Service Configuration

Configuring Google Cloud Platform Plugins for the gordon service.

Example Gordon Configuration with GCP Plugin

# Gordon Core Config
[core]
[core.logging]
level = "debug"
handlers = ["syslog"]

# Plugin Config
[gcp]
project = "my-gcp-project"
dns_zone = "example.com."
default_zone_prefix = "production"

[gcp.enricher]
keyfile = "/path/to/keyfiles/compute.json"

[gcp.event_consumer]
keyfile = "/path/to/keyfiles/pubsub.json"
topic = "my-dns-changes"
subscription = "gordon-consumer"
max_messages = 25
max_msg_age = 300

[gcp.publisher]
project = "my-dns-project"
keyfile = "/path/to/keyfiles/dns.json"
publish_wait_timeout = 10
default_ttl = 300

Plugin Configuration

Attention

Configuration defined for a specific provider (event_consumer, enricher, publisher) will overwrite values of the same keys defined under gcp, then inherit the rest.

Attention

A specific provider does not have access to configuration for the other individual providers.

Note

Any configuration key/value listed here may also be used in the specific plugin configuration. Values set in a plugin-specific config section will overwrite what’s set in this general [gcp] section.

[gcp]

keyfile="/path/to/keyfile.json"

Required: Path to the Service Account JSON keyfile to use while authenticating against Google APIs.

While one global key for all plugins is supported, it’s advised to create a key per plugin with only the permissions it requires. To setup a service account, follow Google’s docs on creating & managing service account keys.

project="STR"

Required: Google Project ID which hosts the relevant GCP services (e.g. Cloud DNS, Pub/Sub, Compute Engine).

To learn more about GCP projects, please see Google’s docs on creating & managing projects.

dns_zone="STR"

Required: DNS zone to administer. Must be a fully-qualified domain name (FQDN), ending in ., e.g. example.com.. If it’s a reverse zone, it must be in the form ‘A.B.in-addr.arpa.’. This setting must be either in this section, or in both the [gcp.event_consumer] and [gcp.publisher] sections.

Note: this is separate from Google’s ‘managed zone’ names. Google uses custom string names with specific requirements for storing records. Gordon requires that managed zone names be based on DNS names. For all domains, remove the trailing dot and replace all other dots with dashes. For reverse records, then use only the two most significant octets, prepended with ‘reverse-‘. (E.g. foo.bar.com. -> foo-bar-com and 0.168.192.in-addr.arpa. -> reverse-168-192.)

default_zone_prefix="STR"

Optional: Prefix associated with Google managed zone names, prepended with a ‘-‘ to the generated name. For example prefix “production” will produced a managed zone name of “production-example-com” for the “example.com.” DNS zone.

[gcp.event_consumer]

All configuration options above in the general [gcp] may be used here. Additional Google Pub/Sub Consumer-related configuration options are:

topic="STR"

Required: A topic to which the Event Consumer client must subscribe.

For more information on Google Pub/Sub topics, please see Google’s docs on managing topics.

subscription="STR"

Required: A subscription to the topic from which the Event Consumer client will pull.

For more information on Google Pub/Sub subscriptions, please see Google’s docs on managing subscriptions.

max_messages=INT

Optional: Number of Pub/Sub messages to process at a time. Defaults to 25.

max_msg_age=INT

Optional: Discard incoming messages older than this many seconds. Defaults to 300.

[gcp.enricher]

All configuration options above in the general [gcp] may be used here. If dns_zone isn’t present here, it must be in [gcp].

[gcp.publisher]

All configuration options above in the general [gcp] may be used here. If dns_zone isn’t present here, it must be in [gcp]. Additional Google Cloud DNS configuration options are:

default_ttl=INT

Required: The default TTL in seconds. This will be used if the publisher receives a record set to be published that does not yet have the TTL set. Must be greater than 4.

publish_wait_timeout=INT|FLOAT

Optional: Timeout in seconds for waiting for confirmation that changes have been successfully completed within Google Cloud DNS. Default is 60 seconds.

api_version="STR"

Optional: API version for both the changes endpoint and the resource records endpoint.