diff --git a/ci/environments/scenario003-standalone.yaml b/ci/environments/scenario003-standalone.yaml index 36e6ca2f70..e58d10eb5d 100644 --- a/ci/environments/scenario003-standalone.yaml +++ b/ci/environments/scenario003-standalone.yaml @@ -31,50 +31,6 @@ parameter_defaults: NeutronPluginExtensions: qos,port_security,dns RpcPort: 31459 NotifyPort: 5672 - DesignatePools: | - - name: default - # The name is immutable. There will be no option to change the name after - # creation and the only way will to change it will be to delete it - # (and all zones associated with it) and recreate it. - description: Default Pool - - attributes: {} - - # List out the NS records for zones hosted within this pool - # This should be a record that is created outside of designate, that - # points to the public IP of the controller node. - ns_records: - - hostname: ns1-1.example.org. - priority: 1 - - # List out the nameservers for this pool. These are the actual BIND servers. - # We use these to verify changes have propagated to all nameservers. - nameservers: - - host: 192.168.24.251 - port: 53 - - # List out the targets for this pool. For BIND there will be one - # entry for each BIND server, as we have to run rndc command on each server - targets: - - type: bind9 - description: BIND9 Server 1 - - # List out the designate-mdns servers from which BIND servers should - # request zone transfers (AXFRs) from. - # This should be the IP of the controller node. - # If you have multiple controllers you can add multiple masters - # by running designate-mdns on them, and adding them here. - masters: - - host: 127.0.0.1 - port: 5354 - - # BIND Configuration options - options: - host: 192.168.24.251 - port: 53 - rndc_host: 192.168.24.251 - rndc_port: 953 - rndc_key_file: /etc/rndc.key ContainerCli: podman ExtraFirewallRules: '301 allow arbitrary tcp rule': diff --git a/deployment/experimental/designate/designate-bind-container.yaml b/deployment/experimental/designate/designate-bind-container.yaml index 012b3cb342..294e0a3a1f 100644 --- a/deployment/experimental/designate/designate-bind-container.yaml +++ b/deployment/experimental/designate/designate-bind-container.yaml @@ -25,9 +25,6 @@ parameters: via parameter_defaults in the resource registry. This mapping overrides those in ServiceNetMapDefaults. type: json - DefaultPasswords: - default: {} - type: json RoleName: default: '' description: Role name on which the service is applied @@ -79,56 +76,12 @@ outputs: config_settings: map_merge: - get_attr: [DesignateBase, role_data, config_settings] - - designate_rndc_key: {get_param: DesignateRndcKey} - dns::vardir: /var/named-persistent - dns::recursion: 'no' - # Because we generate the key locally and don't want the puppet - # module to do it, we set its path to /dev/null. This means we need - # to explicitly include /etc/rndc.key though since the default config - # will just include /dev/null. - dns::rndckeypath: /dev/null - dns::additional_directives: - - include "/etc/rndc.key"; - dns::additional_options: - listen-on: - str_replace: - template: - "{ %{hiera('$NETWORK')}; }" - params: - $NETWORK: {get_param: [ServiceNetMap, BINDNetwork]} - tripleo::profile::base::designate::rndc_host: - str_replace: - template: - "%{hiera('$NETWORK')}" - params: - $NETWORK: {get_param: [ServiceNetMap, DesignateApiNetwork]} - tripleo::profile::base::designate::rndc_allowed_addresses: - get_param: - - ServiceData - - net_cidr_map - - {get_param: [ServiceNetMap, DesignateApiNetwork]} - designate::backend::bind9::rndc_host: - str_replace: - template: - "%{hiera('$NETWORK')}" - params: - $NETWORK: {get_param: [ServiceNetMap, DesignateApiNetwork]} - # BEGIN DOCKER SETTINGS - # TODO(beagles): puppet-desginate is doing some configuration in - # dns::options_path so it seems like we need to run this puppet here for - # the time being at least. I don't think there is a path from heat - # var->hiera->puppet->named configuration at the moment though. + - designate::backend::bind9::configure_bind: false puppet_config: config_volume: designate - puppet_tags: designate_config,dns_config - step_config: - list_join: - - "\n" - - - {get_attr: [DesignateBase, role_data, step_config]} - - include ::designate::backend::bind9 + puppet_tags: designate_config + step_config: {get_attr: [DesignateBase, role_data, step_config]} config_image: {get_param: ContainerDesignateConfigImage} - volumes: - - /var/named-persistent:/var/named-persistent:z kolla_config: /var/lib/kolla/config_files/designate_backend_bind9.json: command: /usr/sbin/named -u named -c /etc/named.conf -f -g @@ -151,6 +104,24 @@ outputs: - path: /etc/rndc.key owner: root:named perm: '0640' + deploy_steps_tasks: + - name: generate rndc key configuration files + when: step|int == 4 + import_role: + name: designate_rndc_config + vars: + designate_rndc_key: {get_param: DesignateRndcKey} + designate_rndc_key_file_path: /var/lib/config-data/ansible-generated/designate/etc/ + - name: generate bind configuration + when: step|int == 4 + import_role: + name: designate_bind_config + vars: + rndc_allowed_addresses: + get_param: + - ServiceData + - net_cidr_map + - {get_param: [ServiceNetMap, DesignateApiNetwork]} docker_config: step_4: designate_backend_bind9: @@ -164,7 +135,7 @@ outputs: - - /run:/run - /var/lib/kolla/config_files/designate_backend_bind9.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/puppet-generated/designate:/var/lib/kolla/config_files/src:ro + - /var/lib/config-data/ansible-generated/designate:/var/lib/kolla/config_files/src:ro - /var/log/containers/designate:/var/log/designate:z - /var/named-persistent:/var/named-persistent:z environment: diff --git a/deployment/experimental/designate/designate-central-container-puppet.yaml b/deployment/experimental/designate/designate-central-container-puppet.yaml index 5087fea44d..14d43eaf09 100644 --- a/deployment/experimental/designate/designate-central-container-puppet.yaml +++ b/deployment/experimental/designate/designate-central-container-puppet.yaml @@ -55,9 +55,6 @@ parameters: description: The password for the Designate's database account. type: string hidden: true - DesignatePools: - description: The content for Designate's pools.yaml - type: string conditions: designate_workers_zero: {equals : [{get_param: DesignateWorkers}, 0]} @@ -89,8 +86,7 @@ outputs: config_settings: map_merge: - get_attr: [DesignateBase, role_data, config_settings] - - tripleo::profile::base::designate::central::pools_file_content: {get_param: DesignatePools} - designate::db::database_connection: + - designate::db::database_connection: make_url: scheme: {get_param: [EndpointMap, MysqlInternal, protocol]} username: designate @@ -147,6 +143,11 @@ outputs: - path: /var/log/designate owner: designate:designate recurse: true + deploy_steps_tasks: + - name: generate designate pool + when: step|int == 4 + import_role: + name: designate_bind_pool docker_config: # db sync runs before permissions set by kolla_config step_2: @@ -204,7 +205,7 @@ outputs: list_concat: - {get_attr: [ContainersCommon, volumes]} - - - /var/lib/config-data/designate/etc/designate/:/etc/designate/:ro + - /var/lib/config-data/puppet-generated/designate/etc/designate/:/etc/designate/:ro - /var/log/containers/designate:/var/log/designate:z command: "/usr/bin/bootstrap_host_exec designate_central su designate -s /bin/bash -c '/bin/designate-manage pool update'" host_prep_tasks: diff --git a/deployment/experimental/designate/designate-worker-container-puppet.yaml b/deployment/experimental/designate/designate-worker-container-puppet.yaml index 665cf9d81a..4dd3aeeca6 100644 --- a/deployment/experimental/designate/designate-worker-container-puppet.yaml +++ b/deployment/experimental/designate/designate-worker-container-puppet.yaml @@ -87,24 +87,6 @@ outputs: config_settings: map_merge: - get_attr: [DesignateBase, role_data, config_settings] - - designate_rndc_key: {get_param: DesignateRndcKey} - tripleo::profile::base::designate::rndc_host: - str_replace: - template: - "%{hiera('$NETWORK')}" - params: - $NETWORK: {get_param: [ServiceNetMap, DesignateApiNetwork]} - tripleo::profile::base::designate::rndc_allowed_addresses: - get_param: - - ServiceData - - net_cidr_map - - {get_param: [ServiceNetMap, DesignateApiNetwork]} - designate::backend::bind9::rndc_host: - str_replace: - template: - "%{hiera('$NETWORK')}" - params: - $NETWORK: {get_param: [ServiceNetMap, DesignateApiNetwork]} - if: - designate_workers_zero @@ -117,12 +99,13 @@ outputs: # BEGIN DOCKER SETTINGS puppet_config: config_volume: designate - puppet_tags: designate_config,dns_config + puppet_tags: designate_config step_config: list_join: - "\n" - - {get_attr: [DesignateBase, role_data, step_config]} - "include tripleo::profile::base::designate::worker" + - "include tripleo::profile::base::designate::backend" config_image: {get_param: ContainerDesignateConfigImage} kolla_config: /var/lib/kolla/config_files/designate_worker.json: @@ -136,6 +119,13 @@ outputs: - path: /var/log/designate owner: designate:designate recurse: true + deploy_steps_tasks: + - name: generate rndc key configuration files + when: step|int == 4 + import_role: + name: designate_rndc_config + vars: + designate_rndc_key: {get_param: DesignateRndcKey} docker_config: step_4: designate_worker: diff --git a/environments/designate-config-ha.yaml b/environments/designate-config-ha.yaml deleted file mode 100644 index 36eeacc364..0000000000 --- a/environments/designate-config-ha.yaml +++ /dev/null @@ -1,127 +0,0 @@ -# ******************************************************************* -# This file was created automatically by the sample environment -# generator. Developers should use `tox -e genconfig` to update it. -# Users are recommended to make changes to a copy of the file instead -# of the original, if any customizations are needed. -# ******************************************************************* -# title: Configure Designate Parameters for HA -# description: | -# Sample configuration parameters for Designate that are appropriate -# for an HA deployment. Requires the enable-designate environment. -parameter_defaults: - # The content for Designate's pools.yaml - # Mandatory. This parameter must be set by the user. - # Type: string - DesignatePools: | - - name: default - # The name is immutable. There will be no option to change the name after - # creation and the only way will to change it will be to delete it - # (and all zones associated with it) and recreate it. - description: Default Pool - - attributes: {} - - # List out the NS records for zones hosted within this pool - # This should be a record that is created outside of designate, that - # points to the public IP of the controller node. - ns_records: - - hostname: ns1-1.example.org. - priority: 1 - - hostname: ns1-2.example.org. - priority: 2 - - hostname: ns1-3.example.org. - priority: 3 - - # List out the nameservers for this pool. These are the actual BIND servers. - # We use these to verify changes have propagated to all nameservers. - nameservers: - - host: 10.0.0.51 - port: 53 - - host: 10.0.0.52 - port: 53 - - host: 10.0.0.53 - port: 53 - - # List out the targets for this pool. For BIND there will be one - # entry for each BIND server, as we have to run rndc command on each server - targets: - - type: bind9 - description: BIND9 Server 1 - - # List out the designate-mdns servers from which BIND servers should - # request zone transfers (AXFRs) from. - # This should be the IP of the controller node. - # If you have multiple controllers you can add multiple masters - # by running designate-mdns on them, and adding them here. - masters: - - host: 10.0.0.51 - port: 5354 - - host: 10.0.0.52 - port: 5354 - - host: 10.0.0.53 - port: 5354 - - # BIND Configuration options - options: - host: 10.0.0.51 - port: 53 - rndc_host: 172.17.0.251 - rndc_port: 953 - rndc_key_file: /etc/rndc.key - - type: bind9 - description: BIND9 Server 2 - - # List out the designate-mdns servers from which BIND servers should - # request zone transfers (AXFRs) from. - # This should be the IP of the controller node. - # If you have