opendev/system-config
Code Issues Proposed changes
system-config/inventory/service/groups.yaml
Ian Wienand b0d27692de
Refactor adns variables 
Firstly, my understanding of "adns" is that it's short for
authoritative-dns; i.e. things related to our main non-recursive DNS
servers for the zones we manage.  The "a" is useful to distinguish
this from any sort of other dns services we might run for CI, etc.

The way we do this is with a "hidden" server that applies updates from
config management, which then notifies secondary public servers which
do a zone transfer from the primary.  They're all "authoritative" in
the sense they're not for general recursive queries.

As mentioned in Ibd8063e92ad7ff9ee683dcc7dfcc115a0b19dcaa, we
currently have 3 groups

 adns : the hidden primary bind server
 ns : the secondary public authoratitive servers
 dns : both of the above

This proposes a refactor into the following 3 groups

 adns-primary : hidden primary bind server
 adns-secondary : the secondary public authoritative servers
 adns : both of the above

This is meant to be a no-op; I just feel like this makes it a bit
clearer as to the "lay of the land" with these servers.  It will need
some considering of the hiera variables on bridge if we merge.

Change-Id: I9ffef52f27bd23ceeec07fe0f45f9fee08b5559a
2023-03-10 09:36:01 +11:00

197 lines
5.2 KiB
YAML
Raw Blame History

plugin: yamlgroup
groups:
adns:
- adns*.opendev.org
- ns*.opendev.org
adns-primary: adns*.opendev.org
adns-secondary: ns*.opendev.org
afs-server-common:
- afs[0-9]*.openstack.org
- afsdb[0-9]*.openstack.org
afs-file-server:
- afs[0-9]*.openstack.org
afs-db-server:
- afsdb[0-9]*.openstack.org
afs-client:
- mirror[0-9]*.opendev.org
- mirror-update[0-9]*.opendev.org
- ze[0-9]*.open*.org
- afsdb*.open*.org
- afs[0-9]*.open*.org
- static[0-9]*.opendev.org
bastion:
- bridge*.opendev.org
borg-backup:
- etherpad[0-9]*.opendev.org
- gitea01.opendev.org
- review02.opendev.org
- zuul[0-9]*.opendev.org
- refstack01.openstack.org
- kdc03.openstack.org
- eavesdrop01.opendev.org
- paste01.opendev.org
- lists01.opendev.org
# These are test specific hosts that we add to the backup
# group to mimic as much as possible what their prod version
# end up doing.
- gitea99.opendev.org
- review99.opendev.org
- lists99.opendev.org
# All these servers are "special-cased" in specifically
# as they are puppet and should be replaced "soon"
- lists.openstack.org
- storyboard01.opendev.org
- translate01.openstack.org
borg-backup-server:
- backup02.ca-ymq-1.vexxhost.opendev.org
- backup01.ord.rax.opendev.org
cacti: cacti[0-9]*.open*.org
certcheck:
- cacti[0-9]*.open*.org
cloud-launcher:
- bridge*.open*.org
codesearch:
- codesearch[0-9]*.opendev.org
control-plane-clouds:
- bridge*.open*.org
disabled: []
eavesdrop: eavesdrop[0-9]*.opendev.org
etherpad: etherpad[0-9]*.open*.org
gitea:
- gitea[0-9]*.opendev.org
gitea-lb:
- gitea-lb[0-9]*.opendev.org
grafana:
- grafana[0-9]*.opendev.org
graphite:
- graphite*.opendev.org
jvb:
- jvb[0-9]*.opendev.org
kerberos-client:
- afs[0-9]*.open*.org
