Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

remove phx2 zones from nameservers. thank you again phx2

Browse source
This commit is contained in:
Stephen Smoogen 2020-06-15 15:53:02 -04:00
parent 5282048e64
commit ed6534c0cf
2 changed files with 11 additions and 611 deletions
Download patch file Download diff file Expand all files Collapse all files

2
playbooks/groups/dns.yml
View file

@ -23,7 +23,7 @@
- rsyncd
- sudo
- { role: openvpn/client,
when: datacenter != "phx2" and datacenter != "rdu" and datacenter != 'iad2' }
when: datacenter != "rdu" and datacenter != 'iad2' }
- dns
pre_tasks:

620
roles/dns/files/named.conf
View file

@ -20,10 +20,8 @@ acl "everyone" { 0.0.0.0/0; ::0/0; };
//
acl "ns_redhat" { 66.187.233.210; 209.132.183.22; 209.132.183.30; 209.132.183.2; 66.187.229.10; };
//
acl "phx2net" { 10.5.124.128/25; 10.5.78.0/24; 10.5.79.0/24; 10.5.125.0/24; 10.5.126.0/24; 10.5.127.0/24; 10.5.128.0/24; 10.5.129.0/24; 10.5.130.0/24; };
acl "iad2net" { 10.3.160.0/19; 10.16.0.0/24; };
acl "rdu2net" { 172.31.1.0/24; 172.31.2.0/24; };
acl "qanet" { 10.5.124.128/25; 10.5.131.0/24; };
acl "rh-slaves" { 10.5.30.78; 10.11.5.70; 10.5.30.45; 10.5.30.46; };
acl "rh" { 10.0.0.0/8; };
//
@ -88,286 +86,13 @@ controls {
inet 127.0.0.1 port 953 allow { localhost; } keys { rndckey; };
};
view "QA" {
match-clients { qanet; };
allow-recursion { localhost; qanet; rh-slaves; rh; };
view "IAD2" {
match-clients { iad2net; rh-slaves; 192.168.0.0/16; rh; localhost; };
allow-recursion { localhost; iad2net; rh-slaves; rh; };
recursion yes;
// no rate-limit on internal requests
rate-limit {
exempt-clients { qanet; phx2net; iad2net; };
};
# make sure we forward only for redhat.com lookups
zone "redhat.com" {
type forward;
forward only;
forwarders { 10.5.26.20; 10.5.26.21; };
};
zone "beaker-project.org" {
type forward;
forward only;
forwarders { 10.39.144.11; 10.5.19.1; 10.11.191.1; };
};
# We can't access the softwarefactory-project.io. because ns1/ns2 give unroutable ips. Need to use external
zone "softwarefactory-project.io" {
type forward;
forward only;
forwarders { 10.39.144.11; 10.5.19.1; 10.11.191.1; };
};
zone "88.5.10.in-addr.arpa" {
type forward;
forward only;
forwarders { 10.5.26.20; 10.5.26.21; };
};
zone "3.10.in-addr.arpa" {
type forward;
forward only;
forwarders { 10.5.26.20; 10.5.26.21; };
};
zone "4.10.in-addr.arpa" {
type forward;
forward only;
forwarders { 10.5.26.20; 10.5.26.21; };
};
zone "5.10.in-addr.arpa" {
type forward;
forward only;
forwarders { 10.5.26.20; 10.5.26.21; };
};
zone "10.in-addr.arpa" {
type forward;
forward only;
forwarders { 10.5.26.20; 10.5.26.21; };
};
zone "186.132.209.in-addr.arpa." {
type forward;
forward only;
forwarders { 10.5.26.20; 10.5.26.21; };
};
zone "qa.fedoraproject.org" {
type master;
file "/var/named/master/built/qa.fedoraproject.org";
};
zone "rdu2.fedoraproject.org" {
type master;
file "/var/named/master/built/rdu2.fedoraproject.org";
};
zone "phx2.fedoraproject.org" {
type master;
file "/var/named/master/built/phx2.fedoraproject.org.signed";
};
zone "stg.phx2.fedoraproject.org" {
type master;
file "/var/named/master/built/stg.phx2.fedoraproject.org";
};
zone "mgmt.fedoraproject.org" {
type master;
file "/var/named/master/built/mgmt.fedoraproject.org";
};
zone "iad2.fedoraproject.org" {
