Merge "Ansible-ize OpenStack Designate"
This commit is contained in:
commit
40e443da57
@ -124,6 +124,11 @@ congress_api_port: "1789"
|
||||
|
||||
cloudkitty_api_port: "8889"
|
||||
|
||||
designate_api_port: "9001"
|
||||
designate_bind_port: "53"
|
||||
designate_mdns_port: "5354"
|
||||
designate_rndc_port: "953"
|
||||
|
||||
iscsi_port: "3260"
|
||||
|
||||
gnocchi_api_port: "8041"
|
||||
@ -272,6 +277,7 @@ enable_cinder_backend_nfs: "no"
|
||||
enable_cloudkitty: "no"
|
||||
enable_congress: "no"
|
||||
enable_etcd: "no"
|
||||
enable_designate: "no"
|
||||
enable_gnocchi: "no"
|
||||
enable_grafana: "no"
|
||||
enable_heat: "yes"
|
||||
@ -403,6 +409,10 @@ cinder_backup_mount_options_nfs: ""
|
||||
# Valid options are [ ceilometer, gnocchi ]
|
||||
cloudkitty_collector_backend: "ceilometer"
|
||||
|
||||
#######################
|
||||
# Designate options
|
||||
#######################
|
||||
designate_ns_record: "sample.openstack.org"
|
||||
|
||||
#######################
|
||||
# Nova options
|
||||
|
@ -154,6 +154,9 @@ control
|
||||
[octavia:children]
|
||||
control
|
||||
|
||||
[designate:children]
|
||||
control
|
||||
|
||||
# Additional control implemented here. These groups allow you to control which
|
||||
# services run on which hosts at a per-service level.
|
||||
#
|
||||
@ -450,3 +453,22 @@ octavia
|
||||
|
||||
[octavia-worker:children]
|
||||
octavia
|
||||
|
||||
# Designate
|
||||
[designate-api:children]
|
||||
designate
|
||||
|
||||
[designate-central:children]
|
||||
designate
|
||||
|
||||
[designate-mdns:children]
|
||||
designate
|
||||
|
||||
[designate-worker:children]
|
||||
designate
|
||||
|
||||
[designate-sink:children]
|
||||
designate
|
||||
|
||||
[designate-backend-bind9:children]
|
||||
designate
|
||||
|
@ -170,6 +170,9 @@ control
|
||||
[octavia:children]
|
||||
control
|
||||
|
||||
[designate:children]
|
||||
control
|
||||
|
||||
# Additional control implemented here. These groups allow you to control which
|
||||
# services run on which hosts at a per-service level.
|
||||
#
|
||||
@ -466,3 +469,22 @@ octavia
|
||||
|
||||
[octavia-worker:children]
|
||||
octavia
|
||||
|
||||
# Designate
|
||||
[designate-api:children]
|
||||
designate
|
||||
|
||||
[designate-central:children]
|
||||
designate
|
||||
|
||||
[designate-mdns:children]
|
||||
designate
|
||||
|
||||
[designate-worker:children]
|
||||
designate
|
||||
|
||||
[designate-sink:children]
|
||||
designate
|
||||
|
||||
[designate-backend-bind9:children]
|
||||
designate
|
||||
|
@ -77,6 +77,7 @@
|
||||
- { name: "ceilometer", enabled: "{{ enable_ceilometer }}" }
|
||||
- { name: "cinder", enabled: "{{ enable_cinder }}" }
|
||||
- { name: "cloudkitty", enabled: "{{ enable_cloudkitty }}" }
|
||||
- { name: "designate", enabled: "{{ enable_designate }}" }
|
||||
- { name: "elasticsearch", enabled: "{{ enable_elasticsearch }}" }
|
||||
- { name: "glance", enabled: "{{ enable_glance }}" }
|
||||
- { name: "global", enabled: "yes" }
|
||||
|
@ -0,0 +1,3 @@
|
||||
"/var/log/kolla/designate/*.log"
|
||||
{
|
||||
}
|
@ -6,6 +6,7 @@
|
||||
( 'ceilometer', enable_ceilometer ),
|
||||
( 'cinder', enable_cinder ),
|
||||
( 'cloudkitty', enable_cloudkitty ),
|
||||
( 'designate', enable_designate ),
|
||||
( 'elasticsearch', enable_elasticsearch ),
|
||||
( 'glance', enable_glance ),
|
||||
( 'gnocchi', enable_gnocchi ),
|
||||
|
@ -6,6 +6,6 @@ filename = "lua_decoders/os_openstack_log.lua"
|
||||
type = "LogstreamerInput"
|
||||
decoder = "openstack_log_decoder"
|
||||
log_directory = "/var/log/kolla"
|
||||
file_match = '(?P<Service>cloudkitty|nova|glance|keystone|neutron|ceph|cinder|heat|murano|magnum|mistral|manila|octavia|searchlight|senlin|sahara|tacker)/(?P<Program>.*)\.log\.?(?P<Seq>\d*)$'
|
||||
file_match = '(?P<Service>cloudkitty|designate|nova|glance|keystone|neutron|ceph|cinder|heat|murano|magnum|mistral|manila|octavia|searchlight|senlin|sahara|tacker)/(?P<Program>.*)\.log\.?(?P<Seq>\d*)$'
|
||||
priority = ["^Seq"]
|
||||
differentiator = ["Service", "_", "Program"]
|
||||
|
55
ansible/roles/designate/defaults/main.yml
Normal file
55
ansible/roles/designate/defaults/main.yml
Normal file
@ -0,0 +1,55 @@
|
||||
---
|
||||
project_name: "designate"
|
||||
|
||||
####################
|
||||
# Database
|
||||
####################
|
||||
designate_database_name: "designate"
|
||||
designate_database_user: "designate"
|
||||
designate_database_address: "{{ kolla_internal_fqdn }}:{{ database_port }}"
|
||||
|
||||
designate_pool_manager_database_name: "designate_pool_manager"
|
||||
designate_pool_manager_database_user: "designate_pool_manager"
|
||||
designate_pool_manager_database_address: "{{ kolla_internal_fqdn }}:{{ database_port }}"
|
||||
|
||||
|
||||
####################
|
||||
# Docker
|
||||
####################
|
||||
|
||||
designate_central_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-designate-central"
|
||||
designate_central_tag: "{{ openstack_release }}"
|
||||
designate_central_image_full: "{{ designate_central_image }}:{{ designate_central_tag }}"
|
||||
|
||||
designate_api_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-designate-api"
|
||||
designate_api_tag: "{{ openstack_release }}"
|
||||
designate_api_image_full: "{{ designate_api_image }}:{{ designate_api_tag }}"
|
||||
|
||||
designate_backend_bind9_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-designate-backend-bind9"
|
||||
designate_backend_bind9_tag: "{{ openstack_release }}"
|
||||
designate_backend_bind9_image_full: "{{ designate_backend_bind9_image }}:{{ designate_backend_bind9_tag }}"
|
||||
|
||||
designate_mdns_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-designate-mdns"
|
||||
designate_mdns_tag: "{{ openstack_release }}"
|
||||
designate_mdns_image_full: "{{ designate_mdns_image }}:{{ designate_mdns_tag }}"
|
||||
|
||||
designate_sink_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-designate-sink"
|
||||
designate_sink_tag: "{{ openstack_release }}"
|
||||
designate_sink_image_full: "{{ designate_sink_image }}:{{ designate_sink_tag }}"
|
||||
|
||||
designate_worker_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-designate-worker"
|
||||
