83ced7f6e6
Make inventory/service for service-specific things, including the groups.yaml group definitions, and inventory/base for hostvars related to the base system, including the list of hosts. Move the exisitng host_vars into inventory/service, since most of them are likely service-specific. Move group_vars/all.yaml into base/group_vars as almost all of it is related to base things, with the execption of the gerrit public key. A followup patch will move host-specific values into equivilent files in inventory/base. This should let us override hostvars in gate jobs. It should also allow us to do better file matchers - and to be able to organize our playbooks move if we want to. Depends-On: https://review.opendev.org/731583 Change-Id: Iddf57b5be47c2e9de16b83a1bc83bee25db995cf
1.1 KiB
1.1 KiB
- title
-
DNS
DNS
The project runs authoritative DNS servers for any constituent projects that wish to use them. The servers run Bind on a hidden master which handles automatic DNSSEC zone signing while the public authoritative servers run NSD.
At a Glance
- Hosts
-
- ns1.opendev.org
- ns2.opendev.org
- Ansible
- Projects
Adding a Zone
To add a new zone, identify an existing git repository or create a new one to hold the contents of the zone, then update :git_file:`inventory/service/group_vars/dns.yaml`.
Run:
dnssec-keygen -a RSASHA256 -b 2048 -3 example.net
dnssec-keygen -a RSASHA256 -b 2048 -3 -fk example.netAnd add the resulting files to the dnssec_keys key in the group/adns.yaml private hostvars file on puppetmaster.
If you need to generate DS records for the registrar, identify which of the just-created key files is the key-signing key by examining the contents of the files and reading the comments therein, then run:
dnssec-dsfromkey -2 $KEYFILE