type master;
file "/var/named/master/built/iad2.fedoraproject.org";
};
zone "mgmt.iad2.fedoraproject.org" {
type master;
file "/var/named/master/built/mgmt.iad2.fedoraproject.org";
};
zone "stg.iad2.fedoraproject.org" {
type master;
file "/var/named/master/built/stg.iad2.fedoraproject.org";
};
zone "arm.fedoraproject.org" {
type master;
file "/var/named/master/built/arm.fedoraproject.org";
};
zone "ppc.fedoraproject.org" {
type master;
file "/var/named/master/built/ppc.fedoraproject.org";
};
zone "s390.fedoraproject.org" {
type master;
file "/var/named/master/built/s390.fedoraproject.org";
};
zone "78.5.10.in-addr.arpa" {
type master;
file "/var/named/master/built/78.5.10.in-addr.arpa";
};
zone "79.5.10.in-addr.arpa" {
type master;
file "/var/named/master/built/79.5.10.in-addr.arpa";
};
zone "0.16.10.in-addr.arpa" {
type master;
file "/var/named/master/built/0.16.10.in-addr.arpa";
};
zone "124.5.10.in-addr.arpa" {
type master;
file "/var/named/master/built/124.5.10.in-addr.arpa";
};
zone "125.5.10.in-addr.arpa" {
type master;
file "/var/named/master/built/125.5.10.in-addr.arpa";
};
zone "126.5.10.in-addr.arpa" {
type master;
file "/var/named/master/built/126.5.10.in-addr.arpa";
};
zone "127.5.10.in-addr.arpa" {
type master;
file "/var/named/master/built/127.5.10.in-addr.arpa";
};
zone "128.5.10.in-addr.arpa" {
type master;
file "/var/named/master/built/128.5.10.in-addr.arpa";
};
zone "129.5.10.in-addr.arpa" {
type master;
file "/var/named/master/built/129.5.10.in-addr.arpa";
};
zone "130.5.10.in-addr.arpa" {
type master;
file "/var/named/master/built/130.5.10.in-addr.arpa";
};
zone "131.5.10.in-addr.arpa" {
type master;
file "/var/named/master/built/131.5.10.in-addr.arpa";
};
zone "160.3.10.in-addr.arpa" {
type master;
file "/var/named/master/built/160.3.10.in-addr.arpa";
};
zone "161.3.10.in-addr.arpa" {
type master;
file "/var/named/master/built/161.3.10.in-addr.arpa";
};
zone "162.3.10.in-addr.arpa" {
type master;
file "/var/named/master/built/162.3.10.in-addr.arpa";
};
zone "163.3.10.in-addr.arpa" {
type master;
file "/var/named/master/built/163.3.10.in-addr.arpa";
};
zone "164.3.10.in-addr.arpa" {
type master;
file "/var/named/master/built/164.3.10.in-addr.arpa";
};
zone "165.3.10.in-addr.arpa" {
type master;
file "/var/named/master/built/165.3.10.in-addr.arpa";
};
zone "166.3.10.in-addr.arpa" {
type master;
file "/var/named/master/built/166.3.10.in-addr.arpa";
};
zone "167.3.10.in-addr.arpa" {
type master;
file "/var/named/master/built/167.3.10.in-addr.arpa";
};
zone "168.3.10.in-addr.arpa" {
type master;
file "/var/named/master/built/168.3.10.in-addr.arpa";
};
zone "169.3.10.in-addr.arpa" {
type master;
file "/var/named/master/built/169.3.10.in-addr.arpa";
};
zone "170.3.10.in-addr.arpa" {
type master;
file "/var/named/master/built/170.3.10.in-addr.arpa";
};
zone "171.3.10.in-addr.arpa" {
type master;
file "/var/named/master/built/171.3.10.in-addr.arpa";
};
zone "172.3.10.in-addr.arpa" {
type master;
file "/var/named/master/built/172.3.10.in-addr.arpa";
};
zone "173.3.10.in-addr.arpa" {
type master;
file "/var/named/master/built/173.3.10.in-addr.arpa";
};
zone "174.3.10.in-addr.arpa" {
type master;
file "/var/named/master/built/174.3.10.in-addr.arpa";
};
zone "175.3.10.in-addr.arpa" {
type master;
