opendev/system-config
Code Issues Proposed changes

dns: move tsig_key into common group variable

Browse Source 
The tsig_key value is a shared secret between the hidden-primary and
secondary servers to facilitate secure zone transfers.  Thus we should
store it once in the common "adns" group, rather than duplicating it
in the adns-primary and ads-secondary.

Change-Id: I600f1ecdfc06bda79b6a4ce77253f489ad515fa5
This commit is contained in:
Ian Wienand 2023-04-13 11:19:19 +10:00
parent b0d27692de
commit a4efec61af
No known key found for this signature in database
3 changed files with 1 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
playbooks/zuul/run-base.yaml
View File

@ -114,8 +114,8 @@
dest: "/etc/ansible/hosts/{{ item }}"
loop:
- group_vars/all.yaml
- group_vars/adns.yaml
- group_vars/adns-primary.yaml
- group_vars/adns-secondary.yaml
- group_vars/bastion.yaml
- group_vars/eavesdrop.yaml
- group_vars/nodepool.yaml

3
playbooks/zuul/templates/group_vars/adns-primary.yaml.j2
View File

@ -1,6 +1,3 @@
tsig_key:
algorithm: hmac-md5
secret: 9zO/4WnUinnLHISPgDI5Aw==
dnssec_keys:
'18093':
zone: zuulci.org

0
playbooks/zuul/templates/group_vars/adns-secondary.yaml.j2 → playbooks/zuul/templates/group_vars/adns.yaml.j2
View File