opendev/system-config
Code Issues Proposed changes
18,065 Commits 1 Branch 0 Tags
6de6c5f181
Commit Graph

4 Commits

Author SHA1 Message Date
Ian Wienand
0746dc187b nameserver: Allow master server to notify via ipv6 
Logs show that the nameservers are being notified via ipv6 and
rejecting the request:

  nsd[18851]: notify for acme.opendev.org. \
   from 2001:4800:7819:104:be76:4eff:fe04:43d0 refused, no acl matches.

Modify the nsd ACL to allow the ipv6 of the master to trigger updates.
This is important for the letsencrypt process, where we need the
acme.opendev.org domain updated in a timely fashion so that TXT
authentication works.

Change-Id: I785f9636dd05e15b8ffd211845f439be7e8344a3
 2020-10-28 09:26:14 +00:00
Ian Wienand
6256732c10 Remove zonefile from nsd config 
The zonefile isn't required in the config file as we are just
transfering from adns1.  Since we don't create the directory for the
files, it results in warnings in the nsd logs -- this can be a
confusing red-herring in a debugging situation.

Change-Id: I3e16a359549707a4a3967f580161dec9e71ab689
Related-Bug: https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=4244
 2019-04-02 13:20:01 +11:00
Clark Boylan
485539f618 Update nsd systemd unit deps 
Our nsd setup relies on the distro provided nsd unit file which doesn't
force nsd to wait for networking to be online before starting the
service. This is fine if listening on ::1 or :: (or ipv4 equivalents)
because those special addrs don't need network to be fully onling.

However, we don't listen on those addrs because we have unbound
performing local dns for us. Instead we listen on our public interfaces
which does require networking to be online first.

Thankfully freedesktop.org has a great faq page about this [0] and that
basically describes the addition of wanting and aftering
network-online.target. We do that through the unit config mechanism
described here [1].

[0] https://www.freedesktop.org/wiki/Software/systemd/NetworkTarget/
[1] https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/system_administrators_guide/sect-Managing_Services_with_systemd-Unit_Files#brid-Managing_Services_with_systemd-Extending_Unit_Config

Change-Id: Ieffe2e239048394e27bd0baf63387f819b17db9c
 2018-12-10 11:44:15 -08:00
James E. Blair
dae1a0351c Configure opendev nameservers using ansible 
Change-Id: Ie6430053159bf5a09b2c002ad6a4f84334a5bca3
 2018-11-02 13:49:38 -07:00