Infrastructure as Code to manage DNS configurations

[btlogy]

Scope

AsIs: The DNS configurations of tahoe-lafs.org are manually managed by Meejah and/or Brian via the ​admin WebUI provided by the DNS registrar and hosting 3rd party ​Gandi.

The current DNS configurations lack of visibility, reproducibility and agility, making it difficult, error-prone and slow to be audited, reviewed, changed or improved.

ToBe: The DNS configuration would be declaratively defined in a version-controlled repository and deployed using automated workflows, based on the principle of Infrastructure as Code (IaC).

Value

• Contributors would be able to see the current configurations and propose changes using a well known workflow (pull request).
• Maintainers would be able to approve and deploy changes w/o direct interact with the DNS provider.
• The configurations and the workflows would be consistent, repeatable, and easily auditable.

Requirements

• A fresh export of the DNS tahoe-lafs.org zone hosted by Gandi
• A valid Personal Access Token (PAT) to read/write this zone via ​API of Gandi
• Permissions to create/manage secrets in ​infrastructure repository
• ​OpenToFu plan defining the current state in the existing ​infrastructure repository (WiP ​here)
• Automated workflow (e.g.: using GHA) to continuously integrate and deploy the plan (WiP ​here)

Additional information

This enhancement is a very nice to have requirement for the execution of the MoveOffTrac project:

• #4161

And has already been discussed here:

• #3742

In addtion, it could help making progress/improvement on those issues:

• #2717
• #2718
• #2719
• #2772
• #4142
• #4160