Merge "Designate: split bind instance into separate template"

1 year ago · aa601a280f
21 changed files with 198 additions and 64 deletions
--- a/ci/environments/scenario000-standalone.yaml
+++ b/ci/environments/scenario000-standalone.yaml
@ -47,6 +47,7 @@ resource_registry:
  OS::TripleO::Services::DesignateProducer: OS::Heat::None
  OS::TripleO::Services::DesignateSink: OS::Heat::None
  OS::TripleO::Services::DesignateWorker: OS::Heat::None
+  OS::TripleO::Services::DesignateBind: OS::Heat::None
  OS::TripleO::Services::Etcd: OS::Heat::None
  OS::TripleO::Services::ExternalSwiftProxy: OS::Heat::None
  OS::TripleO::Services::GlanceApi: OS::Heat::None
--- a/ci/environments/scenario003-standalone.yaml
+++ b/ci/environments/scenario003-standalone.yaml
@ -17,6 +17,7 @@ resource_registry:
  OS::TripleO::Services::DesignateProducer: ../../deployment/experimental/designate/designate-producer-container-puppet.yaml
  OS::TripleO::Services::DesignateWorker: ../../deployment/experimental/designate/designate-worker-container-puppet.yaml
  OS::TripleO::Services::DesignateMDNS: ../../deployment/experimental/designate/designate-mdns-container-puppet.yaml
+  OS::TripleO::Services::DesignateBind: ../../deployment/experimental/designate/designate-bind-container.yaml
  OS::TripleO::Services::Redis: ../../deployment/database/redis-container-puppet.yaml
  OS::TripleO::Services::Unbound: ../../deployment/unbound/unbound-container-ansible.yaml

--- a/deployment/experimental/designate/designate-bind-container.yaml
+++ b/deployment/experimental/designate/designate-bind-container.yaml
@ -0,0 +1,178 @@
+heat_template_version: rocky
+
+description: >
+  OpenStack containerized bind9 for designate
+
+parameters:
+  ContainerDesignateBackendBIND9Image:
+    description: image
+    type: string
+  ContainerDesignateConfigImage:
+    description: The container image to use for the designate config_volume
+    type: string
+  EndpointMap:
+    default: {}
+    description: Mapping of service endpoint -> protocol. Typically set
+                 via parameter_defaults in the resource registry.
+    type: json
+  ServiceData:
+    default: {}
+    description: Dictionary packing service data
+    type: json
+  ServiceNetMap:
+    default: {}
+    description: Mapping of service_name -> network name. Typically set
+                 via parameter_defaults in the resource registry.  This
+                 mapping overrides those in ServiceNetMapDefaults.
+    type: json
+  DefaultPasswords:
+    default: {}
+    type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
+  MonitoringSubscriptionDesignateBind:
+    default: 'overcloud-designate-bind'
+    type: string
+  DesignateRndcKey:
+    description: The rndc key secret for communication with BIND.
+    type: string
+    hidden: true
+
+
+resources:
+
+  ContainersCommon:
+    type: ../../containers-common.yaml
+
+  DesignateBase:
+    type: ./designate-base.yaml
+    properties:
+      EndpointMap: {get_param: EndpointMap}
+      ServiceData: {get_param: ServiceData}
+      ServiceNetMap: {get_param: ServiceNetMap}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
+
+outputs:
+  role_data:
+    description: Role data for the Designate Bind instance.
+    value:
+      service_name: designate_bind
+      firewall_rules:
+        '140 designate_worker udp':
+          proto: 'udp'
+          dport:
+            - 53
+            - 953
+        '141 designate_worker tcp':
+          proto: 'tcp'
+          dport:
+            - 53
+            - 953
+      monitoring_subscription: {get_param: MonitoringSubscriptionDesignateBind}
+      config_settings:
+        map_merge:
+          - get_attr: [DesignateBase, role_data, config_settings]
+          - designate_rndc_key: {get_param: DesignateRndcKey}
+            dns::vardir: /var/named-persistent
+            dns::recursion: 'no'
+            # Because we generate the key locally and don't want the puppet
+            # module to do it, we set its path to /dev/null.  This means we need
+            # to explicitly include /etc/rndc.key though since the default config
+            # will just include /dev/null.