designate_worker_tag: "{{ openstack_release }}"
|
||||
designate_worker_image_full: "{{ designate_worker_image }}:{{ designate_worker_tag }}"
|
||||
|
||||
####################
|
||||
# OpenStack
|
||||
####################
|
||||
designate_admin_endpoint: "{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ designate_api_port }}"
|
||||
designate_internal_endpoint: "{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ designate_api_port }}"
|
||||
designate_public_endpoint: "{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ designate_api_port }}"
|
||||
|
||||
designate_logging_debug: "{{ openstack_logging_debug }}"
|
||||
|
||||
designate_keystone_user: "designate"
|
||||
|
||||
openstack_designate_auth: "{'auth_url':'{{ openstack_auth.auth_url }}','username':'{{ openstack_auth.username }}','password':'{{ openstack_auth.password }}','project_name':'{{ openstack_auth.project_name }}'}"
|
3
ansible/roles/designate/meta/main.yml
Normal file
3
ansible/roles/designate/meta/main.yml
Normal file
@ -0,0 +1,3 @@
|
||||
---
|
||||
dependencies:
|
||||
- { role: common }
|
79
ansible/roles/designate/tasks/bootstrap.yml
Normal file
79
ansible/roles/designate/tasks/bootstrap.yml
Normal file
@ -0,0 +1,79 @@
|
||||
---
|
||||
- name: Creating Designate database
|
||||
command: docker exec -t kolla_toolbox /usr/bin/ansible localhost
|
||||
-m mysql_db
|
||||
-a "login_host='{{ database_address }}'
|
||||
login_port='{{ database_port }}'
|
||||
login_user='{{ database_user }}'
|
||||
login_password='{{ database_password }}'
|
||||
name='{{ designate_database_name }}'"
|
||||
register: database
|
||||
changed_when: "{{ database.stdout.find('localhost | SUCCESS => ') != -1 and
|
||||
(database.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
|
||||
failed_when: database.stdout.split()[2] != 'SUCCESS'
|
||||
run_once: True
|
||||
delegate_to: "{{ groups['designate-central'][0] }}"
|
||||
|
||||
- name: Reading json from variable
|
||||
set_fact:
|
||||
database_created: "{{ (database.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
|
||||
|
||||
- name: Creating Designate Pool Manager database
|
||||
command: docker exec -t kolla_toolbox /usr/bin/ansible localhost
|
||||
-m mysql_db
|
||||
-a "login_host='{{ database_address }}'
|
||||
login_port='{{ database_port }}'
|
||||
login_user='{{ database_user }}'
|
||||
login_password='{{ database_password }}'
|
||||
name='{{ designate_pool_manager_database_name }}'"
|
||||
register: database_pool_manager
|
||||
changed_when: "{{ database.stdout.find('localhost | SUCCESS => ') != -1 and
|
||||
(database.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
|
||||
failed_when: database.stdout.split()[2] != 'SUCCESS'
|
||||
run_once: True
|
||||
delegate_to: "{{ groups['designate-central'][0] }}"
|
||||
|
||||
- name: Reading json from variable
|
||||
set_fact:
|
||||
database_pool_manager_created: "{{ (database_pool_manager.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
|
||||
|
||||
- name: Creating Designate database user and setting permissions
|
||||
command: docker exec -t kolla_toolbox /usr/bin/ansible localhost
|
||||
-m mysql_user
|
||||
-a "login_host='{{ database_address }}'
|
||||
login_port='{{ database_port }}'
|
||||
login_user='{{ database_user }}'
|
||||
login_password='{{ database_password }}'
|
||||
name='{{ designate_database_name }}'
|
||||
password='{{ designate_database_password }}'
|
||||
host='%'
|
||||
priv='{{ designate_database_name }}.*:ALL'
|
||||
append_privs='yes'"
|
||||
register: database_user_create
|
||||
changed_when: "{{ database_user_create.stdout.find('localhost | SUCCESS => ') != -1 and
|
||||
(database_user_create.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
|
||||
failed_when: database_user_create.stdout.split()[2] != 'SUCCESS'
|
||||
run_once: True
|
||||
delegate_to: "{{ groups['designate-central'][0] }}"
|
||||
|
||||
- name: Creating Designate Pool Manager database user and setting permissions
|
||||
command: docker exec -t kolla_toolbox /usr/bin/ansible localhost
|
||||
-m mysql_user
|
||||
-a "login_host='{{ database_address }}'
|
||||
login_port='{{ database_port }}'
|
||||
login_user='{{ database_user }}'
|
||||
login_password='{{ database_password }}'
|
||||
name='{{ designate_pool_manager_database_name }}'
|
||||
password='{{ designate_pool_manager_database_password }}'
|
||||
host='%'
|
||||
priv='{{ designate_pool_manager_database_name }}.*:ALL'
|
||||
append_privs='yes'"
|
||||
register: database_pool_manager_user_create
|
||||
changed_when: "{{ database_pool_manager_user_create.stdout.find('localhost | SUCCESS => ') != -1 and
|
||||
(database_pool_manager_user_create.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
|
||||
failed_when: database_pool_manager_user_create.stdout.split()[2] != 'SUCCESS'
|
||||
run_once: True
|
||||
delegate_to: "{{ groups['designate-central'][0] }}"
|
||||
|
||||
- include: bootstrap_service.yml
|
||||
when: database_created
|
20
ansible/roles/designate/tasks/bootstrap_service.yml
Normal file
20
ansible/roles/designate/tasks/bootstrap_service.yml
Normal file
@ -0,0 +1,20 @@
|
||||
---
|
||||
- name: Running Designate bootstrap container
|
||||
kolla_docker:
|
||||
action: "start_container"
|
||||
common_options: "{{ docker_common_options }}"
|
||||
detach: False
|
||||
environment:
|
||||
KOLLA_BOOTSTRAP:
|
||||
KOLLA_CONFIG_STRATEGY: "{{ config_strategy }}"
|
||||
image: "{{ designate_central_image_full }}"
|
||||
labels:
|
||||
BOOTSTRAP:
|
||||
name: "bootstrap_designate"
|
||||
restart_policy: "never"
|
||||
volumes:
|
||||
- "{{ node_config_directory }}/designate-central/:{{ container_config_directory }}/:ro"
|
||||
- "/etc/localtime:/etc/localtime:ro"
|
||||
- "kolla_logs:/var/log/kolla/"
|
||||
run_once: True
|
||||
delegate_to: "{{ groups['designate-central'][0] }}"
|
96
ansible/roles/designate/tasks/config.yml
Normal file
96
ansible/roles/designate/tasks/config.yml
Normal file
@ -0,0 +1,96 @@
|
||||
---
|
||||
- name: Ensuring config directories exist
|
||||
file:
|
||||
path: "{{ node_config_directory }}/{{ item }}"
|
||||
state: "directory"
|
||||
recurse: yes
|
||||
with_items:
|
||||
- "designate-api"
|
||||
- "designate-central"
