From 83ba1311dff244c96f02dc387f98c3f010d7e681 Mon Sep 17 00:00:00 2001
From: "James E. Blair" <jeblair@redhat.com>
Date: Tue, 12 Dec 2017 13:20:36 -0800
Subject: [PATCH] Add dns servers

Change-Id: I32b0d846cbbaad5755d3d1c47d303b7cdf34f749
Depends-On: Ic92726dc341af5802ad803d239bd547ef5068043
Story: 2001382
Task: 6090
---
 doc/source/dns.rst     | 29 +++++++++++++++++++++++++++++
 doc/source/systems.rst |  1 +
 manifests/site.pp      | 18 ++++++++++++++++++
 modules.env            |  1 +
 4 files changed, 49 insertions(+)
 create mode 100644 doc/source/dns.rst

diff --git a/doc/source/dns.rst b/doc/source/dns.rst
new file mode 100644
index 0000000000..693709299d
--- /dev/null
+++ b/doc/source/dns.rst
@@ -0,0 +1,29 @@
+:title: DNS
+
+.. _dns:
+
+DNS
+###
+
+The project runs authoritative DNS servers for any constituent
+projects that wish to use them.  The servers run NSD.
+
+At a Glance
+===========
+
+:Hosts:
+  * ns1.openstack.org
+  * ns2.openstack.org
+:Puppet:
+  * :file:`manifests/site.pp`
+:Projects:
+  * https://github.com/icann-dns/puppet-nsd
+  * https://www.nlnetlabs.nl/projects/nsd/
+
+Adding a Zone
+=============
+
+To add a new zone, add an entry to :file:`manifests/site.pp`, and
+create a new git repository to hold the contents of the zone.
+
+.. note:: This section will be expanded.
diff --git a/doc/source/systems.rst b/doc/source/systems.rst
index 01b10c9db8..8ca957f2f2 100644
--- a/doc/source/systems.rst
+++ b/doc/source/systems.rst
@@ -8,6 +8,7 @@ Major Systems
 
    cacti
    certificate_authority
+   dns
    gerrit
    grafana
    grafyaml
diff --git a/manifests/site.pp b/manifests/site.pp
index 19852e8bfb..914e050c56 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -863,6 +863,24 @@ node /^status\d*\.openstack\.org$/ {
   }
 }
 
+# Node-OS: xenial
+node /^ns\d+\.openstack\.org$/ {
+  $group = 'ns'
+
+  class { 'openstack_project::server':
+    sysadmins                 => hiera('sysadmins', []),
+    iptables_public_udp_ports => [53],
+  }
+
+  class { '::nsd':
+    zones => {
+      'master_zones' => {
+        'zones' => ['zuul-ci.org'],
+      },
+    }
+  }
+}
+
 # Node-OS: trusty
 node 'nodepool.openstack.org' {
   $group = 'nodepool'
diff --git a/modules.env b/modules.env
index a85a5fa68d..c92078a28c 100644
--- a/modules.env
+++ b/modules.env
@@ -57,6 +57,7 @@ SOURCE_MODULES["https://github.com/biemond/biemond-wildfly"]="v1.2.4"
 SOURCE_MODULES["https://github.com/deric/puppet-zookeeper"]="v0.5.5"
 SOURCE_MODULES["https://github.com/duritong/puppet-sysctl"]="v0.0.11"
 # initfact is a dep of biemond-wildfly
+SOURCE_MODULES["https://github.com/icann-dns/puppet-nsd"]="0.1.10"
 SOURCE_MODULES["https://github.com/jethrocarr/puppet-initfact"]="1.0.1"
 SOURCE_MODULES["https://github.com/jfryman/puppet-selinux"]="v0.2.5"
 SOURCE_MODULES["https://github.com/maestrodev/puppet-wget"]="v1.6.0"