dns as code with octodns
play

DNS as code with Octodns Versioning and keep track of your dns - PowerPoint PPT Presentation

Jul 07, 2023 •175 likes •420 views

DNS as code with Octodns Versioning and keep track of your dns records changes and automate all the thing via travis-ci Who I am Matteo Valentini Developer @ Nethesis (mostly Infrastrutture Developer) https://github.com/Amygos

  1. DNS as code with Octodns Versioning and keep track of your dns records changes and automate all the thing via travis-ci

  2. Who I am Matteo Valentini Developer @ Nethesis (mostly Infrastrutture Developer) ● https://github.com/Amygos ● https://twitter.com/_Amygos

  3. Problem to solve Assigned task : ● Move current DNS management from a web console based to something more modern, on premise or in the “Cloud”. Constraints : ● One day to production ● The solution must be versionable and/or programmable.

  4. Why octoDNS ● Files based configurations: configurations and zones definition are stored in files and can be easily committed in to a CVS ● Multi provider : you don't have to choose only one provider ● Providers agnostic : you can use the same zone definition with different providers

  6. Overview “ In the vein of infrastructure as code OctoDNS provides a set of tools & patterns that make it easy to manage your DNS records across multiple providers. The resulting config can live in a repository and be deployed just like the rest of your code, maintaining a clear history and using your existing review & workflow.” from: https://github.com/github/octodns ● Created and used by GitHub for manage their DNS infrastructure ● Released as OSS project at “Wed Mar 15 15:38:10 2017 -0700” ● YAML configurations files format

  7. Simple step up: config.yaml --- providers: config: class: octodns.provider.yaml.YamlProvider directory: ./zones enforce_order: false do: class: octodns.provider.digitalocean.DigitalOceanProvider token: env/DO_TOKEN zones: acme.org.: sources: - config targets: - do

  8. Simple step up: zones/acme.org.yaml --- '': - type: MX ttl: 600 values: - priority: 10 value: mail.acme.org. - type: A ttl: 600 value: 1.2.3.4 www: ttl: 600 type: A value: 1.2.3.4

  9. Usage ● install : $ pip install --user octodns ● use : ○ verify : $ octodns-validate --config-file=config.yaml ○ test : $ octodns-sync --config-file=config.yaml ○ apply : $ octodns-sync --config-file=config.yaml --doit ● Directory layout: . ├── config.yaml └── zones └── acme.org.yaml

  11. Why ● History of DNS record changes ● Relative easy rollback in case of errors ● Add a “Who” and “Why” to DNS changes ● Facilitate the review process of proposed DNS changes

  13. Benefit of automation ● Continuous integration : run a automatic verification test for every proposed change. ● Continuous deployment : automatic apply of change when merge the pull request to master. ● Avoid credential leak : make possible for an user to do privileged action without acknowledgment of any secret key or token.

  14. How to travis-ci work: /.travis.yml language: python cache: pip install: pip install octodns script: - octodns-validate --config-file=config.yaml - octodns-sync --config-file=config.yaml deploy: provider: script script: octodns-sync --config-file=config.yaml --doit on: branch: master

  15. How to travis-ci work: environment variables

  16. Pull Request workflow 1. User make a pull request with the requested changes 2. Travis-ci test the pull request 3. User ask a review of a pull request 4. Administrator start the review 5. Administrator approve the changes 6. User merge the pull request to master 7. Travis-ci apply the pull request changes

  17. Multi providers setup

  18. Add a backup provider --- providers: config: class: octodns.provider.yaml.YamlProvider directory: ./zones enforce_order: false do: class: octodns.provider.digitalocean.DigitalOceanProvider token: env/DO_TOKEN cf: class: octodns.provider.cloudflare.CloudflareProvider email: env/CF_EMAIL token: env/CF_TOKEN cdn: false zones: acme.org.: sources: - config targets: - do - cf

