You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
DNS is managed via the Gandi web interface, which has the following problems:
you can't open a PR for a DNS change, let people review it and then apply the change
there is no revert functionality (you can download a backup before doing changes, but if you don't then you don't)
zero automation when we deploy new hosts etc
ideas
manage it in git
Gandi has an API, we have Ansible and there is surely a library somewhere to bind those two together.
This would still mean that the zone file would be edited manually, but at least it'd be stored in git, we'd have history and people could request DNS changes w/o having access to DNS.
manage via Foreman
Foreman can manage DNS for hosts it deploys. But it can't talk to Gandi and can't do SSHFP (which we use) and would only manage host-related things, with all non-host entries we have (like service aliases, CNAMEs to the CDN, etc) being still unmanaged.
combo of the two
Probably best if Foreman handles hosts, and humans handle special things in Git, but that's for the future.
The text was updated successfully, but these errors were encountered:
current state
DNS is managed via the Gandi web interface, which has the following problems:
ideas
manage it in git
Gandi has an API, we have Ansible and there is surely a library somewhere to bind those two together.
This would still mean that the zone file would be edited manually, but at least it'd be stored in git, we'd have history and people could request DNS changes w/o having access to DNS.
manage via Foreman
Foreman can manage DNS for hosts it deploys. But it can't talk to Gandi and can't do SSHFP (which we use) and would only manage host-related things, with all non-host entries we have (like service aliases, CNAMEs to the CDN, etc) being still unmanaged.
combo of the two
Probably best if Foreman handles hosts, and humans handle special things in Git, but that's for the future.
The text was updated successfully, but these errors were encountered: