From c45d027c4343a374e3b7f3dc7948d0c5ed0ab4ff Mon Sep 17 00:00:00 2001 From: Ben Nemec Date: Fri, 10 Nov 2017 23:53:23 +0000 Subject: [PATCH] Designate Integration Change-Id: I1ddefb7b6a6e1c7b0b76589b9f8f1b99776d39e8 Depends-On: I115090679bd2577cdc3998ab3cc97f9581e5e18a bp designate-support --- .../ssl/tls-endpoints-public-dns.yaml | 3 + environments/ssl/tls-endpoints-public-ip.yaml | 3 + .../ssl/tls-everywhere-endpoints-dns.yaml | 3 + environments/tls-endpoints-public-dns.yaml | 3 + environments/tls-endpoints-public-ip.yaml | 3 + .../tls-everywhere-endpoints-dns.yaml | 3 + network/endpoints/endpoint_data.yaml | 9 + network/endpoints/endpoint_map.yaml | 246 ++++++++++++++++++ network/service_net_map.j2.yaml | 1 + overcloud-resource-registry-puppet.j2.yaml | 6 + puppet/services/designate-api.yaml | 111 ++++++++ puppet/services/designate-base.yaml | 92 +++++++ puppet/services/designate-central.yaml | 100 +++++++ puppet/services/designate-mdns.yaml | 100 +++++++ puppet/services/designate-producer.yaml | 77 ++++++ puppet/services/designate-sink.yaml | 77 ++++++ puppet/services/designate-worker.yaml | 83 ++++++ roles/Controller.yaml | 6 + roles/ControllerAllNovaStandalone.yaml | 6 + roles/ControllerNoCeph.yaml | 6 + roles/ControllerOpenstack.yaml | 6 + roles_data.yaml | 6 + sample-env-generator/ssl.yaml | 9 + 23 files changed, 959 insertions(+) create mode 100644 puppet/services/designate-api.yaml create mode 100644 puppet/services/designate-base.yaml create mode 100644 puppet/services/designate-central.yaml create mode 100644 puppet/services/designate-mdns.yaml create mode 100644 puppet/services/designate-producer.yaml create mode 100644 puppet/services/designate-sink.yaml create mode 100644 puppet/services/designate-worker.yaml diff --git a/environments/ssl/tls-endpoints-public-dns.yaml b/environments/ssl/tls-endpoints-public-dns.yaml index d0cf183ee1..188d1e3722 100644 --- a/environments/ssl/tls-endpoints-public-dns.yaml +++ b/environments/ssl/tls-endpoints-public-dns.yaml @@ -30,6 +30,9 @@ parameter_defaults: CongressAdmin: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'} CongressInternal: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'} CongressPublic: {protocol: 'https', port: '13789', host: 'CLOUDNAME'} + DesignateAdmin: {protocol: 'http', port: '9001', host: 'IP_ADDRESS'} + DesignateInternal: {protocol: 'http', port: '9001', host: 'IP_ADDRESS'} + DesignatePublic: {protocol: 'https', port: '13001', host: 'CLOUDNAME'} DockerRegistryInternal: {protocol: 'https', port: '8787', host: 'CLOUDNAME'} Ec2ApiAdmin: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'} Ec2ApiInternal: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'} diff --git a/environments/ssl/tls-endpoints-public-ip.yaml b/environments/ssl/tls-endpoints-public-ip.yaml index 43880f02fb..ad061f7f6d 100644 --- a/environments/ssl/tls-endpoints-public-ip.yaml +++ b/environments/ssl/tls-endpoints-public-ip.yaml @@ -30,6 +30,9 @@ parameter_defaults: CongressAdmin: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'} CongressInternal: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'} CongressPublic: {protocol: 'https', port: '13789', host: 'IP_ADDRESS'} + DesignateAdmin: {protocol: 'http', port: '9001', host: 'IP_ADDRESS'} + DesignateInternal: {protocol: 'http', port: '9001', host: 'IP_ADDRESS'} + DesignatePublic: {protocol: 'https', port: '13001', host: 'IP_ADDRESS'} DockerRegistryInternal: {protocol: 'https', port: '8787', host: 'IP_ADDRESS'} Ec2ApiAdmin: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'} Ec2ApiInternal: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'} diff --git a/environments/ssl/tls-everywhere-endpoints-dns.yaml b/environments/ssl/tls-everywhere-endpoints-dns.yaml index e5ef60ecf0..3ea21473a6 100644 --- a/environments/ssl/tls-everywhere-endpoints-dns.yaml +++ b/environments/ssl/tls-everywhere-endpoints-dns.yaml @@ -30,6 +30,9 @@ parameter_defaults: CongressAdmin: {protocol: 'https', port: '1789', host: 'CLOUDNAME'} CongressInternal: {protocol: 'https', port: '1789', host: 'CLOUDNAME'} CongressPublic: {protocol: 'https', port: '13789', host: 'CLOUDNAME'} + DesignateAdmin: {protocol: 'https', port: '9001', host: 'CLOUDNAME'} + DesignateInternal: {protocol: 'https', port: '9001', host: 'CLOUDNAME'} + DesignatePublic: {protocol: 'https', port: '13001', host: 'CLOUDNAME'} DockerRegistryInternal: {protocol: 'https', port: '8787', host: 'CLOUDNAME'} Ec2ApiAdmin: {protocol: 'https', port: '8788', host: 'CLOUDNAME'} Ec2ApiInternal: {protocol: 'https', port: '8788', host: 'CLOUDNAME'} diff --git a/environments/tls-endpoints-public-dns.yaml b/environments/tls-endpoints-public-dns.yaml index af5d4a4d31..0802a9a927 100644 --- a/environments/tls-endpoints-public-dns.yaml +++ b/environments/tls-endpoints-public-dns.yaml @@ -24,6 +24,9 @@ parameter_defaults: CongressAdmin: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'} CongressInternal: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'} CongressPublic: {protocol: 'https', port: '13789', host: 'CLOUDNAME'} + DesignateAdmin: {protocol: 'http', port: '9001', host: 'IP_ADDRESS'} + DesignateInternal: {protocol: 'http', port: '9001', host: 'IP_ADDRESS'} + DesignatePublic: {protocol: 'https', port: '13001', host: 'CLOUDNAME'} DockerRegistryInternal: {protocol: 'https', port: '8787', host: 'CLOUDNAME'} Ec2ApiAdmin: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'} Ec2ApiInternal: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'} diff --git a/environments/tls-endpoints-public-ip.yaml b/environments/tls-endpoints-public-ip.yaml index c78164c3f3..e40389bc92 100644 --- a/environments/tls-endpoints-public-ip.yaml +++ b/environments/tls-endpoints-public-ip.yaml @@ -24,6 +24,9 @@ parameter_defaults: CongressAdmin: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'} CongressInternal: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'} CongressPublic: {protocol: 'https', port: '13789', host: 'IP_ADDRESS'} + DesignateAdmin: {protocol: 'http', port: '9001', host: 'IP_ADDRESS'} + DesignateInternal: {protocol: 'http', port: '9001', host: 'IP_ADDRESS'} + DesignatePublic: {protocol: 'https', port: '13001', host: 'IP_ADDRESS'} DockerRegistryInternal: {protocol: 'https', port: '8787', host: 'IP_ADDRESS'} Ec2ApiAdmin: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'} Ec2ApiInternal: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'} diff --git a/environments/tls-everywhere-endpoints-dns.yaml b/environments/tls-everywhere-endpoints-dns.yaml index 8374c07385..9ed86383bc 100644 --- a/environments/tls-everywhere-endpoints-dns.yaml +++ b/environments/tls-everywhere-endpoints-dns.yaml @@ -20,6 +20,9 @@ parameter_defaults: CongressAdmin: {protocol: 'https', port: '1789', host: 'CLOUDNAME'} CongressInternal: {protocol: 'https', port: '1789', host: 'CLOUDNAME'} CongressPublic: {protocol: 'https', port: '13789', host: 'CLOUDNAME'} + DesignateAdmin: {protocol: 'https', port: '9001', host: 'CLOUDNAME'} + DesignateInternal: {protocol: 'https', port: '9001', host: 'CLOUDNAME'} + DesignatePublic: {protocol: 'https', port: '13001', host: 'CLOUDNAME'} DockerRegistryInternal: {protocol: 'https', port: '8787', host: 'CLOUDNAME'} Ec2ApiAdmin: {protocol: 'https', port: '8788', host: 'CLOUDNAME'} Ec2ApiInternal: {protocol: 'https', port: '8788', host: 'CLOUDNAME'} diff --git a/network/endpoints/endpoint_data.yaml b/network/endpoints/endpoint_data.yaml index d417c21a2b..a8aa8b176f 100644 --- a/network/endpoints/endpoint_data.yaml +++ b/network/endpoints/endpoint_data.yaml @@ -28,6 +28,15 @@ Ceilometer: net_param: CeilometerApi port: 8777 +Designate: + Internal: + net_param: DesignateApi + Public: + net_param: Public + Admin: + net_param: DesignateApi + port: 9001 + Ec2Api: Internal: net_param: Ec2Api diff --git a/network/endpoints/endpoint_map.yaml b/network/endpoints/endpoint_map.yaml index 06c503820a..2c0c8330f8 100644 --- a/network/endpoints/endpoint_map.yaml +++ b/network/endpoints/endpoint_map.yaml @@ -37,6 +37,9 @@ parameters: CongressAdmin: {protocol: http, port: '1789', host: IP_ADDRESS} CongressInternal: {protocol: http, port: '1789', host: IP_ADDRESS} CongressPublic: {protocol: http, port: '1789', host: IP_ADDRESS} + DesignateAdmin: {protocol: http, port: '9001', host: IP_ADDRESS} + DesignateInternal: {protocol: http, port: '9001', host: IP_ADDRESS} + DesignatePublic: {protocol: http, port: '9001', host: IP_ADDRESS} DockerRegistryInternal: {protocol: http, port: '8787', host: IP_ADDRESS} Ec2ApiAdmin: {protocol: http, port: '8788', host: IP_ADDRESS} Ec2ApiInternal: {protocol: http, port: '8788', host: IP_ADDRESS} @@ -2107,6 +2110,249 @@ outputs: template: NETWORK_uri port: get_param: [EndpointMap, CongressPublic, port] + DesignateAdmin: + host: + str_replace: + template: + get_param: [EndpointMap, DesignateAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, DesignateApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, DesignateApiNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, DesignateAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, DesignateApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, DesignateApiNetwork] + port: + get_param: [EndpointMap, DesignateAdmin, port] + protocol: + get_param: [EndpointMap, DesignateAdmin, protocol] + uri: + make_url: + scheme: + get_param: [EndpointMap, DesignateAdmin, protocol] + host: + str_replace: + template: + get_param: [EndpointMap, DesignateAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, DesignateApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, DesignateApiNetwork] + template: NETWORK_uri + port: + get_param: [EndpointMap, DesignateAdmin, port] + uri_no_suffix: + make_url: + scheme: + get_param: [EndpointMap, DesignateAdmin, protocol] + host: + str_replace: + template: + get_param: [EndpointMap, DesignateAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, DesignateApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, DesignateApiNetwork] + template: NETWORK_uri + port: + get_param: [EndpointMap, DesignateAdmin, port] + DesignateInternal: + host: + str_replace: + template: + get_param: [EndpointMap, DesignateInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, DesignateApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, DesignateApiNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, DesignateInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, DesignateApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, DesignateApiNetwork] + port: + get_param: [EndpointMap, DesignateInternal, port] + protocol: + get_param: [EndpointMap, DesignateInternal, protocol] + uri: + make_url: + scheme: + get_param: [EndpointMap, DesignateInternal, protocol] + host: + str_replace: + template: + get_param: [EndpointMap, DesignateInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, DesignateApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, DesignateApiNetwork] + template: NETWORK_uri + port: + get_param: [EndpointMap, DesignateInternal, port] + uri_no_suffix: + make_url: + scheme: + get_param: [EndpointMap, DesignateInternal, protocol] + host: + str_replace: + template: + get_param: [EndpointMap, DesignateInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, DesignateApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, DesignateApiNetwork] + template: NETWORK_uri + port: + get_param: [EndpointMap, DesignateInternal, port] + DesignatePublic: + host: + str_replace: + template: + get_param: [EndpointMap, DesignatePublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, DesignatePublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, PublicNetwork] + port: + get_param: [EndpointMap, DesignatePublic, port] + protocol: + get_param: [EndpointMap, DesignatePublic, protocol] + uri: + make_url: + scheme: + get_param: [EndpointMap, DesignatePublic, protocol] + host: + str_replace: + template: + get_param: [EndpointMap, DesignatePublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri + port: + get_param: [EndpointMap, DesignatePublic, port] + uri_no_suffix: + make_url: + scheme: + get_param: [EndpointMap, DesignatePublic, protocol] + host: + str_replace: + template: + get_param: [EndpointMap, DesignatePublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri + port: + get_param: [EndpointMap, DesignatePublic, port] DockerRegistryInternal: host: str_replace: diff --git a/network/service_net_map.j2.yaml b/network/service_net_map.j2.yaml index d4d758edd7..8c7df9a41a 