multiple controllers you can add multiple masters - # by running designate-mdns on them, and adding them here. - masters: - - host: 10.0.0.51 - port: 5354 - - host: 10.0.0.52 - port: 5354 - - host: 10.0.0.53 - port: 5354 - - # BIND Configuration options - options: - host: 10.0.0.52 - port: 53 - rndc_host: 172.17.0.252 - rndc_port: 953 - rndc_key_file: /etc/rndc.key - - type: bind9 - description: BIND9 Server 3 - - # List out the designate-mdns servers from which BIND servers should - # request zone transfers (AXFRs) from. - # This should be the IP of the controller node. - # If you have multiple controllers you can add multiple masters - # by running designate-mdns on them, and adding them here. - masters: - - host: 10.0.0.51 - port: 5354 - - host: 10.0.0.52 - port: 5354 - - host: 10.0.0.53 - port: 5354 - - # BIND Configuration options - options: - host: 10.0.0.53 - port: 53 - rndc_host: 172.17.0.253 - rndc_port: 953 - rndc_key_file: /etc/rndc.key - - # If True, enable the internal Neutron DNS server that provides name - # resolution between VMs. This parameter has no effect if - # NeutronDhcpAgentDnsmasqDnsServers is set. - # Type: boolean - NeutronEnableInternalDNS: True - - # Comma-separated list of extensions enabled for the Neutron plugin. - # Type: comma_delimited_list - NeutronPluginExtensions: qos,port_security,dns - diff --git a/environments/designate-config.yaml b/environments/designate-config.yaml deleted file mode 100644 index 7bd10a8db9..0000000000 --- a/environments/designate-config.yaml +++ /dev/null @@ -1,69 +0,0 @@ -# ******************************************************************* -# This file was created automatically by the sample environment -# generator. Developers should use `tox -e genconfig` to update it. -# Users are recommended to make changes to a copy of the file instead -# of the original, if any customizations are needed. -# ******************************************************************* -# title: Configure Designate Parameters -# description: | -# Sample configuration parameters for Designate. Requires the -# enable-designate environment. -parameter_defaults: - # The content for Designate's pools.yaml - # Mandatory. This parameter must be set by the user. - # Type: string - DesignatePools: | - - name: default - # The name is immutable. There will be no option to change the name after - # creation and the only way will to change it will be to delete it - # (and all zones associated with it) and recreate it. - description: Default Pool - - attributes: {} - - # List out the NS records for zones hosted within this pool - # This should be a record that is created outside of designate, that - # points to the public IP of the controller node. - ns_records: - - hostname: ns1-1.example.org. - priority: 1 - - # List out the nameservers for this pool. These are the actual BIND servers. - # We use these to verify changes have propagated to all nameservers. - nameservers: - - host: 10.0.0.51 - port: 53 - - # List out the targets for this pool. For BIND there will be one - # entry for each BIND server, as we have to run rndc command on each server - targets: - - type: bind9 - description: BIND9 Server 1 - - # List out the designate-mdns servers from which BIND servers should - # request zone transfers (AXFRs) from. - # This should be the IP of the controller node. - # If you have multiple controllers you can add multiple masters - # by running designate-mdns on them, and adding them here. - masters: - - host: 10.0.0.51 - port: 5354 - - # BIND Configuration options - options: - host: 10.0.0.51 - port: 53 - rndc_host: 172.17.0.251 - rndc_port: 953 - rndc_key_file: /etc/rndc.key - - # If True, enable the internal Neutron DNS server that provides name - # resolution between VMs. This parameter has no effect if - # NeutronDhcpAgentDnsmasqDnsServers is set. - # Type: boolean - NeutronEnableInternalDNS: True - - # Comma-separated list of extensions enabled for the Neutron plugin. - # Type: comma_delimited_list - NeutronPluginExtensions: qos,port_security,dns - diff --git a/environments/enable-designate.yaml b/environments/enable-designate.yaml index f082b7f041..e7ab1f59ae 100644 --- a/environments/enable-designate.yaml +++ b/environments/enable-designate.yaml @@ -20,3 +20,15 @@ resource_registry: OS::TripleO::Services::DesignateBind: ../deployment/experimental/designate/designate-bind-container.yaml OS::TripleO::Services::Redis: ../deployment/database/redis-container-puppet.yaml OS::TripleO::Services::Unbound: ../deployment/unbound/unbound-container-ansible.yaml + +parameter_defaults: + # If True, enable the internal Neutron DNS server that provides name + # resolution between VMs. This parameter has no effect if + # NeutronDhcpAgentDnsmasqDnsServers is set. + # Type: boolean + NeutronEnableInternalDNS: True + + # Comma-separated list of extensions enabled for the Neutron plugin. + # Type: comma_delimited_list + NeutronPluginExtensions: qos,port_security,dns + diff --git a/sample-env-generator/enable-services.yaml b/sample-env-generator/enable-services.yaml index 9151f23c21..bc27699b7a 100644 --- a/sample-env-generator/enable-services.yaml +++ b/sample-env-generator/enable-services.yaml @@ -8,23 +8,15 @@ environments: This environment enables the Designate services. One of the designate-config* environment files must also be included. - # FIXME(bnemec): files should not be a required key. - files: {} resource_registry: OS::TripleO::Services::DesignateApi: ../deployment/experimental/designate/designate-api-container-puppet.yaml OS::TripleO::Services::DesignateCentral: ../deployment/experimental/designate/designate-central-container-puppet.yaml + OS::TripleO::Services::DesignateMDNS: ../deployment/experimental/designate/designate-mdns-container-puppet.yaml OS::TripleO::Services::DesignateProducer: ../deployment/experimental/designate/designate-producer-container-puppet.yaml OS::TripleO::Services::DesignateWorker: ../deployment/experimental/designate/designate-worker-container-puppet.yaml - OS::TripleO::Services::DesignateMDNS: ../deployment/experimental/designate/designate-mdns-container-puppet.yaml OS::TripleO::Services::DesignateBind: ../deployment/experimental/designate/designate-bind-container.yaml OS::TripleO::Services::Redis: ../deployment/database/redis-container-puppet.yaml OS::TripleO::Services::Unbound: ../deployment/unbound/unbound-container-ansible.yaml - - - name: designate-config - title: Configure Designate Parameters - description: | - Sample configuration parameters for Designate. Requires the - enable-designate environment. files: deployment/neutron/neutron-plugin-ml2.yaml: parameters: @@ -32,167 +24,6 @@ environments: deployment/neutron/neutron-dhcp-container-puppet.yaml: parameters: - NeutronEnableInternalDNS - deployment/experimental/designate/designate-central-container-puppet.yaml: - parameters: - - DesignatePools sample_values: NeutronPluginExtensions: qos,port_security,dns NeutronEnableInternalDNS: True - DesignatePools: |- - | - - name: default - # The name is immutable. There will be no option to change the name after - # creation and the only way will to change it will be to delete it - # (and all zones associated with it) and recreate it. - description: Default Pool - - attributes: {} - - # List out the NS records for zones hosted within this pool - # This should be a record that is created outside of designate, that - # points to the public IP of the controller node. - ns_records: - - hostname: ns1-1.example.org. - priority: 1 - - # List out the nameservers for this pool. These are the actual BIND servers. - # We use these to verify changes have propagated to all nameservers. - nameservers: - - host: 10.0.0.51 - port: 53 - - # List out the targets for this pool. For BIND there will be one - # entry for each BIND server, as we have to run rndc command on each server - targets: - - type: bind9 - description: BIND9 Server 1 - - # List out the designate-mdns servers from which BIND servers should - # request zone transfers (AXFRs) from. - # This should be the IP of the controller