|
||||
- "designate-mdns"
|
||||
- "designate-sink"
|
||||
- "designate-backend-bind9"
|
||||
- "designate-worker"
|
||||
|
||||
- name: Copying over config.json files for services
|
||||
template:
|
||||
src: "{{ item }}.json.j2"
|
||||
dest: "{{ node_config_directory }}/{{ item }}/config.json"
|
||||
with_items:
|
||||
- "designate-api"
|
||||
- "designate-central"
|
||||
- "designate-mdns"
|
||||
- "designate-sink"
|
||||
- "designate-backend-bind9"
|
||||
- "designate-worker"
|
||||
|
||||
- name: Copying over designate.conf
|
||||
merge_configs:
|
||||
vars:
|
||||
service_name: "{{ item }}"
|
||||
sources:
|
||||
- "{{ role_path }}/templates/designate.conf.j2"
|
||||
- "{{ node_custom_config }}/global.conf"
|
||||
- "{{ node_custom_config }}/database.conf"
|
||||
- "{{ node_custom_config }}/messaging.conf"
|
||||
- "{{ node_custom_config }}/designate.conf"
|
||||
- "{{ node_custom_config }}/designate/{{ item }}.conf"
|
||||
- "{{ node_custom_config }}/designate/{{ inventory_hostname }}/designate.conf"
|
||||
dest: "{{ node_config_directory }}/{{ item }}/designate.conf"
|
||||
with_items:
|
||||
- "designate-api"
|
||||
- "designate-central"
|
||||
- "designate-mdns"
|
||||
- "designate-sink"
|
||||
- "designate-worker"
|
||||
|
||||
- name: Copying over pools.yaml
|
||||
template:
|
||||
src: "{{ item }}"
|
||||
dest: "{{ node_config_directory }}/designate-worker/pools.yaml"
|
||||
with_first_found:
|
||||
- "{{ node_custom_config }}/designate/pools.yaml"
|
||||
- "{{ role_path }}/templates/pools.yaml.j2"
|
||||
|
||||
- name: Copying over named.conf
|
||||
template:
|
||||
src: "{{ item }}"
|
||||
dest: "{{ node_config_directory }}/designate-backend-bind9/named.conf"
|
||||
with_first_found:
|
||||
- "{{ node_custom_config }}/designate/designate-backend-bind9/{{ inventory_hostname }}/named.conf"
|
||||
- "{{ node_custom_config }}/designate/designate-backend-bind9/named.conf"
|
||||
- "{{ node_custom_config }}/designate/named.conf"
|
||||
- "{{ role_path }}/templates/named.conf.j2"
|
||||
|
||||
- name: Copying over rndc.conf
|
||||
template:
|
||||
src: "rndc.conf.j2"
|
||||
dest: "{{ node_config_directory }}/{{ item }}/rndc.conf"
|
||||
with_items:
|
||||
- "designate-backend-bind9"
|
||||
- "designate-worker"
|
||||
|
||||
- name: Copying over rndc.key
|
||||
template:
|
||||
src: "rndc.key.j2"
|
||||
dest: "{{ node_config_directory }}/{{ item }}/rndc.key"
|
||||
with_items:
|
||||
- "designate-backend-bind9"
|
||||
- "designate-worker"
|
||||
|
||||
- name: Check if policies shall be overwritten
|
||||
local_action: stat path="{{ node_custom_config }}/designate/policy.json"
|
||||
register: designate_policy
|
||||
|
||||
- name: Copying over existing policy.json
|
||||
template:
|
||||
src: "{{ node_custom_config }}/designate/policy.json"
|
||||
dest: "{{ node_config_directory }}/{{ item }}/policy.json"
|
||||
with_items:
|
||||
- "designate-api"
|
||||
- "designate-central"
|
||||
- "designate-mdns"
|
||||
- "designate-sink"
|
||||
- "designate-worker"
|
||||
when:
|
||||
designate_policy.stat.exists
|
25
ansible/roles/designate/tasks/deploy.yml
Normal file
25
ansible/roles/designate/tasks/deploy.yml
Normal file
@ -0,0 +1,25 @@
|
||||
---
|
||||
- include: register.yml
|
||||
when: inventory_hostname in groups['designate-api']
|
||||
|
||||
- include: config.yml
|
||||
when: inventory_hostname in groups['designate-api'] or
|
||||
inventory_hostname in groups['designate-central'] or
|
||||
inventory_hostname in groups['designate-mdns'] or
|
||||
inventory_hostname in groups['designate-worker'] or
|
||||
inventory_hostname in groups['designate-sink'] or
|
||||
inventory_hostname in groups['designate-backend-bind9']
|
||||
|
||||
- include: bootstrap.yml
|
||||
when: inventory_hostname in groups['designate-central']
|
||||
|
||||
- include: start.yml
|
||||
when: inventory_hostname in groups['designate-api'] or
|
||||
inventory_hostname in groups['designate-central'] or
|
||||
inventory_hostname in groups['designate-mdns'] or
|
||||
inventory_hostname in groups['designate-worker'] or
|
||||
inventory_hostname in groups['designate-sink'] or
|
||||
inventory_hostname in groups['designate-backend-bind9']
|
||||
|
||||
- include: update_pools.yml
|
||||
when: inventory_hostname in groups['designate-worker'][0]
|
2
ansible/roles/designate/tasks/main.yml
Normal file
2
ansible/roles/designate/tasks/main.yml
Normal file
@ -0,0 +1,2 @@
|
||||
---
|
||||
- include: "{{ action }}.yml"
|
48
ansible/roles/designate/tasks/precheck.yml
Normal file
48
ansible/roles/designate/tasks/precheck.yml
Normal file
@ -0,0 +1,48 @@
|
||||
- name: Get container facts
|
||||
kolla_container_facts:
|
||||
name:
|
||||
- "{{ item }}"
|
||||
register: container_facts
|
||||
with_items:
|
||||
- designate_api
|
||||
- designate_backend_bind9
|
||||
|
||||
- name: Checking free port for designate API
|
||||
wait_for:
|
||||
host: "{{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}"
|
||||
port: "{{ designate_api_port }}"
|
||||
connect_timeout: 1
|
||||
state: stopped
|
||||
when:
|
||||
- container_facts['designate_api'] is not defined
|
||||
- inventory_hostname in groups['designate-api']
|
||||
|
||||
- name: Checking free port for designate mdns
|
||||
wait_for:
|
||||
host: "{{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}"
|
||||
port: "{{ designate_mdns_port }}"
|
||||
connect_timeout: 1
|
||||
state: stopped
|
||||
when:
|
||||
- container_facts['designate_mdns'] is not defined
|
||||
- inventory_hostname in groups['designate-mdns']
|
||||
|
||||
- name: Checking free port for designate backend bind9 port
|
||||
wait_for:
|
||||
host: "{{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}"
|
||||
port: "{{ designate_bind_port }}"
|
||||
connect_timeout: 1
|
||||
state: stopped
|
||||
when:
|
||||
- container_facts['designate_backend_bind9'] is not defined
|
||||
- inventory_hostname in groups['designate-backend-bind9']
|
||||
|
||||
- name: Checking free port for designate backend rndc port
|
||||
wait_for:
|
||||
host: "{{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}"
|
||||
port: "{{ designate_rndc_port }}"
|
||||
connect_timeout: 1
|
||||
state: stopped
|
||||
when:
|
