Originally posted on Digital Ducttape
Foreman is a tool I have used for a long time as an external node classifier for Puppet and its smart-proxy for integration with DNS. However when Foreman recently added support for building EC2 instances inside a VPC, I thought it was a great opportunity to use the same tool for a new buildout.
Shortly after starting I discovered that reverse DNS is unfortunately broken for EC2 VPC builds. Foreman does not map a relationship between VPC subnets and any DNS smart-proxy. Unswayed I took to #foreman and was guided to a potential solution.
Enter foreman_hooks. This plugin for foreman allows you to subscribe to create/update/destroy events and invoke any executable. Lucky for me this was a great workaround for the functionality lacking in the recent 1.3 release. Initially I wrote a script utilizing the smart-proxy API to create PTR records but it complained that the IP address was already assigned. Fair enough. Without further investigation I wrote instead a short shell script which does the same thing using nsupdate with tsigs and viola! Integrated forward and reverse DNS for EC2 VPC deployments. A few more lines of code added support for the destroy hook and now the feature is complete.
I named this script rdns.sh and placed it in /usr/share/foreman/config/hooks.d and created symlinks to it in both:
Of course, after implementing this I saw many uses for foreman_hooks including:
I will post updates on these implementations at another time.comments powered by Disqus