Merge "Designate: support configuring non-ooo-deployed binds" into stable/wallaby
This commit is contained in:
commit
2caa652cfa
|
@ -2,3 +2,4 @@
|
|||
designate_pool_config_file_path: '/var/lib/config-data/puppet-generated/designate/etc/designate/pools.yaml'
|
||||
designate_bind_pool_key_file_path: '/var/lib/config-data/puppet-generated/designate/etc/designate/private'
|
||||
pool_zone_domain: 'example.org'
|
||||
tripleo_external_bind_servers: []
|
||||
|
|
|
@ -15,8 +15,6 @@
|
|||
priority: {{ loop.index }}
|
||||
{% endfor %}
|
||||
|
||||
# List out the nameservers for this pool. These are the actual BIND servers.
|
||||
# We use these to verify changes have propagated to all nameservers.
|
||||
nameservers:
|
||||
{% for nameserver in groups.designate_bind -%}
|
||||
|
||||
|
@ -24,21 +22,11 @@
|
|||
port: 53
|
||||
{% endfor %}
|
||||
|
||||
# List out the targets for this pool. For BIND there will be one
|
||||
# entry for each BIND server, as we have to run rndc command on each server
|
||||
targets:
|
||||
{% for server in groups.designate_bind -%}
|
||||
- type: bind9
|
||||
description: BIND9 Server {{ loop.index }}
|
||||
|
||||
# List out the designate-mdns servers from which BIND servers should
|
||||
# request zone transfers (AXFRs) from.
|
||||
# This should be the IP of the controller node.
|
||||
# If you have multiple controllers you can add multiple masters
|
||||
# by running designate-mdns on them, and adding them here.
|
||||
# XXX(beagles): these are just internal API atm but there really needs to
|
||||
# be a public VIP endpoint for each and will be addressed in a followup
|
||||
# patch.
|
||||
masters:
|
||||
{% for minidns_server in designate_mdns_node_ips -%}
|
||||
- host: {{ net_vip_map[service_net_map['public_network']] }}
|
||||
|
@ -54,3 +42,23 @@
|
|||
rndc_config_file: {{ keyfile_base_path|default('/etc/designate/private/bind') }}{{ loop.index }}.conf
|
||||
|
||||
{% endfor %}
|
||||
|
||||
# Configure targets for user provided bind servers.
|
||||
{% for server in tripleo_external_bind_servers -%}
|
||||
- type: bind9
|
||||
description: External BIND9 Server {{ loop.index }}
|
||||
|
||||
masters:
|
||||
{% for minidns_server in designate_mdns_node_ips -%}
|
||||
- host: {{ net_vip_map[service_net_map['public_network']] }}
|
||||
port: {{ minidns_proxy_base_port + loop.index -1 }}
|
||||
{% endfor %}
|
||||
|
||||
# BIND options:
|
||||
options:
|
||||
host: {{ server.host }}
|
||||
port: {{ server.port|default(53) }}
|
||||
rndc_host: {{ server.rndc_host|default(server.host) }}
|
||||
rndc_port: {{ server.rndc_port|default(953) }}
|
||||
rndc_config_file: {{ keyfile_base_path|default('/etc/designate/private/xbind') }}{{ loop.index }}.conf
|
||||
{% endfor %}
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
---
|
||||
designate_rndc_key_file_path: '/var/lib/config-data/puppet-generated/designate/etc'
|
||||
designate_worker_config_file_path: '/var/lib/config-data/puppet-generated/designate/etc/designate'
|
||||
tripleo_external_bind_servers: []
|
||||
|
|
|
@ -9,5 +9,18 @@
|
|||
become: true
|
||||
template:
|
||||
src: rndc.conf.j2
|
||||
dest: "{{ designate_worker_config_file_path }}/private/bind{{ item.0|int + 1 }}.conf"
|
||||
with_indexed_items: "{{ designate_bind_node_ips }}"
|
||||
dest: "{{ designate_worker_config_file_path }}/private/bind{{ index|int + 1 }}.conf"
|
||||
loop: "{{ designate_bind_node_ips|flatten(levels=1) }}"
|
||||
loop_control:
|
||||
index_var: index
|
||||
|
||||
- name: create rndc configurations for each external bind instance
|
||||
become: true
|
||||
template:
|
||||
src: rndc.conf.j2
|
||||
dest: "{{ designate_worker_config_file_path }}/private/xbind{{ index|int + 1 }}.conf"
|
||||
vars:
|
||||
server_rndc_key: "{{ item.rndc_key }}"
|
||||
loop: "{{ tripleo_external_bind_servers|flatten(levels=1) }}"
|
||||
loop_control:
|
||||
index_var: index
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
key "rndc-key" {
|
||||
algorithm hmac-sha256;
|
||||
secret "{{ designate_rndc_key }}";
|
||||
secret "{{ server_rndc_key|default(designate_rndc_key) }}";
|
||||
};
|
||||
|
||||
options {
|
||||
|
|
|
@ -26,5 +26,6 @@ tripleo_unbound_allowed_cidrs: []
|
|||
tripleo_unbound_log_queries: false
|
||||
tripleo_unbound_security_harden: true
|
||||
tripleo_unbound_forward_resolvers: []
|
||||
tripleo_external_bind_servers: []
|
||||
tripleo_unbound_allow_recursion: true
|
||||
tripleo_unbound_forward_fallback: true
|
||||
|
|
|
@ -15,9 +15,20 @@ distribution.
|
|||
|
||||
forward-zone:
|
||||
name: "."
|
||||
|
||||
{% for forwarder in tripleo_unbound_forward_resolvers %}
|
||||
forward-addr: {{ forwarder }}
|
||||
{% endfor %}
|
||||
{% if tripleo_unbound_forward_resolvers|length == 0 %}
|
||||
{% if groups.designate_bind is defined %}
|
||||
{% for server in groups.designate_bind %}
|
||||
forward-addr: {{ hostvars[server].tripleo_dns_listen_interfaces[0] }}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
{% for server in tripleo_external_bind_servers %}
|
||||
forward-addr: {{ server.host }}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
{% if tripleo_unbound_forward_fallback and tripleo_unbound_allow_recursion %}
|
||||
forward-first: yes
|
||||
{% else %}
|
||||
|
|
Loading…
Reference in New Issue