||||
- container_facts['designate_backend_bind9'] is not defined
|
||||
- inventory_hostname in groups['designate-backend-bind9']
|
42
ansible/roles/designate/tasks/pull.yml
Normal file
42
ansible/roles/designate/tasks/pull.yml
Normal file
@ -0,0 +1,42 @@
|
||||
---
|
||||
- name: Pulling designate-api image
|
||||
kolla_docker:
|
||||
action: "pull_image"
|
||||
common_options: "{{ docker_common_options }}"
|
||||
image: "{{ designate_api_image_full }}"
|
||||
when: inventory_hostname in groups['designate-api']
|
||||
|
||||
- name: Pulling designate-central image
|
||||
kolla_docker:
|
||||
action: "pull_image"
|
||||
common_options: "{{ docker_common_options }}"
|
||||
image: "{{ designate_central_image_full }}"
|
||||
when: inventory_hostname in groups['designate-central']
|
||||
|
||||
- name: Pulling designate-mdns image
|
||||
kolla_docker:
|
||||
action: "pull_image"
|
||||
common_options: "{{ docker_common_options }}"
|
||||
image: "{{ designate_mdns_image_full }}"
|
||||
when: inventory_hostname in groups['designate-mdns']
|
||||
|
||||
- name: Pulling designate-worker image
|
||||
kolla_docker:
|
||||
action: "pull_image"
|
||||
common_options: "{{ docker_common_options }}"
|
||||
image: "{{ designate_worker_image_full }}"
|
||||
when: inventory_hostname in groups['designate-worker']
|
||||
|
||||
- name: Pulling designate-sink image
|
||||
kolla_docker:
|
||||
action: "pull_image"
|
||||
common_options: "{{ docker_common_options }}"
|
||||
image: "{{ designate_sink_image_full }}"
|
||||
when: inventory_hostname in groups['designate-sink']
|
||||
|
||||
- name: Pulling designate-backend-bind9 image
|
||||
kolla_docker:
|
||||
action: "pull_image"
|
||||
common_options: "{{ docker_common_options }}"
|
||||
image: "{{ designate_backend_bind9_image_full }}"
|
||||
when: inventory_hostname in groups['designate-backend-bind9']
|
93
ansible/roles/designate/tasks/reconfigure.yml
Normal file
93
ansible/roles/designate/tasks/reconfigure.yml
Normal file
@ -0,0 +1,93 @@
|
||||
---
|
||||
- name: Ensuring the containers up
|
||||
kolla_docker:
|
||||
name: "{{ item.name }}"
|
||||
action: "get_container_state"
|
||||
register: container_state
|
||||
failed_when: container_state.Running == false
|
||||
when:
|
||||
- "{{ item.enabled|default(True) }}"
|
||||
- inventory_hostname in groups[item.group]
|
||||
with_items:
|
||||
- { name: designate_central, group: designate-central }
|
||||
- { name: designate_api, group: designate-api }
|
||||
- { name: designate_mdns, group: designate-mdns }
|
||||
- { name: designate_worker, group: designate-worker }
|
||||
- { name: designate_sink, group: designate-sink }
|
||||
- { name: designate_backend_bind9, group: designate-backend-bind9 }
|
||||
|
||||
- include: config.yml
|
||||
|
||||
- name: Check the configs
|
||||
command: docker exec {{ item.name }} /usr/local/bin/kolla_set_configs --check
|
||||
changed_when: false
|
||||
failed_when: false
|
||||
register: check_results
|
||||
when: inventory_hostname in groups[item.group]
|
||||
with_items:
|
||||
- { name: designate_central, group: designate-central }
|
||||
- { name: designate_api, group: designate-api }
|
||||
- { name: designate_mdns, group: designate-mdns }
|
||||
- { name: designate_worker, group: designate-worker }
|
||||
- { name: designate_sink, group: designate-sink }
|
||||
- { name: designate_backend_bind9, group: designate-backend-bind9 }
|
||||
|
||||
# NOTE(jeffrey4l): when config_strategy == 'COPY_ALWAYS'
|
||||
# and container env['KOLLA_CONFIG_STRATEGY'] == 'COPY_ONCE',
|
||||
# just remove the container and start again
|
||||
- name: Containers config strategy
|
||||
kolla_docker:
|
||||
name: "{{ item.name }}"
|
||||
action: "get_container_env"
|
||||
register: container_envs
|
||||
when: inventory_hostname in groups[item.group]
|
||||
with_items:
|
||||
- { name: designate_central, group: designate-central }
|
||||
- { name: designate_api, group: designate-api }
|
||||
- { name: designate_mdns, group: designate-mdns }
|
||||
- { name: designate_worker, group: designate-worker }
|
||||
- { name: designate_sink, group: designate-sink }
|
||||
- { name: designate_backend_bind9, group: designate-backend-bind9 }
|
||||
|
||||
- name: Remove the containers
|
||||
kolla_docker:
|
||||
name: "{{ item[0]['name'] }}"
|
||||
action: "remove_container"
|
||||
register: remove_containers
|
||||
when:
|
||||
- inventory_hostname in groups[item[0]['group']]
|
||||
- config_strategy == "COPY_ONCE" or item[1]['KOLLA_CONFIG_STRATEGY'] == 'COPY_ONCE'
|
||||
- item[2]['rc'] == 1
|
||||
with_together:
|
||||
- [{ name: designate_central, group: designate-central },
|
||||
{ name: designate_api, group: designate-api },
|
||||
{ name: designate_mdns, group: designate-mdns },
|
||||
{ name: designate_worker, group: designate-worker },
|
||||
{ name: designate_sink, group: designate-sink },
|
||||
{ name: designate_backend_bind9, group: designate-backend-bind9 }]
|
||||
- "{{ container_envs.results }}"
|
||||
- "{{ check_results.results }}"
|
||||
|
||||
- include: start.yml
|
||||
when: remove_containers.changed
|
||||
|
||||
- name: Restart containers
|
||||
kolla_docker:
|
||||
name: "{{ item[0]['name'] }}"
|
||||
action: "restart_container"
|
||||
when:
|
||||
- inventory_hostname in groups[item[0]['group']]
|
||||
- config_strategy == 'COPY_ALWAYS'
|
||||
- item[1]['KOLLA_CONFIG_STRATEGY'] != 'COPY_ONCE'
|
||||
- item[2]['rc'] == 1
|
||||
with_together:
|
||||
- [{ name: designate_central, group: designate-central },
|
||||
{ name: designate_api, group: designate-api },
|
||||
{ name: designate_mdns, group: designate-mdns },
|
||||
{ name: designate_worker, group: designate-worker },
|
||||
{ name: designate_sink, group: designate-sink },
|
||||
{ name: designate_backend_bind9, group: designate-backend-bind9 }]
|
||||
- "{{ container_envs.results }}"
|
||||
- "{{ check_results.results }}"
|
||||
|
||||
- include: update_pools.yml
|
40
ansible/roles/designate/tasks/register.yml
Normal file
40
ansible/roles/designate/tasks/register.yml
Normal file
@ -0,0 +1,40 @@
|
||||
---
|
||||
- name: Creating the Designate service and endpoint
|
||||
command: docker exec -t kolla_toolbox /usr/bin/ansible localhost
