letsencrypt: add graphite.opendev.org challenge CNAME

This is for initial testing of letsencrypt; it creates CNAMES for the
the ACME challenge entries; the TXT records will be created in
acme.opendev.org by Ansible to allow for certificate generation.

Addtionally we remove the IN NS for acme.opendev.org; as pointed out
in prior reviews it is unnecessary so done to avoid confusion.

Change-Id: Ibe48384a4a09f858c36ac0a305656444181f21d6
This commit is contained in:
Ian Wienand 2019-03-19 17:33:27 +11:00
parent f419eb2f0b
commit f5d0e7282d
1 changed files with 5 additions and 3 deletions

View File

@ -2,7 +2,7 @@
$ORIGIN opendev.org.
$TTL 5m
@ IN SOA adns1.opendev.org. hostmaster.opendev.org. (
1551826436 ; serial number unixtime
1552977168 ; serial number unixtime
1h ; refresh (secondary checks for updates)
10m ; retry (secondary retries failed axfr)
10d ; expire (secondary ends serving old data)
@ -19,8 +19,6 @@ ns2 IN AAAA 2604:e100:1:0:f816:3eff:fe2c:7447
; Entries are alphabetical below here to reduce conflicts (note the serial
; will continue to conflict)
acme.opendev.org. IN NS ns1.opendev.org.
acme.opendev.org. IN NS ns2.opendev.org.
gitea-lb01 IN A 38.108.68.124
gitea01 IN A 38.108.68.93
gitea02 IN A 38.108.68.122
@ -55,3 +53,7 @@ zuul IN CNAME zuul01.openstack.org.
zuul-preview IN A 174.143.130.226
zuul-preview IN AAAA 2001:4800:7819:104:be76:4eff:fe04:815a
*.zuul-preview IN CNAME zuul-preview
; letsencrypt challenge cname
_acme-challenge.graphite01.opendev.org IN CNAME acme.opendev.org
_acme-challenge.graphite.opendev.org IN CNAME acme.opendev.org