geo_dns: support geo domains with subset of hosts

Useful if we wanted to create a Geo-based archive consisting of machines in the archive_mirrors group (though this will likely not happen because it'd break archlinux-repro due to the ~4 hour sync delay).

geo_dns: support geo domains with subset of hosts
19ee76d7 · Evangelos Foutras · ee042dae · 19ee76d7 · 19ee76d7 · 19ee76d7
Verified Commit 19ee76d7 authored 2 years ago by Evangelos Foutras
--- a/group_vars/all/geo.yml
+++ b/group_vars/all/geo.yml
 geo_acme_dns_challenge_ns: redirect.archlinux.org
 geo_domains:
  - geo.mirror.pkgbuild.com
+# geo_options.*.hosts defaults to "{{ groups['geo_mirrors'] }}"
 geo_options:
  geo.mirror.pkgbuild.com:
    health_check_path: /lastupdate
--- a/roles/geo_dns/templates/geo.yml.j2
+++ b/roles/geo_dns/templates/geo.yml.j2
 #jinja2:lstrip_blocks: True
 domains:
  {% for domain in geo_domains %}
+  {% set hosts = geo_options[domain]['hosts'] | default(groups['geo_mirrors']) %}
  - domain: {{ domain }}
    ttl: 3600
    records:
@@ -15,13 +16,13 @@ domains:
            ttl: 300
            content: >
              A "ifurlup('https://{{ domain }}{{ geo_options[domain]['health_check_path'] | default('/') }}',
-              {'{{ groups['geo_mirrors'] | map('extract', hostvars, ['ipv4_address']) | join("', '") }}'},
+              {'{{ hosts | map('extract', hostvars, ['ipv4_address']) | join("', '") }}'},
              {selector='pickclosest', useragent='pdns on {{ inventory_hostname }}'})"
        - lua:
            ttl: 300
            content: >
              AAAA "ifurlup('https://{{ domain }}{{ geo_options[domain]['health_check_path'] | default('/') }}',
-              {'{{ groups['geo_mirrors'] | map('extract', hostvars, ['ipv6_address']) | join("', '") }}'},
+              {'{{ hosts | map('extract', hostvars, ['ipv6_address']) | join("', '") }}'},
              {selector='pickclosest', useragent='pdns on {{ inventory_hostname }}'})"
      _acme-challenge.{{ domain }}:
        - ns: {{ geo_acme_dns_challenge_ns }}

--- a/roles/prometheus_exporters/templates/blackbox.yml.j2
+++ b/roles/prometheus_exporters/templates/blackbox.yml.j2
@@ -26,6 +26,7 @@ modules:
        - expect: "^250"
        - send: "QUIT\r"
  {% for domain in geo_domains %}
+  {% set hosts = geo_options[domain]['hosts'] | default(groups['geo_mirrors']) %}
  geo_dns_{{ domain }}_a:
    prober: dns
    timeout: 5s
@@ -35,7 +36,7 @@ modules:
      preferred_ip_protocol: ip4
      validate_answer_rrs:
        fail_if_not_matches_regexp:
-          - {{ domain | replace('.', '\.') }}\.\t.*\tIN\tA\t({{ groups['geo_mirrors'] | map('extract', hostvars, ['ipv4_address']) | join('|') | replace('.', '\.') }})
+          - {{ domain | replace('.', '\.') }}\.\t.*\tIN\tA\t({{ hosts | map('extract', hostvars, ['ipv4_address']) | join('|') | replace('.', '\.') }})
  geo_dns_{{ domain }}_aaaa:
    prober: dns
    timeout: 5s
@@ -45,5 +46,5 @@ modules:
      preferred_ip_protocol: ip6
      validate_answer_rrs:
        fail_if_not_matches_regexp:
-          - {{ domain | replace('.', '\.') }}\.\t.*\tIN\tAAAA\t({{ groups['geo_mirrors'] | map('extract', hostvars, ['ipv6_address']) | join('|') }})
+          - {{ domain | replace('.', '\.') }}\.\t.*\tIN\tAAAA\t({{ hosts | map('extract', hostvars, ['ipv6_address']) | join('|') }})
  {% endfor %}
--- a/tf-stage1/archlinux.tf
+++ b/tf-stage1/archlinux.tf
@@ -397,8 +397,8 @@ locals {

  # Domains served by machines in the geo_mirrors group
  # Valid parameters are:
-  #   - zone_id (mandatory, either of hetznerdns_zone.{archlinux,pkgbuild}.id)
  #   - name (mandatory, specifies the subdomain to create in the above zone)
+  #   - zone (optional, defaults to hetznerdns_zone.archlinux.id)
  #   - ttl (optional, the TTL of the NS records, defaults to 86400 if unset)
  #
  # Note: If you use a custom TTL, also add it to geo_options[domain]['ns_ttl']
@@ -406,8 +406,8 @@ locals {
  #
  geo_domains = {
    "geo.mirror.pkgbuild.com" = {
-      zone_id = hetznerdns_zone.pkgbuild.id
-      name    = "geo.mirror"
+      name = "geo.mirror"
+      zone = hetznerdns_zone.pkgbuild.id
    }
  }
 }

--- a/tf-stage1/templates.tf
+++ b/tf-stage1/templates.tf
@@ -185,7 +185,7 @@ resource "hetznerdns_record" "machine_aaaa" {
 resource "hetznerdns_record" "geo_ns1" {
  for_each = local.geo_domains

-  zone_id = each.value.zone_id
+  zone_id = lookup(each.value, "zone", hetznerdns_zone.archlinux.id)
  name    = each.value.name
  value   = "america.mirror.pkgbuild.com."
  type    = "NS"
@@ -195,7 +195,7 @@ resource "hetznerdns_record" "geo_ns1" {
 resource "hetznerdns_record" "geo_ns2" {
  for_each = local.geo_domains

-  zone_id = each.value.zone_id
+  zone_id = lookup(each.value, "zone", hetznerdns_zone.archlinux.id)
  name    = each.value.name
  value   = "asia.mirror.pkgbuild.com."
  type    = "NS"
@@ -205,7 +205,7 @@ resource "hetznerdns_record" "geo_ns2" {
 resource "hetznerdns_record" "geo_ns3" {
  for_each = local.geo_domains

-  zone_id = each.value.zone_id
+  zone_id = lookup(each.value, "zone", hetznerdns_zone.archlinux.id)
  name    = each.value.name
  value   = "europe.mirror.pkgbuild.com."
  type    = "NS"
@@ -215,7 +215,7 @@ resource "hetznerdns_record" "geo_ns3" {
 resource "hetznerdns_record" "geo_ns4" {
  for_each = local.geo_domains

-  zone_id = each.value.zone_id
+  zone_id = lookup(each.value, "zone", hetznerdns_zone.archlinux.id)
  name    = each.value.name
  value   = "seoul.mirror.pkgbuild.com."
  type    = "NS"
@@ -225,7 +225,7 @@ resource "hetznerdns_record" "geo_ns4" {
 resource "hetznerdns_record" "geo_ns5" {
  for_each = local.geo_domains

-  zone_id = each.value.zone_id
+  zone_id = lookup(each.value, "zone", hetznerdns_zone.archlinux.id)
  name    = each.value.name
  value   = "sydney.mirror.pkgbuild.com."
  type    = "NS"