Actually, I might have come up with a workaround myself. Technically, I only need it for the forward and reverse DNS entries:
----- s n i p -----
# designate record-list domain.tld. | grep rabbit | sort -k8
| ae65b08a-d825-4cc1-b796-ac42262ddc0a | A | service-rabbitmq-swarm.domain.tld. | 10.104.0.10
| 0f63067b-c27f-4ef3-a274-39a845a21a51 | A | service-rabbitmq-swarm.domain.tld. | 10.104.0.11
| 4ca83b80-d9dc-4f4b-84a8-145390746d09 | A | service-rabbitmq-swarm.domain.tld. | 10.104.0.12
| c5391582-825f-4fb9-b8cf-bcb5327a0d8b | A | service-rabbitmq-swarm.domain.tld. | 10.104.0.13
| 49b6b335-3e2e-4878-bb75-e095ea20149b | A | service-rabbitmq-swarm.domain.tld. | 10.104.0.14
# designate record-list 0.104.10.in-addr.arpa. | grep rabbit | sort -k5
| f26d3844-6de9-405a-9352-76fe3d3e37dd | PTR | 10.0.104.10.in-addr.arpa. | service-rabbitmq-swarm.domain.tld.
| 376a1724-f3c7-42e4-872a-3d36c13655a5 | PTR | 11.0.104.10.in-addr.arpa. | service-rabbitmq-swarm.domain.tld.
| e103df81-34f3-4df4-8cd0-c267d3889c61 | PTR | 12.0.104.10.in-addr.arpa. | service-rabbitmq-swarm.domain.tld.
| 2a4a92b2-28d4-4e44-9655-40e79806637a | PTR | 13.0.104.10.in-addr.arpa. | service-rabbitmq-swarm.domain.tld.
| 645a37be-a128-400a-89e1-f5fdf648202e | PTR | 14.0.104.10.in-addr.arpa. | service-rabbitmq-swarm.domain.tld.
----- s n i p -----
This messes up puppet (because all the hosts have the same hostname, so the cert is only allotted to the _first_ host that connects, so all the other will get a cert/hostname mismatch).
Actually, I might have come up with a workaround myself. Technically, I only need it for the forward and reverse DNS entries:
----- s n i p ----- d825-4cc1- b796-ac42262ddc 0a | A | service- rabbitmq- swarm.domain. tld. | 10.104.0.10 c27f-4ef3- a274-39a845a21a 51 | A | service- rabbitmq- swarm.domain. tld. | 10.104.0.11 d9dc-4f4b- 84a8-145390746d 09 | A | service- rabbitmq- swarm.domain. tld. | 10.104.0.12 825f-4fb9- b8cf-bcb5327a0d 8b | A | service- rabbitmq- swarm.domain. tld. | 10.104.0.13 3e2e-4878- bb75-e095ea2014 9b | A | service- rabbitmq- swarm.domain. tld. | 10.104.0.14 in-addr. arpa. | grep rabbit | sort -k5 6de9-405a- 9352-76fe3d3e37 dd | PTR | 10.0.104. 10.in-addr. arpa. | service- rabbitmq- swarm.domain. tld. f3c7-42e4- 872a-3d36c13655 a5 | PTR | 11.0.104. 10.in-addr. arpa. | service- rabbitmq- swarm.domain. tld. 34f3-4df4- 8cd0-c267d3889c 61 | PTR | 12.0.104. 10.in-addr. arpa. | service- rabbitmq- swarm.domain. tld. 28d4-4e44- 9655-40e7980663 7a | PTR | 13.0.104. 10.in-addr. arpa. | service- rabbitmq- swarm.domain. tld. a128-400a- 89e1-f5fdf64820 2e | PTR | 14.0.104. 10.in-addr. arpa. | service- rabbitmq- swarm.domain. tld.
# designate record-list domain.tld. | grep rabbit | sort -k8
| ae65b08a-
| 0f63067b-
| 4ca83b80-
| c5391582-
| 49b6b335-
# designate record-list 0.104.10.
| f26d3844-
| 376a1724-
| e103df81-
| 2a4a92b2-
| 645a37be-
----- s n i p -----
This messes up puppet (because all the hosts have the same hostname, so the cert is only allotted to the _first_ host that connects, so all the other will get a cert/hostname mismatch).
But my workaround looks something like this:
instance stack: /gist.github. com/FransUrbo/ dbe19ffac8260f8 49b8fa31c017c42 d3 /gist.github. com/FransUrbo/ d3498882b751363 a9e9035e6aee20f 64
1. Create port.
2. Create instance, bind 'port' to instance.
3. Create DNS record:
https:/
4. Create reverse DNS record:
https:/
Ugly as S**t, but it gets prettier once put into separate sub-stacks etc.
Final result. Both the forward and the reverse DNS is unique, which was _my_ goal:
----- s n i p ----- 18bc-4eca- 941a-9ed0c0a35e 19 | A | service- rabbitmq- swarm-16. domain. tld. | 10.104.0.16 6ada-4ae3- 831d-bfc1f42763 29 | A | service- rabbitmq- swarm-17. domain. tld. | 10.104.0.17 a8db-4d2c- a88d-bf25b013e7 28 | A | service- rabbitmq- swarm-18. domain. tld. | 10.104.0.18 68fa-4d45- b7d5-6f6f87a322 6c | A | service- rabbitmq- swarm-19. domain. tld. | 10.104.0.19 06f5-450f- 8d92-7b9794cc18 6f | A | service- rabbitmq- swarm-20. domain. tld. | 10.104.0.20 in-addr. arpa. | grep rabbit | sort -k5 abe7-437b- a1b0-9d6096f050 e7 | PTR | 16.0.104. 10.in-addr. arpa. | service- rabbitmq- swarm-16. domain. tld. abbe-4cba- 8c29-9f02698afe 35 | PTR | 17.0.104. 10.in-addr. arpa. | service- rabbitmq- swarm-17. domain. tld. 45b1-401a- ade5-175ae93fb4 87 | PTR | 18.0.104. 10.in-addr. arpa. | service- rabbitmq- swarm-18. domain. tld. 385f-418b- 810f-b99a740e4f 7b | PTR | 19.0.104. 10.in-addr. arpa. | service- rabbitmq- swarm-19. domain. tld. cc96-494f- 8091-049812c85d 2c | PTR | 20.0.104. 10.in-addr. arpa. | service- rabbitmq- swarm-20. domain. tld.
# designate record-list domain.tld. | grep rabbit | sort -k8
| 4a48d632-
| 86bed374-
| 15147bb9-
| d6e5a1dd-
| eb419e11-
# designate record-list 0.104.10.
| aa247eb7-
| 3f888754-
| cafaedf2-
| 32b44c68-
| c9c1cbf1-
----- s n i p -----