Merge "Refactor adns variables"
This commit is contained in:
commit
4a101da52a
@ -6,18 +6,27 @@ DNS
|
||||
###
|
||||
|
||||
The project runs authoritative DNS servers for any constituent
|
||||
projects that wish to use them. The servers run Bind on a hidden
|
||||
master which handles automatic DNSSEC zone signing while the public
|
||||
authoritative servers run NSD.
|
||||
projects that wish to use them.
|
||||
|
||||
Bind is run on a hidden master (`adns01.opendev.org`) which handles
|
||||
automatic DNSSEC zone signing. Any changes to the zone files are
|
||||
deployed here.
|
||||
|
||||
Secondary public authoritative servers run NSD and take zone transfers
|
||||
from the hidden primary. These are published in the NS records for
|
||||
the managed zones.
|
||||
|
||||
At a Glance
|
||||
===========
|
||||
|
||||
:Hosts:
|
||||
* adns01.opendev.org
|
||||
* ns1.opendev.org
|
||||
* ns2.opendev.org
|
||||
:Ansible:
|
||||
* :git_file:`inventory/service/group_vars/dns.yaml`
|
||||
* :git_file:`inventory/service/group_vars/adns.yaml`
|
||||
* :git_file:`inventory/service/group_vars/adns-primary.yaml`
|
||||
* :git_file:`inventory/service/group_vars/adns-secondary.yaml`
|
||||
:Projects:
|
||||
* https://www.nlnetlabs.nl/projects/nsd/
|
||||
* https://www.isc.org/downloads/bind/doc/
|
||||
|
17
inventory/service/group_vars/adns-primary.yaml
Normal file
17
inventory/service/group_vars/adns-primary.yaml
Normal file
@ -0,0 +1,17 @@
|
||||
dns_repos:
|
||||
- name: zone-opendev.org
|
||||
url: https://opendev.org/opendev/zone-opendev.org
|
||||
- name: zone-zuul-ci.org
|
||||
url: https://opendev.org/opendev/zone-zuul-ci.org
|
||||
- name: zone-gating.dev
|
||||
url: https://opendev.org/opendev/zone-gating.dev
|
||||
dns_notify:
|
||||
- 104.239.140.165
|
||||
- 162.253.55.16
|
||||
iptables_extra_allowed_hosts:
|
||||
- protocol: tcp
|
||||
port: 53
|
||||
hostname: ns1.opendev.org
|
||||
- protocol: tcp
|
||||
port: 53
|
||||
hostname: ns2.opendev.org
|
@ -1,17 +1,12 @@
|
||||
dns_repos:
|
||||
- name: zone-opendev.org
|
||||
url: https://opendev.org/opendev/zone-opendev.org
|
||||
- name: zone-zuul-ci.org
|
||||
url: https://opendev.org/opendev/zone-zuul-ci.org
|
||||
- name: zone-gating.dev
|
||||
url: https://opendev.org/opendev/zone-gating.dev
|
||||
dns_notify:
|
||||
- 104.239.140.165
|
||||
- 162.253.55.16
|
||||
iptables_extra_allowed_hosts:
|
||||
- protocol: tcp
|
||||
port: 53
|
||||
hostname: ns1.opendev.org
|
||||
- protocol: tcp
|
||||
port: 53
|
||||
hostname: ns2.opendev.org
|
||||
dns_zones:
|
||||
- name: gating.dev
|
||||
source: zone-gating.dev/zones/gating.dev/
|
||||
- name: opendev.org
|
||||
source: zone-opendev.org/zones/opendev.org/
|
||||
- name: acme.opendev.org
|
||||
source: zone-opendev.org/zones/acme.opendev.org/
|
||||
unmanaged: True
|
||||
- name: zuul-ci.org
|
||||
source: zone-zuul-ci.org/zones/zuul-ci.org/
|
||||
- name: zuulci.org
|
||||
source: zone-zuul-ci.org/zones/zuulci.org/
|
||||
|
@ -1,12 +0,0 @@
|
||||
dns_zones:
|
||||
- name: gating.dev
|
||||
source: zone-gating.dev/zones/gating.dev/
|
||||
- name: opendev.org
|
||||
source: zone-opendev.org/zones/opendev.org/
|
||||
- name: acme.opendev.org
|
||||
source: zone-opendev.org/zones/acme.opendev.org/
|
||||
unmanaged: True
|
||||
- name: zuul-ci.org
|
||||
source: zone-zuul-ci.org/zones/zuul-ci.org/
|
||||
- name: zuulci.org
|
||||
source: zone-zuul-ci.org/zones/zuulci.org/
|
@ -1,6 +1,10 @@
|
||||
plugin: yamlgroup