file "/var/named/master/built/175.3.10.in-addr.arpa";
};
zone "176.3.10.in-addr.arpa" {
type master;
file "/var/named/master/built/176.3.10.in-addr.arpa";
};
zone "177.3.10.in-addr.arpa" {
type master;
file "/var/named/master/built/177.3.10.in-addr.arpa";
};
zone "178.3.10.in-addr.arpa" {
type master;
file "/var/named/master/built/178.3.10.in-addr.arpa";
};
zone "fedoraproject.org" {
type master;
file "/var/named/master/built/QA/fedoraproject.org.signed";
};
zone "cloud.fedoraproject.org" {
type master;
file "/var/named/master/built/QA/cloud.fedoraproject.org.signed";
};
zone "getfedora.org" {
type master;
file "/var/named/master/built/QA/getfedora.org.signed";
};
zone "pagure.io" {
type master;
file "/var/named/master/built/QA/pagure.io";
};
include "/etc/named/zones.conf";
};
view "PHX2" {
match-clients { phx2net; rh-slaves; 192.168.0.0/16; };
allow-recursion { localhost; phx2net; rh-slaves; rh; };
recursion yes;
// no rate-limit on internal requests
rate-limit {
exempt-clients { phx2net; };
exempt-clients { iad2net; rh-slaves; };
};
# make sure we forward only for redhat.com lookups
@ -447,26 +172,6 @@ view "PHX2" {
forwarders { 10.39.144.11; 10.5.19.1; 10.11.191.1; };
};
zone "qa.fedoraproject.org" {
type master;
file "/var/named/master/built/qa.fedoraproject.org";
};
zone "phx2.fedoraproject.org" {
type master;
file "/var/named/master/built/phx2.fedoraproject.org.signed";
};
zone "stg.phx2.fedoraproject.org" {
type master;
file "/var/named/master/built/stg.phx2.fedoraproject.org";
};
zone "mgmt.fedoraproject.org" {
type master;
file "/var/named/master/built/mgmt.fedoraproject.org";
};
zone "iad2.fedoraproject.org" {
type master;
file "/var/named/master/built/iad2.fedoraproject.org";
@ -475,6 +180,7 @@ view "PHX2" {
type master;
file "/var/named/master/built/mgmt.iad2.fedoraproject.org";
};
zone "stg.iad2.fedoraproject.org" {
type master;
file "/var/named/master/built/stg.iad2.fedoraproject.org";
@ -485,82 +191,11 @@ view "PHX2" {
file "/var/named/master/built/rdu2.fedoraproject.org";
};
zone "arm.fedoraproject.org" {
type master;
file "/var/named/master/built/arm.fedoraproject.org";
};
zone "ppc.fedoraproject.org" {
type master;
file "/var/named/master/built/ppc.fedoraproject.org";
};
zone "s390.fedoraproject.org" {
type master;
file "/var/named/master/built/s390.fedoraproject.org";
};
zone "78.5.10.in-addr.arpa" {
type master;
file "/var/named/master/built/78.5.10.in-addr.arpa";
};
zone "79.5.10.in-addr.arpa" {
type master;
file "/var/named/master/built/79.5.10.in-addr.arpa";
};
zone "0.16.10.in-addr.arpa" {
type master;
file "/var/named/master/built/0.16.10.in-addr.arpa";
};
zone "124.5.10.in-addr.arpa" {
type master;
file "/var/named/master/built/124.5.10.in-addr.arpa";
};
zone "2.31.172.in-addr.arpa" {
type master;
file "/var/named/master/built/2.31.172.in-addr.arpa";
};
zone "125.5.10.in-addr.arpa" {
type master;
file "/var/named/master/built/125.5.10.in-addr.arpa";
};
zone "126.5.10.in-addr.arpa" {
type master;
file "/var/named/master/built/126.5.10.in-addr.arpa";
};
zone "127.5.10.in-addr.arpa" {
type master;
file "/var/named/master/built/127.5.10.in-addr.arpa";
};
zone "128.5.10.in-addr.arpa" {
type master;
file "/var/named/master/built/128.5.10.in-addr.arpa";
};
zone "129.5.10.in-addr.arpa" {
type master;
