From 436f9561402a6fedd0388ad8c80653898782d337 Mon Sep 17 00:00:00 2001
From: Ian Wienand <iwienand@redhat.com>
Date: Tue, 18 Apr 2023 17:02:54 +1000
Subject: [PATCH] Remove old DNS servers

Remove adns1/ns1/ns2 which are no longer in use.  Switch the primary
master to adns02; the secondaries ns03/ns04 will now update from
there.

Change-Id: I700a514dd2b72b2632e8d0668251f52907008d44
Depends-On: https://review.opendev.org/c/opendev/zone-opendev.org/+/880709
---
 doc/source/dns.rst                            |  8 ++---
 hiera/common.yaml                             |  3 --
 inventory/base/hosts.yaml                     | 33 -------------------
 .../service/group_vars/adns-primary.yaml      | 10 ------
 .../service/group_vars/adns-secondary.yaml    |  5 +--
 5 files changed, 7 insertions(+), 52 deletions(-)

diff --git a/doc/source/dns.rst b/doc/source/dns.rst
index 23be238633..bce0491635 100644
--- a/doc/source/dns.rst
+++ b/doc/source/dns.rst
@@ -8,7 +8,7 @@ DNS
 The project runs authoritative DNS servers for any constituent
 projects that wish to use them.
 
-Bind is run on a hidden master (`adns01.opendev.org`) which handles
+Bind is run on a hidden master (`adns02.opendev.org`) which handles
 automatic DNSSEC zone signing.  Any changes to the zone files are
 deployed here.
 