  19. Move the zone between two different providers --- providers: do: class: octodns.provider.digitalocean.DigitalOceanProvider token: env/DO_TOKEN cf: class: octodns.provider.cloudflare.CloudflareProvider email: env/CF_EMAIL token: env/CF_TOKEN cdn: false zones: acme.org.: sources: - do targets: - cf

  20. Quirks & Recommendations

  21. Quirks ● Travis-ci secure variables are not available to untrusted builds triggered by pull requests from another repository. script: - > if [ "$TRAVIS_SECURE_ENV_VARS" = "false" ]; then export DO_TOKEN=""; export CF_EMAIL=""; export CF_TOKEN=""; fi; octodns-validate --config-file=config.yaml - if [ "$TRAVIS_SECURE_ENV_VARS" = "true" ]; then octodns-sync --config-file=config.yaml; fi

  22. Recommendations ● Protect the master branch , permit writes on master only via pull requests ● Make mandatory for a pull request to be up to date before merge ● Block merge until almost one review approve the change

  23. Mission Accomplishment! ● Move from a web based “point and click” paradigm to a “infrstructure as code” paradigm ● Dns management are now versionable ● start in the morning and to production in the late afternoon! (ok, actually it was fully in production the day after, we want to make sure that all the records are migrated correctly ;) )

  24. Thanks for listening! Questions?

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

80% of Code Red 2 Code Red 2 re-re- Code Red 1 and Code Red 2 Code Red 2 re- cleaned up

80% of Code Red 2 Code Red 2 re-re- Code Red 1 and Code Red 2 Code Red 2 re- cleaned up

Slammer s Bandwidth-Limited Growth 80% of Code Red 2 Code Red 2 re-re- Code Red 1 and Code Red 2 Code Red 2 re- cleaned up due to released Jan 2004 Nimda endemic dies off released with Oct. onset of Blaster (and 2005; not since

450 views • 34 slides
Ex. 8.4 7-4-2-1 code Codeconverter 7-4-2-1-code to BCD-code. When encoding the digits 0 ... 9

Ex. 8.4 7-4-2-1 code Codeconverter 7-4-2-1-code to BCD-code. When encoding the digits 0 ... 9

Ex. 8.4 7-4-2-1 code Codeconverter 7-4-2-1-code to BCD-code. When encoding the digits 0 ... 9 sometimes in the past a code having weights 7-4-2-1 instead of the binary code weights 8-4-2-1 was used. In the cases where a digit's code word

830 views • 66 slides
Clean Code 1 / 24 Clean Code What is clean code? Elegant and efficient. Bjarne

Clean Code 1 / 24 Clean Code What is clean code? Elegant and efficient. Bjarne

Clean Code 1 / 24 Clean Code What is clean code? Elegant and efficient. Bjarne Stroustrup Simple and direct. Readable. Grady Booch Understandable by others, tested, literate. Dave Thomas Code works pretty much as

351 views • 24 slides
Code Generation Chapter 9 1 Compiler Construction Code Generation Issues in Code Generation

Code Generation Chapter 9 1 Compiler Construction Code Generation Issues in Code Generation

Code Generation Chapter 9 1 Compiler Construction Code Generation Issues in Code Generation Target language Relocatable machine code Commercial compilers produce this Absolute machine code OS code must start at a particular memory

503 views • 19 slides
CloPlag A Study of Effects of Code Obfuscation to Code Similarity Detection Tools Chaiyong

CloPlag A Study of Effects of Code Obfuscation to Code Similarity Detection Tools Chaiyong

CloPlag A Study of Effects of Code Obfuscation to Code Similarity Detection Tools Chaiyong Ragkhitwetsagul, Jens Krinke, Albert Cabr Juan Cloned Code vs Plagiarised Code A result from source code Created in a similar way as code

479 views • 31 slides
SOUTHWEST BCSW ENROLLMENT GROWTH FTES by ZIP CODE FTES by ZIP CODE 2013-14 FTES by ZIP CODE

