Forge Home


This module allows managing of dns records on TransIP-hosted domains.


4,339 latest version

4.6 quality score

We run a couple of automated
scans to help you access a
module's quality. Each module is
given a score based on how well
the author has formatted their
code and documentation and
modules are also checked for
malware using VirusTotal.

Please note, the information below
is for guidance only and neither of
these methods should be considered
an endorsement by Puppet.

Version information

  • 0.4.0 (latest)
  • 0.3.1
  • 0.3.0
  • 0.2.0
  • 0.1.0
released Jun 2nd 2019
This version is compatible with:
  • Puppet Enterprise 2018.1.x, 2017.3.x
  • Puppet >= 5.0.0 < 6.0.0
  • ,

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'gerardkok-transip', '0.4.0'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add gerardkok-transip
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install gerardkok-transip --version 0.4.0

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.



gerardkok/transip — version 0.4.0 Jun 2nd 2019


Table of Contents

  1. Overview
  2. Module Description
  3. Setup
  4. Usage
  5. Reference
  6. Limitations
  7. Development


This module allows managing dns records on TransIP hosted domains.

Module Description

This module provides a custom provider to manage dns records on domains hosted on TransIP's DNS servers. The provider uses the TransIP API to handle changes.


What puppet-transip affects

  • This module potentially modifies the contents of dns records from your TransIP domains. If you also manage these records from elsewhere (for example, through the control panel), then these modifications might interfere.

Setup Requirements

For Puppet 5, the savon gem needs to be installed in /opt/puppetlabs/puppet/lib/ruby/gems on the instance you enable this module on. You can do this manually as follows:

$ sudo /opt/puppetlabs/puppet/bin/gem install savon

Alternatively, you can set manage_gems to 'true', to have the module install the necessary gems for you.

Because the transip_dns_entry type does not reference the savon gem, it shouldn't be needed to install it for use with Puppet Server on your puppet master.

Beginning with puppet-transip

This module should be enabled on one of your instances that is allowed to access the TransIP API over the Internet. It is perfectly possible to run this module on multiple instances, just be aware of interference when you're going to manage the same dns records. The TransIP API requires that you whitelist the public ip address of this instance.

Minimal usage:

class {
    username => 'TransIP control panel username',
    key_file => 'filename containing your TransIP private key'

The above configuration doesn't manage any dns records yet, but you can run puppet resource transip_dns_entry on the instance to get a list of all your TransIP dns records.



Example configuration through hiera:

transip::username: 'TransIP control panel username'
transip::key_file: 'filename containing your TransIP private key'
transip::readwrite: true
    ensure: 'present'
    ttl: '300'
    content: ''
    ensure: 'present'
    ttl: '86400'
    content: '10'

Let's Encrypt

To issue Let's Encrypt certificates using the dns challenge, you can use the example scripts in the scripts folder. adds the challenge to your TransIP dns records, while removes it. Example usage with certbot:

$ sudo certbot --text --agree-tos --non-interactive certonly -a manual --keep-until-expiring -d <domain> --preferred-challenges dns --manual-public-ip-logging-ok --manual-auth-hook <scripts/> --manual-cleanup-hook <scripts/> --expand

Note that has a (lengthy) timeout to give TransIP's authorized nameservers ample time to propagate the challenge.


The module provides the transip_dns_entry custom type that has an api provider.


transip class


The username used to access TransIP's control panel.


Private key to access the TransIP API. Get this from the API tab of your control panel. If you set both key and key_file, key will be used.


Filename of the file containing your private key to access the TransIP API. Get this from the API tab of your control panel. If you set both key and key_file, key will be used.


Boolean. If 'false', open a readonly connection, if 'true', open a readwrite connection. Will throw an error if you attempt to modify records over a readonly connection. Default 'false' (i.e. readonly).


The owner of the file containing the credentials. Default: depends on your operating system.


The group of the file containing the credentials. Default: depends on your operating system.


Boolean. If 'false', don't install the necessary gems, if 'true', do install the necessary gems. Default 'true'.


A hash of dns entry resources that the module will create.

transip_dns_entry type


The fully qualified domain name plus the type of your record, formatted like 'fqdn/type'. If you omit '/type', type defaults to 'A'. The origin sign '@' can be omitted. For example, if you want to create an MX record for your domain, use 'my.domain/MX' as transip_dns_entry name.


The fully qualified domain name. The fqdn will be matched against your TransIP domains, no match will result in an error. Defaults to the part of the name before the '/', or just name if name doesn't contain a '/'.


The type of the record. Possible values: 'A', 'AAAA', 'CAA', 'CNAME', 'MX', 'NS', 'SRV', 'TXT'. Defaults to the part of the name after the '/', or just 'A' if name doesn't contain a '/'.


The content of a record. This can be specified as an array, if this array has multiple entries, a record is created for each entry in your domain. For example, the puppet resource

transip_dns_entry {
    ensure  => 'present',
    ttl     => '300',
    content => ['', ''];

will result in two A records for '' in TransIP's dns tables.

If content is empty and content_handling is 'inclusive', or if type is 'CNAME' and content doesn't have precisely one entry, or content_handling is not 'minimum', an error is raised.


Possible values: 'minimum', 'inclusive'. Default: 'minimum'. Whether to treat the value of content as a complete list ('inclusive'), and remove records with content not in that list, or to treat the value of content as a list that should minimally exist ('minimum'), and not touch records with content not in the list.


The TTL field of a dns record. Defaults to 3600 seconds.


Currently tested with a very limited number of domains and dns records.

The locations of the credentials file is currently fixed to transip.yaml in the Puppet confdir.


Run pdk test unit to run all tests. The savon gem is not required to run the tests.