+            dns::rndckeypath: /dev/null
+            dns::additional_directives:
+              - include "/etc/rndc.key";
+            dns::additional_options:
+              listen-on:
+                str_replace:
+                  template:
+                    "{ %{hiera('$NETWORK')}; }"
+                  params:
+                    $NETWORK: {get_param: [ServiceNetMap, BINDNetwork]}
+            tripleo::profile::base::designate::rndc_host:
+              str_replace:
+                template:
+                  "%{hiera('$NETWORK')}"
+                params:
+                  $NETWORK: {get_param: [ServiceNetMap, DesignateApiNetwork]}
+            tripleo::profile::base::designate::rndc_allowed_addresses:
+              get_param:
+                - ServiceData
+                - net_cidr_map
+                - {get_param: [ServiceNetMap, DesignateApiNetwork]}
+            designate::backend::bind9::rndc_host:
+              str_replace:
+                template:
+                  "%{hiera('$NETWORK')}"
+                params:
+                  $NETWORK: {get_param: [ServiceNetMap, DesignateApiNetwork]}
+      # BEGIN DOCKER SETTINGS
+      # TODO(beagles): puppet-desginate is doing some configuration in
+      # dns::options_path so it seems like we need to run this puppet here for
+      # the time being at least. I don't think there is a path from heat
+      # var->hiera->puppet->named configuration at the moment though.
+      puppet_config:
+        config_volume: designate
+        puppet_tags: designate_config,dns_config
+        step_config:
+          list_join:
+            - "\n"
+            - - {get_attr: [DesignateBase, role_data, step_config]}
+              - include ::designate::backend::bind9
+        config_image: {get_param: ContainerDesignateConfigImage}
+        volumes:
+          - /var/named-persistent:/var/named-persistent:z
+      kolla_config:
+        /var/lib/kolla/config_files/designate_backend_bind9.json:
+          command: /usr/sbin/named -u named -c /etc/named.conf -f -g
+          config_files:
+            - source: "/var/lib/kolla/config_files/src/*"
+              dest: "/"
+              merge: true
+              preserve_properties: true
+            - source: "/var/named/*"
+              dest: "/var/named-persistent/"
+              merge: true
+              preserve_properties: true
+          permissions:
+            - path: /var/log/designate
+              owner: designate:designate
+              recurse: true
+            - path: /var/named-persistent
+              owner: root:named
+              perm: '0770'
+            - path: /etc/rndc.key
+              owner: root:named
+              perm: '0640'
+      docker_config:
+        step_4:
+          designate_backend_bind9:
+            image: {get_param: ContainerDesignateBackendBIND9Image}
+            net: host
+            privileged: true
+            restart: always
+            volumes:
+              list_concat:
+                - {get_attr: [ContainersCommon, volumes]}
+                -
+                  - /run:/run
+                  - /var/lib/kolla/config_files/designate_backend_bind9.json:/var/lib/kolla/config_files/config.json:ro
+                  - /var/lib/config-data/puppet-generated/designate:/var/lib/kolla/config_files/src:ro
+                  - /var/log/containers/designate:/var/log/designate:z
+                  - /var/named-persistent:/var/named-persistent:z
+            environment:
+              KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
+      host_prep_tasks:
+        - name: create persistent named directory
+          file:
+            path: /var/named-persistent
+            state: directory
+            setype: container_file_t
+            mode: '0750'
--- a/deployment/experimental/designate/designate-worker-container-puppet.yaml
+++ b/deployment/experimental/designate/designate-worker-container-puppet.yaml
@ -7,9 +7,6 @@ parameters:
  ContainerDesignateWorkerImage:
    description: image
    type: string
-  ContainerDesignateBackendBIND9Image:
-    description: image
-    type: string
  ContainerDesignateConfigImage:
    description: The container image to use for the designate config_volume
    type: string
@ -91,22 +88,6 @@ outputs:
        map_merge:
          - get_attr: [DesignateBase, role_data, config_settings]
          - designate_rndc_key: {get_param: DesignateRndcKey}
-            dns::vardir: /var/named-persistent
-            dns::recursion: 'no'
-            # Because we generate the key locally and don't want the puppet
-            # module to do it, we set its path to /dev/null.  This means we need
-            # to explicitly include /etc/rndc.key though since the default config
-            # will just include /dev/null.
-            dns::rndckeypath: /dev/null
-            dns::additional_directives:
-              - include "/etc/rndc.key";
-            dns::additional_options:
-              listen-on:
-                str_replace:
-                  template:
-                    "{ %{hiera('$NETWORK')}; }"
-                  params:
-                    $NETWORK: {get_param: [ServiceNetMap, BINDNetwork]}
            tripleo::profile::base::designate::rndc_host:
              str_replace:
                template:
@ -142,10 +123,7 @@ outputs:
            - "\n"
            - - {get_attr: [DesignateBase, role_data, step_config]}
              - "include tripleo::profile::base::designate::worker"
-              - include ::designate::backend::bind9
        config_image: {get_param: ContainerDesignateConfigImage}
-        volumes:
-          - /var/named-persistent:/var/named-persistent:z
      kolla_config:
        /var/lib/kolla/config_files/designate_worker.json:
          command: /usr/bin/designate-worker --config-file=/etc/designate/designate.conf --log-file=/var/log/designate/worker.log
@ -158,27 +136,6 @@ outputs:
            - path: /var/log/designate
              owner: designate:designate
              recurse: true
-        /var/lib/kolla/config_files/designate_backend_bind9.json:
-          command: /usr/sbin/named -u named -c /etc/named.conf -f -g
-          config_files:
-            - source: "/var/lib/kolla/config_files/src/*"
-              dest: "/"
-              merge: true
-              preserve_properties: true
-            - source: "/var/named/*"
-              dest: "/var/named-persistent/"
-              merge: true
-              preserve_properties: true
-          permissions:
-            - path: /var/log/designate
-              owner: designate:designate
-              recurse: true
-            - path: /var/named-persistent
-              owner: root:named
-              perm: '0770'
-            - path: /etc/rndc.key
-              owner: root:named
-              perm: '0640'
      docker_config:
        step_4:
          designate_worker:
@ -198,22 +155,6 @@ outputs:
                  - /var/log/containers/designate:/var/log/designate:z
            environment:
              KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
-          designate_backend_bind9:
-            image: {get_param: ContainerDesignateBackendBIND9Image}
-            net: host
-            privileged: true
-            restart: always
-            volumes:
-              list_concat:
-                - {get_attr: [ContainersCommon, volumes]}
-                -
-                  - /run:/run
-                  - /var/lib/kolla/config_files/designate_backend_bind9.json:/var/lib/kolla/config_files/config.json:ro
-                  - /var/lib/config-data/puppet-generated/designate:/var/lib/kolla/config_files/src:ro
-                  - /var/log/containers/designate:/var/log/designate:z
-                  - /var/named-persistent:/var/named-persistent:z
-            environment:
-              KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
      host_prep_tasks:
        - name: create persistent directories
          file:
@ -223,8 +164,3 @@ outputs:
            mode: "{{ item.mode }}"
          with_items:
            - { 'path': /var/log/containers/designate, 'setype': container_file_t, 'mode': '0750' }
-        - name: create persistent named directory
-          file:
-            path: /var/named-persistent
-            state: directory
-            setype: container_file_t
--- a/environments/enable-designate.yaml
+++ b/environments/enable-designate.yaml
@ -17,5 +17,6 @@ resource_registry:
  OS::TripleO::Services::DesignateMDNS: ../deployment/experimental/designate/designate-mdns-container-puppet.yaml
  OS::TripleO::Services::DesignateProducer: ../deployment/experimental/designate/designate-producer-container-puppet.yaml
  OS::TripleO::Services::DesignateWorker: ../deployment/experimental/designate/designate-worker-container-puppet.yaml
