As discussed on IRC we need to improve the current sre.dns.netbox cookbook to cope with emergency scenarios with the following:
- allow to run it and merge and push the changes without deploying them to the actual gdnsd (basically skiiping the authdns-update). This will allow to stage some automated changes that require also a commit in the manual repository. The workflow would be as follows:
- perform changes in Netbox
- run the sre.dns.netbox cookbook with the --skip-authdns-update flag
- merge the related manual patch needed in the operations/dns repository
- manually run the authdns-update script that will deploy both changes at the same time
- add an emergency edit mode to the cookbook that will generate all the records as usual but then stop to allow the user to ssh into netbox1001 in a temporary path, manually edit any file, commit --amend them and give back to the cookbook the SHA1 of the new commit to push. At this point the cookbook will continue it's usual deploy with the modified files.