|
||||
-m kolla_keystone_service
|
||||
-a "service_name=designate
|
||||
service_type=dns
|
||||
description='Designate DNS Service'
|
||||
endpoint_region={{ openstack_region_name }}
|
||||
url='{{ item.url }}'
|
||||
interface='{{ item.interface }}'
|
||||
region_name={{ openstack_region_name }}
|
||||
auth={{ '{{ openstack_designate_auth }}' }}"
|
||||
-e "{'openstack_designate_auth':{{ openstack_designate_auth }}}"
|
||||
register: designate_endpoint
|
||||
changed_when: "{{ designate_endpoint.stdout.find('localhost | SUCCESS => ') != -1 and (designate_endpoint.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
|
||||
until: designate_endpoint.stdout.split()[2] == 'SUCCESS'
|
||||
retries: 10
|
||||
delay: 5
|
||||
run_once: True
|
||||
with_items:
|
||||
- {'interface': 'admin', 'url': '{{ designate_admin_endpoint }}'}
|
||||
- {'interface': 'internal', 'url': '{{ designate_internal_endpoint }}'}
|
||||
- {'interface': 'public', 'url': '{{ designate_public_endpoint }}'}
|
||||
|
||||
- name: Creating the Designate project, user, and role
|
||||
command: docker exec -t kolla_toolbox /usr/bin/ansible localhost
|
||||
-m kolla_keystone_user
|
||||
-a "project=service
|
||||
user=designate
|
||||
password={{ designate_keystone_password }}
|
||||
role=admin
|
||||
region_name={{ openstack_region_name }}
|
||||
auth={{ '{{ openstack_designate_auth }}' }}"
|
||||
-e "{'openstack_designate_auth':{{ openstack_designate_auth }}}"
|
||||
register: designate_user
|
||||
changed_when: "{{ designate_user.stdout.find('localhost | SUCCESS => ') != -1 and (designate_user.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
|
||||
until: designate_user.stdout.split()[2] == 'SUCCESS'
|
||||
retries: 10
|
||||
delay: 5
|
||||
run_once: True
|
73
ansible/roles/designate/tasks/start.yml
Normal file
73
ansible/roles/designate/tasks/start.yml
Normal file
@ -0,0 +1,73 @@
|
||||
---
|
||||
- name: Starting designate-backend-bind9 container
|
||||
kolla_docker:
|
||||
action: "start_container"
|
||||
common_options: "{{ docker_common_options }}"
|
||||
image: "{{ designate_backend_bind9_image_full }}"
|
||||
name: "designate_backend_bind9"
|
||||
volumes:
|
||||
- "{{ node_config_directory }}/designate-backend-bind9/:{{ container_config_directory }}/:ro"
|
||||
- "/etc/localtime:/etc/localtime:ro"
|
||||
- "kolla_logs:/var/log/kolla/"
|
||||
- "designate_backend_bind9:/var/lib/named/"
|
||||
when: inventory_hostname in groups['designate-backend-bind9']
|
||||
|
||||
- name: Starting designate-central container
|
||||
kolla_docker:
|
||||
action: "start_container"
|
||||
common_options: "{{ docker_common_options }}"
|
||||
image: "{{ designate_central_image_full }}"
|
||||
name: "designate_central"
|
||||
volumes:
|
||||
- "{{ node_config_directory }}/designate-central/:{{ container_config_directory }}/:ro"
|
||||
- "/etc/localtime:/etc/localtime:ro"
|
||||
- "kolla_logs:/var/log/kolla/"
|
||||
when: inventory_hostname in groups['designate-central']
|
||||
|
||||
- name: Starting designate-api container
|
||||
kolla_docker:
|
||||
action: "start_container"
|
||||
common_options: "{{ docker_common_options }}"
|
||||
image: "{{ designate_api_image_full }}"
|
||||
name: "designate_api"
|
||||
volumes:
|
||||
- "{{ node_config_directory }}/designate-api/:{{ container_config_directory }}/:ro"
|
||||
- "/etc/localtime:/etc/localtime:ro"
|
||||
- "kolla_logs:/var/log/kolla/"
|
||||
when: inventory_hostname in groups['designate-api']
|
||||
|
||||
- name: Starting designate-mdns container
|
||||
kolla_docker:
|
||||
action: "start_container"
|
||||
common_options: "{{ docker_common_options }}"
|
||||
image: "{{ designate_mdns_image_full }}"
|
||||
name: "designate_mdns"
|
||||
volumes:
|
||||
- "{{ node_config_directory }}/designate-mdns/:{{ container_config_directory }}/:ro"
|
||||
- "/etc/localtime:/etc/localtime:ro"
|
||||
- "kolla_logs:/var/log/kolla/"
|
||||
when: inventory_hostname in groups['designate-mdns']
|
||||
|
||||
- name: Starting designate-worker container
|
||||
kolla_docker:
|
||||
action: "start_container"
|
||||
common_options: "{{ docker_common_options }}"
|
||||
image: "{{ designate_worker_image_full }}"
|
||||
name: "designate_worker"
|
||||
volumes:
|
||||
- "{{ node_config_directory }}/designate-worker/:{{ container_config_directory }}/:ro"
|
||||
- "/etc/localtime:/etc/localtime:ro"
|
||||
- "kolla_logs:/var/log/kolla/"
|
||||
when: inventory_hostname in groups['designate-worker']
|
||||
|
||||
- name: Starting designate-sink container
|
||||
kolla_docker:
|
||||
action: "start_container"
|
||||
common_options: "{{ docker_common_options }}"
|
||||
image: "{{ designate_sink_image_full }}"
|
||||
name: "designate_sink"
|
||||
volumes:
|
||||
- "{{ node_config_directory }}/designate-sink/:{{ container_config_directory }}/:ro"
|
||||
- "/etc/localtime:/etc/localtime:ro"
|
||||
- "kolla_logs:/var/log/kolla/"
|
||||
when: inventory_hostname in groups['designate-sink']
|
4
ansible/roles/designate/tasks/update_pools.yml
Normal file
4
ansible/roles/designate/tasks/update_pools.yml
Normal file
@ -0,0 +1,4 @@
|
||||
---
|
||||
- name: Update DNS pools
|
||||
command: docker exec -t designate_worker designate-manage pool update --file /etc/designate/pools.yaml
|
||||
when: inventory_hostname in groups['designate-worker'][0]
|
8
ansible/roles/designate/tasks/upgrade.yml
Normal file
8
ansible/roles/designate/tasks/upgrade.yml
Normal file
@ -0,0 +1,8 @@
|
||||
---
|
||||
- include: config.yml
|
||||
|
||||
- include: bootstrap_service.yml
|
||||
|
||||
- include: start.yml
|
||||
|
||||
- include: update_pools.yml
|
25
ansible/roles/designate/templates/designate-api.json.j2
Normal file
25
ansible/roles/designate/templates/designate-api.json.j2
Normal file
@ -0,0 +1,25 @@
|
||||
{
|
||||
"command": "designate-api --config-file /etc/designate/designate.conf",
|
||||
"config_files": [
|
||||
{
|
||||
"source": "{{ container_config_directory }}/designate.conf",
|
||||
"dest": "/etc/designate/designate.conf",
|
||||
"owner": "designate",
|
||||
"perm": "0600"
|
||||
},
|
||||
{
|
||||
"source": "{{ container_config_directory }}/policy.json",
|
||||
"dest": "/etc/designate/policy.json",