- afsdb*.open*.org
- kdc[0-9]*.openstack.org
- mirror[0-9]*.opendev.org
- mirror-update[0-9]*.opendev.org
- static[0-9]*.opendev.org
- ze[0-9]*.open*.org
kerberos-kdc:
- kdc03.openstack.org
- kdc04.openstack.org
kerberos-kdc-primary:
- kdc03.openstack.org
kerberos-kdc-replica:
- kdc04.openstack.org
keycloak: keycloak[0-9]*.opendev.org
letsencrypt:
- codesearch[0-9]*.opendev.org
- eavesdrop[0-9]*.opendev.org
- etherpad[0-9]*.opendev.org
- gitea[0-9]*.opendev.org
- grafana[0-9]*.opendev.org
- graphite[0-9]*.opendev.org
- insecure-ci-registry[0-9]*.opendev.org
- keycloak[0-9]*.opendev.org
- lists.katacontainers.io
- lists.openstack.org
- lists[0-9]*.opendev.org
- meetpad[0-9]*.opendev.org
- mirror[0-9]*.opendev.org
- nb[0-9]*.opendev.org
- paste[0-9]*.opendev.org
- refstack[0-9]*.openstack.org
- review[0-9]*.opendev.org
- static[0-9]*.opendev.org
- storyboard[0-9]*.opendev.org
- tracing[0-9]*.opendev.org
- translate[0-9]*.open*.org
- zuul[0-9]*.opendev.org
mailman:
- lists.katacontainers.io
- lists.openstack.org
mailman3:
- lists[0-9]*.opendev.org
meetpad:
- meetpad[0-9]*.opendev.org
mirror:
- mirror[0-9]*.opendev.org
mirror-update:
- mirror-update[0-9]*.opendev.org
nodepool:
- nb[0-9]*.opendev.org
- nl[0-9]*.open*.org
nodepool-builder:
- nb[0-9]*.opendev.org
nodepool-launcher:
- nl[0-9]*.open*.org
paste:
- paste[0-9]*.opendev.org
puppet:
- cacti[0-9]*.open*.org
- storyboard-dev[0-9]*.opendev.org
- storyboard[0-9]*.opendev.org
- translate-dev[0-9]*.open*.org
- translate[0-9]*.open*.org
puppet4:
- cacti[0-9]*.open*.org
- storyboard[0-9]*.opendev.org
- storyboard-dev[0-9]*.opendev.org
- translate[0-9]*.open*.org
- translate-dev[0-9]*.open*.org
refstack:
- refstack[0-9]*.openstack.org
registry:
- insecure-ci-registry[0-9]*.opendev.org
review:
- review[0-9]*.opendev.org
# This group disables operations like project-managment and
# replication. It is intended for staging new production servers.
#review-staging:
static:
- static[0-9]*.opendev.org
storyboard:
- storyboard[0-9]*.opendev.org
storyboard-dev:
- storyboard-dev[0-9]*.opendev.org
tracing: tracing[0-9]*.opendev.org
translate-dev:
- translate-dev[0-9]*.open*.org
translate:
- translate[0-9]*.open*.org
webservers:
- cacti[0-9]*.open*.org
- codesearch[0-9]*.opendev.org
# eavesdrop has its own group with custom ports
- etherpad[0-9]*.open*.org
- grafana[0-9]*.opendev.org
- graphite*.opendev.org
- keycloak[0-9]*.opendev.org
- nb[0-9]*.opendev.org
- nl[0-9]*.open*.org
- paste[0-9]*.opendev.org
- refstack[0-9]*.openstack.org
- static[0-9]*.opendev.org
- storyboard-dev[0-9]*.opendev.org
- storyboard[0-9]*.opendev.org
- tracing[0-9]*.opendev.org
- translate-dev[0-9]*.open*.org
- translate[0-9]*.open*.org
zookeeper:
- zk[0-9]*.open*.org
zuul-lb:
- zuul-lb[0-9]*.opendev.org
zuul:
- ze[0-9]*.opendev.org
- zm[0-9]*.opendev.org
- zuul[0-9]*.opendev.org
zuul-executor:
- ze[0-9]*.opendev.org
zuul-merger:
- zm[0-9]*.opendev.org
zuul-preview:
- zp[0-9]*.opendev.org
zuul-scheduler:
- zuul[0-9]*.opendev.org
zuul-web:
- zuul[0-9]*.opendev.org
View Git Blame Copy Permalink