file "/var/named/master/built/129.5.10.in-addr.arpa";
};
zone "130.5.10.in-addr.arpa" {
type master;
file "/var/named/master/built/130.5.10.in-addr.arpa";
};
zone "131.5.10.in-addr.arpa" {
type master;
file "/var/named/master/built/131.5.10.in-addr.arpa";
};
zone "160.3.10.in-addr.arpa" {
type master;
file "/var/named/master/built/160.3.10.in-addr.arpa";
@ -640,24 +275,25 @@ view "PHX2" {
zone "fedoraproject.org" {
type master;
file "/var/named/master/built/PHX2/fedoraproject.org.signed";
file "/var/named/master/built/IAD2/fedoraproject.org.signed";
};
zone "cloud.fedoraproject.org" {
type master;
file "/var/named/master/built/PHX2/cloud.fedoraproject.org.signed";
file "/var/named/master/built/IAD2/cloud.fedoraproject.org.signed";
};
zone "getfedora.org" {
type master;
file "/var/named/master/built/PHX2/getfedora.org.signed";
file "/var/named/master/built/IAD2/getfedora.org.signed";
};
zone "pagure.io" {
type master;
file "/var/named/master/built/PHX2/pagure.io";
file "/var/named/master/built/IAD2/pagure.io";
};
include "/etc/named/zones.conf";
};
view "RDU2" {
match-clients { rdu2net; 192.168.0.0/16; };
allow-recursion { localhost; rdu2net; };
@ -959,242 +595,6 @@ view "APAC" {
include "/etc/named/zones.conf";
};
view "IAD2" {
match-clients { iad2net; rh-slaves; 192.168.0.0/16; };
allow-recursion { localhost; iad2net; rh-slaves; rh; };
recursion yes;
// no rate-limit on internal requests
rate-limit {
exempt-clients { iad2net; phx2net; };
};
# make sure we forward only for redhat.com lookups
zone "redhat.com" {
type forward;
forward only;
forwarders { 10.5.26.20; 10.5.26.21; };
};
zone "projectatomic.io" {
type forward;
forward only;
forwarders { 10.39.144.11; 10.5.19.1; 10.11.191.1; };
};
zone "beaker-project.org" {
type forward;
forward only;
forwarders { 10.39.144.11; 10.5.19.1; 10.11.191.1; };
};
# also, we need to forward some jboss.org for fuse-fabric/bugzilla2fedmsg
zone "jboss.org" {
type forward;
forward only;
forwarders { 10.39.144.11; 10.5.19.1; 10.11.191.1; };
};
# We can't access the internal Zanata servers. Just use external
zone "zanata.org" {
type forward;
forward only;
forwarders { 8.8.8.8; 8.8.4.4; };
};
# We can't access the softwarefactory-project.io. because ns1/ns2 give unroutable ips. Need to use external
zone "softwarefactory-project.io" {
type forward;
forward only;
forwarders { 10.39.144.11; 10.5.19.1; 10.11.191.1; };
};
zone "88.5.10.in-addr.arpa" {
type forward;
forward only;
forwarders { 10.5.26.20; 10.5.26.21; };
};
zone "3.10.in-addr.arpa" {
type forward;
forward only;
forwarders { 10.5.26.20; 10.5.26.21; };
};
zone "4.10.in-addr.arpa" {
type forward;
forward only;
forwarders { 10.5.26.20; 10.5.26.21; };
};
zone "5.10.in-addr.arpa" {
type forward;
forward only;
forwarders { 10.5.26.20; 10.5.26.21; };
};
zone "10.in-addr.arpa" {
type forward;
forward only;
forwarders { 10.5.26.20; 10.5.26.21; };
};
zone "186.132.209.in-addr.arpa." {
type forward;
forward only;
forwarders { 10.39.144.11; 10.5.19.1; 10.11.191.1; };
};
zone "qa.fedoraproject.org" {
type master;
file "/var/named/master/built/qa.fedoraproject.org";
};
zone "phx2.fedoraproject.org" {
type master;
file "/var/named/master/built/phx2.fedoraproject.org.signed";
};
zone "stg.phx2.fedoraproject.org" {
type master;