|
||||
"owner": "designate",
|
||||
"perm": "0600",
|
||||
"optional": true
|
||||
}
|
||||
],
|
||||
"permissions": [
|
||||
{
|
||||
"path": "/var/log/kolla/designate",
|
||||
"owner": "designate:designate",
|
||||
"recurse": true
|
||||
}
|
||||
]
|
||||
}
|
@ -0,0 +1,35 @@
|
||||
{% set bind_cmd = 'named' if kolla_base_distro in ['ubuntu', 'debian'] else 'named' %}
|
||||
{% set bind_file = 'bind/named.conf' if kolla_base_distro in ['ubuntu', 'debian'] else 'named.conf' %}
|
||||
|
||||
{
|
||||
"command": "/usr/sbin/{{ bind_cmd }} -g",
|
||||
"config_files": [
|
||||
{
|
||||
"source": "{{ container_config_directory }}/named.conf",
|
||||
"dest": "/etc/{{ bind_file }}",
|
||||
"owner": "root",
|
||||
"perm": "0660"
|
||||
},
|
||||
{
|
||||
"source": "{{ container_config_directory }}/rndc.conf",
|
||||
"dest": "/etc/rndc.conf",
|
||||
"owner": "root",
|
||||
"perm": "0600",
|
||||
"optional": true
|
||||
},
|
||||
{
|
||||
"source": "{{ container_config_directory }}/rndc.key",
|
||||
"dest": "/etc/rndc.key",
|
||||
"owner": "root",
|
||||
"perm": "0600",
|
||||
"optional": true
|
||||
}
|
||||
],
|
||||
"permissions": [
|
||||
{
|
||||
"path": "/var/log/kolla/named",
|
||||
"owner": "root:root",
|
||||
"recurse": true
|
||||
}
|
||||
]
|
||||
}
|
25
ansible/roles/designate/templates/designate-central.json.j2
Normal file
25
ansible/roles/designate/templates/designate-central.json.j2
Normal file
@ -0,0 +1,25 @@
|
||||
{
|
||||
"command": "designate-central --config-file /etc/designate/designate.conf",
|
||||
"config_files": [
|
||||
{
|
||||
"source": "{{ container_config_directory }}/designate.conf",
|
||||
"dest": "/etc/designate/designate.conf",
|
||||
"owner": "designate",
|
||||
"perm": "0600"
|
||||
},
|
||||
{
|
||||
"source": "{{ container_config_directory }}/policy.json",
|
||||
"dest": "/etc/designate/policy.json",
|
||||
"owner": "designate",
|
||||
"perm": "0600",
|
||||
"optional": true
|
||||
}
|
||||
],
|
||||
"permissions": [
|
||||
{
|
||||
"path": "/var/log/kolla/designate",
|
||||
"owner": "designate:designate",
|
||||
"recurse": true
|
||||
}
|
||||
]
|
||||
}
|
25
ansible/roles/designate/templates/designate-mdns.json.j2
Normal file
25
ansible/roles/designate/templates/designate-mdns.json.j2
Normal file
@ -0,0 +1,25 @@
|
||||
{
|
||||
"command": "designate-mdns --config-file /etc/designate/designate.conf",
|
||||
"config_files": [
|
||||
{
|
||||
"source": "{{ container_config_directory }}/designate.conf",
|
||||
"dest": "/etc/designate/designate.conf",
|
||||
"owner": "designate",
|
||||
"perm": "0600"
|
||||
},
|
||||
{
|
||||
"source": "{{ container_config_directory }}/policy.json",
|
||||
"dest": "/etc/designate/policy.json",
|
||||
"owner": "designate",
|
||||
"perm": "0600",
|
||||
"optional": true
|
||||
}
|
||||
],
|
||||
"permissions": [
|
||||
{
|
||||
"path": "/var/log/kolla/designate",
|
||||
"owner": "designate:designate",
|
||||
"recurse": true
|
||||
}
|
||||
]
|
||||
}
|
25
ansible/roles/designate/templates/designate-sink.json.j2
Normal file
25
ansible/roles/designate/templates/designate-sink.json.j2
Normal file
@ -0,0 +1,25 @@
|
||||
{
|
||||
"command": "designate-sink --config-file /etc/designate/designate.conf",
|
||||
"config_files": [
|
||||
{
|
||||
"source": "{{ container_config_directory }}/designate.conf",
|
||||
"dest": "/etc/designate/designate.conf",
|
||||
"owner": "designate",
|
||||
"perm": "0600"
|
||||
},
|
||||
{
|
||||
"source": "{{ container_config_directory }}/policy.json",
|
||||
"dest": "/etc/designate/policy.json",
|
||||
"owner": "designate",
|
||||
"perm": "0600",
|
||||
"optional": true
|
||||
}
|
||||
],
|
||||
"permissions": [
|
||||
{
|
||||
"path": "/var/log/kolla/designate",
|
||||
"owner": "designate:designate",
|
||||
"recurse": true
|
||||
}
|
||||
]
|
||||
}
|
46
ansible/roles/designate/templates/designate-worker.json.j2
Normal file
46
ansible/roles/designate/templates/designate-worker.json.j2
Normal file
@ -0,0 +1,46 @@
|
||||
{
|
||||
"command": "designate-worker --config-file /etc/designate/designate.conf",
|
||||
"config_files": [
|
||||
{
|
||||
"source": "{{ container_config_directory }}/designate.conf",
|
||||
"dest": "/etc/designate/designate.conf",
|
||||
"owner": "designate",
|
||||
"perm": "0600"
|
||||
},
|
||||
{
|
||||
"source": "{{ container_config_directory }}/policy.json",
|
||||
"dest": "/etc/designate/policy.json",
|
||||
"owner": "designate",
|
||||
"perm": "0600",
|
||||
"optional": true
|
||||
},
|
||||
{
|
||||
"source": "{{ container_config_directory }}/pools.yaml",
|
||||
"dest": "/etc/designate/pools.yaml",
|
||||
"owner": "designate",
|
||||
"perm": "0600",
|
||||
"optional": true
|
||||
},
|
||||
{
|
||||
"source": "{{ container_config_directory }}/rndc.conf",
|
||||
"dest": "/etc/designate/rndc.conf",
|
||||
"owner": "designate",
|
||||
"perm": "0600",
|
||||
"optional": true
|
||||
},
|
||||
{
|
||||
"source": "{{ container_config_directory }}/rndc.key",
|
||||
"dest": "/etc/designate/rndc.key",
|
||||
"owner": "designate",
|
||||
"perm": "0600",
|
||||
"optional": true
|
||||
}
|
||||
],
|
||||
"permissions": [
|
||||
{
|
||||
"path": "/var/log/kolla/designate",
|
||||
"owner": "designate:designate",
|
||||
"recurse": true
|
||||
}
|
||||
]
|
||||
}
|
88
ansible/roles/designate/templates/designate.conf.j2
Normal file
88
ansible/roles/designate/templates/designate.conf.j2
Normal file
@ -0,0 +1,88 @@
|
||||
[DEFAULT]
|
||||
|
||||
debug = {{ designate_logging_debug }}
|
||||
|
||||
log_dir = /var/log/kolla/designate
|
||||
|
||||
transport_url = rabbit://{% for host in groups['rabbitmq'] %}{{ rabbitmq_user }}:{{ rabbitmq_password }}@{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ rabbitmq_port }}{% if not loop.last %},{% endif %}{% endfor %}
|
||||
|
||||
[service:central]
|
||||
default_pool_id = {{ designate_pool_id }}
|
||||
|
||||
[service:api]
|
||||
api_base_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ designate_api_port }}
|
||||
api_host = {{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}
|
||||
api_port = {{ designate_api_port }}
|
||||
enable_api_v1 = True
|
||||
enabled_extensions_v1 = 'diagnostics, quotas, reports, sync, touch'
|
||||
