beatz174-bit
73 lines
2.4 KiB
Markdown
73 lines
2.4 KiB
Markdown
# Dynu Terraform Layer (Brownfield DNS Reconciliation)
|
|
|
|
This Terraform root is for **Dynu DNS brownfield reconciliation**. The intended pattern is:
|
|
|
|
1. Import the existing root domain object.
|
|
2. Read inventory through `data.dynu_dns_records.root`.
|
|
3. Generate reviewable `dynu_dns_record` resources and import commands.
|
|
4. Import every existing DNS record into matching Terraform resources.
|
|
5. Use `terraform plan` as the reconciliation check before any apply.
|
|
|
|
## Provider behavior to keep in mind
|
|
|
|
- Source: `beatz174-bit/dynu`
|
|
- `dynu_domain` import requires a **numeric Dynu domain ID**.
|
|
- Importing `dynu_domain` imports only the root domain object.
|
|
- It **does not** import DNS records/subdomains.
|
|
- `dynu_dns_record` imports require `<domain_id>/<record_id>`.
|
|
|
|
## Variables
|
|
|
|
- `dynu_root_domain` (default: `lan.ddnsgeek.com`)
|
|
- `dynu_api_key` (sensitive)
|
|
- `dynu_username` / `dynu_password` (optional)
|
|
|
|
## Safe validation commands
|
|
|
|
```bash
|
|
cd infrastructure/terraform/dynu
|
|
terraform fmt -check -recursive
|
|
terraform init -backend=false -input=false
|
|
terraform validate
|
|
python3 -m py_compile scripts/generate-brownfield-records.py
|
|
```
|
|
|
|
## Brownfield workflow
|
|
|
|
```bash
|
|
cd infrastructure/terraform/dynu
|
|
|
|
terraform init
|
|
terraform import dynu_domain.lan_ddnsgeek_com '<numeric-dynu-domain-id>'
|
|
|
|
terraform apply -refresh-only
|
|
terraform output -json dynu_dns_records > /tmp/dynu-records.json
|
|
|
|
python3 scripts/generate-brownfield-records.py --dry-run
|
|
python3 scripts/generate-brownfield-records.py --overwrite
|
|
|
|
# Review generated/dynu_dns_records.generated.tf
|
|
# Review generated/import-dynu-dns-records.sh
|
|
|
|
bash generated/import-dynu-dns-records.sh
|
|
|
|
terraform plan
|
|
```
|
|
|
|
## What each component means
|
|
|
|
- `data.dynu_dns_records.root`: read-only live inventory from Dynu.
|
|
- `generated/dynu_dns_records.generated.tf`: generated management-intent resources; includes `prevent_destroy = true` on each record.
|
|
- `generated/import-dynu-dns-records.sh`: imports each discovered record to its generated `dynu_dns_record` address using `<domain_id>/<record_id>`.
|
|
- `terraform plan` after imports: reconciliation checkpoint. Any create/update/delete must be reviewed manually before apply.
|
|
|
|
## Generated artifacts
|
|
|
|
The helper script writes these files under `generated/`:
|
|
|
|
- `generated/dynu_dns_records_inventory.json`
|
|
- `generated/dynu_dns_records.generated.tf`
|
|
- `generated/import-dynu-dns-records.sh`
|
|
|
|
These are generated outputs meant for operator review before use in production.
|