This is a new server in preparation for the keycloak upgrade in
change I01f8045563e9f6db6168b92c5a868b8095c0d97b. The previous one
is also removed by this change, since it did not have the correct
CPU flags to run the latest Keycloak container images.
Change-Id: Ia98d1309dd5a608771732592e2bf3752ecaa1114
This is a new server in preparation for the keycloak upgrade in
change I01f8045563e9f6db6168b92c5a868b8095c0d97b.
Change-Id: Iad3f5d61e7927e39968d2fccaa5e953b36e0ecf3
Recently, Gmail has started to rate-limit deliveries from our
mailing list server, with this message:
SMTP error from remote mail server after end of data: This mail
has been rate limited because it is unauthenticated. Gmail
requires all senders to authenticate with either SPF or DKIM.
According to https://support.google.com/mail/answer/81126 also:
Starting February 2024, Gmail will require the following for
senders who send 5,000 or more messages a day to Gmail accounts:
Authenticate outgoing email, avoid sending unwanted or
unsolicited email, and make it easy for recipients to
unsubscribe.
In order not to place undue additional load on our MTA's deferral
queue, adding a neutral SPF rule is nicer than unsubscribing and
blocking all Gmail users. A simple "a" rule should suffice, since we
don't relay through any smarthost currently. Set the TTL to 5
minutes for now, in case we need to make rapid adjustments to this
policy in the near future.
Change-Id: Ifc4a58e90ee6652cc65ed04ce619ac9b4f1b05a3
We prefer consistency, and we're about to make a bunch of changes,
so let's remove any spaces that snuck in.
Courtesy of M-x tabify.
Change-Id: I8e89c586b1ed2e3caa46bab004082cf0c9f77017
This also updates the zuul-preview wildcard CNAME record to point on
zp02. We should ensure the new server is running services before landing
this change.
Depends-On: https://review.opendev.org/c/opendev/system-config/+/885076
Change-Id: I09da63c469dbb47ab7ea31039537c34bb7135332
These have been replaced with the Jammy refresh servers. This should
be done after the registry is udpated to point to the new servers.
Change-Id: I862b55d1bbed314d6be9fe77ca9a5444ca6455e9
Add the Jammy refresh nameservers to the NS records. This should be
done before updating the registry records.
Change-Id: Ie55a519175f28eedc91e7e9236faf9791abb6793
This change makes a number of cleanups to the etherpad DNS records:
* Remove etherpad-dev record as this server no longer exists.
* Remove old etherpad01 production server as etherpad02 is now in use.
* Reset TTL to default 3600 for etherpad.o.o CNAME etherpad02.
* Cleanup tabbing so that related records have similar alignment.
Change-Id: I6a732d2f5c960e6192333c0be1f8842284f2495b
This updates etherpad.opendev.org CNAME etherpad01 to etherpad02 as the
target which will change the production etherpad server. For this reason
landing this change needs to happen when both etherpad services are
stopped. Then we can migrate the database while this change lands. Once
the db migration is complete we can start the services back on only 02
and wait for DNS to propagate.
Change-Id: Ib1f6379a2d3bf1f74c67db9ffd303eb86ea2ba0a
This server is no longer needed. Remove its records. Note this should
only be merged once we are happy with the new static02 server. I reset
the static.o.o CNAME ttl to its default value in this change for that
reason.
Change-Id: Id9484c3e8e19bc331f4555377b318d1e872062e7
This is a new jammy static afs backed webserver. We temporarily lower
the record TTL to 300 seconds in case this needs to be reverted for some
reason. We will reset the TTL when we clean up static01 records after
deciding the old server isn't necessary anymore.
Change-Id: I79d0c683a14417758061729a010fc1e5b20ad470
This is a new jammy replacement for etherpad01. We will need to take a
short downtime to transplant databases and update the DNS cnme for
etherpad.opendev.org. It is for this reason I've reduced the TTL on the
etherpad.opendev.org CNAME record now.
Change-Id: Ibff9657bc349deba834d64bf452842882c9eb290
These servers have been removed from config management and have been
deleted. We don't need DNS records for them anymore.
Change-Id: If0dcf928e13f427a44391959fe50e7d9ce48c9b0
This adds the new gitea09 server to DNS. THis change is necessary for
LE cert provisioning. Also I added a AAAA record even though the other
giteas don't have one.
Change-Id: I10563283b58547ac589e317632b1a179ee597916
This cloud provider is going away and we are shutting down the mirror.
Note the depends on is there to avoid system-config attempting to
provision LE certs after the dns records are gone.
The inap records are also removed as these were kept for backward
compatibility with the provider name change and are also no longer
required.
Depends-On: https://review.opendev.org/c/opendev/system-config/+/867267
Change-Id: Ifa6b983342f44697187191b0fa55f5b846ded443
This will help in the future if/when bridge02 is created and swapped
over to. In particular it helps create a definite point in time when a
new server should be used instead of the old server without humans
needing to think too hard about it.
Change-Id: I471b96e6e0593d02bb50564307f44617d52b0556
Now that we're comfortable we don't need to make any further urgent
changes, clean up the temporary TTL override.
Change-Id: I490fc7b2937d08de982074a70009fa1b8cae2d8a
With the import work complete, repoint DNS to the new server so that
deliveries will resume normally.
Change-Id: I8dfc4e805082694e9dc8370f47eb2c18ef1f7886
This is a cheap hack to get incoming messages for lists.opendev.org
to sit in senders' deferral queues while we're working on moving its
mailing lists to the new server. The firewall rules for
review02.opendev.org are set up to reject connections on 25/tcp,
which causes connecting MTAs to wait and try again after some period
of time. Once we update the records to match the new server instead,
any queued deliveries should arrive normally.
Change-Id: I9e4db643f4bbf66bb19c6f33eff5f3556fbba24e
Maintenance is coming up in a few hours, during which lists will
have its DNS records changed at least a couple of times, so lower
the TTL on those in advance in order to facilitate faster global
updates.
Change-Id: Ic8986f843a16a00f725842a8201ea38d621f1130
These servers have been removed. Gitea-lb01 was replaced by gitea-lb02,
and jvb02 is simply unneeded for current scaling needs.
Depends-On: https://review.opendev.org/c/zuul/zuul-jobs/+/863098
Change-Id: I9c7efc728ec4a28362dac4c4e79e4409fe154792
James E. Blair