Add Dynu brownfield DNS inventory outputs and generator
This commit is contained in:
beatz174-bit
@@ -1,30 +1,26 @@
|
||||
# Dynu Terraform Layer (Brownfield DNS Reconciliation)
|
||||
|
||||
This Terraform root is for **Dynu DNS brownfield import/reconciliation** and documentation outputs.
|
||||
This Terraform root is for **Dynu DNS brownfield reconciliation**. The intended pattern is:
|
||||
|
||||
Dynu remains the authoritative DNS provider for existing records. Terraform here is used to mirror and reconcile existing DNS state incrementally, not to casually recreate production DNS from scratch.
|
||||
1. Import the existing root domain object.
|
||||
2. Read inventory through `data.dynu_dns_records.root`.
|
||||
3. Generate reviewable `dynu_dns_record` resources and import commands.
|
||||
4. Import every existing DNS record into matching Terraform resources.
|
||||
5. Use `terraform plan` as the reconciliation check before any apply.
|
||||
|
||||
## Provider
|
||||
## Provider behavior to keep in mind
|
||||
|
||||
- Source: `beatz174-bit/dynu`
|
||||
- Provider version is intentionally unpinned in this root to use the latest published release.
|
||||
- Provider block uses `api_key` auth argument from the published provider schema.
|
||||
- `dynu_domain` import requires a **numeric Dynu domain ID**.
|
||||
- Importing `dynu_domain` imports only the root domain object.
|
||||
- It **does not** import DNS records/subdomains.
|
||||
- `dynu_dns_record` imports require `<domain_id>/<record_id>`.
|
||||
|
||||
## Credentials and auth
|
||||
## Variables
|
||||
|
||||
Use local `terraform.tfvars` (or provider-supported environment variables).
|
||||
|
||||
- Required variable: `dynu_api_key`
|
||||
- Domain variable: `dynu_root_domain` (defaults to `lan.ddnsgeek.com`)
|
||||
- Optional placeholders for future provider auth changes: `dynu_username`, `dynu_password`
|
||||
- Import helper variable: `dynu_record_import_id` (set per record import operation)
|
||||
|
||||
Never commit:
|
||||
|
||||
- `terraform.tfvars`
|
||||
- `.terraform/`
|
||||
- `*.tfstate*`
|
||||
- credentials/secrets
|
||||
- `dynu_root_domain` (default: `lan.ddnsgeek.com`)
|
||||
- `dynu_api_key` (sensitive)
|
||||
- `dynu_username` / `dynu_password` (optional)
|
||||
|
||||
## Safe validation commands
|
||||
|
||||
@@ -33,35 +29,44 @@ cd infrastructure/terraform/dynu
|
||||
terraform fmt -check -recursive
|
||||
terraform init -backend=false -input=false
|
||||
terraform validate
|
||||
python3 -m py_compile scripts/generate-brownfield-records.py
|
||||
```
|
||||
|
||||
## Local workflow
|
||||
## Brownfield workflow
|
||||
|
||||
```bash
|
||||
cp terraform.tfvars.example terraform.tfvars
|
||||
$EDITOR terraform.tfvars
|
||||
cd infrastructure/terraform/dynu
|
||||
|
||||
terraform init
|
||||
terraform import dynu_domain.lan_ddnsgeek_com '<numeric-dynu-domain-id>'
|
||||
|
||||
terraform apply -refresh-only
|
||||
terraform output -json dynu_dns_records > /tmp/dynu-records.json
|
||||
|
||||
python3 scripts/generate-brownfield-records.py --dry-run
|
||||
python3 scripts/generate-brownfield-records.py --overwrite
|
||||
|
||||
# Review generated/dynu_dns_records.generated.tf
|
||||
# Review generated/import-dynu-dns-records.sh
|
||||
|
||||
bash generated/import-dynu-dns-records.sh
|
||||
|
||||
terraform plan
|
||||
```
|
||||
|
||||
## Import workflow (one object at a time)
|
||||
## What each component means
|
||||
|
||||
```bash
|
||||
terraform import dynu_domain.lan_ddnsgeek_com '<provider-specific-domain-import-id-or-domain-name>'
|
||||
terraform state show dynu_domain.lan_ddnsgeek_com
|
||||
terraform plan
|
||||
```
|
||||
- `data.dynu_dns_records.root`: read-only live inventory from Dynu.
|
||||
- `generated/dynu_dns_records.generated.tf`: generated management-intent resources; includes `prevent_destroy = true` on each record.
|
||||
- `generated/import-dynu-dns-records.sh`: imports each discovered record to its generated `dynu_dns_record` address using `<domain_id>/<record_id>`.
|
||||
- `terraform plan` after imports: reconciliation checkpoint. Any create/update/delete must be reviewed manually before apply.
|
||||
|
||||
Or with import blocks:
|
||||
## Generated artifacts
|
||||
|
||||
```bash
|
||||
cp imports.tf.example imports.tf
|
||||
$EDITOR imports.tf
|
||||
terraform plan -generate-config-out=generated-dynu.tf
|
||||
```
|
||||
The helper script writes these files under `generated/`:
|
||||
|
||||
Notes:
|
||||
- `generated/dynu_dns_records_inventory.json`
|
||||
- `generated/dynu_dns_records.generated.tf`
|
||||
- `generated/import-dynu-dns-records.sh`
|
||||
|
||||
1. Confirm exact import ID formats from the provider docs.
|
||||
2. For DNS records, add one `dynu_dns_record` resource at a time after confirming required arguments (`hostname`, `record_type`) from `terraform providers schema`.
|
||||
3. Treat generated config as draft input; keep only stable, meaningful attributes in hand-maintained `.tf`.
|
||||
These are generated outputs meant for operator review before use in production.
|
||||
|
||||
Reference in New Issue
Block a user