Project Soon

The dreaded rename, DNS and validation

(Modified: )

I finally took an hour of my time and went through all active, and some inactive, services that I run, giving them relatively random names. This way I can separate servers from services. Each server had 5-6 places to change for the name to take effect. I then spent way too long time to figure how to modify the DNS through Ansible to link the service names to each server. The first issue was that I did not find a way to write this without having issues with duplicate CNAMEs. I have previously written an action plugin that fails if it find duplicate entries, but the DNS entry is far too complex for it to be possible to verify that, especially when there can be duplicates for A records, but not for CNAME records.

Second issue was that Ansible do not merge variables, meaning that if I have a DNS entry in a group, and then add one to the host, the host will completely ignore the entry from the group. This makes it difficult to add a specific DNS entry for the host and a group DNS for a set of servers handling a service. This is not a big issue, but I need to remember it each time I add a new DNS record. Note, there is a way to enable merging of variables, but it was disabled due to unnecessary complexity.

Third issue was that Ansible is pretty limited to how they validate configs. Why this is a problem in my case is related to when I accidentally added duplicate CNAME records it took down all my DNS services. I had a long talk with a guy from Homelab about a potential fix, and we came to the conclusion that the easiest solution was to create an action plugin that plugs in the new config, validates the whole installation, and then continues, restoring to previous state if it fails. The sad part is that this means that I need to keep this plugin updated if Ansible changes anything in the future.

In conclusion, the rename was not that difficult, just repetitive, but DNS service records and DNS validation was harder.