I'm trying to get terraform to add an "A" record to my dns zone in GCP. Efforts to do so result in an error: "update server is not set". A similar error is described here. So I gather from comments made there that I need an update item in my dns provider. Which I dutifully tried to provide.
provider "dns" {
update {
server = "xxx.xxx.x.x"
}
}
Except that I have no idea what IP goes in there, and my first attempts have failed.
Will I need other settings?
I note in the documentation the following format...
provider "dns" {
update {
server = "192.168.0.1"
key_name = "example.com."
key_algorithm = "hmac-md5"
key_secret = "3VwZXJzZWNyZXQ="
}
}
I don't understand where these settings come from.
Update:
Martin's advice (accepted answer below) worked like a charm.
For the next person struggling with this, the trick was to use google_dns_record_set
instead of dns_a_record_set
.
Using Terraform Cloud Place your credentials in a Terraform Cloud environment variable: Create an environment variable called GOOGLE_CREDENTIALS in your Terraform Cloud workspace. Remove the newline characters from your JSON key file and then paste the credentials into the environment variable value field.
Downloading and configuring Google Cloud SDKNow that we have Terraform installed, we need to set up the command line utility to interact with our services on Google Cloud Platform. This will allow us to authenticate to our account on Google Cloud Platform and subsequently use Terraform to manage infrastructure.
The dns
provider is implementing the standard DNS update protocol defined in RFC 2136: Dynamic Updates in the Domain Name System, which tends to be implemented by self-hosted DNS server software like BIND. In that case, the credentials would be configured on the server side by the BIND operator and then you'd in turn pass the given credentials into the provider.
Unfortunately, as DNS has tended towards being a managed service provided for you by various vendors, most of these vendors have chosen to ignore RFC 2136 and implement their own proprietary APIs instead. For that reason, the management capabilities of Terraform's dns
provider are incompatible with most managed DNS products.
Instead, we manage these using a vendor-specific provider. In your case, since you are apparently using Google Cloud DNS, you'd manage your DNS zones and records using resource types from the google
Terraform provider. Specifically:
google_dns_managed_zone
for the zone itselfgoogle_dns_record_set
for recordsets within the zoneHere is a minimal example to get started:
resource "google_dns_managed_zone" "example" {
name = "example"
dns_name = "example.com."
}
resource "google_dns_record_set" "example" {
managed_zone = google_dns_managed_zone.example.name
name = "www.${google_dns_managed_zone.example.dns_name}"
type = "A"
rrdatas = ["10.1.2.1", "10.1.2.2"]
ttl = 300
}
A key advantage of these vendors using vendor-specific APIs is that the management operations integrate with the authentication mechanisms used for the rest of their APIs, and so as long as your Google Cloud Platform provider has credentials with sufficient privileges to manage these objects you shouldn't need any additional provider configuration for this.
Terraform has provider support for a number of different managed DNS vendors, so folks not using Google Cloud DNS will hopefully find that their chosen vendor is also supported in a similar way, by browsing the available providers.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With