Files
puppet-prod/site/profiles/manifests/dns/record.pp
T
unkinben 3e807201ee
ci/woodpecker/pr/ruby-validate Pipeline was successful
ci/woodpecker/pr/puppet-lint Pipeline was successful
ci/woodpecker/pr/yamllint Pipeline was successful
ci/woodpecker/pr/bolt-validate Pipeline was successful
ci/woodpecker/pr/erb-validate Pipeline was successful
ci/woodpecker/pr/epp-validate Pipeline was successful
ci/woodpecker/pr/puppet-validate Pipeline was successful
ci/woodpecker/pr/ruby-check Pipeline was successful
dns: nsupdate host records to the authoritative server
Replaces the exported-resources -> puppet DNS master zone-file flow with
per-host RFC2136 dynamic updates against the k8s bind-authoritative write
endpoint (198.18.200.9), so the master no longer manages zone files.

- add profiles::dns::updater: assembles the host's records into a concat
  file and runs nsupdate via a systemd .path unit that watches it; the
  dns-update script sends only the delta and deletes removed records
- switch profiles::dns::record to write local concat fragments
  (zone|name|type|ttl|value) instead of exporting to the master
- include profiles::dns::updater from profiles::dns::base (all nodes)
- inert until profiles::dns::updater::key_secret (TSIG) is set in eyaml
- hiera: updater server/key_name/algorithm in common.yaml
2026-07-05 16:11:46 +10:00

32 lines
828 B
Puppet

# profiles::dns::record
#
# Declares a DNS record for this host. The record is written to the local
# dns-updater records file (profiles::dns::updater), which nsupdates it to the
# authoritative DNS server. This replaces the old flow that exported a
# @@concat::fragment to the puppet DNS master.
define profiles::dns::record (
String $record,
Enum[
'PTR',
'A',
'CNAME',
'MX',
'NS',
'SRV',
'TXT'
] $type,
String $value,
String $zone,
Integer $order,
Integer $ttl = 300,
) {
include profiles::dns::updater
# zone|name|type|ttl|value (parsed by the dns-update script)
concat::fragment { "dns-record-${name}":
target => $profiles::dns::updater::records_file,
content => "${zone}|${record}|${type}|${ttl}|${value}\n",
order => sprintf('%03d', $order),
}
}