Verified Commit b3ec0204 authored by Evangelos Foutras's avatar Evangelos Foutras 🐱
Browse files

geomirror: leverage LUA records for failover+GeoIP

PowerDNS provides a neat way to implement GeoIP-based redirection and
automatic failover. With GeoLite2-City database, it is able to select
the closest mirror from a list of IPs we provide. Every 60 seconds it
also checks if the mirror's HTTPS URL is working as expected; if that
check fails, it stops giving it out (this acts as automatic failover).
parent 9cdcd6e2
---
dependencies:
- role: geoipupdate
vars:
geoipupdate_edition_ids: GeoLite2-City
......@@ -10,24 +10,19 @@ domains:
{% for host in groups['geo_mirrors'] %}
- ns: {{ host }}
{% endfor %}
{% for host in groups['geo_mirrors'] %}
{{ host.split(".")[0] }}.{{ geo_mirror_domain }}:
- a: {{ hostvars[host]['ipv4_address'] }}
- aaaa: {{ hostvars[host]['ipv6_address'] }}
{% endfor %}
- lua:
ttl: 300
content: >
A "ifurlup('https://{{ geo_mirror_domain }}/lastupdate',
{'{{ groups['geo_mirrors'] | map('extract', hostvars, ['ipv4_address']) | join("', '") }}'},
{selector='pickclosest', useragent='pdns on {{ inventory_hostname }}'})"
- lua:
ttl: 300
content: >
AAAA "ifurlup('https://{{ geo_mirror_domain }}/lastupdate',
{'{{ groups['geo_mirrors'] | map('extract', hostvars, ['ipv6_address']) | join("', '") }}'},
{selector='pickclosest', useragent='pdns on {{ inventory_hostname }}'})"
{% if not geomirror_acme_challenge %}
_acme-challenge.{{ geo_mirror_domain }}:
- ns: mirror.pkgbuild.com
{% endif %}
services:
{{ geo_mirror_domain }}: '%mp.geo.mirror.pkgbuild.com'
mapping_lookup_formats: ['%cn']
custom_mapping:
af: europe
an: europe
as: asia
eu: europe
na: america
oc: asia
sa: america
unknown: europe
......@@ -12,5 +12,7 @@ lua-dnsupdate-policy-script=/etc/powerdns/dnsupdate-policy.lua
{% else %}
launch=geoip
{% endif %}
geoip-database-files=/var/lib/GeoIP/GeoLite2-Country.mmdb
geoip-database-files=/var/lib/GeoIP/GeoLite2-City.mmdb
geoip-zones-file=/etc/powerdns/geo.yml
enable-lua-records
lua-health-checks-interval=60
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment