openstack/kolla-ansible
Code Issues Proposed changes

Merge "Ansible-ize OpenStack Designate"

Browse Source
This commit is contained in:
Jenkins 2017-01-06 13:23:26 +00:00 committed by Gerrit Code Review
commit 40e443da57
41 changed files with 1048 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
ansible/group_vars/all.yml
View File

@ -124,6 +124,11 @@ congress_api_port: "1789"
cloudkitty_api_port: "8889"
designate_api_port: "9001"
designate_bind_port: "53"
designate_mdns_port: "5354"
designate_rndc_port: "953"
iscsi_port: "3260"
gnocchi_api_port: "8041"
@ -272,6 +277,7 @@ enable_cinder_backend_nfs: "no"
enable_cloudkitty: "no"
enable_congress: "no"
enable_etcd: "no"
enable_designate: "no"
enable_gnocchi: "no"
enable_grafana: "no"
enable_heat: "yes"
@ -403,6 +409,10 @@ cinder_backup_mount_options_nfs: ""
# Valid options are [ ceilometer, gnocchi ]
cloudkitty_collector_backend: "ceilometer"
#######################
# Designate options
#######################
designate_ns_record: "sample.openstack.org"
#######################
# Nova options

22
ansible/inventory/all-in-one
View File

@ -154,6 +154,9 @@ control
[octavia:children]
control
[designate:children]
control
# Additional control implemented here. These groups allow you to control which
# services run on which hosts at a per-service level.
#
@ -450,3 +453,22 @@ octavia
[octavia-worker:children]
octavia
# Designate
[designate-api:children]
designate
[designate-central:children]
designate
[designate-mdns:children]
designate
[designate-worker:children]
designate
[designate-sink:children]
designate
[designate-backend-bind9:children]
designate

22
ansible/inventory/multinode
View File

@ -170,6 +170,9 @@ control
[octavia:children]
control
[designate:children]
control
# Additional control implemented here. These groups allow you to control which
# services run on which hosts at a per-service level.
#
@ -466,3 +469,22 @@ octavia
[octavia-worker:children]
octavia
# Designate
[designate-api:children]
designate
[designate-central:children]
designate
[designate-mdns:children]
designate
[designate-worker:children]
designate
[designate-sink:children]
designate
[designate-backend-bind9:children]
designate

1
ansible/roles/common/tasks/config.yml
View File

@ -77,6 +77,7 @@
- { name: "ceilometer", enabled: "{{ enable_ceilometer }}" }
- { name: "cinder", enabled: "{{ enable_cinder }}" }
- { name: "cloudkitty", enabled: "{{ enable_cloudkitty }}" }
- { name: "designate", enabled: "{{ enable_designate }}" }
- { name: "elasticsearch", enabled: "{{ enable_elasticsearch }}" }
- { name: "glance", enabled: "{{ enable_glance }}" }
- { name: "global", enabled: "yes" }

3
ansible/roles/common/templates/cron-logrotate-designate.conf.j2 Normal file
View File

@ -0,0 +1,3 @@
"/var/log/kolla/designate/*.log"
{
}

1
ansible/roles/common/templates/cron.json.j2
View File

@ -6,6 +6,7 @@
( 'ceilometer', enable_ceilometer ),
( 'cinder', enable_cinder ),
( 'cloudkitty', enable_cloudkitty ),
( 'designate', enable_designate ),
( 'elasticsearch', enable_elasticsearch ),
( 'glance', enable_glance ),
( 'gnocchi', enable_gnocchi ),

2
ansible/roles/common/templates/heka-openstack.toml.j2
View File

@ -6,6 +6,6 @@ filename = "lua_decoders/os_openstack_log.lua"
type = "LogstreamerInput"
decoder = "openstack_log_decoder"
log_directory = "/var/log/kolla"
file_match = '(?P<Service>cloudkitty|nova|glance|keystone|neutron|ceph|cinder|heat|murano|magnum|mistral|manila|octavia|searchlight|senlin|sahara|tacker)/(?P<Program>.*)\.log\.?(?P<Seq>\d*)$'
file_match = '(?P<Service>cloudkitty|designate|nova|glance|keystone|neutron|ceph|cinder|heat|murano|magnum|mistral|manila|octavia|searchlight|senlin|sahara|tacker)/(?P<Program>.*)\.log\.?(?P<Seq>\d*)$'
priority = ["^Seq"]
differentiator = ["Service", "_", "Program"]

55
ansible/roles/designate/defaults/main.yml Normal file
View File

@ -0,0 +1,55 @@
---
project_name: "designate"
####################
# Database
####################
designate_database_name: "designate"
designate_database_user: "designate"
designate_database_address: "{{ kolla_internal_fqdn }}:{{ database_port }}"
designate_pool_manager_database_name: "designate_pool_manager"
designate_pool_manager_database_user: "designate_pool_manager"
designate_pool_manager_database_address: "{{ kolla_internal_fqdn }}:{{ database_port }}"
####################
# Docker
####################
designate_central_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-designate-central"
designate_central_tag: "{{ openstack_release }}"
designate_central_image_full: "{{ designate_central_image }}:{{ designate_central_tag }}"
designate_api_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-designate-api"
designate_api_tag: "{{ openstack_release }}"
designate_api_image_full: "{{ designate_api_image }}:{{ designate_api_tag }}"
designate_backend_bind9_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-designate-backend-bind9"
designate_backend_bind9_tag: "{{ openstack_release }}"
designate_backend_bind9_image_full: "{{ designate_backend_bind9_image }}:{{ designate_backend_bind9_tag }}"
designate_mdns_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-designate-mdns"
designate_mdns_tag: "{{ openstack_release }}"
designate_mdns_image_full: "{{ designate_mdns_image }}:{{ designate_mdns_tag }}"
designate_sink_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-designate-sink"
designate_sink_tag: "{{ openstack_release }}"
designate_sink_image_full: "{{ designate_sink_image }}:{{ designate_sink_tag }}"
designate_worker_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-designate-worker"
designate_worker_tag: "{{ openstack_release }}"
designate_worker_image_full: "{{ designate_worker_image }}:{{ designate_worker_tag }}"
####################
# OpenStack
####################
designate_admin_endpoint: "{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ designate_api_port }}"
designate_internal_endpoint: "{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ designate_api_port }}"
designate_public_endpoint: "{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ designate_api_port }}"
designate_logging_debug: "{{ openstack_logging_debug }}"
designate_keystone_user: "designate"
openstack_designate_auth: "{'auth_url':'{{ openstack_auth.auth_url }}','username':'{{ openstack_auth.username }}','password':'{{ openstack_auth.password }}','project_name':'{{ openstack_auth.project_name }}'}"

3
ansible/roles/designate/meta/main.yml Normal file
View File

@ -0,0 +1,3 @@
---
dependencies:
- { role: common }

79
ansible/roles/designate/tasks/bootstrap.yml Normal file
View File

@ -0,0 +1,79 @@
---
- name: Creating Designate database
command: docker exec -t kolla_toolbox /usr/bin/ansible localhost
-m mysql_db
-a "login_host='{{ database_address }}'
login_port='{{ database_port }}'
login_user='{{ database_user }}'
login_password='{{ database_password }}'
name='{{ designate_database_name }}'"
register: database
changed_when: "{{ database.stdout.find('localhost | SUCCESS => ') != -1 and
(database.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
failed_when: database.stdout.split()[2] != 'SUCCESS'
run_once: True
delegate_to: "{{ groups['designate-central'][0] }}"
- name: Reading json from variable
set_fact:
database_created: "{{ (database.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
- name: Creating Designate Pool Manager database
command: docker exec -t kolla_toolbox /usr/bin/ansible localhost
-m mysql_db
-a "login_host='{{ database_address }}'
login_port='{{ database_port }}'
login_user='{{ database_user }}'
login_password='{{ database_password }}'
name='{{ designate_pool_manager_database_name }}'"
register: database_pool_manager
changed_when: "{{ database.stdout.find('localhost | SUCCESS => ') != -1 and
(database.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
failed_when: database.stdout.split()[2] != 'SUCCESS'
run_once: True
delegate_to: "{{ groups['designate-central'][0] }}"
- name: Reading json from variable
set_fact:
database_pool_manager_created: "{{ (database_pool_manager.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
- name: Creating Designate database user and setting permissions
command: docker exec -t kolla_toolbox /usr/bin/ansible localhost
-m mysql_user
-a "login_host='{{ database_address }}'
login_port='{{ database_port }}'
login_user='{{ database_user }}'
login_password='{{ database_password }}'
name='{{ designate_database_name }}'
password='{{ designate_database_password }}'
host='%'
priv='{{ designate_database_name }}.*:ALL'
append_privs='yes'"
register: database_user_create
changed_when: "{{ database_user_create.stdout.find('localhost | SUCCESS => ') != -1 and
(database_user_create.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
failed_when: database_user_create.stdout.split()[2] != 'SUCCESS'
run_once: True
delegate_to: "{{ groups['designate-central'][0] }}"
- name: Creating Designate Pool Manager database user and setting permissions
command: docker exec -t kolla_toolbox /usr/bin/ansible localhost
-m mysql_user
-a "login_host='{{ database_address }}'
login_port='{{ database_port }}'
login_user='{{ database_user }}'
login_password='{{ database_password }}'
name='{{ designate_pool_manager_database_name }}'
password='{{ designate_pool_manager_database_password }}'
host='%'
priv='{{ designate_pool_manager_database_name }}.*:ALL'
append_privs='yes'"
register: database_pool_manager_user_create
changed_when: "{{ database_pool_manager_user_create.stdout.find('localhost | SUCCESS => ') != -1 and
(database_pool_manager_user_create.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
failed_when: database_pool_manager_user_create.stdout.split()[2] != 'SUCCESS'
run_once: True
delegate_to: "{{ groups['designate-central'][0] }}"
- include: bootstrap_service.yml
when: database_created

20
ansible/roles/designate/tasks/bootstrap_service.yml Normal file
View File

@ -0,0 +1,20 @@
---
- name: Running Designate bootstrap container
kolla_docker:
action: "start_container"
common_options: "{{ docker_common_options }}"
detach: False
environment:
KOLLA_BOOTSTRAP:
KOLLA_CONFIG_STRATEGY: "{{ config_strategy }}"
image: "{{ designate_central_image_full }}"
labels:
BOOTSTRAP:
name: "bootstrap_designate"
restart_policy: "never"
volumes:
- "{{ node_config_directory }}/designate-central/:{{ container_config_directory }}/:ro"
- "/etc/localtime:/etc/localtime:ro"
- "kolla_logs:/var/log/kolla/"
run_once: True
delegate_to: "{{ groups['designate-central'][0] }}"

