Faidon has submitted this change and it was merged.
Change subject: (power)dns: support multiple listen addresses
......................................................................
(power)dns: support multiple listen addresses
Prepare the powerdns configs for multiple IP addresses, in preparation
for switching two of our nameservers to service IPs.
Change-Id: I4e4ce2cd8f25a567a7374b58dbd6f658c02859d0
---
M manifests/dns.pp
M manifests/site.pp
M templates/powerdns/pdns.conf.erb
3 files changed, 12 insertions(+), 10 deletions(-)
Approvals:
Faidon: Looks good to me, approved
jenkins-bot: Verified
diff --git a/manifests/dns.pp b/manifests/dns.pp
index b93ab3a..387ed75 100644
--- a/manifests/dns.pp
+++ b/manifests/dns.pp
@@ -38,8 +38,10 @@
}
-class dns::auth-server($ipaddress="", $soa_name="", $master="") {
+class dns::auth-server($ipaddress=[], $soa_name="", $master="") {
$dns_auth_ipaddress = $ipaddress
+ # only used for AXFR and notifies, we don't really care
+ $dns_auth_query_address = $ipaddress[0]
$dns_auth_soa_name = $soa_name
$dns_auth_master = $master
@@ -122,12 +124,12 @@
}
# Publish service ip hostkeys
- @@sshkey {
- "${dns_auth_soa_name}":
+ @@sshkey { $dns_auth_soa_name:
type => ssh-rsa,
key => $sshrsakey,
ensure => present;
- "${dns_auth_ipaddress}":
+ }
+ @@sshkey { $dns_auth_ipaddress:
type => ssh-rsa,
key => $sshrsakey,
ensure => present;
@@ -146,7 +148,7 @@
}
# Monitoring
- monitor_host { $dns_auth_soa_name: ip_address => $dns_auth_ipaddress }
+ monitor_host { $dns_auth_soa_name: ip_address => $dns_auth_ipaddress[0]
}
monitor_service { "auth dns": host => $dns_auth_soa_name, description
=> "Auth DNS", check_command => "check_dns!www.wikipedia.org" }
}
diff --git a/manifests/site.pp b/manifests/site.pp
index 3ee41d0..15c0a29 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -791,7 +791,7 @@
dns::recursor::monitor { "208.80.152.131": }
class { "dns::auth-server":
- ipaddress => "208.80.152.130",
+ ipaddress => [ "208.80.152.130" ],
soa_name => "ns0.wikimedia.org",
master => $dns_auth_master
}
@@ -1362,7 +1362,7 @@
}
class { "dns::auth-server":
- ipaddress => "208.80.152.142",
+ ipaddress => [ "208.80.152.142" ],
soa_name => "ns1.wikimedia.org",
master => $dns_auth_master
}
@@ -2068,7 +2068,7 @@
dns::recursor::statistics
class { "dns::auth-server":
- ipaddress => "91.198.174.4",
+ ipaddress => [ "91.198.174.4" ],
soa_name => "ns2.wikimedia.org",
master => $dns_auth_master
}
diff --git a/templates/powerdns/pdns.conf.erb b/templates/powerdns/pdns.conf.erb
index bbd20e7..95177f4 100644
--- a/templates/powerdns/pdns.conf.erb
+++ b/templates/powerdns/pdns.conf.erb
@@ -5,8 +5,8 @@
# Always bind to specific addresses - pdns complains when using INADDR_ANY.
# Change this to the external interface address
-local-address=<%= dns_auth_ipaddress %>
-query-local-address=<%= dns_auth_ipaddress %>
+local-address=<%= dns_auth_ipaddress.join(',') %>
+query-local-address=<%= dns_auth_query_address %>
# Change this to the actual SOA name:
default-soa-name=<%= dns_auth_soa_name %>
--
To view, visit https://gerrit.wikimedia.org/r/74615
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I4e4ce2cd8f25a567a7374b58dbd6f658c02859d0
Gerrit-PatchSet: 4
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Faidon <fai...@wikimedia.org>
Gerrit-Reviewer: Faidon <fai...@wikimedia.org>
Gerrit-Reviewer: jenkins-bot
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