file "/var/named/master/built/stg.phx2.fedoraproject.org";
};
zone "mgmt.fedoraproject.org" {
type master;
file "/var/named/master/built/mgmt.fedoraproject.org";
};
zone "iad2.fedoraproject.org" {
type master;
file "/var/named/master/built/iad2.fedoraproject.org";
};
zone "mgmt.iad2.fedoraproject.org" {
type master;
file "/var/named/master/built/mgmt.iad2.fedoraproject.org";
};
zone "stg.iad2.fedoraproject.org" {
type master;
file "/var/named/master/built/stg.iad2.fedoraproject.org";
};
zone "rdu2.fedoraproject.org" {
type master;
file "/var/named/master/built/rdu2.fedoraproject.org";
};
zone "arm.fedoraproject.org" {
type master;
file "/var/named/master/built/arm.fedoraproject.org";
};
zone "ppc.fedoraproject.org" {
type master;
file "/var/named/master/built/ppc.fedoraproject.org";
};
zone "s390.fedoraproject.org" {
type master;
file "/var/named/master/built/s390.fedoraproject.org";
};
zone "160.3.10.in-addr.arpa" {
type master;
file "/var/named/master/built/160.3.10.in-addr.arpa";
};
zone "161.3.10.in-addr.arpa" {
type master;
file "/var/named/master/built/161.3.10.in-addr.arpa";
};
zone "162.3.10.in-addr.arpa" {
type master;
file "/var/named/master/built/162.3.10.in-addr.arpa";
};
zone "163.3.10.in-addr.arpa" {
type master;
file "/var/named/master/built/163.3.10.in-addr.arpa";
};
zone "164.3.10.in-addr.arpa" {
type master;
file "/var/named/master/built/164.3.10.in-addr.arpa";
};
zone "165.3.10.in-addr.arpa" {
type master;
file "/var/named/master/built/165.3.10.in-addr.arpa";
};
zone "166.3.10.in-addr.arpa" {
type master;
file "/var/named/master/built/166.3.10.in-addr.arpa";
};
zone "167.3.10.in-addr.arpa" {
type master;
file "/var/named/master/built/167.3.10.in-addr.arpa";
};
zone "168.3.10.in-addr.arpa" {
type master;
file "/var/named/master/built/168.3.10.in-addr.arpa";
};
zone "169.3.10.in-addr.arpa" {
type master;
file "/var/named/master/built/169.3.10.in-addr.arpa";
};
zone "170.3.10.in-addr.arpa" {
type master;
file "/var/named/master/built/170.3.10.in-addr.arpa";
};
zone "171.3.10.in-addr.arpa" {
type master;
file "/var/named/master/built/171.3.10.in-addr.arpa";
};
zone "172.3.10.in-addr.arpa" {
type master;
file "/var/named/master/built/172.3.10.in-addr.arpa";
};
zone "173.3.10.in-addr.arpa" {
type master;
file "/var/named/master/built/173.3.10.in-addr.arpa";
};
zone "174.3.10.in-addr.arpa" {
type master;
file "/var/named/master/built/174.3.10.in-addr.arpa";
};
zone "175.3.10.in-addr.arpa" {
type master;
file "/var/named/master/built/175.3.10.in-addr.arpa";
};
zone "176.3.10.in-addr.arpa" {
type master;
file "/var/named/master/built/176.3.10.in-addr.arpa";
};
zone "177.3.10.in-addr.arpa" {
type master;
file "/var/named/master/built/177.3.10.in-addr.arpa";
};
zone "178.3.10.in-addr.arpa" {
type master;
file "/var/named/master/built/178.3.10.in-addr.arpa";
};
zone "fedoraproject.org" {
type master;
file "/var/named/master/built/IAD2/fedoraproject.org.signed";
};
zone "cloud.fedoraproject.org" {
type master;
file "/var/named/master/built/IAD2/cloud.fedoraproject.org.signed";
};
zone "getfedora.org" {
type master;
file "/var/named/master/built/IAD2/getfedora.org.signed";
};
zone "pagure.io" {
type master;
file "/var/named/master/built/IAD2/pagure.io";
};
include "/etc/named/zones.conf";
};
view "DEFAULT" {
match-clients { any; };
recursion no;