96
ansible/roles/designate/tasks/config.yml Normal file
View File

@ -0,0 +1,96 @@
---
- name: Ensuring config directories exist
file:
path: "{{ node_config_directory }}/{{ item }}"
state: "directory"
recurse: yes
with_items:
- "designate-api"
- "designate-central"
- "designate-mdns"
- "designate-sink"
- "designate-backend-bind9"
- "designate-worker"
- name: Copying over config.json files for services
template:
src: "{{ item }}.json.j2"
dest: "{{ node_config_directory }}/{{ item }}/config.json"
with_items:
- "designate-api"
- "designate-central"
- "designate-mdns"
- "designate-sink"
- "designate-backend-bind9"
- "designate-worker"
- name: Copying over designate.conf
merge_configs:
vars:
service_name: "{{ item }}"
sources:
- "{{ role_path }}/templates/designate.conf.j2"
- "{{ node_custom_config }}/global.conf"
- "{{ node_custom_config }}/database.conf"
- "{{ node_custom_config }}/messaging.conf"
- "{{ node_custom_config }}/designate.conf"
- "{{ node_custom_config }}/designate/{{ item }}.conf"
- "{{ node_custom_config }}/designate/{{ inventory_hostname }}/designate.conf"
dest: "{{ node_config_directory }}/{{ item }}/designate.conf"
with_items:
- "designate-api"
- "designate-central"
- "designate-mdns"
- "designate-sink"
- "designate-worker"
- name: Copying over pools.yaml
template:
src: "{{ item }}"
dest: "{{ node_config_directory }}/designate-worker/pools.yaml"
with_first_found:
- "{{ node_custom_config }}/designate/pools.yaml"
- "{{ role_path }}/templates/pools.yaml.j2"
- name: Copying over named.conf
template:
src: "{{ item }}"
dest: "{{ node_config_directory }}/designate-backend-bind9/named.conf"
with_first_found:
- "{{ node_custom_config }}/designate/designate-backend-bind9/{{ inventory_hostname }}/named.conf"
- "{{ node_custom_config }}/designate/designate-backend-bind9/named.conf"
- "{{ node_custom_config }}/designate/named.conf"
- "{{ role_path }}/templates/named.conf.j2"
- name: Copying over rndc.conf
template:
src: "rndc.conf.j2"
dest: "{{ node_config_directory }}/{{ item }}/rndc.conf"
with_items:
- "designate-backend-bind9"
- "designate-worker"
- name: Copying over rndc.key
template:
src: "rndc.key.j2"
dest: "{{ node_config_directory }}/{{ item }}/rndc.key"
with_items:
- "designate-backend-bind9"
- "designate-worker"
- name: Check if policies shall be overwritten
local_action: stat path="{{ node_custom_config }}/designate/policy.json"
register: designate_policy
- name: Copying over existing policy.json
template:
src: "{{ node_custom_config }}/designate/policy.json"
dest: "{{ node_config_directory }}/{{ item }}/policy.json"
with_items:
- "designate-api"
- "designate-central"
- "designate-mdns"
- "designate-sink"
- "designate-worker"
when:
designate_policy.stat.exists

25
ansible/roles/designate/tasks/deploy.yml Normal file
View File

@ -0,0 +1,25 @@
---
- include: register.yml
when: inventory_hostname in groups['designate-api']
- include: config.yml
when: inventory_hostname in groups['designate-api'] or
inventory_hostname in groups['designate-central'] or
inventory_hostname in groups['designate-mdns'] or
inventory_hostname in groups['designate-worker'] or
inventory_hostname in groups['designate-sink'] or
inventory_hostname in groups['designate-backend-bind9']
- include: bootstrap.yml
when: inventory_hostname in groups['designate-central']
- include: start.yml
when: inventory_hostname in groups['designate-api'] or
inventory_hostname in groups['designate-central'] or
inventory_hostname in groups['designate-mdns'] or
inventory_hostname in groups['designate-worker'] or
inventory_hostname in groups['designate-sink'] or
inventory_hostname in groups['designate-backend-bind9']
- include: update_pools.yml
when: inventory_hostname in groups['designate-worker'][0]

2
ansible/roles/designate/tasks/main.yml Normal file
View File

@ -0,0 +1,2 @@
---
- include: "{{ action }}.yml"

48
ansible/roles/designate/tasks/precheck.yml Normal file
View File

@ -0,0 +1,48 @@
- name: Get container facts
kolla_container_facts:
name:
- "{{ item }}"
register: container_facts
with_items:
- designate_api
- designate_backend_bind9
- name: Checking free port for designate API
wait_for:
host: "{{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}"
port: "{{ designate_api_port }}"
connect_timeout: 1
state: stopped
when:
- container_facts['designate_api'] is not defined
- inventory_hostname in groups['designate-api']
- name: Checking free port for designate mdns
wait_for:
host: "{{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}"
port: "{{ designate_mdns_port }}"
connect_timeout: 1
state: stopped
when:
- container_facts['designate_mdns'] is not defined
- inventory_hostname in groups['designate-mdns']
- name: Checking free port for designate backend bind9 port
wait_for:
host: "{{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}"
port: "{{ designate_bind_port }}"
connect_timeout: 1
state: stopped
when:
- container_facts['designate_backend_bind9'] is not defined
- inventory_hostname in groups['designate-backend-bind9']
- name: Checking free port for designate backend rndc port
wait_for:
host: "{{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}"
port: "{{ designate_rndc_port }}"
connect_timeout: 1
state: stopped
when:
- container_facts['designate_backend_bind9'] is not defined
- inventory_hostname in groups['designate-backend-bind9']

