diff --git a/doc/source/dns.rst b/doc/source/dns.rst index 23be238633..bce0491635 100644 --- a/doc/source/dns.rst +++ b/doc/source/dns.rst @@ -8,7 +8,7 @@ DNS The project runs authoritative DNS servers for any constituent projects that wish to use them. -Bind is run on a hidden master (`adns01.opendev.org`) which handles +Bind is run on a hidden master (`adns02.opendev.org`) which handles automatic DNSSEC zone signing. Any changes to the zone files are deployed here. @@ -20,9 +20,9 @@ At a Glance =========== :Hosts: - * adns01.opendev.org - * ns1.opendev.org - * ns2.opendev.org + * adns02.opendev.org + * ns03.opendev.org + * ns04.opendev.org :Ansible: * :git_file:`inventory/service/group_vars/adns.yaml` * :git_file:`inventory/service/group_vars/adns-primary.yaml` diff --git a/hiera/common.yaml b/hiera/common.yaml index 26c344fe98..61410ed301 100644 --- a/hiera/common.yaml +++ b/hiera/common.yaml @@ -1,7 +1,6 @@ --- infra_apache_serveradmin: noc@openstack.org cacti_hosts: -- adns1.opendev.org - adns02.opendev.org - afs01.dfw.openstack.org - afs02.dfw.openstack.org @@ -38,8 +37,6 @@ cacti_hosts: - nl02.opendev.org - nl03.opendev.org - nl04.opendev.org -- ns1.opendev.org -- ns2.opendev.org - ns03.opendev.org - ns04.opendev.org - paste.openstack.org diff --git a/inventory/base/hosts.yaml b/inventory/base/hosts.yaml index 65555dd26c..357af1e1cb 100644 --- a/inventory/base/hosts.yaml +++ b/inventory/base/hosts.yaml @@ -1,16 +1,5 @@ all: hosts: - adns1.opendev.org: - ansible_host: 104.239.146.24 - location: - cloud: openstackci-rax - region_name: DFW - public_v4: 104.239.146.24 - public_v6: 2001:4800:7819:104:be76:4eff:fe04:43d0 - host_keys: - - 'ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJhNOmxKAcM5+P2FONlrSq6oEp9tKGoFy42gDBqdDlqmiskANu9IrCbpAxbSo3a5eCsdixVSK7O0bG9kA9VbYgM=' - - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCzmllJ2v20az3YEDwtslhjExKOSPtSjG/OCIE1Y8/1tt25WVt5bTwZifNrYw6r+3bOHeZ47IdZOvUzWq2KZDxJKGrfzToFU5LQfz+p6S+q0O7WGgDwY2MBxSY7QxgWf0S3H4KPxg4T9lmXMakjBiS3y6g7e5WJOY4jsvbtPf94xLxiOLG8jt/+2BABkHPTYrPbJEAJcZXy4lMkMb3AeZH6xTg5lB889690hLQfbgym3jiLkwrloxZQ5q1jL3lOsc9lGPElxcuBwH8WbSD1iw1qlUVtsMHub7rSk/39EcJjK7TDKUbO02IDEMlo2a8BTUi7rViz7QNIuQMk+vwiv3Sr' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAhNq/59Rc5dIZLScfcGGw45Jp9UVx0980XiBLpY3MMf' adns02.opendev.org: ansible_host: 104.239.136.158 location: @@ -566,28 +555,6 @@ all: - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCjyQFfbChdZ3vmhwCURHNjvsXdlS3OTVXOIVcRQWksEXUyZ9boIdahchZ2A+QPAUpPVFdDaE1pa9YV5OlYJ5eUVVJNdpgShsShAiPdValN5/xp8fiDfLkXzgmVqZWXQgMN4plvMqFzLQJ6AwZ/8/fr2ibdpn8SPvN2MAcqYfmLsGTcxamPIT2KbRTJfluox7HbNKPL5m3oDgOxDLS7CheCAOc28xfPD+9ToRsRYVCmxtgyadSDCcmsKAW2MeERmyAkwtk7cj/Xk02l4UKkQa/vSJ9fXlAeuVJYxMCXC1NcDhgetuRpYE0i+I69fqlH7cKrrY2AVHINt/fY9YKWcpcYEaNDpK1zslNyfCJEoP/LA+7LiC/DPPl8wGVvciPS388nYQiUqcTgZIduRLIoqjY+elyFUwNOtQuQjrw50zSL+t05gNp/uacgLw1eLBxx5WOMqWvP749fp+dIPLGCiYSYc19UjjVwb9YQEzj6hh+IYXUVsG2xmKgrxworUDxUhkE=' - 'ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKsn/AsbXB708dzc4YeKFDTwRY6Z9dtjkMRWqr4nbhIz9ZlUxZb/xqwHdpBvBw0uZ4Hp9tEC9ZpVLefeCMdZBrc=' - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFIJlwjkk23o66fxe3AzedfsHx3zTKfyWV65OKlxMdcw' - ns1.opendev.org: - ansible_host: 104.239.140.165 - location: - cloud: openstackci-rax - region_name: DFW - public_v4: 104.239.140.165 - public_v6: 2001:4800:7819:104:be76:4eff:fe04:38f0 - host_keys: - - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDFJVim2m42pZdUD0pz14bmIGNnWmUvr4SCIM7RmX4wjy6Shty0hBKHB9VrBOg+PHxE0P8KX3TsKysr7qZsVTWYBLRJSOJ6gjVm/0N8OMC3noAiR/fQd5d4a+LP0KyY1KvbvOKKrAa4FXsFUJXB1Yt359BxBe6+3MEBWHoVMv6Lrb92Sm7i0FpW3W/o6UpGYCtfFAT65Kaz7iM0hiDnm7rb6V1/lKu8K17brBPPCaxJLc2s7aZWt8viNBu0tfIK8LK1bevRdu1rDfCFHM7QswnbDHzW+Uf47TjnZDwNlZw/0x97+16Wz4aR6YfMqmWdgZh5AVJQKgNBs4sXuBrLs4L5' - - 'ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBI6BCBBo4tBXtDNEqDdMyw5rmYeZeUPQ4zw/XRvuNVZNvQv035w2UyRShUXFeolFniRkffnyqfMB8f61EUgSuYI=' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPS0n96kufpvGcFdTkvERZOg/15Bgp9Y14ivWoRD3a8f' - ns2.opendev.org: - ansible_host: 162.253.55.16 - location: - cloud: openstackci-vexxhost - region_name: ca-ymq-1 - public_v4: 162.253.55.16 - public_v6: 2604:e100:1:0:f816:3eff:fe2c:7447 - host_keys: - - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDDX3+pHRBQGNg3csn73kCdVLmO7vhG9KuuI6pInfwSA3BR5SaN7x/4koUniKk/FP0SzeQUCV3cvvC4R15h1aDre1pBdMV+kf+pQxcnnPVV086g9QsxJIofGjadi7c/bB9gQw/h06k4wQPYh4qwGMLii++ZnHkJ1zCGmXmZ6wAbeXpyNKkexVwIfYYrbcmal6vn3wgACo36YuxvPxJzVnFuQXD3/FA1DFwVxGymg5sBatrw3ETXlJfAp2uVi9edJtq2OoLaWkqIQpMvT4wYeWG4TyJpJ4Yh9cvUDTLzsOX45/mHd2RTXBgalsBSQCpa8xcZOLRlEsxPezis3SJS2iFB' - - 'ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKvhZ3Gi4/ScUwbH9jZNeDv6t1uONiUvopOYd5kQ4zsL9TIjHO50zr+BFcopRquH1fvwTcqLYxpNU1yCBM1mZ+A=' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGZBH0qkdPnBdqZ+KWA/N06EmTG+i0GtaMvj070GfqN/' ns03.opendev.org: ansible_host: 104.239.145.127 location: diff --git a/inventory/service/group_vars/adns-primary.yaml b/inventory/service/group_vars/adns-primary.yaml index 7fed4e0c56..73efa5d800 100644 --- a/inventory/service/group_vars/adns-primary.yaml +++ b/inventory/service/group_vars/adns-primary.yaml @@ -6,21 +6,11 @@ dns_repos: - name: zone-gating.dev url: https://opendev.org/opendev/zone-gating.dev dns_notify: - # ns1.opendev.org - - 104.239.140.165 - # ns2.opendev.org - - 162.253.55.16 # ns03.opendev.org - 104.239.145.127 # ns04.opendev.org - 162.253.55.23 iptables_extra_allowed_hosts: - - protocol: tcp - port: 53 - hostname: ns1.opendev.org - - protocol: tcp - port: 53 - hostname: ns2.opendev.org - protocol: tcp port: 53 hostname: ns03.opendev.org diff --git a/inventory/service/group_vars/adns-secondary.yaml b/inventory/service/group_vars/adns-secondary.yaml index 5142f04e23..579e44f177 100644 --- a/inventory/service/group_vars/adns-secondary.yaml +++ b/inventory/service/group_vars/adns-secondary.yaml @@ -1,5 +1,6 @@ -dns_master_ipv4: 104.239.146.24 -dns_master_ipv6: 2001:4800:7819:104:be76:4eff:fe04:43d0 +# adns02.opendev.org +dns_master_ipv4: 104.239.136.158 +dns_master_ipv6: 2001:4801:7827:102:397b:de86:1265:fe84 iptables_extra_public_tcp_ports: - 53