enable_api_v2 = True
|
||||
enabled_extensions_v2 = 'quotas, reports'
|
||||
|
||||
|
||||
[keystone_authtoken]
|
||||
auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}
|
||||
auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
|
||||
auth_type = password
|
||||
project_domain_id = default
|
||||
user_domain_id = default
|
||||
project_name = service
|
||||
username = {{ designate_keystone_user }}
|
||||
password = {{ designate_keystone_password }}
|
||||
http_connect_timeout = 60
|
||||
|
||||
memcache_security_strategy = ENCRYPT
|
||||
memcache_secret_key = {{ memcache_secret_key }}
|
||||
memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}
|
||||
|
||||
[service:sink]
|
||||
enabled_notification_handlers = nova_fixed, neutron_floatingip
|
||||
workers = {{ openstack_service_workers }}
|
||||
|
||||
[service:mdns]
|
||||
listen = {{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}:{{ designate_mdns_port }}
|
||||
workers = {{ openstack_service_workers }}
|
||||
|
||||
[service:worker]
|
||||
enabled = True
|
||||
notify = True
|
||||
workers = {{ openstack_service_workers }}
|
||||
|
||||
[service:pool_manager]
|
||||
cache_driver = sqlalchemy
|
||||
pool_id = {{ designate_pool_id }}
|
||||
workers = {{ openstack_service_workers }}
|
||||
|
||||
[pool_manager_cache:sqlalchemy]
|
||||
connection = mysql+pymysql://{{ designate_pool_manager_database_user }}:{{ designate_pool_manager_database_password }}@{{ designate_pool_manager_database_address }}/{{ designate_pool_manager_database_name }}
|
||||
max_retries = 10
|
||||
idle_timeout = 3600
|
||||
|
||||
[pool_manager_cache:memcache]
|
||||
memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}
|
||||
|
||||
[storage:sqlalchemy]
|
||||
connection = mysql+pymysql://{{ designate_database_user }}:{{ designate_database_password }}@{{ designate_database_address }}/{{ designate_database_name }}
|
||||
max_retries = 10
|
||||
idle_timeout = 3600
|
||||
|
||||
[handler:nova_fixed]
|
||||
notification_topics = notifications_designate
|
||||
control_exchange = nova
|
||||
format = '(display_name)s.%(domain)s'
|
||||
|
||||
[handler:neutron_floatingip]
|
||||
notification_topics = notifications_designate
|
||||
control_exchange = neutron
|
||||
format = '%(octet0)s-%(octet1)s-%(octet2)s-%(octet3)s.%(domain)s'
|
||||
|
||||
[oslo_messaging_notifications]
|
||||
topics = notifications_designate
|
||||
driver = messaging
|
||||
|
||||
[oslo_messaging_rabbit]
|
||||
rabbit_userid = {{ rabbitmq_user }}
|
||||
rabbit_password = {{ rabbitmq_password }}
|
||||
rabbit_hosts = {% for host in groups['rabbitmq'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ rabbitmq_port }}{% if not loop.last %},{% endif %}{% endfor %}
|
||||
|
||||
[oslo_concurrency]
|
||||
lock_path = /var/lib/designate/tmp
|
15
ansible/roles/designate/templates/named.conf.j2
Normal file
15
ansible/roles/designate/templates/named.conf.j2
Normal file
@ -0,0 +1,15 @@
|
||||
include "/etc/rndc.key";
|
||||
options {
|
||||
listen-on port {{ designate_bind_port }} { {{ hostvars[inventory_hostname]['ansible_' + hostvars[inventory_hostname]['api_interface']]['ipv4']['address'] }}; };
|
||||
directory "/var/lib/named";
|
||||
allow-new-zones yes;
|
||||
dnssec-validation auto;
|
||||
auth-nxdomain no;
|
||||
request-ixfr no;
|
||||
recursion no;
|
||||
minimal-responses yes;
|
||||
};
|
||||
|
||||
controls {
|
||||
inet {{ hostvars[inventory_hostname]['ansible_' + hostvars[inventory_hostname]['api_interface']]['ipv4']['address'] }} port {{ designate_rndc_port }} allow { {% for host in groups['designate-worker'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}; {% endfor %} } keys { "rndc-key"; };
|
||||
};
|
28
ansible/roles/designate/templates/pools.yaml.j2
Normal file
28
ansible/roles/designate/templates/pools.yaml.j2
Normal file
@ -0,0 +1,28 @@
|
||||
- name: default-bind
|
||||
id: {{ designate_pool_id }}
|
||||
description: Default BIND9 Pool
|
||||
attributes: {}
|
||||
ns_records:
|
||||
- hostname: {{ designate_ns_record }}.
|
||||
priority: 1
|
||||
nameservers:
|
||||
{% for host in groups['designate-backend-bind9'] %}
|
||||
- host: {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}
|
||||
port: {{ designate_bind_port }}
|
||||
{% endfor %}
|
||||
targets:
|
||||
{% for bind_host in groups['designate-backend-bind9'] %}
|
||||
- type: bind9
|
||||
description: BIND9 Server {{ hostvars[bind_host]['ansible_' + hostvars[bind_host]['api_interface']]['ipv4']['address'] }}
|
||||
masters:
|
||||
{% for mdns_host in groups['designate-mdns'] %}
|
||||
- host: {{ hostvars[mdns_host]['ansible_' + hostvars[mdns_host]['api_interface']]['ipv4']['address'] }}
|
||||
port: 5354
|
||||
{% endfor %}
|
||||
options:
|
||||
host: {{ hostvars[bind_host]['ansible_' + hostvars[bind_host]['api_interface']]['ipv4']['address'] }}
|
||||
port: {{ designate_bind_port }}
|
||||
rndc_host: {{ hostvars[bind_host]['ansible_' + hostvars[bind_host]['api_interface']]['ipv4']['address'] }}
|
||||
rndc_port: {{ designate_rndc_port }}
|
||||
rndc_key_file: /etc/designate/rndc.key
|
||||
{% endfor %}
|
6
ansible/roles/designate/templates/rndc.conf.j2
Normal file
6
ansible/roles/designate/templates/rndc.conf.j2
Normal file
@ -0,0 +1,6 @@
|
||||
#include "/etc/rndc.key";
|
||||
options {
|
||||
default-key "rndc-key";
|
||||
default-server {{ hostvars[inventory_hostname]['ansible_' + hostvars[inventory_hostname]['api_interface']]['ipv4']['address'] }};
|
||||
default-port {{ designate_rndc_port }};
|
||||
};
|
4
ansible/roles/designate/templates/rndc.key.j2
Normal file
4
ansible/roles/designate/templates/rndc.key.j2
Normal file
@ -0,0 +1,4 @@
|
||||
key "rndc-key" {
|
||||
algorithm hmac-md5;
|
||||
secret "{{ designate_rndc_key }}";
|
||||
};
|
@ -36,6 +36,17 @@
|
||||
- "{{ 'cloudkitty_api' not in haproxy_stat }}"
|
||||
- inventory_hostname in groups['haproxy']
|
||||
|
||||
- name: Checking free port for Designate API HAProxy
|
||||
wait_for:
|
||||
host: "{{ kolla_internal_vip_address }}"
|
||||
port: "{{ designate_api_port }}"
|
||||
connect_timeout: 1
|
||||
state: stopped
|
||||
when:
|
||||
- enable_designate | bool
|
||||
- inventory_hostname in groups['haproxy']
|
||||