42
ansible/roles/designate/tasks/pull.yml Normal file
View File

@ -0,0 +1,42 @@
---
- name: Pulling designate-api image
kolla_docker:
action: "pull_image"
common_options: "{{ docker_common_options }}"
image: "{{ designate_api_image_full }}"
when: inventory_hostname in groups['designate-api']
- name: Pulling designate-central image
kolla_docker:
action: "pull_image"
common_options: "{{ docker_common_options }}"
image: "{{ designate_central_image_full }}"
when: inventory_hostname in groups['designate-central']
- name: Pulling designate-mdns image
kolla_docker:
action: "pull_image"
common_options: "{{ docker_common_options }}"
image: "{{ designate_mdns_image_full }}"
when: inventory_hostname in groups['designate-mdns']
- name: Pulling designate-worker image
kolla_docker:
action: "pull_image"
common_options: "{{ docker_common_options }}"
image: "{{ designate_worker_image_full }}"
when: inventory_hostname in groups['designate-worker']
- name: Pulling designate-sink image
kolla_docker:
action: "pull_image"
common_options: "{{ docker_common_options }}"
image: "{{ designate_sink_image_full }}"
when: inventory_hostname in groups['designate-sink']
- name: Pulling designate-backend-bind9 image
kolla_docker:
action: "pull_image"
common_options: "{{ docker_common_options }}"
image: "{{ designate_backend_bind9_image_full }}"
when: inventory_hostname in groups['designate-backend-bind9']

93
ansible/roles/designate/tasks/reconfigure.yml Normal file
View File

@ -0,0 +1,93 @@
---
- name: Ensuring the containers up
kolla_docker:
name: "{{ item.name }}"
action: "get_container_state"
register: container_state
failed_when: container_state.Running == false
when:
- "{{ item.enabled|default(True) }}"
- inventory_hostname in groups[item.group]
with_items:
- { name: designate_central, group: designate-central }
- { name: designate_api, group: designate-api }
- { name: designate_mdns, group: designate-mdns }
- { name: designate_worker, group: designate-worker }
- { name: designate_sink, group: designate-sink }
- { name: designate_backend_bind9, group: designate-backend-bind9 }
- include: config.yml
- name: Check the configs
command: docker exec {{ item.name }} /usr/local/bin/kolla_set_configs --check
changed_when: false
failed_when: false
register: check_results
when: inventory_hostname in groups[item.group]
with_items:
- { name: designate_central, group: designate-central }
- { name: designate_api, group: designate-api }
- { name: designate_mdns, group: designate-mdns }
- { name: designate_worker, group: designate-worker }
- { name: designate_sink, group: designate-sink }
- { name: designate_backend_bind9, group: designate-backend-bind9 }
# NOTE(jeffrey4l): when config_strategy == 'COPY_ALWAYS'
# and container env['KOLLA_CONFIG_STRATEGY'] == 'COPY_ONCE',
# just remove the container and start again
- name: Containers config strategy
kolla_docker:
name: "{{ item.name }}"
action: "get_container_env"
register: container_envs
when: inventory_hostname in groups[item.group]
with_items:
- { name: designate_central, group: designate-central }
- { name: designate_api, group: designate-api }
- { name: designate_mdns, group: designate-mdns }
- { name: designate_worker, group: designate-worker }
- { name: designate_sink, group: designate-sink }
- { name: designate_backend_bind9, group: designate-backend-bind9 }
- name: Remove the containers
kolla_docker:
name: "{{ item[0]['name'] }}"
action: "remove_container"
register: remove_containers
when:
- inventory_hostname in groups[item[0]['group']]
- config_strategy == "COPY_ONCE" or item[1]['KOLLA_CONFIG_STRATEGY'] == 'COPY_ONCE'
- item[2]['rc'] == 1
with_together:
- [{ name: designate_central, group: designate-central },
{ name: designate_api, group: designate-api },
{ name: designate_mdns, group: designate-mdns },
{ name: designate_worker, group: designate-worker },
{ name: designate_sink, group: designate-sink },
{ name: designate_backend_bind9, group: designate-backend-bind9 }]
- "{{ container_envs.results }}"
- "{{ check_results.results }}"
- include: start.yml
when: remove_containers.changed
- name: Restart containers
kolla_docker:
name: "{{ item[0]['name'] }}"
action: "restart_container"
when:
- inventory_hostname in groups[item[0]['group']]
- config_strategy == 'COPY_ALWAYS'
- item[1]['KOLLA_CONFIG_STRATEGY'] != 'COPY_ONCE'
- item[2]['rc'] == 1
with_together:
- [{ name: designate_central, group: designate-central },
{ name: designate_api, group: designate-api },
{ name: designate_mdns, group: designate-mdns },
{ name: designate_worker, group: designate-worker },
{ name: designate_sink, group: designate-sink },
{ name: designate_backend_bind9, group: designate-backend-bind9 }]
- "{{ container_envs.results }}"
- "{{ check_results.results }}"
- include: update_pools.yml

