Anyone aware of a way to use Ansible to create DNS records in a provider-agnostic way

Not off hand. I try not to manage infrastructure with tools like Chef, Ansible, Puppet, etc and prefer Terraform for that.

The problem with this is the abstraction is always leaky. I'm sure if you dig deep enough you'll find something though.

koala said:

But as far as I know, Terraform has the same issue, right? I see a Route 53 provider by Hashicorp- there's a general "DNS" module, but I feel that RFC 2136 DNS updates are also not useful to a ton of people?

I understand that it's hard to abstract away the cloud provider in stuff like compute, or managed databases, or whatever- as there seems to be a lot of variance between different cloud providers. But I suspect Route 53 is much closer to Google or Azure's DNS providers than say their compute services. Perhaps it's leaky still, but...

(Object storage seems to be more complex, but the S3 API is quite popular outside AWS...)

Click to expand...

Yeah, sorry. I wasn't proposing Terraform as a solution, just saying I prefer to use it over things like Ansible for configuring infrastructure.

I think "DNS" at the basic level is pretty generic if you're just sticking with managing records and stuff like that. However, even route53 has some proprietary stuff like internal aliases to thinks like load balancers that, I don't think, are really part of the DNS specs and may not have a direct analog in other DNS providers. CloudFlare has other proprietary things.

Using an AMI lookup to find the per-region id is a pretty standard Terraform thing, and I'm fairly sure you can use similar tricks in other cloud orchestration tools.

I think the main issue with a multi-cloud DNS layer is that most of the complexity is in the authentication and resource/zone identification, rather than the records themselves. The only project that I can think of that tries to do multi-vendor DNS is external-dns and that's pretty linked to kube.

My approach is to just render the data to YAML and then use the provider specific hooks to read in and generate what it needs to. e.g. I have Salt states generating Bind style zonefiles and Terraform modules for AWS and Azure that all use the same YAML as an input for zone records.

There is a reactor setup in Salt to execute the Terraform bits when the Bind zones change, but effectively all 3 are independant and not a single unified state(or playbook if you will).

koala said:

I'm writing some playbooks to set up an XMPP server and that requires a couple of DNS entries. I have my playbook working on Route 53, but I'd like to make this usable for people who might not be using Route 53 (the rest of the project just requires a Debian 10, so you can use any provider for that or self-host).

Has anyone used like a module that you can use instead of the route53 module that will let you use other providers?

Click to expand...

I'm working on an Ansible playbook to create R53 DNS records in AWS but the Ansible module for this is very vague. I believe I'm having trouble with the programmatic access to AWS. Any chance you can let me take a look at how you have this working? just getting started with Ansible. I'd appreciate your help!

koala said:

No worries. Terraform is on my to-do list, but I never get around to playing with it.

Click to expand...

Just go straight for Pulumi - it is effectively the same thing without the insanity that is HCL.

I got nothing on your OP though, sorry.

Totally missed the thread necro, oops!