From a4efec61af62db271754ca8b8d5fe2a9b55d897c Mon Sep 17 00:00:00 2001 From: Ian Wienand Date: Thu, 13 Apr 2023 11:19:19 +1000 Subject: [PATCH] dns: move tsig_key into common group variable The tsig_key value is a shared secret between the hidden-primary and secondary servers to facilitate secure zone transfers. Thus we should store it once in the common "adns" group, rather than duplicating it in the adns-primary and ads-secondary. Change-Id: I600f1ecdfc06bda79b6a4ce77253f489ad515fa5 --- playbooks/zuul/run-base.yaml | 2 +- playbooks/zuul/templates/group_vars/adns-primary.yaml.j2 | 3 --- .../group_vars/{adns-secondary.yaml.j2 => adns.yaml.j2} | 0 3 files changed, 1 insertion(+), 4 deletions(-) rename playbooks/zuul/templates/group_vars/{adns-secondary.yaml.j2 => adns.yaml.j2} (100%) diff --git a/playbooks/zuul/run-base.yaml b/playbooks/zuul/run-base.yaml index a23c493568..3ae2825c2e 100644 --- a/playbooks/zuul/run-base.yaml +++ b/playbooks/zuul/run-base.yaml @@ -114,8 +114,8 @@ dest: "/etc/ansible/hosts/{{ item }}" loop: - group_vars/all.yaml + - group_vars/adns.yaml - group_vars/adns-primary.yaml - - group_vars/adns-secondary.yaml - group_vars/bastion.yaml - group_vars/eavesdrop.yaml - group_vars/nodepool.yaml diff --git a/playbooks/zuul/templates/group_vars/adns-primary.yaml.j2 b/playbooks/zuul/templates/group_vars/adns-primary.yaml.j2 index e1313632f8..3ba8627d04 100644 --- a/playbooks/zuul/templates/group_vars/adns-primary.yaml.j2 +++ b/playbooks/zuul/templates/group_vars/adns-primary.yaml.j2 @@ -1,6 +1,3 @@ -tsig_key: - algorithm: hmac-md5 - secret: 9zO/4WnUinnLHISPgDI5Aw== dnssec_keys: '18093': zone: zuulci.org diff --git a/playbooks/zuul/templates/group_vars/adns-secondary.yaml.j2 b/playbooks/zuul/templates/group_vars/adns.yaml.j2 similarity index 100% rename from playbooks/zuul/templates/group_vars/adns-secondary.yaml.j2 rename to playbooks/zuul/templates/group_vars/adns.yaml.j2