40
ansible/roles/designate/tasks/register.yml Normal file
View File

@ -0,0 +1,40 @@
---
- name: Creating the Designate service and endpoint
command: docker exec -t kolla_toolbox /usr/bin/ansible localhost
-m kolla_keystone_service
-a "service_name=designate
service_type=dns
description='Designate DNS Service'
endpoint_region={{ openstack_region_name }}
url='{{ item.url }}'
interface='{{ item.interface }}'
region_name={{ openstack_region_name }}
auth={{ '{{ openstack_designate_auth }}' }}"
-e "{'openstack_designate_auth':{{ openstack_designate_auth }}}"
register: designate_endpoint
changed_when: "{{ designate_endpoint.stdout.find('localhost | SUCCESS => ') != -1 and (designate_endpoint.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
until: designate_endpoint.stdout.split()[2] == 'SUCCESS'
retries: 10
delay: 5
run_once: True
with_items:
- {'interface': 'admin', 'url': '{{ designate_admin_endpoint }}'}
- {'interface': 'internal', 'url': '{{ designate_internal_endpoint }}'}
- {'interface': 'public', 'url': '{{ designate_public_endpoint }}'}
- name: Creating the Designate project, user, and role
command: docker exec -t kolla_toolbox /usr/bin/ansible localhost
-m kolla_keystone_user
-a "project=service
user=designate
password={{ designate_keystone_password }}
role=admin
region_name={{ openstack_region_name }}
auth={{ '{{ openstack_designate_auth }}' }}"
-e "{'openstack_designate_auth':{{ openstack_designate_auth }}}"
register: designate_user
changed_when: "{{ designate_user.stdout.find('localhost | SUCCESS => ') != -1 and (designate_user.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
until: designate_user.stdout.split()[2] == 'SUCCESS'
retries: 10
delay: 5
run_once: True

73
ansible/roles/designate/tasks/start.yml Normal file
View File

@ -0,0 +1,73 @@
---
- name: Starting designate-backend-bind9 container
kolla_docker:
action: "start_container"
common_options: "{{ docker_common_options }}"
image: "{{ designate_backend_bind9_image_full }}"
name: "designate_backend_bind9"
volumes:
- "{{ node_config_directory }}/designate-backend-bind9/:{{ container_config_directory }}/:ro"
- "/etc/localtime:/etc/localtime:ro"
- "kolla_logs:/var/log/kolla/"
- "designate_backend_bind9:/var/lib/named/"
when: inventory_hostname in groups['designate-backend-bind9']
- name: Starting designate-central container
kolla_docker:
action: "start_container"
common_options: "{{ docker_common_options }}"
image: "{{ designate_central_image_full }}"
name: "designate_central"
volumes:
- "{{ node_config_directory }}/designate-central/:{{ container_config_directory }}/:ro"
- "/etc/localtime:/etc/localtime:ro"
- "kolla_logs:/var/log/kolla/"
when: inventory_hostname in groups['designate-central']
- name: Starting designate-api container
kolla_docker:
action: "start_container"
common_options: "{{ docker_common_options }}"
image: "{{ designate_api_image_full }}"
name: "designate_api"
volumes:
- "{{ node_config_directory }}/designate-api/:{{ container_config_directory }}/:ro"
- "/etc/localtime:/etc/localtime:ro"
- "kolla_logs:/var/log/kolla/"
when: inventory_hostname in groups['designate-api']
- name: Starting designate-mdns container
kolla_docker:
action: "start_container"
common_options: "{{ docker_common_options }}"
image: "{{ designate_mdns_image_full }}"
name: "designate_mdns"
volumes:
- "{{ node_config_directory }}/designate-mdns/:{{ container_config_directory }}/:ro"
- "/etc/localtime:/etc/localtime:ro"
- "kolla_logs:/var/log/kolla/"
when: inventory_hostname in groups['designate-mdns']
- name: Starting designate-worker container
kolla_docker:
action: "start_container"
common_options: "{{ docker_common_options }}"
image: "{{ designate_worker_image_full }}"
name: "designate_worker"
volumes:
- "{{ node_config_directory }}/designate-worker/:{{ container_config_directory }}/:ro"
- "/etc/localtime:/etc/localtime:ro"
- "kolla_logs:/var/log/kolla/"
when: inventory_hostname in groups['designate-worker']
- name: Starting designate-sink container
kolla_docker:
action: "start_container"
common_options: "{{ docker_common_options }}"
image: "{{ designate_sink_image_full }}"
name: "designate_sink"
volumes:
- "{{ node_config_directory }}/designate-sink/:{{ container_config_directory }}/:ro"
- "/etc/localtime:/etc/localtime:ro"
- "kolla_logs:/var/log/kolla/"
when: inventory_hostname in groups['designate-sink']

4
ansible/roles/designate/tasks/update_pools.yml Normal file
View File

@ -0,0 +1,4 @@
---
- name: Update DNS pools
command: docker exec -t designate_worker designate-manage pool update --file /etc/designate/pools.yaml
when: inventory_hostname in groups['designate-worker'][0]

8
ansible/roles/designate/tasks/upgrade.yml Normal file
View File

@ -0,0 +1,8 @@
---
- include: config.yml
- include: bootstrap_service.yml
- include: start.yml
- include: update_pools.yml

25
ansible/roles/designate/templates/designate-api.json.j2 Normal file
View File

@ -0,0 +1,25 @@
{
"command": "designate-api --config-file /etc/designate/designate.conf",
"config_files": [
{
"source": "{{ container_config_directory }}/designate.conf",
"dest": "/etc/designate/designate.conf",
"owner": "designate",
"perm": "0600"
},
{
"source": "{{ container_config_directory }}/policy.json",
"dest": "/etc/designate/policy.json",
"owner": "designate",
"perm": "0600",
"optional": true
}
],
"permissions": [
{
"path": "/var/log/kolla/designate",
"owner": "designate:designate",
"recurse": true
}
]
}

35
ansible/roles/designate/templates/designate-backend-bind9.json.j2 Normal file
View File

@ -0,0 +1,35 @@
{% set bind_cmd = 'named' if kolla_base_distro in ['ubuntu', 'debian'] else 'named' %}
{% set bind_file = 'bind/named.conf' if kolla_base_distro in ['ubuntu', 'debian'] else 'named.conf' %}
{
"command": "/usr/sbin/{{ bind_cmd }} -g",
"config_files": [
{
"source": "{{ container_config_directory }}/named.conf",
"dest": "/etc/{{ bind_file }}",
"owner": "root",
"perm": "0660"
},
{
"source": "{{ container_config_directory }}/rndc.conf",
"dest": "/etc/rndc.conf",
"owner": "root",
"perm": "0600",
"optional": true
},
{
"source": "{{ container_config_directory }}/rndc.key",
"dest": "/etc/rndc.key",
"owner": "root",
"perm": "0600",
"optional": true
}
],
"permissions": [
{
"path": "/var/log/kolla/named",
"owner": "root:root",
"recurse": true
}
]
}

25
ansible/roles/designate/templates/designate-central.json.j2 Normal file
View File

@ -0,0 +1,25 @@
{
"command": "designate-central --config-file /etc/designate/designate.conf",
"config_files": [
{
"source": "{{ container_config_directory }}/designate.conf",
"dest": "/etc/designate/designate.conf",
"owner": "designate",
"perm": "0600"
},
{
"source": "{{ container_config_directory }}/policy.json",
"dest": "/etc/designate/policy.json",
"owner": "designate",
"perm": "0600",
"optional": true
}
],
"permissions": [
{
"path": "/var/log/kolla/designate",
"owner": "designate:designate",
"recurse": true
}
]
}

25
ansible/roles/designate/templates/designate-mdns.json.j2 Normal file
View File

@ -0,0 +1,25 @@
{
"command": "designate-mdns --config-file /etc/designate/designate.conf",
"config_files": [
{
"source": "{{ container_config_directory }}/designate.conf",
"dest": "/etc/designate/designate.conf",
"owner": "designate",
"perm": "0600"
},
{
"source": "{{ container_config_directory }}/policy.json",
"dest": "/etc/designate/policy.json",
"owner": "designate",
"perm": "0600",
"optional": true
}
],
"permissions": [
{
"path": "/var/log/kolla/designate",
"owner": "designate:designate",
"recurse": true
}
]
}

25
ansible/roles/designate/templates/designate-sink.json.j2 Normal file
View File

@ -0,0 +1,25 @@
{
"command": "designate-sink --config-file /etc/designate/designate.conf",
"config_files": [
{
"source": "{{ container_config_directory }}/designate.conf",
"dest": "/etc/designate/designate.conf",
"owner": "designate",
"perm": "0600"
},
{
"source": "{{ container_config_directory }}/policy.json",
"dest": "/etc/designate/policy.json",
"owner": "designate",
"perm": "0600",
"optional": true
}
],
"permissions": [
{
"path": "/var/log/kolla/designate",
"owner": "designate:designate",
"recurse": true
}
]
}

46
ansible/roles/designate/templates/designate-worker.json.j2 Normal file
View File

@ -0,0 +1,46 @@
{
"command": "designate-worker --config-file /etc/designate/designate.conf",
"config_files": [
{
"source": "{{ container_config_directory }}/designate.conf",
"dest": "/etc/designate/designate.conf",
"owner": "designate",
"perm": "0600"
},
{
"source": "{{ container_config_directory }}/policy.json",
"dest": "/etc/designate/policy.json",
"owner": "designate",
"perm": "0600",
"optional": true
},
{
"source": "{{ container_config_directory }}/pools.yaml",
"dest": "/etc/designate/pools.yaml",
"owner": "designate",
"perm": "0600",
"optional": true
},
{
"source": "{{ container_config_directory }}/rndc.conf",
"dest": "/etc/designate/rndc.conf",
"owner": "designate",
"perm": "0600",
"optional": true
},
{
"source": "{{ container_config_directory }}/rndc.key",
"dest": "/etc/designate/rndc.key",
"owner": "designate",
"perm": "0600",
"optional": true
}
],
"permissions": [
{
"path": "/var/log/kolla/designate",
"owner": "designate:designate",
"recurse": true
}
]
}

88
ansible/roles/designate/templates/designate.conf.j2 Normal file
View File

@ -0,0 +1,88 @@
[DEFAULT]
debug = {{ designate_logging_debug }}
log_dir = /var/log/kolla/designate
transport_url = rabbit://{% for host in groups['rabbitmq'] %}{{ rabbitmq_user }}:{{ rabbitmq_password }}@{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ rabbitmq_port }}{% if not loop.last %},{% endif %}{% endfor %}
[service:central]
default_pool_id = {{ designate_pool_id }}
[service:api]
api_base_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ designate_api_port }}
api_host = {{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}
api_port = {{ designate_api_port }}
enable_api_v1 = True
enabled_extensions_v1 = 'diagnostics, quotas, reports, sync, touch'
enable_api_v2 = True
enabled_extensions_v2 = 'quotas, reports'
[keystone_authtoken]
auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}
auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
auth_type = password
project_domain_id = default
user_domain_id = default
project_name = service
username = {{ designate_keystone_user }}
password = {{ designate_keystone_password }}
http_connect_timeout = 60
memcache_security_strategy = ENCRYPT
memcache_secret_key = {{ memcache_secret_key }}
memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}
[service:sink]
enabled_notification_handlers = nova_fixed, neutron_floatingip
workers = {{ openstack_service_workers }}
[service:mdns]
listen = {{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}:{{ designate_mdns_port }}
workers = {{ openstack_service_workers }}
[service:worker]
enabled = True
notify = True
workers = {{ openstack_service_workers }}
[service:pool_manager]
cache_driver = sqlalchemy
pool_id = {{ designate_pool_id }}
workers = {{ openstack_service_workers }}
[pool_manager_cache:sqlalchemy]
connection = mysql+pymysql://{{ designate_pool_manager_database_user }}:{{ designate_pool_manager_database_password }}@{{ designate_pool_manager_database_address }}/{{ designate_pool_manager_database_name }}
max_retries = 10
idle_timeout = 3600
[pool_manager_cache:memcache]
memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}
[storage:sqlalchemy]
connection = mysql+pymysql://{{ designate_database_user }}:{{ designate_database_password }}@{{ designate_database_address }}/{{ designate_database_name }}
max_retries = 10
idle_timeout = 3600
[handler:nova_fixed]
notification_topics = notifications_designate
control_exchange = nova
format = '(display_name)s.%(domain)s'
[handler:neutron_floatingip]
notification_topics = notifications_designate
control_exchange = neutron
format = '%(octet0)s-%(octet1)s-%(octet2)s-%(octet3)s.%(domain)s'
[oslo_messaging_notifications]
topics = notifications_designate
driver = messaging
[oslo_messaging_rabbit]
rabbit_userid = {{ rabbitmq_user }}
rabbit_password = {{ rabbitmq_password }}
rabbit_hosts = {% for host in groups['rabbitmq'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ rabbitmq_port }}{% if not loop.last %},{% endif %}{% endfor %}
[oslo_concurrency]
lock_path = /var/lib/designate/tmp

15
ansible/roles/designate/templates/named.conf.j2 Normal file
View File

@ -0,0 +1,15 @@
include "/etc/rndc.key";
options {
listen-on port {{ designate_bind_port }} { {{ hostvars[inventory_hostname]['ansible_' + hostvars[inventory_hostname]['api_interface']]['ipv4']['address'] }}; };
directory "/var/lib/named";
allow-new-zones yes;
dnssec-validation auto;
auth-nxdomain no;
request-ixfr no;
recursion no;
minimal-responses yes;
};
controls {
inet {{ hostvars[inventory_hostname]['ansible_' + hostvars[inventory_hostname]['api_interface']]['ipv4']['address'] }} port {{ designate_rndc_port }} allow { {% for host in groups['designate-worker'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}; {% endfor %} } keys { "rndc-key"; };
};

28
ansible/roles/designate/templates/pools.yaml.j2 Normal file
View File

@ -0,0 +1,28 @@
- name: default-bind
id: {{ designate_pool_id }}
description: Default BIND9 Pool
attributes: {}
ns_records:
- hostname: {{ designate_ns_record }}.
priority: 1
nameservers:
{% for host in groups['designate-backend-bind9'] %}
- host: {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}
port: {{ designate_bind_port }}
{% endfor %}
targets:
{% for bind_host in groups['designate-backend-bind9'] %}
- type: bind9
description: BIND9 Server {{ hostvars[bind_host]['ansible_' + hostvars[bind_host]['api_interface']]['ipv4']['address'] }}
masters:
{% for mdns_host in groups['designate-mdns'] %}
- host: {{ hostvars[mdns_host]['ansible_' + hostvars[mdns_host]['api_interface']]['ipv4']['address'] }}
port: 5354
{% endfor %}
options:
host: {{ hostvars[bind_host]['ansible_' + hostvars[bind_host]['api_interface']]['ipv4']['address'] }}
port: {{ designate_bind_port }}
rndc_host: {{ hostvars[bind_host]['ansible_' + hostvars[bind_host]['api_interface']]['ipv4']['address'] }}
rndc_port: {{ designate_rndc_port }}
rndc_key_file: /etc/designate/rndc.key
{% endfor %}

6
ansible/roles/designate/templates/rndc.conf.j2 Normal file
View File

@ -0,0 +1,6 @@
#include "/etc/rndc.key";
options {
default-key "rndc-key";
default-server {{ hostvars[inventory_hostname]['ansible_' + hostvars[inventory_hostname]['api_interface']]['ipv4']['address'] }};
default-port {{ designate_rndc_port }};
};

4
ansible/roles/designate/templates/rndc.key.j2 Normal file
View File

@ -0,0 +1,4 @@
key "rndc-key" {
algorithm hmac-md5;
secret "{{ designate_rndc_key }}";
};

11
ansible/roles/haproxy/tasks/precheck.yml
View File

@ -36,6 +36,17 @@
- "{{ 'cloudkitty_api' not in haproxy_stat }}"
- inventory_hostname in groups['haproxy']
- name: Checking free port for Designate API HAProxy
wait_for:
host: "{{ kolla_internal_vip_address }}"
port: "{{ designate_api_port }}"
connect_timeout: 1
state: stopped
when:
- enable_designate | bool
- inventory_hostname in groups['haproxy']
- "{{ 'designate_api' not in haproxy_stat }}"
- name: Checking free port for Glance API HAProxy
wait_for:
host: "{{ kolla_internal_vip_address }}"

16
ansible/roles/haproxy/templates/haproxy.cfg.j2
View File

@ -650,6 +650,22 @@ listen congress_api_external
{% endif %}
{% endif %}
{% if enable_designate | bool %}
listen designate_api
bind {{ kolla_internal_vip_address }}:{{ designate_api_port }}
{% for host in groups['designate-api'] %}
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ designate_api_port }} check inter 2000 rise 2 fall 5
{% endfor %}
{% if haproxy_enable_external_vip | bool %}
listen designate_api_external
bind {{ kolla_external_vip_address }}:{{ designate_api_port }} {{ tls_bind_info }}
{% for host in groups['designate-api'] %}
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ designate_api_port }} check inter 2000 rise 2 fall 5
{% endfor %}
{% endif %}
{% endif %}
{% if enable_mistral | bool %}
listen mistral_api
bind {{ kolla_internal_vip_address }}:{{ mistral_api_port }}

5
ansible/roles/neutron/templates/neutron.conf.j2
View File

@ -91,9 +91,10 @@ memcached_servers = {% for host in groups['memcached'] %}{% if orchestration_eng
{% endif %}
[oslo_messaging_notifications]
{% if enable_ceilometer | bool or enable_searchlight | bool %}
{% if enable_ceilometer | bool or enable_searchlight | bool or enable_designate | bool %}
driver = messagingv2
topics = notifications
{% set topics=["notifications" if enable_ceilometer | bool else "", "notifications_designate" if enable_designate | bool else ""] %}
topics = {{ topics|reject("equalto", "")|list|join(",") }}
{% else %}
driver = noop
{% endif %}

7
ansible/roles/nova/templates/nova.conf.j2
View File

@ -50,7 +50,7 @@ compute_driver = libvirt.LibvirtDriver
# Though my_ip is not used directly, lots of other variables use $my_ip
my_ip = {{ api_interface_address }}
{% if enable_ceilometer | bool or enable_searchlight | bool %}
{% if enable_ceilometer | bool or enable_searchlight | bool or enable_designate | bool %}
instance_usage_audit = True
instance_usage_audit_period = hour
notify_on_state_change = vm_and_task_state
@ -185,9 +185,10 @@ rbd_secret_uuid = {{ rbd_secret_uuid }}
compute = auto
[oslo_messaging_notifications]
{% if enable_ceilometer | bool or enable_searchlight | bool %}
{% if enable_ceilometer | bool or enable_searchlight | bool or enable_designate | bool %}
driver = messagingv2
topics = notifications
{% set topics=["notifications" if enable_ceilometer | bool else "", "notifications_designate" if enable_designate | bool else ""] %}
topics = {{ topics|reject("equalto", "")|list|join(",") }}
{% else %}
driver = noop
{% endif %}

13
ansible/site.yml
View File

@ -401,6 +401,19 @@
tags: tempest,
when: enable_tempest | bool }
- name: Apply role designate
hosts:
- designate-api
- designate-central
- designate-mdns
- designate-worker
- designate-sink
serial: '{{ serial|default("0") }}'
roles:
- { role: designate,
tags: designate,
when: enable_designate | bool }
- name: Apply role rally
hosts: rally
serial: '{{ serial|default("0") }}'

7
etc/kolla/globals.yml
View File

@ -129,6 +129,7 @@ kolla_internal_vip_address: "10.10.10.254"
#enable_cinder_backend_nfs: "no"
#enable_cloudkitty: "no"
#enable_congress: "no"
#enable_designate: "no"
#enable_destroy_images: "no"
#enable_etcd: "no"
#enable_gnocchi: "no"
@ -228,6 +229,12 @@ kolla_internal_vip_address: "10.10.10.254"
#cinder_backup_mount_options_nfs: ""
#######################
# Designate options
#######################
designate_ns_record: "sample.openstack.org"
#########################
# Nova - Compute Options
#########################

8
etc/kolla/passwords.yml
View File

@ -58,6 +58,14 @@ cloudkitty_keystone_password:
sahara_database_password:
sahara_keystone_password:
designate_database_password:
designate_pool_manager_database_password:
designate_keystone_password:
# This option must be UUID4 value in string format
designate_pool_id:
# This option must be HMAC-MD5 value in string format
designate_rndc_key:
swift_keystone_password:
swift_hash_path_suffix:
swift_hash_path_prefix:

11
kolla/cmd/genpwd.py
View File

@ -13,12 +13,14 @@
# limitations under the License.
import argparse
import hmac
import os
import random
import string
import sys
from Crypto.PublicKey import RSA
from hashlib import md5
from oslo_utils import uuidutils
import yaml
@ -51,7 +53,7 @@ def main():
# These keys should be random uuids
uuid_keys = ['ceph_cluster_fsid', 'rbd_secret_uuid',
'gnocchi_project_id', 'gnocchi_resource_id',
'gnocchi_user_id']
'gnocchi_user_id', 'designate_pool_id']
# SSH key pair
ssh_keys = ['kolla_ssh_key', 'nova_ssh_key',
@ -60,6 +62,9 @@ def main():
# If these keys are None, leave them as None
blank_keys = ['docker_registry_password']
# HMAC-MD5 keys
hmac_md5_keys = ['designate_rndc_key']
# length of password
length = 40
@ -82,6 +87,10 @@ def main():
continue
if k in uuid_keys:
passwords[k] = uuidutils.generate_uuid()
elif k in hmac_md5_keys:
passwords[k] = (hmac.new(
uuidutils.generate_uuid(), '', md5)
.digest().encode('base64')[:-1])
else:
passwords[k] = ''.join([
random.SystemRandom().choice(

6
releasenotes/notes/ansible-designate-948c56a8e14d5029.yaml Normal file
View File

@ -0,0 +1,6 @@
---
prelude: >
Designate is an OpenStack project, providing DNSaaS.
features:
- Designate deployment through Ansible with Bind9
as backend for DNS.