100644 --- a/network/service_net_map.j2.yaml +++ b/network/service_net_map.j2.yaml @@ -78,6 +78,7 @@ parameters: DockerRegistryNetwork: ctlplane PacemakerRemoteNetwork: internal_api TripleoUINetwork: internal_api + DesignateApiNetwork: internal_api # We special-case the default ResolveNetwork for the CephStorage role # for backwards compatibility, all other roles default to internal_api CephStorageHostnameResolveNetwork: storage diff --git a/overcloud-resource-registry-puppet.j2.yaml b/overcloud-resource-registry-puppet.j2.yaml index d96ff05983..6d6265cb4d 100644 --- a/overcloud-resource-registry-puppet.j2.yaml +++ b/overcloud-resource-registry-puppet.j2.yaml @@ -318,6 +318,12 @@ resource_registry: OS::TripleO::Services::LoginDefs: OS::Heat::None OS::TripleO::Services::ComputeInstanceHA: OS::Heat::None OS::TripleO::Services::Ptp: OS::Heat::None + OS::TripleO::Services::DesignateApi: OS::Heat::None + OS::TripleO::Services::DesignateCentral: OS::Heat::None + OS::TripleO::Services::DesignateProducer: OS::Heat::None + OS::TripleO::Services::DesignateWorker: OS::Heat::None + OS::TripleO::Services::DesignateMDNS: OS::Heat::None + OS::TripleO::Services::DesignateSink: OS::Heat::None # Default Neutron ML2 puppet plugin to use when NeutronCorePlugin is set to ML2 OS::TripleO::Docker::NeutronMl2PluginBase: puppet/services/neutron-plugin-ml2.yaml diff --git a/puppet/services/designate-api.yaml b/puppet/services/designate-api.yaml new file mode 100644 index 0000000000..794c641eb0 --- /dev/null +++ b/puppet/services/designate-api.yaml @@ -0,0 +1,111 @@ +heat_template_version: queens + +description: > + OpenStack Designate API service. + +parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + DesignatePassword: + description: The password for the Designate's database account. + type: string + hidden: true + KeystoneRegion: + type: string + default: 'regionOne' + description: Keystone region for endpoint + MonitoringSubscriptionDesignateApi: + default: 'overcloud-designate-api' + type: string + DesignateApiLoggingSource: + type: json + default: + tag: openstack.designate.api + path: /var/log/designate/api.log + DesignateWorkers: + default: 0 + description: Number of workers for Designate services. + type: number + +conditions: + designate_workers_zero: {equals : [{get_param: DesignateWorkers}, 0]} + +resources: + + DesignateBase: + type: ./designate-base.yaml + properties: + ServiceData: {get_param: ServiceData} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the Designate API service. + value: + service_name: designate_api + monitoring_subscription: {get_param: MonitoringSubscriptionDesignateApi} + logging_source: {get_param: DesignateApiLoggingSource} + logging_groups: + - designate + config_settings: + map_merge: + - get_attr: [DesignateBase, role_data, config_settings] + - designate::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } + designate::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} + designate::keystone::authtoken::project_name: 'service' + designate::keystone::authtoken::password: {get_param: DesignatePassword} + tripleo::profile::base::designate::api::listen_ip: + str_replace: + template: + "%{hiera('$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, DesignateApiNetwork]} + tripleo::profile::base::designate::api::listen_port: 9001 + tripleo.designate_api.firewall_rules: + '139 designate api': + dport: + - 9001 + - 13001 + - + if: + - designate_workers_zero + - {} + - designate::api::workers: {get_param: DesignateWorkers} + step_config: | + include tripleo::profile::base::designate::api + service_config_settings: + keystone: + designate::keystone::auth::tenant: 'service' + designate::keystone::auth::public_url: {get_param: [EndpointMap, DesignatePublic, uri]} + designate::keystone::auth::internal_url: { get_param: [ EndpointMap, DesignateInternal, uri ] } + designate::keystone::auth::admin_url: { get_param: [ EndpointMap, DesignateAdmin, uri ] } + designate::keystone::auth::password: {get_param: DesignatePassword} + designate::keystone::auth::region: {get_param: KeystoneRegion} diff --git a/puppet/services/designate-base.yaml b/puppet/services/designate-base.yaml