From 158f7543e0203428c8d16554719cbbf64dae1c98 Mon Sep 17 00:00:00 2001 From: Ben Nemec Date: Wed, 11 Jul 2018 20:57:51 +0000 Subject: [PATCH] Enable configuration of rndc controls For ha deployments we need to be able to allow rndc commands from other controllers. We don't want to allow rndc commands from anywhere though, so we need to be able to configure it to only listen on a specific network (which will be internal_api by default). This can be done via the controls parameter. However, because the value is a hash and the top-level key for the hash is a dynamic value, it is problematic to represent the data structure in a Heat template. For our purposes, it is sufficient to break apart the hash into its component parts and build the hash in our Puppet manifest. Change-Id: I2c97ff30c4c59ef32b6b918ba52973451e1b6241 Depends-On: https://review.openstack.org/581898 --- manifests/profile/base/designate.pp | 30 ++++++++++++++++++++++++++++- 1 file changed, 29 insertions(+), 1 deletion(-) diff --git a/manifests/profile/base/designate.pp b/manifests/profile/base/designate.pp index 8531bbee1..7dcd300c7 100644 --- a/manifests/profile/base/designate.pp +++ b/manifests/profile/base/designate.pp @@ -70,6 +70,22 @@ # Enable ssl oslo messaging services # Defaults to hiera('oslo_messaging_notify_use_ssl', '0') # +# [*rndc_host*] +# The address on which rndc should listen +# Defaults to undef +# +# [*rndc_port*] +# The port on which rndc should listen +# Defaults to 953 +# +# [*rndc_keys*] +# A list of keys that rndc should accept +# Defaults to ['rndc-key'] +# +# [*rndc_allowed_addresses*] +# A list of addresses that are allowed to send rndc commands +# Defaults to undef +# class tripleo::profile::base::designate ( $step = Integer(hiera('step')), $oslomsg_rpc_proto = hiera('oslo_messaging_rpc_scheme', 'rabbit'), @@ -84,6 +100,10 @@ class tripleo::profile::base::designate ( $oslomsg_notify_port = hiera('oslo_messaging_notify_port', '5672'), $oslomsg_notify_username = hiera('oslo_messaging_notify_user_name', 'guest'), $oslomsg_notify_use_ssl = hiera('oslo_messaging_notify_use_ssl', '0'), + $rndc_host = undef, + $rndc_port = 953, + $rndc_keys = ['rndc-key'], + $rndc_allowed_addresses = undef, ) { if $step >= 3 { $oslomsg_rpc_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_rpc_use_ssl))) @@ -106,7 +126,15 @@ class tripleo::profile::base::designate ( 'ssl' => $oslomsg_notify_use_ssl_real, }), } + class { '::designate::backend::bind9': + rndc_controls => { + $rndc_host => { + 'port' => $rndc_port, + 'keys' => $rndc_keys, + 'allowed_addresses' => $rndc_allowed_addresses, + } + }, + } include ::designate::config - include ::designate::backend::bind9 } }