- "{{ 'designate_api' not in haproxy_stat }}"
|
||||
|
||||
- name: Checking free port for Glance API HAProxy
|
||||
wait_for:
|
||||
host: "{{ kolla_internal_vip_address }}"
|
||||
|
@ -650,6 +650,22 @@ listen congress_api_external
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
|
||||
{% if enable_designate | bool %}
|
||||
listen designate_api
|
||||
bind {{ kolla_internal_vip_address }}:{{ designate_api_port }}
|
||||
{% for host in groups['designate-api'] %}
|
||||
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ designate_api_port }} check inter 2000 rise 2 fall 5
|
||||
{% endfor %}
|
||||
{% if haproxy_enable_external_vip | bool %}
|
||||
|
||||
listen designate_api_external
|
||||
bind {{ kolla_external_vip_address }}:{{ designate_api_port }} {{ tls_bind_info }}
|
||||
{% for host in groups['designate-api'] %}
|
||||
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ designate_api_port }} check inter 2000 rise 2 fall 5
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
|
||||
{% if enable_mistral | bool %}
|
||||
listen mistral_api
|
||||
bind {{ kolla_internal_vip_address }}:{{ mistral_api_port }}
|
||||
|
@ -91,9 +91,10 @@ memcached_servers = {% for host in groups['memcached'] %}{% if orchestration_eng
|
||||
{% endif %}
|
||||
|
||||
[oslo_messaging_notifications]
|
||||
{% if enable_ceilometer | bool or enable_searchlight | bool %}
|
||||
{% if enable_ceilometer | bool or enable_searchlight | bool or enable_designate | bool %}
|
||||
driver = messagingv2
|
||||
topics = notifications
|
||||
{% set topics=["notifications" if enable_ceilometer | bool else "", "notifications_designate" if enable_designate | bool else ""] %}
|
||||
topics = {{ topics|reject("equalto", "")|list|join(",") }}
|
||||
{% else %}
|
||||
driver = noop
|
||||
{% endif %}
|
||||
|
@ -50,7 +50,7 @@ compute_driver = libvirt.LibvirtDriver
|
||||
# Though my_ip is not used directly, lots of other variables use $my_ip
|
||||
my_ip = {{ api_interface_address }}
|
||||
|
||||
{% if enable_ceilometer | bool or enable_searchlight | bool %}
|
||||
{% if enable_ceilometer | bool or enable_searchlight | bool or enable_designate | bool %}
|
||||
instance_usage_audit = True
|
||||
instance_usage_audit_period = hour
|
||||
notify_on_state_change = vm_and_task_state
|
||||
@ -185,9 +185,10 @@ rbd_secret_uuid = {{ rbd_secret_uuid }}
|
||||
compute = auto
|
||||
|
||||
[oslo_messaging_notifications]
|
||||
{% if enable_ceilometer | bool or enable_searchlight | bool %}
|
||||
{% if enable_ceilometer | bool or enable_searchlight | bool or enable_designate | bool %}
|
||||
driver = messagingv2
|
||||
topics = notifications
|
||||
{% set topics=["notifications" if enable_ceilometer | bool else "", "notifications_designate" if enable_designate | bool else ""] %}
|
||||
topics = {{ topics|reject("equalto", "")|list|join(",") }}
|
||||
{% else %}
|
||||
driver = noop
|
||||
{% endif %}
|
||||
|
@ -401,6 +401,19 @@
|
||||
tags: tempest,
|
||||
when: enable_tempest | bool }
|
||||
|
||||
- name: Apply role designate
|
||||
hosts:
|
||||
- designate-api
|
||||
- designate-central
|
||||
- designate-mdns
|
||||
- designate-worker
|
||||
- designate-sink
|
||||
serial: '{{ serial|default("0") }}'
|
||||
roles:
|
||||
- { role: designate,
|
||||
tags: designate,
|
||||
when: enable_designate | bool }
|
||||
|
||||
- name: Apply role rally
|
||||
hosts: rally
|
||||
serial: '{{ serial|default("0") }}'
|
||||
|
@ -129,6 +129,7 @@ kolla_internal_vip_address: "10.10.10.254"
|
||||
#enable_cinder_backend_nfs: "no"
|
||||
#enable_cloudkitty: "no"
|
||||
#enable_congress: "no"
|
||||
#enable_designate: "no"
|
||||
#enable_destroy_images: "no"
|
||||
#enable_etcd: "no"
|
||||
#enable_gnocchi: "no"
|
||||
@ -228,6 +229,12 @@ kolla_internal_vip_address: "10.10.10.254"
|
||||
#cinder_backup_mount_options_nfs: ""
|
||||
|
||||
|
||||
#######################
|
||||
# Designate options
|
||||
#######################
|
||||
designate_ns_record: "sample.openstack.org"
|
||||
|
||||
|
||||
#########################
|
||||
# Nova - Compute Options
|
||||
#########################
|
||||
|
@ -58,6 +58,14 @@ cloudkitty_keystone_password:
|
||||
sahara_database_password:
|
||||
sahara_keystone_password:
|
||||
|
||||
designate_database_password:
|
||||
designate_pool_manager_database_password:
|
||||
designate_keystone_password:
|
||||
# This option must be UUID4 value in string format
|
||||
designate_pool_id:
|
||||
# This option must be HMAC-MD5 value in string format
|
||||
designate_rndc_key:
|
||||
|
||||
swift_keystone_password:
|
||||
swift_hash_path_suffix:
|
||||
swift_hash_path_prefix:
|
||||
|
@ -13,12 +13,14 @@
|
||||
# limitations under the License.
|
||||
|
||||
import argparse
|
||||
import hmac
|
||||
import os
|
||||
import random
|
||||
import string
|
||||
import sys
|
||||
|
||||
from Crypto.PublicKey import RSA
|
||||
from hashlib import md5
|
||||
from oslo_utils import uuidutils
|
||||
import yaml
|
||||
|
||||
@ -51,7 +53,7 @@ def main():
|
||||
# These keys should be random uuids
|
||||
uuid_keys = ['ceph_cluster_fsid', 'rbd_secret_uuid',
|
||||
'gnocchi_project_id', 'gnocchi_resource_id',
|
||||
'gnocchi_user_id']
|
||||
'gnocchi_user_id', 'designate_pool_id']
|
||||
|
||||
# SSH key pair
|
||||
ssh_keys = ['kolla_ssh_key', 'nova_ssh_key',
|
||||
@ -60,6 +62,9 @@ def main():
|
||||
# If these keys are None, leave them as None
|
||||
blank_keys = ['docker_registry_password']
|
||||
|
||||
# HMAC-MD5 keys
|
||||
hmac_md5_keys = ['designate_rndc_key']
|
||||
|
||||
# length of password
|
||||
length = 40
|
||||
|
||||
@ -82,6 +87,10 @@ def main():
|
||||
continue
|
||||
if k in uuid_keys:
|
||||
passwords[k] = uuidutils.generate_uuid()
|
||||
elif k in hmac_md5_keys:
|
||||
passwords[k] = (hmac.new(
|
||||
uuidutils.generate_uuid(), '', md5)
|
||||
.digest().encode('base64')[:-1])
|
||||
else:
|
||||
passwords[k] = ''.join([
|
||||
random.SystemRandom().choice(
|
||||
|
@ -0,0 +1,6 @@
|
||||
---
|
||||
prelude: >
|
||||
Designate is an OpenStack project, providing DNSaaS.
|
||||
features:
|
||||
- Designate deployment through Ansible with Bind9
|
||||
as backend for DNS.
|
Loading…
Reference in New Issue
Block a user