Merge "Designate: support configuring non-ooo-deployed binds" into stable/wallaby

This commit is contained in:
Zuul 2022-07-12 19:24:56 +00:00 committed by Gerrit Code Review
commit 2caa652cfa
7 changed files with 53 additions and 18 deletions

View File

@ -2,3 +2,4 @@
designate_pool_config_file_path: '/var/lib/config-data/puppet-generated/designate/etc/designate/pools.yaml'
designate_bind_pool_key_file_path: '/var/lib/config-data/puppet-generated/designate/etc/designate/private'
pool_zone_domain: 'example.org'
tripleo_external_bind_servers: []

View File

@ -15,8 +15,6 @@
priority: {{ loop.index }}
{% endfor %}
# List out the nameservers for this pool. These are the actual BIND servers.
# We use these to verify changes have propagated to all nameservers.
nameservers:
{% for nameserver in groups.designate_bind -%}
@ -24,21 +22,11 @@
port: 53
{% endfor %}
# List out the targets for this pool. For BIND there will be one
# entry for each BIND server, as we have to run rndc command on each server
targets:
{% for server in groups.designate_bind -%}
- type: bind9
description: BIND9 Server {{ loop.index }}
# List out the designate-mdns servers from which BIND servers should
# request zone transfers (AXFRs) from.
# This should be the IP of the controller node.
# If you have multiple controllers you can add multiple masters
# by running designate-mdns on them, and adding them here.
# XXX(beagles): these are just internal API atm but there really needs to
# be a public VIP endpoint for each and will be addressed in a followup
# patch.
masters:
{% for minidns_server in designate_mdns_node_ips -%}
- host: {{ net_vip_map[service_net_map['public_network']] }}
@ -54,3 +42,23 @@
rndc_config_file: {{ keyfile_base_path|default('/etc/designate/private/bind') }}{{ loop.index }}.conf
{% endfor %}
# Configure targets for user provided bind servers.
{% for server in tripleo_external_bind_servers -%}
- type: bind9
description: External BIND9 Server {{ loop.index }}
masters:
{% for minidns_server in designate_mdns_node_ips -%}
- host: {{ net_vip_map[service_net_map['public_network']] }}
port: {{ minidns_proxy_base_port + loop.index -1 }}
{% endfor %}
# BIND options:
options:
host: {{ server.host }}
port: {{ server.port|default(53) }}
rndc_host: {{ server.rndc_host|default(server.host) }}
rndc_port: {{ server.rndc_port|default(953) }}
rndc_config_file: {{ keyfile_base_path|default('/etc/designate/private/xbind') }}{{ loop.index }}.conf
{% endfor %}

View File

@ -1,3 +1,4 @@
---
designate_rndc_key_file_path: '/var/lib/config-data/puppet-generated/designate/etc'
designate_worker_config_file_path: '/var/lib/config-data/puppet-generated/designate/etc/designate'
tripleo_external_bind_servers: []

View File

@ -2,12 +2,25 @@
- name: ensure rndc configuration path exists
become: true
file:
path: "{{ designate_worker_config_file_path }}/private"
state: directory
path: "{{ designate_worker_config_file_path }}/private"
state: directory
- name: create rndc configurations for each bind instance
become: true
template:
src: rndc.conf.j2
dest: "{{ designate_worker_config_file_path }}/private/bind{{ item.0|int + 1 }}.conf"
with_indexed_items: "{{ designate_bind_node_ips }}"
src: rndc.conf.j2
dest: "{{ designate_worker_config_file_path }}/private/bind{{ index|int + 1 }}.conf"
loop: "{{ designate_bind_node_ips|flatten(levels=1) }}"
loop_control:
index_var: index
- name: create rndc configurations for each external bind instance
become: true
template:
src: rndc.conf.j2
dest: "{{ designate_worker_config_file_path }}/private/xbind{{ index|int + 1 }}.conf"
vars:
server_rndc_key: "{{ item.rndc_key }}"
loop: "{{ tripleo_external_bind_servers|flatten(levels=1) }}"
loop_control:
index_var: index

View File

@ -1,6 +1,6 @@
key "rndc-key" {
algorithm hmac-sha256;
secret "{{ designate_rndc_key }}";
secret "{{ server_rndc_key|default(designate_rndc_key) }}";
};
options {

View File

@ -26,5 +26,6 @@ tripleo_unbound_allowed_cidrs: []
tripleo_unbound_log_queries: false
tripleo_unbound_security_harden: true
tripleo_unbound_forward_resolvers: []
tripleo_external_bind_servers: []
tripleo_unbound_allow_recursion: true
tripleo_unbound_forward_fallback: true

View File

@ -15,9 +15,20 @@ distribution.
forward-zone:
name: "."
{% for forwarder in tripleo_unbound_forward_resolvers %}
forward-addr: {{ forwarder }}
{% endfor %}
{% if tripleo_unbound_forward_resolvers|length == 0 %}
{% if groups.designate_bind is defined %}
{% for server in groups.designate_bind %}
forward-addr: {{ hostvars[server].tripleo_dns_listen_interfaces[0] }}
{% endfor %}
{% endif %}
{% for server in tripleo_external_bind_servers %}
forward-addr: {{ server.host }}
{% endfor %}
{% endif %}
{% if tripleo_unbound_forward_fallback and tripleo_unbound_allow_recursion %}
forward-first: yes
{% else %}