From ab6962e67ddf561cb2fa7f55319c0e87a2a85d68 Mon Sep 17 00:00:00 2001
From: Ben Vincent <ben@unkin.net>
Date: Sun, 11 May 2025 00:27:50 +1000
Subject: [PATCH] feat: change to anycast resolver

---
 hieradata/common.yaml                         |  6 ++-
 .../nodes/ausyd1nxvm2032.main.unkin.net.yaml  | 47 +++++++++++++++++++
 .../nodes/ausyd1nxvm2033.main.unkin.net.yaml  | 47 +++++++++++++++++++
 .../nodes/ausyd1nxvm2034.main.unkin.net.yaml  | 47 +++++++++++++++++++
 site/profiles/manifests/dns/base.pp           |  6 +--
 5 files changed, 148 insertions(+), 5 deletions(-)
 create mode 100644 hieradata/nodes/ausyd1nxvm2032.main.unkin.net.yaml
 create mode 100644 hieradata/nodes/ausyd1nxvm2033.main.unkin.net.yaml
 create mode 100644 hieradata/nodes/ausyd1nxvm2034.main.unkin.net.yaml

diff --git a/hieradata/common.yaml b/hieradata/common.yaml
index ae0a661..3bee9e1 100644
--- a/hieradata/common.yaml
+++ b/hieradata/common.yaml
@@ -182,9 +182,11 @@ vault::manage_service_file: true
 vault::manage_config_dir: true
 vault::disable_mlock: false
 