node. - # If you have multiple controllers you can add multiple masters - # by running designate-mdns on them, and adding them here. - masters: - - host: 10.0.0.51 - port: 5354 - - # BIND Configuration options - options: - host: 10.0.0.51 - port: 53 - rndc_host: 172.17.0.251 - rndc_port: 953 - rndc_key_file: /etc/rndc.key - children: - - - name: designate-config-ha - title: Configure Designate Parameters for HA - description: | - Sample configuration parameters for Designate that are appropriate - for an HA deployment. Requires the enable-designate environment. - sample_values: - NeutronPluginExtensions: qos,port_security,dns - NeutronEnableInternalDNS: True - DesignatePools: |- - | - - name: default - # The name is immutable. There will be no option to change the name after - # creation and the only way will to change it will be to delete it - # (and all zones associated with it) and recreate it. - description: Default Pool - - attributes: {} - - # List out the NS records for zones hosted within this pool - # This should be a record that is created outside of designate, that - # points to the public IP of the controller node. - ns_records: - - hostname: ns1-1.example.org. - priority: 1 - - hostname: ns1-2.example.org. - priority: 2 - - hostname: ns1-3.example.org. - priority: 3 - - # List out the nameservers for this pool. These are the actual BIND servers. - # We use these to verify changes have propagated to all nameservers. - nameservers: - - host: 10.0.0.51 - port: 53 - - host: 10.0.0.52 - port: 53 - - host: 10.0.0.53 - port: 53 - - # List out the targets for this pool. For BIND there will be one - # entry for each BIND server, as we have to run rndc command on each server - targets: - - type: bind9 - description: BIND9 Server 1 - - # List out the designate-mdns servers from which BIND servers should - # request zone transfers (AXFRs) from. - # This should be the IP of the controller node. - # If you have multiple controllers you can add multiple masters - # by running designate-mdns on them, and adding them here. - masters: - - host: 10.0.0.51 - port: 5354 - - host: 10.0.0.52 - port: 5354 - - host: 10.0.0.53 - port: 5354 - - # BIND Configuration options - options: - host: 10.0.0.51 - port: 53 - rndc_host: 172.17.0.251 - rndc_port: 953 - rndc_key_file: /etc/rndc.key - - type: bind9 - description: BIND9 Server 2 - - # List out the designate-mdns servers from which BIND servers should - # request zone transfers (AXFRs) from. - # This should be the IP of the controller node. - # If you have multiple controllers you can add multiple masters - # by running designate-mdns on them, and adding them here. - masters: - - host: 10.0.0.51 - port: 5354 - - host: 10.0.0.52 - port: 5354 - - host: 10.0.0.53 - port: 5354 - - # BIND Configuration options - options: - host: 10.0.0.52 - port: 53 - rndc_host: 172.17.0.252 - rndc_port: 953 - rndc_key_file: /etc/rndc.key - - type: bind9 - description: BIND9 Server 3 - - # List out the designate-mdns servers from which BIND servers should - # request zone transfers (AXFRs) from. - # This should be the IP of the controller node. - # If you have multiple controllers you can add multiple masters - # by running designate-mdns on them, and adding them here. - masters: - - host: 10.0.0.51 - port: 5354 - - host: 10.0.0.52 - port: 5354 - - host: 10.0.0.53 - port: 5354 - - # BIND Configuration options - options: - host: 10.0.0.53 - port: 53 - rndc_host: 172.17.0.253 - rndc_port: 953 - rndc_key_file: /etc/rndc.key diff --git a/tools/yaml-validate.py b/tools/yaml-validate.py index 33d17a44a1..f0cf372319 100755 --- a/tools/yaml-validate.py +++ b/tools/yaml-validate.py @@ -1015,8 +1015,7 @@ def validate_service_hiera_interpol(f, tpl): if 'apache::mod::remoteip::proxy_ips' in path: continue # Omit Designate rndc_allowed_addressses - if ('tripleo::profile::base::designate::rndc_allowed_addresses' in - path): + if ('rndc_allowed_addresses' in path): continue # Omit Neutron ml2 overlay_ip_version if 'neutron::plugins::ml2::overlay_ip_version' in path: