From 7b368189c4367bd0c2bf902d58c4c2a05d05c9ce Mon Sep 17 00:00:00 2001 From: Luca Filipozzi Date: Sat, 31 May 2014 08:33:11 +0000 Subject: [PATCH] drop orff from dns_secondary; purge dns_secondary configs --- hieradata/common.yaml | 2 -- modules/ferm/templates/defs.conf.erb | 4 +--- modules/named/manifests/init.pp | 4 ++-- modules/named/templates/named.conf.options.erb | 9 --------- modules/roles/manifests/init.pp | 3 --- 5 files changed, 3 insertions(+), 19 deletions(-) diff --git a/hieradata/common.yaml b/hieradata/common.yaml index 83137e59..51ecbef6 100644 --- a/hieradata/common.yaml +++ b/hieradata/common.yaml @@ -21,8 +21,6 @@ roles: - draghi.debian.org dns_primary: - denis.debian.org - dns_secondary: - - orff.debian.org dns_geo: - geo1.debian.org - geo2.debian.org diff --git a/modules/ferm/templates/defs.conf.erb b/modules/ferm/templates/defs.conf.erb index 93a23c4c..17070a9d 100644 --- a/modules/ferm/templates/defs.conf.erb +++ b/modules/ferm/templates/defs.conf.erb @@ -24,7 +24,7 @@ allnodeinfo = scope.lookupvar('site::allnodeinfo') roles = scope.lookupvar('site::roles') - %w{mailrelay nagiosmaster extranrpeclient muninmaster dbmaster static_mirror static_source static_master dns_secondary dns_geo}.each do |role| + %w{mailrelay nagiosmaster extranrpeclient muninmaster dbmaster static_mirror static_source static_master dns_geo}.each do |role| rolehost[role] = [] roles[role].each do |node| rolehost[role] << allnodeinfo[node]['ipHostNumber'] @@ -61,8 +61,6 @@ @def $HOST_STATIC_V4 = (<%= scope.function_filter_ipv4([rolehost['static_mirror'] + rolehost['static_source'] + rolehost['static_master']]).uniq.join(' ') %>); @def $HOST_STATIC_V6 = (<%= scope.function_filter_ipv6([rolehost['static_mirror'] + rolehost['static_source'] + rolehost['static_master']]).uniq.join(' ') %>); -@def $HOST_DNS_SECONDARY_V4 = (<%= scope.function_filter_ipv4([rolehost['dns_secondary']]).uniq.join(' ') %>); -@def $HOST_DNS_SECONDARY_V6 = (<%= scope.function_filter_ipv6([rolehost['dns_secondary']]).uniq.join(' ') %>); @def $HOST_DNS_GEO_V4 = (<%= scope.function_filter_ipv4([rolehost['dns_geo']]).uniq.join(' ') %>); @def $HOST_DNS_GEO_V6 = (<%= scope.function_filter_ipv6([rolehost['dns_geo']]).uniq.join(' ') %>); @def $HOST_EASYDNS_V4 = (64.68.200.91); diff --git a/modules/named/manifests/init.pp b/modules/named/manifests/init.pp index 8f1d39c9..ee252e3c 100644 --- a/modules/named/manifests/init.pp +++ b/modules/named/manifests/init.pp @@ -25,12 +25,12 @@ class named { @ferm::rule { '01-dsa-bind-4': domain => '(ip)', description => 'Allow nameserver access', - rule => '&TCP_UDP_SERVICE_RANGE(53, ( $HOST_DNS_SECONDARY_V4 $HOST_DNS_GEO_V4 $HOST_NAGIOS_V4 $HOST_RCODE0_V4 $HOST_EASYDNS_V4 5.153.231.21 ) )', + rule => '&TCP_UDP_SERVICE_RANGE(53, ( $HOST_DNS_GEO_V4 $HOST_NAGIOS_V4 $HOST_RCODE0_V4 $HOST_EASYDNS_V4 5.153.231.21 ) )', } @ferm::rule { '01-dsa-bind-6': domain => '(ip6)', description => 'Allow nameserver access', - rule => '&TCP_UDP_SERVICE_RANGE(53, ( $HOST_DNS_SECONDARY_V6 $HOST_DNS_GEO_V6 $HOST_NAGIOS_V6 $HOST_RCODE0_V6 2001:41c8:1000:21::21:21 ) )', + rule => '&TCP_UDP_SERVICE_RANGE(53, ( $HOST_DNS_GEO_V6 $HOST_NAGIOS_V6 $HOST_RCODE0_V6 2001:41c8:1000:21::21:21 ) )', } } else { @ferm::rule { '01-dsa-bind': diff --git a/modules/named/templates/named.conf.options.erb b/modules/named/templates/named.conf.options.erb index 5c649bb8..76203989 100644 --- a/modules/named/templates/named.conf.options.erb +++ b/modules/named/templates/named.conf.options.erb @@ -42,15 +42,6 @@ options { dnssec-validation yes; <% end -%> -<% if scope.function_has_role(['dns_secondary']) -%> - rate-limit { - responses-per-second 25; - window 5; - slip 5; - qps-scale 250; - }; -<% end -%> - // Defaults are 100 and 10, causing lots and lots of tiny updates. // This way, I hope, we'll get fewer (and thus bigger) updates. -- weasel sig-signing-nodes 5000; diff --git a/modules/roles/manifests/init.pp b/modules/roles/manifests/init.pp index c83884e5..4e878b98 100644 --- a/modules/roles/manifests/init.pp +++ b/modules/roles/manifests/init.pp @@ -125,9 +125,6 @@ class roles { if has_role('dns_primary') { include named::primary } - if has_role('dns_secondary') { - include named::authoritative - } if has_role('weblog_destination') { include roles::weblog_destination -- 2.39.2