SOUTHWEST BCSW ENROLLMENT GROWTH FTES by ZIP CODE FTES by ZIP CODE 2013-14 FTES by ZIP CODE

BAKERSFIELD COLLEGE SOUTHWEST BCSW ENROLLMENT GROWTH FTES by ZIP CODE FTES by ZIP CODE 2013-14 FTES by ZIP CODE 2014-15 FTES by ZIP CODE 2015-16 FTES by ZIP CODE 2016-17 FTES by ZIP CODE 2017-18 State Apportionment for Previous Three

343 views • 31 slides
Code Generation Machine code generation cs4713 1 Machine code generation machine Intermediate

Code Generation Machine code generation cs4713 1 Machine code generation machine Intermediate

Code Generation Machine code generation cs4713 1 Machine code generation machine Intermediate Code optimizer Code generator Code generator Input: intermediate code + symbol tables In our case, three-address code All variables

717 views • 38 slides
Code Code Code on the Presentation of Persons with Disabilities in the Media What you call us

Code Code Code on the Presentation of Persons with Disabilities in the Media What you call us

Code Code Code on the Presentation of Persons with Disabilities in the Media What you call us IS HOW YOU SEE US This publication is funded by SIDA, the Swedish International Development Cooperation Agency, through MyRight- Empowers People

343 views • 20 slides
Genealogy of D3 Code Cathy Zhu, Lucas Throckmorton Genealogy of D3 Code Goal: identify the

Genealogy of D3 Code Cathy Zhu, Lucas Throckmorton Genealogy of D3 Code Goal: identify the

Genealogy of D3 Code Cathy Zhu, Lucas Throckmorton Genealogy of D3 Code Goal: identify the shared pieces of code amongst pieces of d3 code via MOSS and visualize the evolution of D3 code snippets. Scope: about 30k examples of D3 code

278 views • 16 slides
Polymorphism "Inheritance is new code that reuses old code. Polymorphism is old code that

Polymorphism "Inheritance is new code that reuses old code. Polymorphism is old code that

Topic 5 Polymorphism "Inheritance is new code that reuses old code. Polymorphism is old code that reuses new code. 1 Polymorphism Another feature of OOP literally having many forms object variables in Java are

570 views • 17 slides
Similar code fragment A code fragment that has similar part to it in source code

Similar code fragment A code fragment that has similar part to it in source code

Similar code fragment A code fragment that has similar part to it in source code introduced in source code because of various reasons. e.g. copy-and-paste makes software maintenance difficult. It is necessary to It is

488 views • 9 slides
Investor Presentation April 2015 BSE Code: 533573 NSE Code: APLLTD Bloomberg Code: ALPM:IN

Investor Presentation April 2015 BSE Code: 533573 NSE Code: APLLTD Bloomberg Code: ALPM:IN

Alembic Pharmaceuticals Limited Investor Presentation April 2015 BSE Code: 533573 NSE Code: APLLTD Bloomberg Code: ALPM:IN Reuters Code: ALEM.NS www.alembic-india.com Safe Harbor Statement Materials and information provided during this

553 views • 30 slides
Malicious Code Malicious Code for Fun and Profit for Fun and Profit Mihai Christodorescu

Malicious Code Malicious Code for Fun and Profit for Fun and Profit Mihai Christodorescu

Malicious Code Malicious Code for Fun and Profit for Fun and Profit Mihai Christodorescu mihai@cs.wisc.edu 10 March 2005 What is Malicious Code? What is Malicious Code? Viruses, worms, trojans, Code that breaks your security policy.

1.16k views • 94 slides
Malicious Code Malicious Code for Fun and Profit for Fun and Profit Mihai Christodorescu

Malicious Code Malicious Code for Fun and Profit for Fun and Profit Mihai Christodorescu

Malicious Code Malicious Code for Fun and Profit for Fun and Profit Mihai Christodorescu mihai@cs.wisc.edu 23 March 2006 What is Malicious Code? What is Malicious Code? Viruses, worms, trojans, Code that breaks your security policy.

