Andrew Bogott has uploaded a new change for review.
https://gerrit.wikimedia.org/r/260037
Change subject: Insert dns entries for labs bare-metal systems.
......................................................................
Insert dns entries for labs bare-metal systems.
Since the Powerdns recursor only allows one lua hook file,
this patch also creates a new single-point-of-entry file,
recursorhooks.lua, which selectively imports other
lua scripts as specified in the $lua_hooks param.
Change-Id: I20453be668236dd86f1ca8a2ada18e997c10d8fc
---
M modules/dnsrecursor/manifests/init.pp
A modules/dnsrecursor/templates/metaldns.lua.erb
M modules/dnsrecursor/templates/recursor.conf.erb
A modules/dnsrecursor/templates/recursorhooks.lua.erb
M modules/role/manifests/labs/dnsrecursor.pp
5 files changed, 54 insertions(+), 5 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/37/260037/1
diff --git a/modules/dnsrecursor/manifests/init.pp
b/modules/dnsrecursor/manifests/init.pp
index 04e3282..4ccd0bf 100644
--- a/modules/dnsrecursor/manifests/init.pp
+++ b/modules/dnsrecursor/manifests/init.pp
@@ -10,7 +10,7 @@
$allow_from = [],
$additional_forward_zones = '',
$auth_zones = undef,
- $lua_script = undef,
+ $lua_hooks = undef,
) {
package { 'pdns-recursor':
ensure => 'present',
@@ -45,5 +45,17 @@
hasstatus => false,
}
+ if $lua_hooks {
+ file { '/etc/powerdns/recursorhooks.lua':
+ ensure => 'present',
+ require => Package['pdns-recursor'],
+ owner => 'root',
+ group => 'root',
+ mode => '0444',
+ notify => Service['pdns-recursor'],
+ content => template('dnsrecursor/recursorhooks.lua.erb'),
+ }
+ }
+
include metrics
}
diff --git a/modules/dnsrecursor/templates/metaldns.lua.erb
b/modules/dnsrecursor/templates/metaldns.lua.erb
new file mode 100644
index 0000000..3a64c45
--- /dev/null
+++ b/modules/dnsrecursor/templates/metaldns.lua.erb
@@ -0,0 +1,27 @@
+-- This script comes from puppet:
modules/dnsrecursor/templates/metal-dns.lua.erb.
+--
+-- It inserts a few select entries for labs metal DNS resolution.
+--
+-- This is handled here rather than in designate because it's easier to
puppetize
+-- this file than to insert things into designate from puppet, and currently
+-- puppet/hiera contains the canonical representation of bare metal hosts and
names.
+
+metal = {}
+
+<% @labs_metal.sort.map do |k,v| -%>
+metal["<%= k %>.<%= @site %>.wmflabs"] = "<%= v['IPv4'] %>"
+<% end -%>
+
+function nxdomain (remoteip, domain, qtype)
+ if qtype ~= pdns.A then
+ return -1, {}
+ end -- only A records
+
+ if (metal[domain]) then
+ ret={}
+ ret[1]= {qtype=pdns.A, content=(metal[domain]), ttl=300}
+ return 0, ret
+ else
+ return -1, {}
+ end
+end
diff --git a/modules/dnsrecursor/templates/recursor.conf.erb
b/modules/dnsrecursor/templates/recursor.conf.erb
index facfdb8..e187aca 100644
--- a/modules/dnsrecursor/templates/recursor.conf.erb
+++ b/modules/dnsrecursor/templates/recursor.conf.erb
@@ -207,6 +207,6 @@
#
# version-string=PowerDNS Recursor 3.1 $Id: pdns_recursor.cc 838 2006-05-19
14:35:27Z ahu $
-<% if @lua_script -%>
-lua-dns-script=<%= @lua_script %>
+<% if @lua_hooks -%>
+lua-dns-script=/etc/powerdns/recursorhooks.lua
<% end -%>
diff --git a/modules/dnsrecursor/templates/recursorhooks.lua.erb
b/modules/dnsrecursor/templates/recursorhooks.lua.erb
new file mode 100644
index 0000000..fb158f2
--- /dev/null
+++ b/modules/dnsrecursor/templates/recursorhooks.lua.erb
@@ -0,0 +1,7 @@
+-- This file is managed by puppet.
+--
+-- The Powerdns recursor only supports a single .lua file. This is that file;
it includes
+-- other files via 'dofile'.
+<% @lua_hooks.sort.map do |hook| -%>
+dofile("<%= hook %>")
+<% end -%>
diff --git a/modules/role/manifests/labs/dnsrecursor.pp
b/modules/role/manifests/labs/dnsrecursor.pp
index 3790128..f8589ad 100644
--- a/modules/role/manifests/labs/dnsrecursor.pp
+++ b/modules/role/manifests/labs/dnsrecursor.pp
@@ -47,15 +47,17 @@
$labs_auth_dns = ipresolve(hiera('labs_dns_host'),4)
- $alias_file = '/etc/powerdns/labs-ip-alias.lua'
+ $lua_hooks = ['/etc/powerdns/labs-ip-alias.lua',
'/etc/powerdns/metaldns.lua']
+
class { '::dnsrecursor':
listen_addresses => $listen_addresses,
allow_from => $all_networks,
additional_forward_zones => "wmflabs=${labs_auth_dns},
68.10.in-addr.arpa=${labs_auth_dns}",
auth_zones => 'labsdb=/var/zones/labsdb',
- lua_script => $alias_file
+ lua_hooks => $lua_hooks,
}
+ $alias_file = '/etc/powerdns/labs-ip-alias.lua'
class { '::dnsrecursor::labsaliaser':
username => 'novaadmin',
password => $wikitech_nova_ldap_user_pass,
@@ -68,6 +70,7 @@
nova_api_url => "http://${nova_controller_hostname}:35357/v2.0";,
alias_file => $alias_file,
}
+ require dnsrecursor::metalresolver
# There are three replica servers (c1, c2, c3). The mapping of
# "shards" (s1, etc.) and databases (enwiki, etc.) to these is
--
To view, visit https://gerrit.wikimedia.org/r/260037
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I20453be668236dd86f1ca8a2ada18e997c10d8fc
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Andrew Bogott <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
