Add catalog zone support to devstack plugin

This patch adds the ability to configure devstack to use catalog zones
when using the BIND9 backend.

It also adds a test job "designate-bind9-catalog-zones" that uses catalog zones
with a BIND9 backend.

Change-Id: Ib618d7850b0a86a8eb10eaa52b0e330cf908883a
Signed-off-by: Jan Hartkopf <jhartkopf@inovex.de>
This commit is contained in:
Michael Johnson 2023-08-25 20:14:21 +00:00
parent 60a6ceed09
commit 4258633ae5
3 changed files with 74 additions and 4 deletions

View File

@ -95,6 +95,13 @@
devstack_localrc:
USE_SQLALCHEMY_LATEST: true
- job:
name: designate-bind9-catalog-zones
parent: designate-bind9
vars:
devstack_localrc:
DESIGNATE_USE_CATALOG_ZONES: true
- job:
name: designate-pdns4
post-run: playbooks/designate-pdns4/post.yaml
@ -249,6 +256,8 @@
- designate-bind9-sqlalchemy-2x
- designate-tox-dnspython-latest:
voting: false
- designate-bind9-catalog-zones:
voting: false
gate:
jobs:
- neutron-tempest-plugin-designate-scenario

View File

@ -89,6 +89,24 @@ function configure_designate_backend {
- host: $(ipv6_unquote $DESIGNATE_SERVICE_HOST)
port: $DESIGNATE_SERVICE_PORT_DNS
EOF
if [[ "$DESIGNATE_USE_CATALOG_ZONES" == "True" ]]; then
sudo tee -a $DESIGNATE_CONF_DIR/pools.yaml > /dev/null <<EOF
targets:
- type: fake
description: BIND Instance
masters:
- host: $(ipv6_unquote $DESIGNATE_SERVICE_HOST)
port: $DESIGNATE_SERVICE_PORT_MDNS
options:
host: $HOST_IP
port: $DESIGNATE_SERVICE_PORT_DNS
EOF
else
sudo tee -a $DESIGNATE_CONF_DIR/pools.yaml > /dev/null <<EOF
targets:
- type: bind9
description: BIND Instance
@ -106,6 +124,18 @@ function configure_designate_backend {
rndc_key_file: $BIND_CFG_DIR/rndc.key
clean_zonefile: true
EOF
fi
if [[ "$DESIGNATE_USE_CATALOG_ZONES" == "True" ]]; then
sudo tee -a $DESIGNATE_CONF_DIR/pools.yaml > /dev/null <<EOF
catalog_zone:
catalog_zone_fqdn: default-pool.test.
catalog_zone_refresh: 60
# # TSIG secret and algorithm to use for securing AXFRs for catalog zones.
# catalog_zone_tsig_key: SomeSecretKey
# catalog_zone_tsig_algorithm: hmac-sha512
EOF
fi
sudo chown $STACK_USER $BIND_CFG_DIR
@ -118,6 +148,39 @@ EOF
sudo tee $BIND_CFG_FILE > /dev/null <<EOF
include "$BIND_CFG_DIR/rndc.key";
controls {
inet $(ipv6_unquote $DESIGNATE_SERVICE_HOST) port $DESIGNATE_SERVICE_PORT_RNDC allow { $(ipv6_unquote $DESIGNATE_SERVICE_HOST); } keys { "rndc-key"; };
};
EOF
# TODO (johnsom) Remove once designate can create the catalog zone
# automatically.
# Add options based on if catalog zones are being used
if [[ "$DESIGNATE_USE_CATALOG_ZONES" == "True" ]]; then
sudo tee -a $BIND_CFG_FILE > /dev/null <<EOF
options {
directory "$BIND_VAR_DIR";
allow-new-zones yes;
dnssec-validation auto;
auth-nxdomain no; # conform to RFC1035
listen-on port $DESIGNATE_SERVICE_PORT_DNS { $HOST_IP; };
listen-on-v6 port $DESIGNATE_SERVICE_PORT_DNS { $HOST_IPV6; };
recursion no;
minimal-responses yes;
catalog-zones {
zone "default-pool.test"
default-primaries { $DESIGNATE_SERVICE_HOST port $DESIGNATE_SERVICE_PORT_MDNS;}
in-memory no;
};
};
zone "default-pool.test" {
type secondary;
primaries { $DESIGNATE_SERVICE_HOST port $DESIGNATE_SERVICE_PORT_MDNS;};
};
EOF
else
sudo tee -a $BIND_CFG_FILE > /dev/null <<EOF
options {
directory "$BIND_VAR_DIR";
allow-new-zones yes;
@ -128,11 +191,8 @@ options {
recursion no;
minimal-responses yes;
};
controls {
inet $(ipv6_unquote $DESIGNATE_SERVICE_HOST) port $DESIGNATE_SERVICE_PORT_RNDC allow { $(ipv6_unquote $DESIGNATE_SERVICE_HOST); } keys { "rndc-key"; };
};
EOF
fi
# Configure RNDC
sudo tee $BIND_CFG_DIR/rndc.conf > /dev/null << EOF

View File

@ -10,6 +10,7 @@ DESIGNATE_COORDINATION_URL=${DESIGNATE_COORDINATION_URL:-"memcached://127.0.0.1:
DESIGNATE_POLL_INTERVAL=${DESIGNATE_POLL_INTERVAL:-5}
DESIGNATE_POLL_RETRIES=${DESIGNATE_POLL_RETRIES:-6}
DESIGNATE_WSGI_MODE=${DESIGNATE_WSGI_MODE:-"uwsgi"}
DESIGNATE_USE_CATALOG_ZONES=$(trueorfalse False DESIGNATE_USE_CATALOG_ZONES)
# Quota Options
DESIGNATE_QUOTA_ZONES=${DESIGNATE_QUOTA_ZONES:-10}