better DNS management for theforeman.org #1927
Description
current state
DNS is managed via the Gandi web interface, which has the following problems:
- you can't open a PR for a DNS change, let people review it and then apply the change
- there is no revert functionality (you can download a backup before doing changes, but if you don't then you don't)
- zero automation when we deploy new hosts etc
ideas
manage it in git
Gandi has an API, we have Ansible and there is surely a library somewhere to bind those two together.
This would still mean that the zone file would be edited manually, but at least it'd be stored in git, we'd have history and people could request DNS changes w/o having access to DNS.
manage via Foreman
Foreman can manage DNS for hosts it deploys. But it can't talk to Gandi and can't do SSHFP (which we use) and would only manage host-related things, with all non-host entries we have (like service aliases, CNAMEs to the CDN, etc) being still unmanaged.
combo of the two
Probably best if Foreman handles hosts, and humans handle special things in Git, but that's for the future.