Terraform and NREC: Part V - DNS Management

Last changed: 2020-11-09

This document is an introduction on how to create a DNS zone and DNS records in Openstack using Terraform.

The files used in this document can be downloaded:

Creating a DNS zone

It is quite easy to create a DNS zone using Terraform. Consider zone-tf below. It is a single resource declaration needed to create a zone.

Important

The DNS service expects the zone name to be a fully qualified domain name, which means that the name of the zone provided in the resource declaration must end with a dot “.”. Omitting the trailing dot will result in an error.

This is correct:

name = "test.com."

This is incorrect and will not work:

name = "test.com"

In this example we create a zone “test.com”:

zone.tf
1
2
3
4
5
6
7
8
provider "openstack" {
}

resource "openstack_dns_zone_v2" "test_com" {
  name        = "test.com."
  email       = "trondham@uio.no"
  description = "An example zone"
}

This is all that is needed. You may add additional parameters, most commonly TTL, if you need to set a TTL value other than the default (3600).

Creating DNS records

In this example we create 3 records in the “test.com” zone:

  1. An A record which poinst to a single IPv4 address for “test01.test.com”
  2. An AAAA record which points to a single IPv6 address for “test01.test.com”
  3. A CNAME record (alias) “www” which points to “test01.test.com”

The record resources are specified in the recordset-tf file below:

recordset.tf
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
resource "openstack_dns_recordset_v2" "A_test01_test_com" {
  zone_id     = openstack_dns_zone_v2.test_com.id
  name        = "test01.test.com."
  description = "An example record set"
  type        = "A"
  records     = ["10.0.0.1"]
}

resource "openstack_dns_recordset_v2" "AAAA_test01_test_com" {
  zone_id     = openstack_dns_zone_v2.test_com.id
  name        = "test01.test.com."
  description = "An example record set"
  type        = "AAAA"
  records     = ["2001:700:2:8200::226c"]
}

resource "openstack_dns_recordset_v2" "CNAME_www_test_com" {
  zone_id     = openstack_dns_zone_v2.test_com.id
  name        = "www.test.com."
  description = "An example record set"
  type        = "CNAME"
  records     = ["test01.test.com."]
}

Important

The DNS service expects the record name to be a fully qualified domain name, which means that the name of the record provided in the resource declaration must end with a dot “.”. Omitting the trailing dot will result in an error. This is correct:

name = "app-01.test.com."

This is incorrect and will not work:

name = "app-01.test.com"

This also applies to the records list in case of a CNAME, as show in the example above.

Apply and check

Running terraform apply creates the zone, as well as the three records we specified:

$ terraform apply
...
Apply complete! Resources: 4 added, 0 changed, 0 destroyed.

We can check that the authoritative name servers have our zone and records by querying one of them them directly:

$ host www.test.com. ns1.nrec.no
Using domain server:
Name: ns1.nrec.no
Address: 158.37.63.251#53
Aliases:

www.test.com is an alias for test01.test.com.
test01.test.com has address 10.0.0.1
test01.test.com has IPv6 address 2001:700:2:8200::226c

As always, you can use terraform destroy to remove the created resources:

$ terraform destroy
...
Destroy complete! Resources: 4 destroyed.

Dynamically add DNS records

The previous examples show how to add a zone and create records within that zone. What if the zone already exists, and how do we automatically add a DNS record for an instance when the instance is created? We’ll answer those questions here.

First, let’s consider how to add records to an already existing zone. The problem here is that we need to know the ID of the zone. We can manually fetch the ID from the output of openstack zone list and hard code the ID into our Terraform config, but there is a more dynamic and flexible way to do this. In order to fetch the needed metadata for our zone we use a data directive in Terraform:

dynamic.tf
1
2
3
4
5
6
7
8
9
# DNS zone
variable "zone_name" {
   default = "mytestzone.com"
}

# Find zone info
data "openstack_dns_zone_v2" "myzone" {
  name = "${var.zone_name}."
}

In this example, we have a resource declaration for instances that creates an arbitrary number of instances. In our example, we create 2 instances:

dynamic.tf
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
# How many instances to create
variable "node_count" {
  default = "2"
}

# Create instances
resource "openstack_compute_instance_v2" "testserver" {
  region      = var.region
  count       = var.node_count
  name        = "${var.region}-test-${count.index}"
  image_name  = "GOLD CentOS 7"
  flavor_name = "m1.small"

  key_pair = "mykey"
  security_groups = [ "default" ]

  network {
    name = "dualStack"
  }

  lifecycle {
    ignore_changes = [image_name]
  }
}

Finally, in order to create DNS records for our instances we need to reference the name and IP of the instances. Notice the usage of the data variable to reference the zone ID (highlighted):

dynamic.tf
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
# Create records for A (IPv4)
resource "openstack_dns_recordset_v2" "a_record" {
  zone_id     = data.openstack_dns_zone_v2.myzone.id
  count       = var.node_count
  name        = "${openstack_compute_instance_v2.testserver[count.index].name}.${var.zone_name}."
  type        = "A"
  records     = [ "${openstack_compute_instance_v2.testserver[count.index].access_ip_v4}" ] 
}

