957fd02800bf2a4e0167 Mon Sep 17 00:00:00 2001 From: Ben Vincent Date: Sat, 10 May 2025 23:00:03 +1000 Subject: [PATCH] feat: anycast dnsmasters (#279) - change dns masters on incus to anycast for bind - change to networkd to support anycast/loopbacks Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/279 --- .../au/region/syd1/infra/dns/resolver.yaml | 3 +- .../nodes/ausyd1nxvm2029.main.unkin.net.yaml | 47 +++++++++++++++++++ .../nodes/ausyd1nxvm2030.main.unkin.net.yaml | 47 +++++++++++++++++++ .../nodes/ausyd1nxvm2031.main.unkin.net.yaml | 47 +++++++++++++++++++ 4 files changed, 142 insertions(+), 2 deletions(-) create mode 100644 hieradata/nodes/ausyd1nxvm2029.main.unkin.net.yaml create mode 100644 hieradata/nodes/ausyd1nxvm2030.main.unkin.net.yaml create mode 100644 hieradata/nodes/ausyd1nxvm2031.main.unkin.net.yaml diff --git a/hieradata/country/au/region/syd1/infra/dns/resolver.yaml b/hieradata/country/au/region/syd1/infra/dns/resolver.yaml index d6d8dca..740336c 100644 --- a/hieradata/country/au/region/syd1/infra/dns/resolver.yaml +++ b/hieradata/country/au/region/syd1/infra/dns/resolver.yaml @@ -1,6 +1,5 @@ --- profiles_dns_upstream_forwarder_unkin: - - 198.18.13.14 - - 198.18.13.15 + - 198.18.19.15 profiles_dns_upstream_forwarder_consul: - 198.18.19.14 diff --git a/hieradata/nodes/ausyd1nxvm2029.main.unkin.net.yaml b/hieradata/nodes/ausyd1nxvm2029.main.unkin.net.yaml new file mode 100644 index 0000000..00d319e --- /dev/null +++ b/hieradata/nodes/ausyd1nxvm2029.main.unkin.net.yaml @@ -0,0 +1,47 @@ +--- +hiera_include: + - frrouting + +# networking +dns_master_anycast_ip: 198.18.19.15 +systemd::manage_networkd: true +systemd::manage_all_network_files: true +networking::interfaces: + eth0: + type: physical + forwarding: true + dhcp: true + loopback0: + type: dummy + ipaddress: "%{hiera('dns_master_anycast_ip')}" + netmask: 255.255.255.255 + mtu: 1500 + +# frrouting +frrouting::ospfd_router_id: "%{facts.networking.ip}" +frrouting::ospfd_redistribute: + - connected +frrouting::ospfd_interfaces: + eth0: + area: 0.0.0.0 + loopback0: + area: 0.0.0.0 +frrouting::daemons: + ospfd: true + +# additional repos +profiles::yum::global::repos: + frr-extras: + name: frr-extras + descr: frr-extras repository + target: /etc/yum.repos.d/frr-extras.repo + baseurl: https://packagerepo.service.consul/frr/el9/extras-daily/%{facts.os.architecture}/os + gpgkey: https://packagerepo.service.consul/frr/el9/extras-daily/%{facts.os.architecture}/os/RPM-GPG-KEY-FRR + mirrorlist: absent + frr-stable: + name: frr-stable + descr: frr-stable repository + target: /etc/yum.repos.d/frr-stable.repo + baseurl: https://packagerepo.service.consul/frr/el9/stable-daily/%{facts.os.architecture}/os + gpgkey: https://packagerepo.service.consul/frr/el9/stable-daily/%{facts.os.architecture}/os/RPM-GPG-KEY-FRR + mirrorlist: absent diff --git a/hieradata/nodes/ausyd1nxvm2030.main.unkin.net.yaml b/hieradata/nodes/ausyd1nxvm2030.main.unkin.net.yaml new file mode 100644 index 0000000..00d319e --- /dev/null +++ b/hieradata/nodes/ausyd1nxvm2030.main.unkin.net.yaml @@ -0,0 +1,47 @@ +--- +hiera_include: + - frrouting + +# networking +dns_master_anycast_ip: 198.18.19.15 +systemd::manage_networkd: true +systemd::manage_all_network_files: true +networking::interfaces: + eth0: + type: physical + forwarding: true + dhcp: true + loopback0: + type: dummy + ipaddress: "%{hiera('dns_master_anycast_ip')}" + netmask: 255.255.255.255 + mtu: 1500 + +# frrouting +frrouting::ospfd_router_id: "%{facts.networking.ip}" +frrouting::ospfd_redistribute: + - connected +frrouting::ospfd_interfaces: + eth0: + area: 0.0.0.0 + loopback0: + area: 0.0.0.0 +frrouting::daemons: + ospfd: true + +# additional repos +profiles::yum::global::repos: + frr-extras: + name: frr-extras + descr: frr-extras repository + target: /etc/yum.repos.d/frr-extras.repo + baseurl: https://packagerepo.service.consul/frr/el9/extras-daily/%{facts.os.architecture}/os + gpgkey: https://packagerepo.service.consul/frr/el9/extras-daily/%{facts.os.architecture}/os/RPM-GPG-KEY-FRR + mirrorlist: absent + frr-stable: + name: frr-stable + descr: frr-stable repository + target: /etc/yum.repos.d/frr-stable.repo + baseurl: https://packagerepo.service.consul/frr/el9/stable-daily/%{facts.os.architecture}/os + gpgkey: https://packagerepo.service.consul/frr/el9/stable-daily/%{facts.os.architecture}/os/RPM-GPG-KEY-FRR + mirrorlist: absent diff --git a/hieradata/nodes/ausyd1nxvm2031.main.unkin.net.yaml b/hieradata/nodes/ausyd1nxvm2031.main.unkin.net.yaml new file mode 100644 index 0000000..00d319e --- /dev/null +++ b/hieradata/nodes/ausyd1nxvm2031.main.unkin.net.yaml @@ -0,0 +1,47 @@ +--- +hiera_include: + - frrouting + +# networking +dns_master_anycast_ip: 198.18.19.15 +systemd::manage_networkd: true +systemd::manage_all_network_files: true +networking::interfaces: + eth0: + type: physical + forwarding: true + dhcp: true + loopback0: + type: dummy + ipaddress: "%{hiera('dns_master_anycast_ip')}" + netmask: 255.255.255.255 + mtu: 1500 + +# frrouting +frrouting::ospfd_router_id: "%{facts.networking.ip}" +frrouting::ospfd_redistribute: + - connected +frrouting::ospfd_interfaces: + eth0: + area: 0.0.0.0 + loopback0: + area: 0.0.0.0 +frrouting::daemons: + ospfd: true + +# additional repos +profiles::yum::global::repos: + frr-extras: + name: frr-extras + descr: frr-extras repository + target: /etc/yum.repos.d/frr-extras.repo + baseurl: https://packagerepo.service.consul/frr/el9/extras-daily/%{facts.os.architecture}/os + gpgkey: https://packagerepo.service.consul/frr/el9/extras-daily/%{facts.os.architecture}/os/RPM-GPG-KEY-FRR + mirrorlist: absent + frr-stable: + name: frr-stable + descr: frr-stable repository + target: /etc/yum.repos.d/frr-stable.repo + baseurl: https://packagerepo.service.consul/frr/el9/stable-daily/%{facts.os.architecture}/os + gpgkey: https://packagerepo.service.consul/frr/el9/stable-daily/%{facts.os.architecture}/os/RPM-GPG-KEY-FRR + mirrorlist: absent