Manage your Gandi DNS zones with Terraform

Boris HUISGEN
Boris HUISGEN
Manage your Gandi DNS zones with Terraform

The management of Gandi DNS zones with Terraform is possible with an open-source module.

Setup of provider

$ go get github.com/tiramiseb/terraform-provider-gandi
$ cd $GOPATH/go/src/github.com/tiramiseb/terraform-provider-gandi
$ go build -o terraform-provider-gandi

As explained in the documentation of the module, only the LiveDNS zones of the new DNS infrastructure are supported. You need to migrate your old zones if necessary. A developer API key must be generated too to allow remote updates from Terraform.

Terraform project

Let’s begin the creation of the Terraform project:

$ mkdir ~/Projects/terraform-gandi-dns
$ cd ~/Projects/terraform-gandi-dns
$ touch main.tf providers.tf variables.tf outputs.tf terraform.tfvars

File provider.tf:

1provider "gandi" {
2  key = "${var.gandi_key}"
3}

File variable.tf:

1variable "gandi_key" {}

File main.tf:

 1resource "gandi_zone" "hbis_fr" {
 2  name = "hbis.fr"
 3}
 4
 5resource "gandi_domainattachment" "hbis_fr" {
 6  domain = "hbis.fr"
 7  zone = "${gandi_zone.hbis_fr.id}"
 8}
 9
10resource "gandi_zonerecord" "root" {
11  zone = "${gandi_zone.hbis_fr.id}"
12  name = "@"
13  type = "A"
14  ttl = 3600
15  values = [
16    "51.15.171.130"
17  ]
18}
19
20resource "gandi_zonerecord" "www" {
21  zone = "${gandi_zone.hbis_fr.id}"
22  name = "www"
23  type = "A"
24  ttl = 3600
25  values = [
26    "51.15.171.130"
27  ]
28}

In addition to the resources code, a Terraform variable will be used to pass the API key.

Importing of the DNS zone

The project must be initialized:

$ terraform init

Before importing, the main step is to find the zone ID using the Gandi API:

$ curl -s -H "Content-Type: application/json" -H "X-Api-Key: ******" https://dns.api.gandi.net/api/v5/zones|jq -r

[
  {
    "retry": 3600,
    "uuid": "72e4069e-eeef-11e7-8db5-00163e6dc886",
    "zone_href": "https://dns.api.gandi.net/api/v5/zones/72e4069e-eeef-11e7-8db5-00163e6dc886",
    "minimum": 10800,
    "domains_href": "https://dns.api.gandi.net/api/v5/zones/72e4069e-eeef-11e7-8db5-00163e6dc886/domains",
    "refresh": 10800,
    "zone_records_href": "https://dns.api.gandi.net/api/v5/zones/72e4069e-eeef-11e7-8db5-00163e6dc886/records",
    "expire": 604800,
    "sharing_id": "4aace8e0-b393-11e7-bcf1-00163ec388ae",
    "serial": 1514825087,
    "email": "hostmaster.gandi.net.",
    "primary_ns": "ns1.gandi.net",
    "name": "hbis.fr"
  }
]

The UUID value is the required value to launch the import of the resource gandi_zone:

$ terraform import -var 'gandi_key=******' gandi_zone.hbis_fr 72e4069e-eeef-11e7-8db5-00163e6dc886

Terraform should confirm the import of the resource in its state file, which can be verified by this command:

$ terraform show

gandi_zone.hbis_fr:
id = 72e4069e-eeef-11e7-8db5-00163e6dc886
name = hbis.fr

The resource gandi_domainattachment must be imported too:

$ terraform import -var 'gandi_key=******' gandi_domainattachment.hbis_fr hbis.fr

If there are already DNS records, they must be imported. The ID of gandi_dnsrecord resources has the format: <UUID>/<NAME>/<TYPE>

$ terraform import -var 'gandi_key=******' gandi_zonerecord.root 72e4069e-eeef-11e7-8db5-00163e6dc886/@/A
$ terraform import -var 'gandi_key=******' gandi_zonerecord.blog 72e4069e-eeef-11e7-8db5-00163e6dc886/www/A

Plan validation

As the state file contains all required resources, verify that the plan don’t require any modification:

$ terraform plan -var 'gandi_key=******'

You could now manage your zone and its records from your Terraform project.

Boris HUISGEN
Boris HUISGEN
Blog owner
  • #terraform
  • #gandi
  • #dns