Terraform and DNS

Figure 1067. Bind server ns1.sdi.hdm-stuttgart.cloud

Providing DNS info for sdi.hdm-stuttgart.cloud and sub-zones:
- g01.sdi.hdm-stuttgart.cloud
- g02.sdi.hdm-stuttgart.cloud
- ...
Remote API for per-zone editing

Figure 1068. DNS provider

terraform {
  required_providers {
    dns = {
      source = "hashicorp/dns"
    }
}

This requires:

A corresponding variable "dns_secret" {...} declaration.
An e.g., export TF_VAR_dns_secret = "sVfw2a...vAUqw==" (non - versioned!) environment variable.

Figure 1069. DNS provider configuration

provider "dns" {
  update {
    server        = "ns1.sdi.hdm-stuttgart.cloud"
    key_name      = "g12.key."  # Corresponding to your group e.g., Group 12
    key_algorithm = "hmac-sha512"
    key_secret    = var.dns_secret 
  }
}

This requires:

A corresponding variable "dns_secret" {...} declaration.
An e.g., export TF_VAR_dns_secret = "sVfw2a...vAUqw==" (non - versioned!) environment variable.

Figure 1070. Defining an “A” record

resource "dns_a_record_set" "helloRecord" {
  zone = "${var.dnsSubnetName}." # The dot matters!
  name = hcloud_server.helloServer.name
  addresses = [hcloud_server.helloServer.ipv4_address]
  ttl = 10
}

exercise No. 21

Creating DNS records

In this exercise we start from a domain gxy.sdi.hdm-stuttgart.cloud not yet containing any »A« or »CNAME« records. The aim is using Terraform to create:

An »A« record workhorse.gxy.sdi.hdm-stuttgart.cloud resolving to the (likely non-existent) server IP 1.2.3.4.
Another »A« record gxy.sdi.hdm-stuttgart.cloud resolving to 1.2.3.4 as well.

Note

This will later allow for https://gxy.sdi.hdm-stuttgart.cloud.
Two aliases www.gxy.sdi.hdm-stuttgart.cloud and mail.gxy.sdi.hdm-stuttgart.cloud both referencing workhorse.gxy.sdi.hdm-stuttgart.cloud.

Provide proper variables representing:

The base domain.
The server's canonical name.
The list of server alias names.

This way your Terraform configuration remains flexible. You may follow the subsequent steps each time testing your result:

dig +noall +answer @ns1.hdm-stuttgart.cloud -y $HMAC -t AXFR gxy.sdi.hdm-stuttgart.cloud

Create a minimal configuration creating just the »A« record.
Add the two aliases.
Define corresponding variables and re-factor any hard coded strings accordingly e.g.:
```
# config.auto.tfvars
serverIp      = "1.2.3.4"
dnsZone       = "gxy.sdi.hdm-stuttgart.cloud"
serverName    = "workhorse"
serverAliases = ["www", "mail"]
```
Tip

Implicit loops using the count meta argument.
Your configuration may be prone to two different types of configuration errors:
- Duplicate server alias names:
```
...
serverAliases = ["www", "mail", "www"]
```
- Server alias name matching server's common name:
```
...
serverName    = "workhorse"
serverAliases = ["workhorse", "mail"]
```
Both will cause terraform apply DNS update failures. Add appropriate Custom Validation Rules to your variable definitions.
Tip
- distinct Function
- contains Function

exercise No. 22

Creating a host with corresponding DNS entries

Extend Solving the ~/.ssh/known_hosts quirk by adding DNS records like in Creating DNS records . The provider generated IP4 address shall be bound to workhorse within your given zone.

Use the server's common DNS name rather than its IP in the generated gen/known_hosts, bin/ssh and bin/scp files, e.g:

gen/known_hosts:

workhorse.gxy.sdi.hdm-stuttgart.cloud ssh-ed25519 AAAAC3N...at8e8JL3rr

bin/ssh:

#!/usr/bin/env bash

GEN_DIR=$(dirname "$0")/../gen

ssh -o UserKnownHostsFile="$GEN_DIR/known_hosts" devops@workhorse.gxy.sdi.hdm-stuttgart.cloud "$@"

#end

exercise No. 23

Creating a fixed number of servers

Write a Terraform configuration for deploying a configurable number of servers being defined by the following config.auto.tfvars:

dnsZone        = "gxy.sdi.hdm-stuttgart.cloud"
serverBaseName = "work"
serverCount    = 2

terraform apply shall create the following:

Two DNS entries:
- work-1.gxy.sdi.hdm-stuttgart.cloud
- work-2.gxy.sdi.hdm-stuttgart.cloud
Two corresponding servers each endowed with its own unique ssh host key pair.
Two corresponding sub directories work-1 and work-2 each containing its own bin/ssh and related gen/known_hosts file.

Prev	Up	Next
Terraform loops	Home	Generating web SSL certificates

Cloud provider