+profiles::dns::base::nameservers:
+  - 198.18.19.16
 profiles::dns::master::basedir: '/var/named/sources'
-profiles::dns::base::ns_role: 'roles::infra::dns::resolver'
-profiles::dns::base::use_ns: 'region'
+#profiles::dns::base::ns_role: 'roles::infra::dns::resolver'
+#profiles::dns::base::use_ns: 'region'
 profiles::consul::server::members_role: roles::infra::storage::consul
 profiles::consul::token::node_editor::accessor_id: '024e27bd-c5bb-41e7-a578-b766509e11bc'
 profiles::consul::client::members_lookup: true
diff --git a/hieradata/nodes/ausyd1nxvm2032.main.unkin.net.yaml b/hieradata/nodes/ausyd1nxvm2032.main.unkin.net.yaml
new file mode 100644
index 0000000..92f6c57
--- /dev/null
+++ b/hieradata/nodes/ausyd1nxvm2032.main.unkin.net.yaml
@@ -0,0 +1,47 @@
+---
+hiera_include:
+  - frrouting
+
+# networking
+dns_resolver_anycast_ip: 198.18.19.16
+systemd::manage_networkd: true
+systemd::manage_all_network_files: true
+networking::interfaces:
+  eth0:
+    type: physical
+    forwarding: true
+    dhcp: true
+  loopback0:
+    type: dummy
+    ipaddress: "%{hiera('dns_resolver_anycast_ip')}"
+    netmask: 255.255.255.255
+    mtu: 1500
+
+# frrouting
+frrouting::ospfd_router_id: "%{facts.networking.ip}"
+frrouting::ospfd_redistribute:
+  - connected
+frrouting::ospfd_interfaces:
+  eth0:
+    area: 0.0.0.0
+  loopback0:
+    area: 0.0.0.0
+frrouting::daemons:
+  ospfd: true
+
+# additional repos
+profiles::yum::global::repos:
+  frr-extras:
+    name: frr-extras
+    descr: frr-extras repository
+    target: /etc/yum.repos.d/frr-extras.repo
+    baseurl: https://packagerepo.service.consul/frr/el9/extras-daily/%{facts.os.architecture}/os
+    gpgkey: https://packagerepo.service.consul/frr/el9/extras-daily/%{facts.os.architecture}/os/RPM-GPG-KEY-FRR
+    mirrorlist: absent
+  frr-stable:
+    name: frr-stable
+    descr: frr-stable repository
+    target: /etc/yum.repos.d/frr-stable.repo
+    baseurl: https://packagerepo.service.consul/frr/el9/stable-daily/%{facts.os.architecture}/os
+    gpgkey: https://packagerepo.service.consul/frr/el9/stable-daily/%{facts.os.architecture}/os/RPM-GPG-KEY-FRR
+    mirrorlist: absent
diff --git a/hieradata/nodes/ausyd1nxvm2033.main.unkin.net.yaml b/hieradata/nodes/ausyd1nxvm2033.main.unkin.net.yaml
new file mode 100644
index 0000000..92f6c57
--- /dev/null
+++ b/hieradata/nodes/ausyd1nxvm2033.main.unkin.net.yaml
@@ -0,0 +1,47 @@
+---
+hiera_include:
+  - frrouting
+
+# networking
+dns_resolver_anycast_ip: 198.18.19.16
+systemd::manage_networkd: true
+systemd::manage_all_network_files: true
+networking::interfaces:
+  eth0:
+    type: physical
+    forwarding: true
+    dhcp: true
+  loopback0:
+    type: dummy
+    ipaddress: "%{hiera('dns_resolver_anycast_ip')}"
+    netmask: 255.255.255.255
+    mtu: 1500
+
+# frrouting
+frrouting::ospfd_router_id: "%{facts.networking.ip}"
+frrouting::ospfd_redistribute:
+  - connected
+frrouting::ospfd_interfaces:
+  eth0:
+    area: 0.0.0.0
+  loopback0:
+    area: 0.0.0.0
+frrouting::daemons:
+  ospfd: true
+
+# additional repos
+profiles::yum::global::repos:
+  frr-extras:
+    name: frr-extras
+    descr: frr-extras repository
+    target: /etc/yum.repos.d/frr-extras.repo
+    baseurl: https://packagerepo.service.consul/frr/el9/extras-daily/%{facts.os.architecture}/os
+    gpgkey: https://packagerepo.service.consul/frr/el9/extras-daily/%{facts.os.architecture}/os/RPM-GPG-KEY-FRR
+    mirrorlist: absent
+  frr-stable:
+    name: frr-stable
+    descr: frr-stable repository
+    target: /etc/yum.repos.d/frr-stable.repo
+    baseurl: https://packagerepo.service.consul/frr/el9/stable-daily/%{facts.os.architecture}/os
+    gpgkey: https://packagerepo.service.consul/frr/el9/stable-daily/%{facts.os.architecture}/os/RPM-GPG-KEY-FRR
+    mirrorlist: absent
diff --git a/hieradata/nodes/ausyd1nxvm2034.main.unkin.net.yaml b/hieradata/nodes/ausyd1nxvm2034.main.unkin.net.yaml
new file mode 100644
index 0000000..92f6c57
--- /dev/null
+++ b/hieradata/nodes/ausyd1nxvm2034.main.unkin.net.yaml
@@ -0,0 +1,47 @@
+---
+hiera_include:
+  - frrouting
+
+# networking
+dns_resolver_anycast_ip: 198.18.19.16
+systemd::manage_networkd: true
+systemd::manage_all_network_files: true
+networking::interfaces:
+  eth0:
+    type: physical
+    forwarding: true
+    dhcp: true
+  loopback0:
+    type: dummy
+    ipaddress: "%{hiera('dns_resolver_anycast_ip')}"
+    netmask: 255.255.255.255
+    mtu: 1500
+
+# frrouting
+frrouting::ospfd_router_id: "%{facts.networking.ip}"
+frrouting::ospfd_redistribute:
+  - connected
+frrouting::ospfd_interfaces:
+  eth0:
+    area: 0.0.0.0
+  loopback0:
+    area: 0.0.0.0
+frrouting::daemons:
+  ospfd: true
+
+# additional repos
+profiles::yum::global::repos:
+  frr-extras:
+    name: frr-extras
+    descr: frr-extras repository
+    target: /etc/yum.repos.d/frr-extras.repo
+    baseurl: https://packagerepo.service.consul/frr/el9/extras-daily/%{facts.os.architecture}/os
+    gpgkey: https://packagerepo.service.consul/frr/el9/extras-daily/%{facts.os.architecture}/os/RPM-GPG-KEY-FRR
+    mirrorlist: absent
+  frr-stable:
+    name: frr-stable
+    descr: frr-stable repository
+    target: /etc/yum.repos.d/frr-stable.repo
+    baseurl: https://packagerepo.service.consul/frr/el9/stable-daily/%{facts.os.architecture}/os
+    gpgkey: https://packagerepo.service.consul/frr/el9/stable-daily/%{facts.os.architecture}/os/RPM-GPG-KEY-FRR
+    mirrorlist: absent
diff --git a/site/profiles/manifests/dns/base.pp b/site/profiles/manifests/dns/base.pp
index 12d2d99..5542515 100644
--- a/site/profiles/manifests/dns/base.pp
+++ b/site/profiles/manifests/dns/base.pp
@@ -1,13 +1,13 @@
 # profiles::dns::base
 class profiles::dns::base (
-  String $ns_role = undef,
   Array  $search  = [],
   Array  $nameservers = ['198.18.13.12', '198.18.13.13'],
-  Enum[
+  Optional[Enum[
     'all',
     'region',
     'country'
-  ]      $use_ns  = 'all',
+  ]]      $use_ns           = undef,
+  Optional[String] $ns_role = undef,
 ){
 
   # install bind_utils
-- 
2.47.3