From a2569707fe193d829975324240b1d7758c78009e Mon Sep 17 00:00:00 2001 From: Ian Wienand Date: Thu, 9 Mar 2023 14:29:06 +1100 Subject: [PATCH] dns variables : move to canonical locations We have three groups adns : the hidden primary bind server ns : the secondary public authoratitive servers dns : both of the above Only the primary server needs to clone the bind config repos and notify the secondary servers on updates. So the dns_repos and dns_notify arguments can go into adns.yaml so they're only available to the primary server. Only the secondary servers need to know the ip address of the master/primary server so it can allow itself to be notified by that IP, and do transfer requests. So dns_master_ipv<4|6> can live in ns.yaml This leaves in dns.yaml the one thing both have to agree on, which is the zones to transfer betwen each other. Change-Id: Ibd8063e92ad7ff9ee683dcc7dfcc115a0b19dcaa --- inventory/service/group_vars/adns.yaml | 10 ++++++++++ inventory/service/group_vars/dns.yaml | 12 ------------ inventory/service/group_vars/ns.yaml | 3 +++ 3 files changed, 13 insertions(+), 12 deletions(-) diff --git a/inventory/service/group_vars/adns.yaml b/inventory/service/group_vars/adns.yaml index 4b749cfb54..a6c401a82c 100644 --- a/inventory/service/group_vars/adns.yaml +++ b/inventory/service/group_vars/adns.yaml @@ -1,3 +1,13 @@ +dns_repos: + - name: zone-opendev.org + url: https://opendev.org/opendev/zone-opendev.org + - name: zone-zuul-ci.org + url: https://opendev.org/opendev/zone-zuul-ci.org + - name: zone-gating.dev + url: https://opendev.org/opendev/zone-gating.dev +dns_notify: + - 104.239.140.165 + - 162.253.55.16 iptables_extra_allowed_hosts: - protocol: tcp port: 53 diff --git a/inventory/service/group_vars/dns.yaml b/inventory/service/group_vars/dns.yaml index 3bec75ff8c..27e0cdf358 100644 --- a/inventory/service/group_vars/dns.yaml +++ b/inventory/service/group_vars/dns.yaml @@ -1,10 +1,3 @@ -dns_repos: - - name: zone-opendev.org - url: https://opendev.org/opendev/zone-opendev.org - - name: zone-zuul-ci.org - url: https://opendev.org/opendev/zone-zuul-ci.org - - name: zone-gating.dev - url: https://opendev.org/opendev/zone-gating.dev dns_zones: - name: gating.dev source: zone-gating.dev/zones/gating.dev/ @@ -17,8 +10,3 @@ dns_zones: source: zone-zuul-ci.org/zones/zuul-ci.org/ - name: zuulci.org source: zone-zuul-ci.org/zones/zuulci.org/ -dns_notify: - - 104.239.140.165 - - 162.253.55.16 -dns_master_ipv4: 104.239.146.24 -dns_master_ipv6: 2001:4800:7819:104:be76:4eff:fe04:43d0 diff --git a/inventory/service/group_vars/ns.yaml b/inventory/service/group_vars/ns.yaml index 416da9c806..5142f04e23 100644 --- a/inventory/service/group_vars/ns.yaml +++ b/inventory/service/group_vars/ns.yaml @@ -1,3 +1,6 @@ +dns_master_ipv4: 104.239.146.24 +dns_master_ipv6: 2001:4800:7819:104:be76:4eff:fe04:43d0 + iptables_extra_public_tcp_ports: - 53 iptables_extra_public_udp_ports: