Update designate to allow use of external bind9 dns servers.

kolla designate DNSaaS makes use of containerised bind9 servers
as it's default designate_backend. These can be disabled by
setting designate_backend to "no". default: "bind9"

This commit adds two new properties:
1) designate_backend_external
 which can be enabled by setting it to 'bind9'. default: "no"
and
2) designate_backend_external_bind9_nameservers, which can
 accept a csv list of all the external server addresses.
 (default: "")

The following attributes should either be set:
'internal' (the default)
 designate_backend: "bind9"
 designate_backend_external: "no"
 (designate_backend_external_bind9_nameservers is ignored)
or
 'external'
 designate_backend: "no"
 designate_backend_external: "bind9"
 (designate_backend_external_bind9_nameservers must be populated)

Configuration override files to align with external bind9
dns servers must be supplied manually,
 /etc/kolla/config/designate/rndc.key
 /etc/kolla/config/designate/rndc.conf

Change-Id: I8dbe6fd4fe7820b9143604d89e8399b07e07c3fd
This commit is contained in:
James McCarthy 2017-09-07 15:01:30 +01:00
parent 87a4001f9b
commit d4f8b413a8
5 changed files with 81 additions and 4 deletions

View File

@ -539,7 +539,8 @@ cloudkitty_collector_backend: "ceilometer"
# Valid options are [ bind9 ] # Valid options are [ bind9 ]
designate_backend: "bind9" designate_backend: "bind9"
designate_ns_record: "sample.openstack.org" designate_ns_record: "sample.openstack.org"
designate_backend_external: "no"
designate_backend_external_bind9_nameservers: ""
####################### #######################
# Neutron options # Neutron options

View File

@ -0,0 +1,28 @@
---
- name: Copying over rndc.conf (designate_backend_external)
template:
src: "{{ node_custom_config }}/designate/rndc.conf"
dest: "{{ node_config_directory }}/{{ item.key }}/rndc.conf"
register: designate_rndc_conf
when:
- designate_backend_external == 'bind9'
- item.key in [ "designate-worker" ]
- inventory_hostname in groups[item.value.group]
- item.value.enabled | bool
with_dict: "{{ designate_services }}"
notify:
- Restart designate-worker container
- name: Copying over rndc.key (designate_backend_external)
template:
src: "{{ node_custom_config }}/designate/rndc.key"
dest: "{{ node_config_directory }}/{{ item.key }}/rndc.key"
register: designate_rndc_key_file
when:
- designate_backend_external == 'bind9'
- item.key in [ "designate-worker" ]
- inventory_hostname in groups[item.value.group]
- item.value.enabled | bool
with_dict: "{{ designate_services }}"
notify:
- Restart designate-worker container

View File

@ -92,7 +92,7 @@
dest: "{{ node_config_directory }}/{{ item.key }}/rndc.conf" dest: "{{ node_config_directory }}/{{ item.key }}/rndc.conf"
register: designate_rndc_conf register: designate_rndc_conf
when: when:
- designate_backend == 'bind9' - designate_backend == 'bind9' and designate_backend_external == 'no'
- item.key in [ "designate-backend-bind9", "designate-worker" ] - item.key in [ "designate-backend-bind9", "designate-worker" ]
- inventory_hostname in groups[item.value.group] - inventory_hostname in groups[item.value.group]
- item.value.enabled | bool - item.value.enabled | bool
@ -107,7 +107,7 @@
dest: "{{ node_config_directory }}/{{ item.key }}/rndc.key" dest: "{{ node_config_directory }}/{{ item.key }}/rndc.key"
register: designate_rndc_key_file register: designate_rndc_key_file
when: when:
- designate_backend == 'bind9' - designate_backend == 'bind9' and designate_backend_external == 'no'
- item.key in [ "designate-backend-bind9", "designate-worker" ] - item.key in [ "designate-backend-bind9", "designate-worker" ]
- inventory_hostname in groups[item.value.group] - inventory_hostname in groups[item.value.group]
- item.value.enabled | bool - item.value.enabled | bool
@ -116,6 +116,9 @@
- Restart designate-backend-bind9 container - Restart designate-backend-bind9 container
- Restart designate-worker container - Restart designate-worker container
- include: backend_external.yml
when: designate_backend_external == 'bind9'
- name: Check if policies shall be overwritten - name: Check if policies shall be overwritten
local_action: stat path="{{ node_custom_config }}/designate/policy.json" local_action: stat path="{{ node_custom_config }}/designate/policy.json"
run_once: True run_once: True

View File

@ -1,4 +1,4 @@
{% if designate_backend == 'bind9' %} {% if designate_backend == 'bind9' or designate_backend_external == 'bind9' %}
- name: default-bind - name: default-bind
id: {{ designate_pool_id }} id: {{ designate_pool_id }}
description: Default BIND9 Pool description: Default BIND9 Pool
@ -7,11 +7,19 @@
- hostname: {{ designate_ns_record }}. - hostname: {{ designate_ns_record }}.
priority: 1 priority: 1
nameservers: nameservers:
{% if designate_backend == 'bind9' %}
{% for host in groups['designate-backend-bind9'] %} {% for host in groups['designate-backend-bind9'] %}
- host: {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }} - host: {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}
port: {{ designate_bind_port }} port: {{ designate_bind_port }}
{% endfor %} {% endfor %}
{% elif designate_backend_external == 'bind9' %}
{% for host in designate_backend_external_bind9_nameservers.replace(" ", "").split(',') %}
- host: {{ host }}
port: {{ designate_bind_port }}
{% endfor %}
{% endif %}
targets: targets:
{% if designate_backend == 'bind9' %}
{% for bind_host in groups['designate-backend-bind9'] %} {% for bind_host in groups['designate-backend-bind9'] %}
- type: bind9 - type: bind9
description: BIND9 Server {{ hostvars[bind_host]['ansible_' + hostvars[bind_host]['api_interface']]['ipv4']['address'] }} description: BIND9 Server {{ hostvars[bind_host]['ansible_' + hostvars[bind_host]['api_interface']]['ipv4']['address'] }}
@ -27,4 +35,21 @@
rndc_port: {{ designate_rndc_port }} rndc_port: {{ designate_rndc_port }}
rndc_key_file: /etc/designate/rndc.key rndc_key_file: /etc/designate/rndc.key
{% endfor %} {% endfor %}
{% elif designate_backend_external == 'bind9' %}
{% for bind_host in designate_backend_external_bind9_nameservers.replace(" ", "").split(',') %}
- type: bind9
description: BIND9 Server {{ bind_host }}
masters:
{% for mdns_host in groups['designate-mdns'] %}
- host: {{ hostvars[mdns_host]['ansible_' + hostvars[mdns_host]['api_interface']]['ipv4']['address'] }}
port: 5354
{% endfor %}
options:
host: {{ bind_host }}
port: {{ designate_bind_port }}
rndc_host: {{ bind_host }}
rndc_port: {{ designate_rndc_port }}
rndc_key_file: /etc/designate/rndc.key
{% endfor %}
{% endif %}
{% endif %} {% endif %}

View File

@ -0,0 +1,20 @@
---
features: |
Update designate to allow use of external bind9 dns servers.
Added two new properties:
- designate_backend_external
This defaults to 'no', and can be enabled by setting
it to 'bind9'
- designate_backend_external_bind9_nameservers
This defaults to an empty string, and should be populated
with a csv list of external bind9 dns server addresses.
- Configuration override files to align with external bind9
dns servers must be supplied manually,
- /etc/kolla/config/designate/rndc.key
- /etc/kolla/config/designate/rndc.conf