Configuration management of BIND .conf
Matthew Pounsett
matt at conundrum.com
Sun Sep 29 21:40:04 UTC 2024
On Tue, Sep 24, 2024 at 7:24 PM John Thurston <john.thurston at alaska.gov>
wrote:
> I'm looking for your ideas. What works? What doesn't work?
>
> Are you leveraging your existing configuration management tools (e.g.
> Puppet, Ansible, Chef)?
>
For OARC's name servers (significantly simpler than yours, but once you're
talking config management that doesn't matter much) I'm using Salt to push
configurations. Like with JP's choice of Ansible, Salt heavily uses Jinja
templating, which makes the whole thing incredibly easy.
Salt also has `gitfs` as a possible source of its configurations, and can
listen for webhooks to trigger actions. We're not doing this yet, but I'm
gradually moving toward the point where any change to a name server config
or a zone file committed to our gitlab instance goes through automatic QA
in gitlab, and then triggers an update in Salt.
Salt sends all of its messaging between hosts using a message queue, which
you can have your own code listen to and inject messages into. We're not
making use of that in our modest setup, but it seems like the sort of thing
that'd be very useful to a large infrastructure for reacting to events on
servers.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20240929/7ed876bd/attachment.htm>
More information about the bind-users
mailing list