new file mode 100644 index 0000000000..3c4169becc --- /dev/null +++ b/puppet/services/designate-base.yaml @@ -0,0 +1,92 @@ +heat_template_version: queens + +description: > + OpenStack Designate base service. Shared for all Designate services + +parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + Debug: + type: boolean + default: false + description: Set to True to enable debugging on all services. + DesignateDebug: + default: '' + description: Set to True to enable debugging Designate services. + type: string + EnableConfigPurge: + type: boolean + default: false + description: > + Remove configuration that is not generated by TripleO. Used to avoid + configuration remnants after upgrades. + RabbitPassword: + description: The password for RabbitMQ + type: string + hidden: true + RabbitUserName: + default: guest + description: The username for RabbitMQ + type: string + RabbitClientUseSSL: + default: false + description: > + Rabbit client subscriber parameter to specify + an SSL connection to the RabbitMQ host. + type: string + RabbitClientPort: + default: 5672 + description: Set rabbit subscriber port, change this if using SSL + type: number + NotificationDriver: + type: string + default: 'messagingv2' + description: Driver or drivers to handle sending notifications. + constraints: + - allowed_values: [ 'messagingv2', 'noop' ] + +conditions: + service_debug_unset: {equals : [{get_param: DesignateDebug}, '']} + +outputs: + role_data: + description: Base role data for Designate services + value: + service_name: designate_base + config_settings: + designate::debug: + if: + - service_debug_unset + - {get_param: Debug } + - {get_param: DesignateDebug } + designate::purge_config: {get_param: EnableConfigPurge} + designate::notification_driver: {get_param: NotificationDriver} + designate::rabbit_use_ssl: {get_param: RabbitClientUseSSL} + designate::rabbit_userid: {get_param: RabbitUserName} + designate::rabbit_password: {get_param: RabbitPassword} + designate::rabbit_port: {get_param: RabbitClientPort} + diff --git a/puppet/services/designate-central.yaml b/puppet/services/designate-central.yaml new file mode 100644 index 0000000000..6c8af05774 --- /dev/null +++ b/puppet/services/designate-central.yaml @@ -0,0 +1,100 @@ +heat_template_version: queens + +description: > + OpenStack Designate Central service configured with Puppet +parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + MonitoringSubscriptionDesignateCentral: + default: 'overcloud-designate-central' + type: string + DesignateCentralLoggingSource: + type: json + default: + tag: openstack.designate.central + path: /var/log/designate/designate-central.log + DesignateWorkers: + default: 0 + description: Number of workers for Designate services. + type: number + DesignatePassword: + description: The password for the Designate's database account. + type: string + hidden: true + +conditions: + designate_workers_zero: {equals : [{get_param: DesignateWorkers}, 0]} + +resources: + DesignateBase: + type: ./designate-base.yaml + properties: + ServiceData: {get_param: ServiceData} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the Designate Central service. + value: + service_name: designate_central + monitoring_subscription: {get_param: MonitoringSubscriptionDesignateCentral} + logging_source: {get_param: DesignateCentralLoggingSource} + logging_groups: + - designate + config_settings: + map_merge: + - get_attr: [DesignateBase, role_data, config_settings] + - designate::db::database_connection: + make_url: + scheme: {get_param: [EndpointMap, MysqlInternal, protocol]} + username: designate + password: {get_param: DesignatePassword} + host: {get_param: [EndpointMap, MysqlInternal, host]} + path: /designate + query: + read_default_file: /etc/my.cnf.d/tripleo.cnf + read_default_group: tripleo + - + if: + - designate_workers_zero + - {} + - designate::central::workers: {get_param: DesignateWorkers} + step_config: | + include tripleo::profile::base::designate::central + service_config_settings: + mysql: + designate::db::mysql::password: {get_param: DesignatePassword} + designate::db::mysql::user: designate + designate::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} + designate::db::mysql::dbname: designate + designate::db::mysql::allowed_hosts: + - '%' + - "%{hiera('mysql_bind_host')}" diff --git a/puppet/services/designate-mdns.yaml b/puppet/services/designate-mdns.yaml new file mode 100644 index 0000000000..c23407afec --- /dev/null +++ b/puppet/services/designate-mdns.yaml @@ -0,0 +1,100 @@ +heat_template_version: queens + +description: > + OpenStack Designate MiniDNS service configured with Puppet +parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + MonitoringSubscriptionDesignateMiniDNS: + default: 'overcloud-designate-mdns' + type: string + DesignateMiniDNSLoggingSource: + type: json + default: + tag: openstack.designate.mdns + path: /var/log/designate/designate-mdns.log + DesignateWorkers: + default: 0 + description: Number of workers for Designate services. + type: number + DesignatePassword: + description: The password for the Designate's database account. + type: string + hidden: true + +conditions: + designate_workers_zero: {equals : [{get_param: DesignateWorkers}, 0]} + +resources: + DesignateBase: + type: ./designate-base.yaml + properties: + ServiceData: {get_param: ServiceData} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the Designate MiniDNS service. + value: + service_name: designate_mdns + monitoring_subscription: {get_param: MonitoringSubscriptionDesignateMiniDNS} + logging_source: {get_param: DesignateMiniDNSLoggingSource} + logging_groups: + - designate + config_settings: + map_merge: + - get_attr: [DesignateBase, role_data, config_settings] + - designate::db::database_connection: + make_url: + scheme: {get_param: [EndpointMap, MysqlInternal, protocol]} + username: designate + password: {get_param: DesignatePassword} + host: {get_param: [EndpointMap, MysqlInternal, host]} + path: /designate + query: + read_default_file: /etc/my.cnf.d/tripleo.cnf + read_default_group: tripleo + - + if: + - designate_workers_zero + - {} + - designate::mdns::workers: {get_param: DesignateWorkers} + step_config: | + include tripleo::profile::base::designate::mdns + service_config_settings: + mysql: + designate::db::mysql::password: {get_param: DesignatePassword} + designate::db::mysql::user: designate + designate::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} + designate::db::mysql::dbname: designate + designate::db::mysql::allowed_hosts: + - '%' + - "%{hiera('mysql_bind_host')}" diff --git a/puppet/services/designate-producer.yaml b/puppet/services/designate-producer.yaml new file mode 100644 index 0000000000..b4d557ad9c --- /dev/null +++ b/puppet/services/designate-producer.yaml @@ -0,0 +1,77 @@ +heat_template_version: queens + +description: > + OpenStack Designate Producer service configured with Puppet +parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + MonitoringSubscriptionDesignateProducer: + default: 'overcloud-designate-producer' + type: string + DesignateProducerLoggingSource: + type: json + default: + tag: openstack.designate.producer + path: /var/log/designate/designate-producer.log + DesignateWorkers: + default: 0 + description: Number of workers for Designate services. + type: number + +conditions: + designate_workers_zero: {equals : [{get_param: DesignateWorkers}, 0]} + +resources: + DesignateBase: + type: ./designate-base.yaml + properties: + ServiceData: {get_param: ServiceData} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the Designate Producer service. + value: + service_name: designate_producer + monitoring_subscription: {get_param: MonitoringSubscriptionDesignateProducer} + logging_source: {get_param: DesignateProducerLoggingSource} + logging_groups: + - designate + config_settings: + map_merge: + - get_attr: [DesignateBase, role_data, config_settings] + - + if: + - designate_workers_zero + - {} + - designate::producer::workers: {get_param: DesignateWorkers} + step_config: | + include tripleo::profile::base::designate::producer diff --git a/puppet/services/designate-sink.yaml b/puppet/services/designate-sink.yaml new file mode 100644 index 0000000000..5f342e91fd --- /dev/null +++ b/puppet/services/designate-sink.yaml @@ -0,0 +1,77 @@ +heat_template_version: queens + +description: > + OpenStack Designate Sink service configured with Puppet +parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + MonitoringSubscriptionDesignateSink: + default: 'overcloud-designate-sink' + type: string + DesignateSinkLoggingSource: + type: json + default: + tag: openstack.designate.sink + path: /var/log/designate/designate-sink.log + DesignateWorkers: + default: 0 + description: Number of workers for Designate services. + type: number + +conditions: + designate_workers_zero: {equals : [{get_param: DesignateWorkers}, 0]} + +resources: + DesignateBase: + type: ./designate-base.yaml + properties: + ServiceData: {get_param: ServiceData} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the Designate Sink service. + value: + service_name: designate_sink + monitoring_subscription: {get_param: MonitoringSubscriptionDesignateSink} + logging_source: {get_param: DesignateSinkLoggingSource} + logging_groups: + - designate + config_settings: + map_merge: + - get_attr: [DesignateBase, role_data, config_settings] + - + if: + - designate_workers_zero + - {} + - designate::sink::workers: {get_param: DesignateWorkers} + step_config: | + include tripleo::profile::base::designate::sink diff --git a/puppet/services/designate-worker.yaml b/puppet/services/designate-worker.yaml new file mode 100644 index 0000000000..80b52134c2 --- /dev/null +++ b/puppet/services/designate-worker.yaml @@ -0,0 +1,83 @@ +heat_template_version: queens + +description: > + OpenStack Designate Worker service configured with Puppet +parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + MonitoringSubscriptionDesignateWorker: + default: 'overcloud-designate-worker' + type: string + DesignateWorkerLoggingSource: + type: json + default: + tag: openstack.designate.worker + path: /var/log/designate/designate-worker.log + DesignateWorkers: + default: 0 + description: Number of workers for Designate services. + type: number + +conditions: + designate_workers_zero: {equals : [{get_param: DesignateWorkers}, 0]} + +resources: + DesignateBase: + type: ./designate-base.yaml + properties: + ServiceData: {get_param: ServiceData} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the Designate Worker service. + value: + service_name: designate_worker + monitoring_subscription: {get_param: MonitoringSubscriptionDesignateWorker} + logging_source: {get_param: DesignateWorkerLoggingSource} + logging_groups: + - designate + config_settings: + map_merge: + - get_attr: [DesignateBase, role_data, config_settings] + - + if: + - designate_workers_zero + - {} + - designate::worker::workers: {get_param: DesignateWorkers} + designate::worker::worker_notify: true + tripleo.bind.firewall_rules: + '140 bind': + dport: + - 53 + - 953 + step_config: | + include tripleo::profile::base::designate::worker diff --git a/roles/Controller.yaml b/roles/Controller.yaml index e8266d34ab..8580802ff3 100644 --- a/roles/Controller.yaml +++ b/roles/Controller.yaml @@ -68,6 +68,12 @@ - OS::TripleO::Services::Clustercheck - OS::TripleO::Services::Collectd - OS::TripleO::Services::Congress + - OS::TripleO::Services::DesignateApi + - OS::TripleO::Services::DesignateCentral + - OS::TripleO::Services::DesignateProducer + - OS::TripleO::Services::DesignateWorker + - OS::TripleO::Services::DesignateMDNS + - OS::TripleO::Services::DesignateSink - OS::TripleO::Services::Docker - OS::TripleO::Services::Ec2Api - OS::TripleO::Services::Etcd diff --git a/roles/ControllerAllNovaStandalone.yaml b/roles/ControllerAllNovaStandalone.yaml index a25f060282..f6303b4adb 100644 --- a/roles/ControllerAllNovaStandalone.yaml +++ b/roles/ControllerAllNovaStandalone.yaml @@ -45,6 +45,12 @@ - OS::TripleO::Services::CinderVolume - OS::TripleO::Services::Collectd - OS::TripleO::Services::Congress + - OS::TripleO::Services::DesignateApi + - OS::TripleO::Services::DesignateCentral + - OS::TripleO::Services::DesignateProducer + - OS::TripleO::Services::DesignateWorker + - OS::TripleO::Services::DesignateMDNS + - OS::TripleO::Services::DesignateSink - OS::TripleO::Services::Docker - OS::TripleO::Services::Etcd - OS::TripleO::Services::Fluentd diff --git a/roles/ControllerNoCeph.yaml b/roles/ControllerNoCeph.yaml index 6a95d43a75..e6f4501f34 100644 --- a/roles/ControllerNoCeph.yaml +++ b/roles/ControllerNoCeph.yaml @@ -61,6 +61,12 @@ - OS::TripleO::Services::Clustercheck - OS::TripleO::Services::Collectd - OS::TripleO::Services::Congress + - OS::TripleO::Services::DesignateApi + - OS::TripleO::Services::DesignateCentral + - OS::TripleO::Services::DesignateProducer + - OS::TripleO::Services::DesignateWorker + - OS::TripleO::Services::DesignateMDNS + - OS::TripleO::Services::DesignateSink - OS::TripleO::Services::Docker - OS::TripleO::Services::Ec2Api - OS::TripleO::Services::Etcd diff --git a/roles/ControllerOpenstack.yaml b/roles/ControllerOpenstack.yaml index 8702a71729..2441fbce06 100644 --- a/roles/ControllerOpenstack.yaml +++ b/roles/ControllerOpenstack.yaml @@ -49,6 +49,12 @@ - OS::TripleO::Services::CinderVolume - OS::TripleO::Services::Collectd - OS::TripleO::Services::Congress + - OS::TripleO::Services::DesignateApi + - OS::TripleO::Services::DesignateCentral + - OS::TripleO::Services::DesignateProducer + - OS::TripleO::Services::DesignateWorker + - OS::TripleO::Services::DesignateMDNS + - OS::TripleO::Services::DesignateSink - OS::TripleO::Services::Docker - OS::TripleO::Services::Ec2Api - OS::TripleO::Services::Etcd diff --git a/roles_data.yaml b/roles_data.yaml index 026170ccdb..3c000cef6a 100644 --- a/roles_data.yaml +++ b/roles_data.yaml @@ -71,6 +71,12 @@ - OS::TripleO::Services::Clustercheck - OS::TripleO::Services::Collectd - OS::TripleO::Services::Congress + - OS::TripleO::Services::DesignateApi + - OS::TripleO::Services::DesignateCentral + - OS::TripleO::Services::DesignateProducer + - OS::TripleO::Services::DesignateWorker + - OS::TripleO::Services::DesignateMDNS + - OS::TripleO::Services::DesignateSink - OS::TripleO::Services::Docker - OS::TripleO::Services::Ec2Api - OS::TripleO::Services::Etcd diff --git a/sample-env-generator/ssl.yaml b/sample-env-generator/ssl.yaml index 6000aba45c..a698cc9fe5 100644 --- a/sample-env-generator/ssl.yaml +++ b/sample-env-generator/ssl.yaml @@ -125,6 +125,9 @@ environments: CongressAdmin: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'} CongressInternal: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'} CongressPublic: {protocol: 'https', port: '13789', host: 'IP_ADDRESS'} + DesignateAdmin: {protocol: 'http', port: '9001', host: 'IP_ADDRESS'} + DesignateInternal: {protocol: 'http', port: '9001', host: 'IP_ADDRESS'} + DesignatePublic: {protocol: 'https', port: '13001', host: 'IP_ADDRESS'} DockerRegistryInternal: {protocol: 'https', port: '8787', host: 'IP_ADDRESS'} Ec2ApiAdmin: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'} Ec2ApiInternal: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'} @@ -238,6 +241,9 @@ environments: CongressAdmin: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'} CongressInternal: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'} CongressPublic: {protocol: 'https', port: '13789', host: 'CLOUDNAME'} + DesignateAdmin: {protocol: 'http', port: '9001', host: 'IP_ADDRESS'} + DesignateInternal: {protocol: 'http', port: '9001', host: 'IP_ADDRESS'} + DesignatePublic: {protocol: 'https', port: '13001', host: 'CLOUDNAME'} DockerRegistryInternal: {protocol: 'https', port: '8787', host: 'CLOUDNAME'} Ec2ApiAdmin: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'} Ec2ApiInternal: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'} @@ -351,6 +357,9 @@ environments: CongressAdmin: {protocol: 'https', port: '1789', host: 'CLOUDNAME'} CongressInternal: {protocol: 'https', port: '1789', host: 'CLOUDNAME'} CongressPublic: {protocol: 'https', port: '13789', host: 'CLOUDNAME'} + DesignateAdmin: {protocol: 'https', port: '9001', host: 'CLOUDNAME'} + DesignateInternal: {protocol: 'https', port: '9001', host: 'CLOUDNAME'} + DesignatePublic: {protocol: 'https', port: '13001', host: 'CLOUDNAME'} DockerRegistryInternal: {protocol: 'https', port: '8787', host: 'CLOUDNAME'} Ec2ApiAdmin: {protocol: 'https', port: '8788', host: 'CLOUDNAME'} Ec2ApiInternal: {protocol: 'https', port: '8788', host: 'CLOUDNAME'}