</style></head><bodydata-astro-cid-5hce7sga><navdata-astro-cid-5hce7sga><aclass="brand"href="/"data-astro-cid-5hce7sga><imgsrc="/logo-white.svg"alt="dd0c.net"width="40"height="40"data-astro-cid-5hce7sga></a><ahref="/"data-astro-cid-5hce7sga>Home</a><ahref="/about"data-astro-cid-5hce7sga>About</a><ahref="/services"data-astro-cid-5hce7sga>Services</a><divclass="spacer"data-astro-cid-5hce7sga></div><aclass="external"href="https://github.com/ddoc"target="_blank"rel="noopener"data-astro-cid-5hce7sga>GitHub</a></nav><maindata-astro-cid-5hce7sga><aclass="back"href="/"data-astro-cid-gjtny2mx>← All posts</a><h1data-astro-cid-gjtny2mx>AWS VPC Buildout With Foreman Hooks for RDNS Creation</h1><pclass="post-meta"data-astro-cid-gjtny2mx>2014-01-15</p><divclass="post-body"data-astro-cid-gjtny2mx><p>Originally posted on <ahref="http://digital-ducttape.com/2013/10/23/aws-vpc-buildout-with-foreman_hooks-for-rdns-creation/">Digital Ducttape</a></p>
<p><ahref="http://theforeman.org/">Foreman</a> is a tool I have used for a long time as an external node classifier for Puppet and its smart-proxy for integration with DNS. However when Foreman recently <ahref="http://projects.theforeman.org/issues/1871">added support</a> for building EC2 instances inside a VPC, I thought it was a great opportunity to use the same tool for a new buildout.</p>
<p>Shortly after starting I discovered that reverse DNS is <ahref="http://projects.theforeman.org/issues/3166">unfortunately broken</a> for EC2 VPC builds. Foreman does not map a relationship between VPC subnets and any DNS smart-proxy. Unswayed I took to #foreman and was guided to a potential solution.</p>
<p>Enter <ahref="https://github.com/theforeman/foreman_hooks">foreman_hooks</a>. This plugin for foreman allows you to subscribe to create/update/destroy events and invoke any executable. Lucky for me this was a great workaround for the functionality lacking in the recent 1.3 release. Initially I wrote a script utilizing the smart-proxy API to create PTR records but it complained that the IP address was already assigned. Fair enough. Without further investigation I wrote instead a short shell script which does the same thing using nsupdate with tsigs and viola! Integrated forward and reverse DNS for EC2 VPC deployments. A few more lines of code added support for the destroy hook and now the feature is complete.</p>
<p>I named this script <code>rdns.sh</code> and placed it in <code>/usr/share/foreman/config/hooks.d</code> and created symlinks to it in both:</p>
<p><ahref="https://gist.github.com/ddoc/8446722">source for utils.sh</a><br>
<ahref="https://github.com/theforeman/foreman_hooks/blob/master/examples/hook_functions.sh">source for hook_functions.sh</a></p>
<p>Of course, after implementing this I saw many uses for foreman_hooks including:</p>
<ul>
<li>resizing an EC2 root volume at build time</li>
<li>attaching additional volumes</li>
<li>EIP associations and DNS</li>
<li>different hooks for different domains</li>
<li>adding and removing hosts to an external monitoring system</li>
</ul>
<p>I will post updates on these implementations at another time.</p></div></main><footerdata-astro-cid-5hce7sga><ahref="/privacy"data-astro-cid-5hce7sga>Privacy Policy</a> ·
<ahref="/terms"data-astro-cid-5hce7sga>Terms of Service</a> ·