707 views • 69 slides
Code/doc inspections Most teams have some mechanism for checking each others code and

Code/doc inspections Most teams have some mechanism for checking each others code and

Code/doc inspections Most teams have some mechanism for checking each others code and documents for correctness and standards Might be informal, everyone gets another team member to look over their code/document before treating them as

448 views • 10 slides
Database design III Courses(code, period, name, teacher) code name code, period teacher

Database design III Courses(code, period, name, teacher) code name code, period teacher

Quiz time! Whats wrong with this schema? Database design III Courses(code, period, name, teacher) code name code, period teacher Functional dependencies cont. {(TDA356, 2, Databases, Niklas Broberg), BCNF and 3NF

92 views • 8 slides
Neptune = Neptune driving Waves weak interaction Powerful Waves = strong interaction) Vibration

Neptune = Neptune driving Waves weak interaction Powerful Waves = strong interaction) Vibration

Roles of pairing interactions in the formation of low- and high-energy Gamow-Teller excitations Yoshitaka FUJITA Yoshitaka FUJITA RCNP & Dept. Phys., Osaka Univ. RCNP & Dept. Phys., Osaka Univ. COMEX5, Sep. 14-18, 2015 Department of

805 views • 52 slides
GRAVITATIONAL LENSING LECTURE 4 Docente: Massimo Meneghetti AA 2015-2016 CONTENTS

GRAVITATIONAL LENSING LECTURE 4 Docente: Massimo Meneghetti AA 2015-2016 CONTENTS

GRAVITATIONAL LENSING LECTURE 4 Docente: Massimo Meneghetti AA 2015-2016 CONTENTS Distortion and magnification (continuation) Second order lensing: flexion Time delays EXAMPLE: FIRST ORDER DISTORTION OF A CIRCULAR SOURCE 2 1 +

423 views • 20 slides
6 KamLAND

6 KamLAND

6 KamLAND RCNS for the KamLAND Collaboration , 2020 1 6 -7 Contents 1.

603 views • 25 slides
AI in Actuarial Science T h e S t a t e o f t h e A r t Ronald Richman Associate Director -

AI in Actuarial Science T h e S t a t e o f t h e A r t Ronald Richman Associate Director -

AI in Actuarial Science T h e S t a t e o f t h e A r t Ronald Richman Associate Director - QED Actuaries & Consultants November 2020 Goals of the talk What machine learning implies for actuarial science Understand the problems

1.34k views • 71 slides
Analyst & Investor Site Visit Crowcon Detection Instruments 17 September, 2015 Agenda 11.00

Analyst & Investor Site Visit Crowcon Detection Instruments 17 September, 2015 Agenda 11.00

Analyst & Investor Site Visit Crowcon Detection Instruments 17 September, 2015 Agenda 11.00 Introduction Andrew Williams, CEO 11.15 Process Safety sector review Philippe Felten, SCE 11.45 Break 12.15 Introduction to Crowcon

445 views • 22 slides
BMO Acquires Marshall & Ilsley Acquisition Update July 5, 2011 Forward Looking Statements

BMO Acquires Marshall & Ilsley Acquisition Update July 5, 2011 Forward Looking Statements

BMO Acquires Marshall & Ilsley Acquisition Update July 5, 2011 Forward Looking Statements & Non-GAAP Measures Caution Regarding Forward-Looking Statements Bank of Montreals public communications often include written or oral

482 views • 11 slides
Fertilization and Development Pregnancy: events that occur from fertilization until infant is

Fertilization and Development Pregnancy: events that occur from fertilization until infant is

Fertilization and Development Pregnancy: events that occur from fertilization until infant is born Conceptus Gestation period time from last menstrual period until birth fertilization approx. 14 d into gestation ~280 days

409 views • 28 slides
1 Syntax-directed Translation: AST Construction example Using SableCC to specify grammar and

1 Syntax-directed Translation: AST Construction example Using SableCC to specify grammar and

Some Thoughts on Grad School Undergraduate Compilers Review and Intro to MJC Goal Announcements learn how to learn a subject in depth Mailing list is in full swing, go ahead and share test cases learn how to organize a project,

84 views • 6 slides

More recommend