# Create records for AAAA (IPv6)
resource "openstack_dns_recordset_v2" "aaaa_record" {
  zone_id     = data.openstack_dns_zone_v2.myzone.id
  count       = var.node_count
  name        = "${openstack_compute_instance_v2.testserver[count.index].name}.${var.zone_name}."
  type        = "AAAA"
  records     = [ "${openstack_compute_instance_v2.testserver[count.index].access_ip_v6}" ] 
}

In this example, we create both A (IPv4) and AAAA (IPv6) records for our instances, since we specified the “dualStack” network for the instance resources.

After running terraform apply we can use the CLI command openstack recordset list to verify that the DNS records have been created:

$ openstack recordset list mytestzone.com. -c name -c type -c records
+----------------------------+-------+-------------------------------------------------------------+
| name                       | type  | records                                                     |
+----------------------------+-------+-------------------------------------------------------------+
| mytestzone.com.            | SOA   | ns2.nrec.no. foo.bar.com. 1575885141 3519 600 86400 3600 |
| mytestzone.com.            | NS    | ns1.nrec.no.                                             |
|                            |       | ns2.nrec.no.                                             |
| bgo-test-1.mytestzone.com. | A     | 158.39.74.137                                               |
| bgo-test-0.mytestzone.com. | AAAA  | 2001:700:2:8300::21d3                                       |
| bgo-test-1.mytestzone.com. | AAAA  | 2001:700:2:8300::207e                                       |
| bgo-test-0.mytestzone.com. | A     | 158.39.77.244                                               |
+----------------------------+-------+-------------------------------------------------------------+

And we can check that they exist in DNS by querying the authoritative name servers:

$ host bgo-test-1.mytestzone.com. ns1.nrec.no
Using domain server:
Name: ns1.nrec.no
Address: 158.37.63.251#53
Aliases:

bgo-test-1.mytestzone.com has address 158.39.74.137
bgo-test-1.mytestzone.com has IPv6 address 2001:700:2:8300::207e

Complete example

A complete listing of the example files used in this document is provided below.

zone.tf
1
2
3
4
5
6
7
8
provider "openstack" {
}

resource "openstack_dns_zone_v2" "test_com" {
  name        = "test.com."
  email       = "trondham@uio.no"
  description = "An example zone"
}
recordset.tf
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
resource "openstack_dns_recordset_v2" "A_test01_test_com" {
  zone_id     = openstack_dns_zone_v2.test_com.id
  name        = "test01.test.com."
  description = "An example record set"
  type        = "A"
  records     = ["10.0.0.1"]
}

resource "openstack_dns_recordset_v2" "AAAA_test01_test_com" {
  zone_id     = openstack_dns_zone_v2.test_com.id
  name        = "test01.test.com."
  description = "An example record set"
  type        = "AAAA"
  records     = ["2001:700:2:8200::226c"]
}

resource "openstack_dns_recordset_v2" "CNAME_www_test_com" {
  zone_id     = openstack_dns_zone_v2.test_com.id
  name        = "www.test.com."
  description = "An example record set"
  type        = "CNAME"
  records     = ["test01.test.com."]
}
dynamic.tf
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
provider "openstack" {}

# DNS zone
variable "zone_name" {
   default = "mytestzone.com"
}

# Region in which to create instances
variable "region" {
  default = "bgo"
}

# How many instances to create
variable "node_count" {
  default = "2"
}

# Create instances
resource "openstack_compute_instance_v2" "testserver" {
  region      = var.region
  count       = var.node_count
  name        = "${var.region}-test-${count.index}"
  image_name  = "GOLD CentOS 7"
  flavor_name = "m1.small"

  key_pair = "mykey"
  security_groups = [ "default" ]

  network {
    name = "dualStack"
  }

  lifecycle {
    ignore_changes = [image_name]
  }
}

# Find zone info
data "openstack_dns_zone_v2" "myzone" {
  name = "${var.zone_name}."
}

# Create records for A (IPv4)
resource "openstack_dns_recordset_v2" "a_record" {
  zone_id     = data.openstack_dns_zone_v2.myzone.id
  count       = var.node_count
  name        = "${openstack_compute_instance_v2.testserver[count.index].name}.${var.zone_name}."
  type        = "A"
  records     = [ "${openstack_compute_instance_v2.testserver[count.index].access_ip_v4}" ] 
}

# Create records for AAAA (IPv6)
resource "openstack_dns_recordset_v2" "aaaa_record" {
  zone_id     = data.openstack_dns_zone_v2.myzone.id
  count       = var.node_count
  name        = "${openstack_compute_instance_v2.testserver[count.index].name}.${var.zone_name}."
  type        = "AAAA"
  records     = [ "${openstack_compute_instance_v2.testserver[count.index].access_ip_v6}" ] 
}