Make ns*.openstack.org authoritative slaves

Slaved to adns1.openstack.org, our hidden master.

Change-Id: I12e29506b1ae589db045830f3b866654b6647a58
This commit is contained in:
James E. Blair 2017-12-18 15:59:48 -08:00
parent 4ccf277850
commit 942a42b9e3

View File

@ -853,13 +853,29 @@ node /^ns\d+\.openstack\.org$/ {
class { 'openstack_project::server':
sysadmins => hiera('sysadmins', []),
iptables_public_udp_ports => [53],
iptables_public_tcp_ports => [53],
}
$tsig_key = hiera('tsig_key', {})
if $tsig_key != {} {
$tsig_name = 'tsig'
nsd::tsig { 'tsig':
algo => $tsig_key[algorithm],
data => $tsig_key[secret],
}
} else {
$tsig_name = undef
}
class { '::nsd':
ip_addresses => [ $::ipaddress, $::ipaddress6 ],
zones => {
'master_zones' => {
'zones' => ['zuul-ci.org'],
},
'adns1_zones' => {
allow_notify => dns_a('adns1.openstack.org'),
masters => dns_a('adns1.openstack.org'),
zones => ['zuul-ci.org'],
tsig_name => $tsig_name,
}
}
}
}