+  OS::TripleO::Services::DesignateBind: ../deployment/experimental/designate/designate-bind-container.yaml
  OS::TripleO::Services::Redis: ../deployment/database/redis-container-puppet.yaml
  OS::TripleO::Services::Unbound: ../deployment/unbound/unbound-container-ansible.yaml
--- a/environments/standalone/standalone-overcloud.yaml
+++ b/environments/standalone/standalone-overcloud.yaml
@ -71,6 +71,7 @@ resource_registry:
  OS::TripleO::Services::DesignateProducer: OS::Heat::None
  OS::TripleO::Services::DesignateSink: OS::Heat::None
  OS::TripleO::Services::DesignateWorker: OS::Heat::None
+  OS::TripleO::Services::DesignateBind: OS::Heat::None
  OS::TripleO::Services::GnocchiApi: OS::Heat::None
  OS::TripleO::Services::GnocchiMetricd: OS::Heat::None
  OS::TripleO::Services::GnocchiStatsd: OS::Heat::None
--- a/environments/standalone/standalone-tripleo.yaml
+++ b/environments/standalone/standalone-tripleo.yaml
@ -81,6 +81,7 @@ resource_registry:
  OS::TripleO::Services::DesignateProducer: OS::Heat::None
  OS::TripleO::Services::DesignateSink: OS::Heat::None
  OS::TripleO::Services::DesignateWorker: OS::Heat::None
+  OS::TripleO::Services::DesignateBind: OS::Heat::None
  OS::TripleO::Services::Docker: OS::Heat::None
  OS::TripleO::Services::DockerRegistry: ../../deployment/image-serve/image-serve-baremetal-ansible.yaml
  OS::TripleO::Services::GnocchiApi: OS::Heat::None
--- a/environments/undercloud/undercloud-minion.yaml
+++ b/environments/undercloud/undercloud-minion.yaml
@ -155,6 +155,7 @@ resource_registry:
  OS::TripleO::Services::DesignateProducer: OS::Heat::None
  OS::TripleO::Services::DesignateSink: OS::Heat::None
  OS::TripleO::Services::DesignateWorker: OS::Heat::None
+  OS::TripleO::Services::DesignateBind: OS::Heat::None
  OS::TripleO::Services::Docker: OS::Heat::None
  OS::TripleO::Services::DockerRegistry: OS::Heat::None
  OS::TripleO::Services::Etcd: OS::Heat::None
--- a/overcloud-resource-registry-puppet.j2.yaml
+++ b/overcloud-resource-registry-puppet.j2.yaml
@ -320,6 +320,7 @@ resource_registry:
  OS::TripleO::Services::DesignateWorker: OS::Heat::None
  OS::TripleO::Services::DesignateMDNS: OS::Heat::None
  OS::TripleO::Services::DesignateSink: OS::Heat::None
+  OS::TripleO::Services::DesignateBind: OS::Heat::None
  OS::TripleO::Services::NeutronMl2PluginBase: deployment/neutron/neutron-plugin-ml2-ovn.yaml
  OS::TripleO::Services::Multipathd: OS::Heat::None
  OS::TripleO::Services::GlanceApiEdge: OS::Heat::None
--- a/roles/Controller.yaml
+++ b/roles/Controller.yaml
@ -89,6 +89,7 @@
    - OS::TripleO::Services::DesignateWorker
    - OS::TripleO::Services::DesignateMDNS
    - OS::TripleO::Services::DesignateSink
+    - OS::TripleO::Services::DesignateBind
    - OS::TripleO::Services::Etcd
    - OS::TripleO::Services::ExternalSwiftProxy
    - OS::TripleO::Services::Frr
--- a/roles/ControllerAllNovaStandalone.yaml
+++ b/roles/ControllerAllNovaStandalone.yaml
@ -55,6 +55,7 @@
    - OS::TripleO::Services::DesignateWorker
    - OS::TripleO::Services::DesignateMDNS
    - OS::TripleO::Services::DesignateSink
+    - OS::TripleO::Services::DesignateBind
    - OS::TripleO::Services::Etcd
    - OS::TripleO::Services::Frr
    - OS::TripleO::Services::IpaClient
--- a/roles/ControllerNoCeph.yaml
+++ b/roles/ControllerNoCeph.yaml
@ -77,6 +77,7 @@
    - OS::TripleO::Services::DesignateWorker
    - OS::TripleO::Services::DesignateMDNS
    - OS::TripleO::Services::DesignateSink
+    - OS::TripleO::Services::DesignateBind
    - OS::TripleO::Services::Etcd
    - OS::TripleO::Services::Frr
    - OS::TripleO::Services::ExternalSwiftProxy
--- a/roles/ControllerOpenstack.yaml
+++ b/roles/ControllerOpenstack.yaml
@ -60,6 +60,7 @@
    - OS::TripleO::Services::DesignateWorker
    - OS::TripleO::Services::DesignateMDNS
    - OS::TripleO::Services::DesignateSink
+    - OS::TripleO::Services::DesignateBind
    - OS::TripleO::Services::Etcd
    - OS::TripleO::Services::Frr
    - OS::TripleO::Services::IpaClient
--- a/roles/ControllerSriov.yaml
+++ b/roles/ControllerSriov.yaml