@@ -20,9 +20,9 @@ At a Glance
 ===========
 
 :Hosts:
-  * adns01.opendev.org
-  * ns1.opendev.org
-  * ns2.opendev.org
+  * adns02.opendev.org
+  * ns03.opendev.org
+  * ns04.opendev.org
 :Ansible:
   * :git_file:`inventory/service/group_vars/adns.yaml`
   * :git_file:`inventory/service/group_vars/adns-primary.yaml`
diff --git a/hiera/common.yaml b/hiera/common.yaml
index 26c344fe98..61410ed301 100644
--- a/hiera/common.yaml
+++ b/hiera/common.yaml
@@ -1,7 +1,6 @@
 ---
 infra_apache_serveradmin: noc@openstack.org
 cacti_hosts:
-- adns1.opendev.org
 - adns02.opendev.org
 - afs01.dfw.openstack.org
 - afs02.dfw.openstack.org
@@ -38,8 +37,6 @@ cacti_hosts:
 - nl02.opendev.org
 - nl03.opendev.org
 - nl04.opendev.org
-- ns1.opendev.org
-- ns2.opendev.org
 - ns03.opendev.org
 - ns04.opendev.org
 - paste.openstack.org
diff --git a/inventory/base/hosts.yaml b/inventory/base/hosts.yaml
index 65555dd26c..357af1e1cb 100644
--- a/inventory/base/hosts.yaml
+++ b/inventory/base/hosts.yaml
@@ -1,16 +1,5 @@
 all:
   hosts:
-    adns1.opendev.org:
-      ansible_host: 104.239.146.24
-      location:
-        cloud: openstackci-rax
-        region_name: DFW
-      public_v4: 104.239.146.24
-      public_v6: 2001:4800:7819:104:be76:4eff:fe04:43d0
-      host_keys:
-        - 'ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJhNOmxKAcM5+P2FONlrSq6oEp9tKGoFy42gDBqdDlqmiskANu9IrCbpAxbSo3a5eCsdixVSK7O0bG9kA9VbYgM='
-        - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCzmllJ2v20az3YEDwtslhjExKOSPtSjG/OCIE1Y8/1tt25WVt5bTwZifNrYw6r+3bOHeZ47IdZOvUzWq2KZDxJKGrfzToFU5LQfz+p6S+q0O7WGgDwY2MBxSY7QxgWf0S3H4KPxg4T9lmXMakjBiS3y6g7e5WJOY4jsvbtPf94xLxiOLG8jt/+2BABkHPTYrPbJEAJcZXy4lMkMb3AeZH6xTg5lB889690hLQfbgym3jiLkwrloxZQ5q1jL3lOsc9lGPElxcuBwH8WbSD1iw1qlUVtsMHub7rSk/39EcJjK7TDKUbO02IDEMlo2a8BTUi7rViz7QNIuQMk+vwiv3Sr'
-        - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAhNq/59Rc5dIZLScfcGGw45Jp9UVx0980XiBLpY3MMf'
     adns02.opendev.org:
       ansible_host: 104.239.136.158
       location:
@@ -566,28 +555,6 @@ all:
         - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCjyQFfbChdZ3vmhwCURHNjvsXdlS3OTVXOIVcRQWksEXUyZ9boIdahchZ2A+QPAUpPVFdDaE1pa9YV5OlYJ5eUVVJNdpgShsShAiPdValN5/xp8fiDfLkXzgmVqZWXQgMN4plvMqFzLQJ6AwZ/8/fr2ibdpn8SPvN2MAcqYfmLsGTcxamPIT2KbRTJfluox7HbNKPL5m3oDgOxDLS7CheCAOc28xfPD+9ToRsRYVCmxtgyadSDCcmsKAW2MeERmyAkwtk7cj/Xk02l4UKkQa/vSJ9fXlAeuVJYxMCXC1NcDhgetuRpYE0i+I69fqlH7cKrrY2AVHINt/fY9YKWcpcYEaNDpK1zslNyfCJEoP/LA+7LiC/DPPl8wGVvciPS388nYQiUqcTgZIduRLIoqjY+elyFUwNOtQuQjrw50zSL+t05gNp/uacgLw1eLBxx5WOMqWvP749fp+dIPLGCiYSYc19UjjVwb9YQEzj6hh+IYXUVsG2xmKgrxworUDxUhkE='
         - 'ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKsn/AsbXB708dzc4YeKFDTwRY6Z9dtjkMRWqr4nbhIz9ZlUxZb/xqwHdpBvBw0uZ4Hp9tEC9ZpVLefeCMdZBrc='
         - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFIJlwjkk23o66fxe3AzedfsHx3zTKfyWV65OKlxMdcw'
-    ns1.opendev.org:
-      ansible_host: 104.239.140.165
-      location:
-        cloud: openstackci-rax
-        region_name: DFW
-      public_v4: 104.239.140.165
-      public_v6: 2001:4800:7819:104:be76:4eff:fe04:38f0
-      host_keys:
-        - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDFJVim2m42pZdUD0pz14bmIGNnWmUvr4SCIM7RmX4wjy6Shty0hBKHB9VrBOg+PHxE0P8KX3TsKysr7qZsVTWYBLRJSOJ6gjVm/0N8OMC3noAiR/fQd5d4a+LP0KyY1KvbvOKKrAa4FXsFUJXB1Yt359BxBe6+3MEBWHoVMv6Lrb92Sm7i0FpW3W/o6UpGYCtfFAT65Kaz7iM0hiDnm7rb6V1/lKu8K17brBPPCaxJLc2s7aZWt8viNBu0tfIK8LK1bevRdu1rDfCFHM7QswnbDHzW+Uf47TjnZDwNlZw/0x97+16Wz4aR6YfMqmWdgZh5AVJQKgNBs4sXuBrLs4L5'
-        - 'ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBI6BCBBo4tBXtDNEqDdMyw5rmYeZeUPQ4zw/XRvuNVZNvQv035w2UyRShUXFeolFniRkffnyqfMB8f61EUgSuYI='
-        - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPS0n96kufpvGcFdTkvERZOg/15Bgp9Y14ivWoRD3a8f'
-    ns2.opendev.org:
-      ansible_host: 162.253.55.16
-      location:
-        cloud: openstackci-vexxhost
-        region_name: ca-ymq-1
-      public_v4: 162.253.55.16
-      public_v6: 2604:e100:1:0:f816:3eff:fe2c:7447
-      host_keys:
-        - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDDX3+pHRBQGNg3csn73kCdVLmO7vhG9KuuI6pInfwSA3BR5SaN7x/4koUniKk/FP0SzeQUCV3cvvC4R15h1aDre1pBdMV+kf+pQxcnnPVV086g9QsxJIofGjadi7c/bB9gQw/h06k4wQPYh4qwGMLii++ZnHkJ1zCGmXmZ6wAbeXpyNKkexVwIfYYrbcmal6vn3wgACo36YuxvPxJzVnFuQXD3/FA1DFwVxGymg5sBatrw3ETXlJfAp2uVi9edJtq2OoLaWkqIQpMvT4wYeWG4TyJpJ4Yh9cvUDTLzsOX45/mHd2RTXBgalsBSQCpa8xcZOLRlEsxPezis3SJS2iFB'
-        - 'ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKvhZ3Gi4/ScUwbH9jZNeDv6t1uONiUvopOYd5kQ4zsL9TIjHO50zr+BFcopRquH1fvwTcqLYxpNU1yCBM1mZ+A='
-        - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGZBH0qkdPnBdqZ+KWA/N06EmTG+i0GtaMvj070GfqN/'
     ns03.opendev.org:
       ansible_host: 104.239.145.127
       location:
diff --git a/inventory/service/group_vars/adns-primary.yaml b/inventory/service/group_vars/adns-primary.yaml
index 7fed4e0c56..73efa5d800 100644
--- a/inventory/service/group_vars/adns-primary.yaml
+++ b/inventory/service/group_vars/adns-primary.yaml
@@ -6,21 +6,11 @@ dns_repos:
   - name: zone-gating.dev
     url: https://opendev.org/opendev/zone-gating.dev
 dns_notify:
-  # ns1.opendev.org
-  - 104.239.140.165
-  # ns2.opendev.org
-  - 162.253.55.16
   # ns03.opendev.org
   - 104.239.145.127
   # ns04.opendev.org
   - 162.253.55.23
 iptables_extra_allowed_hosts:
-  - protocol: tcp
-    port: 53
-    hostname: ns1.opendev.org
-  - protocol: tcp
-    port: 53
-    hostname: ns2.opendev.org
   - protocol: tcp
     port: 53
     hostname: ns03.opendev.org
diff --git a/inventory/service/group_vars/adns-secondary.yaml b/inventory/service/group_vars/adns-secondary.yaml
index 5142f04e23..579e44f177 100644
--- a/inventory/service/group_vars/adns-secondary.yaml
+++ b/inventory/service/group_vars/adns-secondary.yaml
@@ -1,5 +1,6 @@
-dns_master_ipv4: 104.239.146.24
-dns_master_ipv6: 2001:4800:7819:104:be76:4eff:fe04:43d0
+# adns02.opendev.org
+dns_master_ipv4: 104.239.136.158
+dns_master_ipv6: 2001:4801:7827:102:397b:de86:1265:fe84
 
 iptables_extra_public_tcp_ports:
   - 53