|
||||
groups:
|
||||
adns: adns*.open*.org
|
||||
adns:
|
||||
- adns*.opendev.org
|
||||
- ns*.opendev.org
|
||||
adns-primary: adns*.opendev.org
|
||||
adns-secondary: ns*.opendev.org
|
||||
afs-server-common:
|
||||
- afs[0-9]*.openstack.org
|
||||
- afsdb[0-9]*.openstack.org
|
||||
@ -51,9 +55,6 @@ groups:
|
||||
control-plane-clouds:
|
||||
- bridge*.open*.org
|
||||
disabled: []
|
||||
dns:
|
||||
- adns*.opendev.org
|
||||
- ns*.opendev.org
|
||||
eavesdrop: eavesdrop[0-9]*.opendev.org
|
||||
etherpad: etherpad[0-9]*.opendev.org
|
||||
gitea:
|
||||
@ -123,8 +124,6 @@ groups:
|
||||
- nb[0-9]*.opendev.org
|
||||
nodepool-launcher:
|
||||
- nl[0-9]*.open*.org
|
||||
ns:
|
||||
- ns[0-9]*.open*.org
|
||||
paste:
|
||||
- paste[0-9]*.opendev.org
|
||||
puppet:
|
||||
|
@ -9,7 +9,7 @@
|
||||
roles:
|
||||
- letsencrypt-acme-sh-install
|
||||
- letsencrypt-request-certs
|
||||
- hosts: "adns:!disabled"
|
||||
- hosts: "adns-primary:!disabled"
|
||||
name: "Install txt records"
|
||||
roles:
|
||||
- letsencrypt-install-txt-record
|
||||
|
@ -5,7 +5,11 @@ results:
|
||||
|
||||
adns1.opendev.org:
|
||||
- adns
|
||||
- dns
|
||||
- adns-primary
|
||||
|
||||
ns1.opendev.org:
|
||||
- adns
|
||||
- adns-secondary
|
||||
|
||||
afs01.dfw.openstack.org:
|
||||
- afs-server-common
|
||||
|
@ -1,11 +1,11 @@
|
||||
- hosts: adns:!disabled
|
||||
name: "Base: configure adns server"
|
||||
- hosts: adns-primary:!disabled
|
||||
name: "Base: configure primary authoritative nameserver"
|
||||
roles:
|
||||
- iptables
|
||||
- master-nameserver
|
||||
|
||||
- hosts: "ns1.opendev.org:ns2.opendev.org:!disabled"
|
||||
name: "Base: configure authoritative nameservers"
|
||||
- hosts: "adns-secondary:!disabled"
|
||||
name: "Base: configure secondary authoritative nameservers"
|
||||
roles:
|
||||
- iptables
|
||||
- nameserver
|
||||
|
@ -114,11 +114,11 @@
|
||||
dest: "/etc/ansible/hosts/{{ item }}"
|
||||
loop:
|
||||
- group_vars/all.yaml
|
||||
- group_vars/adns.yaml
|
||||
- group_vars/adns-primary.yaml
|
||||
- group_vars/adns-secondary.yaml
|
||||
- group_vars/bastion.yaml
|
||||
- group_vars/eavesdrop.yaml
|
||||
- group_vars/nodepool.yaml
|
||||
- group_vars/ns.yaml
|
||||
- group_vars/registry.yaml
|
||||
- group_vars/gitea.yaml
|
||||
- group_vars/gitea-lb.yaml
|
||||
|
@ -152,7 +152,8 @@
|
||||
- inventory/base
|
||||
- playbooks/service-nameserver.yaml
|
||||
- inventory/service/group_vars/adns.yaml
|
||||
- inventory/service/group_vars/ns.yaml
|
||||
- inventory/service/group_vars/adns-primary.yaml
|
||||
- inventory/service/group_vars/adns-secondary.yaml
|
||||
- playbooks/roles/master-nameserver/
|
||||
- playbooks/roles/nameserver/
|
||||
- playbooks/roles/iptables/
|
||||
|
@ -440,10 +440,11 @@
|
||||
'/var/lib/bind/zones': logs
|
||||
files:
|
||||
- playbooks/bootstrap-bridge.yaml
|
||||
- inventory/service/group_vars/adns-primary.yaml
|
||||
- inventory/service/group_vars/adns-secondary.yaml
|
||||
- inventory/service/group_vars/adns.yaml
|
||||
- inventory/service/group_vars/dns.yaml
|
||||
- playbooks/zuul/templates/group_vars/adns.yaml.j2
|
||||
- playbooks/zuul/templates/group_vars/ns.yaml.j2
|
||||
- playbooks/zuul/templates/group_vars/adns-primary.yaml.j2
|
||||
- playbooks/zuul/templates/group_vars/adns-secondary.yaml.j2
|
||||
- playbooks/roles/master-nameserver/
|
||||
- playbooks/roles/nameserver/
|
||||
- testinfra/test_adns.py
|
||||
|
Loading…
Reference in New Issue
Block a user