@ -81,6 +81,7 @@
    - OS::TripleO::Services::DesignateWorker
    - OS::TripleO::Services::DesignateMDNS
    - OS::TripleO::Services::DesignateSink
+    - OS::TripleO::Services::DesignateBind
    - OS::TripleO::Services::Docker
    - OS::TripleO::Services::Etcd
    - OS::TripleO::Services::Frr
--- a/roles/ControllerStorageDashboard.yaml
+++ b/roles/ControllerStorageDashboard.yaml
@ -87,6 +87,7 @@
    - OS::TripleO::Services::DesignateWorker
    - OS::TripleO::Services::DesignateMDNS
    - OS::TripleO::Services::DesignateSink
+    - OS::TripleO::Services::DesignateBind
    - OS::TripleO::Services::Etcd
    - OS::TripleO::Services::Frr
    - OS::TripleO::Services::ExternalSwiftProxy
--- a/roles/ControllerStorageNfs.yaml
+++ b/roles/ControllerStorageNfs.yaml
@ -88,6 +88,7 @@
    - OS::TripleO::Services::DesignateWorker
    - OS::TripleO::Services::DesignateMDNS
    - OS::TripleO::Services::DesignateSink
+    - OS::TripleO::Services::DesignateBind
    - OS::TripleO::Services::Etcd
    - OS::TripleO::Services::Frr
    - OS::TripleO::Services::ExternalSwiftProxy
--- a/roles/Standalone.yaml
+++ b/roles/Standalone.yaml
@ -85,6 +85,7 @@
    - OS::TripleO::Services::DesignateMDNS
    - OS::TripleO::Services::DesignateProducer
    - OS::TripleO::Services::DesignateSink
+    - OS::TripleO::Services::DesignateBind
    - OS::TripleO::Services::DesignateWorker
    - OS::TripleO::Services::DockerRegistry
    - OS::TripleO::Services::Etcd
--- a/roles_data.yaml
+++ b/roles_data.yaml
@ -92,6 +92,7 @@
    - OS::TripleO::Services::DesignateWorker
    - OS::TripleO::Services::DesignateMDNS
    - OS::TripleO::Services::DesignateSink
+    - OS::TripleO::Services::DesignateBind
    - OS::TripleO::Services::Etcd
    - OS::TripleO::Services::ExternalSwiftProxy
    - OS::TripleO::Services::Frr
--- a/sample-env-generator/enable-services.yaml
+++ b/sample-env-generator/enable-services.yaml
@ -16,6 +16,7 @@ environments:
      OS::TripleO::Services::DesignateProducer: ../deployment/experimental/designate/designate-producer-container-puppet.yaml
      OS::TripleO::Services::DesignateWorker: ../deployment/experimental/designate/designate-worker-container-puppet.yaml
      OS::TripleO::Services::DesignateMDNS: ../deployment/experimental/designate/designate-mdns-container-puppet.yaml
+      OS::TripleO::Services::DesignateBind: ../deployment/experimental/designate/designate-bind-container.yaml
      OS::TripleO::Services::Redis: ../deployment/database/redis-container-puppet.yaml
      OS::TripleO::Services::Unbound: ../deployment/unbound/unbound-container-ansible.yaml
  -
--- a/sample-env-generator/standalone.yaml
+++ b/sample-env-generator/standalone.yaml
@ -96,6 +96,7 @@ environments:
      OS::TripleO::Services::DesignateProducer: OS::Heat::None
      OS::TripleO::Services::DesignateSink: OS::Heat::None
      OS::TripleO::Services::DesignateWorker: OS::Heat::None
+      OS::TripleO::Services::DesignateBind: OS::Heat::None
      # Gnocchi
      OS::TripleO::Services::GnocchiApi: OS::Heat::None
      OS::TripleO::Services::GnocchiMetricd: OS::Heat::None
@ -212,6 +213,7 @@ environments:
      OS::TripleO::Services::DesignateProducer: OS::Heat::None
      OS::TripleO::Services::DesignateSink: OS::Heat::None
      OS::TripleO::Services::DesignateWorker: OS::Heat::None
+      OS::TripleO::Services::DesignateBind: OS::Heat::None
      # Gnocchi
      OS::TripleO::Services::GnocchiApi: OS::Heat::None
      OS::TripleO::Services::GnocchiMetricd: OS::Heat::None
--- a/sample-env-generator/undercloud-minion.yaml
+++ b/sample-env-generator/undercloud-minion.yaml
@ -144,6 +144,7 @@ environments:
      OS::TripleO::Services::DesignateProducer: OS::Heat::None
      OS::TripleO::Services::DesignateSink: OS::Heat::None
      OS::TripleO::Services::DesignateWorker: OS::Heat::None
+      OS::TripleO::Services::DesignateBind: OS::Heat::None
      OS::TripleO::Services::Docker: OS::Heat::None
      OS::TripleO::Services::DockerRegistry: OS::Heat::None
      OS::TripleO::Services::Etcd: OS::Heat::None