From f5d3ee4b79e6007dd20d107edef15e48654328ba Mon Sep 17 00:00:00 2001
From: "James E. Blair" <jeblair@redhat.com>
Date: Tue, 25 Sep 2018 07:56:23 -0700
Subject: [PATCH] Add opendev nameservers (1/2)

This will allow us to create new nameservers in the opendev.org
domain.  We will replace the existing servers once these are
bootstrapped.

Some lines are commented pending server creation.

Change-Id: If71e3f87a9d7a83d80cff053874c84411b248515
---
 doc/source/dns.rst |  2 ++
 manifests/site.pp  | 46 ++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 48 insertions(+)

diff --git a/doc/source/dns.rst b/doc/source/dns.rst
index 5f7631cffa..9ea1d7fd77 100644
--- a/doc/source/dns.rst
+++ b/doc/source/dns.rst
@@ -14,6 +14,8 @@ At a Glance
 :Hosts:
   * ns1.openstack.org
   * ns2.openstack.org
+  * ns1.opendev.org
+  * ns2.opendev.org
 :Puppet:
   * :cgit_file:`manifests/site.pp`
 :Projects:
diff --git a/manifests/site.pp b/manifests/site.pp
index 2cb46db8d1..40b977fe60 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -733,6 +733,21 @@ node /^adns\d+\.openstack\.org$/ {
   }
 }
 
+# This is a hidden authoritative master nameserver, not publicly
+# accessible.
+# Node-OS: xenial
+node /^adns\d+\.opendev\.org$/ {
+  $group = 'adns'
+
+  class { 'openstack_project::server': }
+
+  class { 'openstack_project::master_nameserver':
+    tsig_key => hiera('tsig_key', {}),
+    dnssec_keys => hiera_hash('dnssec_keys', {}),
+    notifies => [],
+  }
+}
+
 # These are publicly accessible authoritative slave nameservers.
 # Node-OS: xenial
 node /^ns\d+\.openstack\.org$/ {
@@ -764,6 +779,37 @@ node /^ns\d+\.openstack\.org$/ {
   }
 }
 
+# These are publicly accessible authoritative slave nameservers.
+# Node-OS: xenial
+node /^ns\d+\.opendev\.org$/ {
+  $group = 'ns'
+
+  class { 'openstack_project::server': }
+
+  $tsig_key = hiera('tsig_key', {})
+  if $tsig_key != {} {
+    $tsig_name = 'tsig'
+    nsd::tsig { 'tsig':
+      algo => $tsig_key[algorithm],
+      data => $tsig_key[secret],
+    }
+  } else {
+    $tsig_name = undef
+  }
+
+  class { '::nsd':
+    ip_addresses => [ $::ipaddress, $::ipaddress6 ],
+    zones => {
+#      'adns1_zones' => {
+#        allow_notify => dns_a('adns1.opendev.org'),
+#        masters => dns_a('adns1.opendev.org'),
+#        zones => ['opendev.org'],
+#        tsig_name => $tsig_name,
+#      }
+    }
+  }
+}
+
 # Node-OS: trusty
 node 'nodepool.openstack.org' {
   $group = 'nodepool'