diff --git a/ci/environments/scenario000-standalone.yaml b/ci/environments/scenario000-standalone.yaml index 12d2b9cdfc..c23adbd6e5 100644 --- a/ci/environments/scenario000-standalone.yaml +++ b/ci/environments/scenario000-standalone.yaml @@ -47,6 +47,7 @@ resource_registry: OS::TripleO::Services::DesignateProducer: OS::Heat::None OS::TripleO::Services::DesignateSink: OS::Heat::None OS::TripleO::Services::DesignateWorker: OS::Heat::None + OS::TripleO::Services::DesignateBind: OS::Heat::None OS::TripleO::Services::Etcd: OS::Heat::None OS::TripleO::Services::ExternalSwiftProxy: OS::Heat::None OS::TripleO::Services::GlanceApi: OS::Heat::None diff --git a/ci/environments/scenario003-standalone.yaml b/ci/environments/scenario003-standalone.yaml index 977f97ba3e..36e6ca2f70 100644 --- a/ci/environments/scenario003-standalone.yaml +++ b/ci/environments/scenario003-standalone.yaml @@ -17,6 +17,7 @@ resource_registry: OS::TripleO::Services::DesignateProducer: ../../deployment/experimental/designate/designate-producer-container-puppet.yaml OS::TripleO::Services::DesignateWorker: ../../deployment/experimental/designate/designate-worker-container-puppet.yaml OS::TripleO::Services::DesignateMDNS: ../../deployment/experimental/designate/designate-mdns-container-puppet.yaml + OS::TripleO::Services::DesignateBind: ../../deployment/experimental/designate/designate-bind-container.yaml OS::TripleO::Services::Redis: ../../deployment/database/redis-container-puppet.yaml OS::TripleO::Services::Unbound: ../../deployment/unbound/unbound-container-ansible.yaml diff --git a/deployment/experimental/designate/designate-bind-container.yaml b/deployment/experimental/designate/designate-bind-container.yaml new file mode 100644 index 0000000000..3fa9a92bfc --- /dev/null +++ b/deployment/experimental/designate/designate-bind-container.yaml @@ -0,0 +1,178 @@ +heat_template_version: rocky + +description: > + OpenStack containerized bind9 for designate + +parameters: + ContainerDesignateBackendBIND9Image: + description: image + type: string + ContainerDesignateConfigImage: + description: The container image to use for the designate config_volume + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + MonitoringSubscriptionDesignateBind: + default: 'overcloud-designate-bind' + type: string + DesignateRndcKey: + description: The rndc key secret for communication with BIND. + type: string + hidden: true + + +resources: + + ContainersCommon: + type: ../../containers-common.yaml + + DesignateBase: + type: ./designate-base.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} + ServiceNetMap: {get_param: ServiceNetMap} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the Designate Bind instance. + value: + service_name: designate_bind + firewall_rules: + '140 designate_worker udp': + proto: 'udp' + dport: + - 53 + - 953 + '141 designate_worker tcp': + proto: 'tcp' + dport: + - 53 + - 953 + monitoring_subscription: {get_param: MonitoringSubscriptionDesignateBind} + config_settings: + map_merge: + - get_attr: [DesignateBase, role_data, config_settings] + - designate_rndc_key: {get_param: DesignateRndcKey} + dns::vardir: /var/named-persistent + dns::recursion: 'no' + # Because we generate the key locally and don't want the puppet + # module to do it, we set its path to /dev/null. This means we need + # to explicitly include /etc/rndc.key though since the default config + # will just include /dev/null. + dns::rndckeypath: /dev/null + dns::additional_directives: + - include "/etc/rndc.key"; + dns::additional_options: + listen-on: + str_replace: + template: + "{ %{hiera('$NETWORK')}; }" + params: + $NETWORK: {get_param: [ServiceNetMap, BINDNetwork]} + tripleo::profile::base::designate::rndc_host: + str_replace: + template: + "%{hiera('$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, DesignateApiNetwork]} + tripleo::profile::base::designate::rndc_allowed_addresses: + get_param: + - ServiceData + - net_cidr_map + - {get_param: [ServiceNetMap, DesignateApiNetwork]} + designate::backend::bind9::rndc_host: + str_replace: + template: + "%{hiera('$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, DesignateApiNetwork]} + # BEGIN DOCKER SETTINGS + # TODO(beagles): puppet-desginate is doing some configuration in + # dns::options_path so it seems like we need to run this puppet here for + # the time being at least. I don't think there is a path from heat + # var->hiera->puppet->named configuration at the moment though. + puppet_config: + config_volume: designate + puppet_tags: designate_config,dns_config + step_config: + list_join: + - "\n" + - - {get_attr: [DesignateBase, role_data, step_config]} + - include ::designate::backend::bind9 + config_image: {get_param: ContainerDesignateConfigImage} + volumes: + - /var/named-persistent:/var/named-persistent:z + kolla_config: + /var/lib/kolla/config_files/designate_backend_bind9.json: + command: /usr/sbin/named -u named -c /etc/named.conf -f -g + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true + - source: "/var/named/*" + dest: "/var/named-persistent/" + merge: true + preserve_properties: true + permissions: + - path: /var/log/designate + owner: designate:designate + recurse: true + - path: /var/named-persistent + owner: root:named + perm: '0770' + - path: /etc/rndc.key + owner: root:named + perm: '0640' + docker_config: + step_4: + designate_backend_bind9: + image: {get_param: ContainerDesignateBackendBIND9Image} + net: host + privileged: true + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /run:/run + - /var/lib/kolla/config_files/designate_backend_bind9.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/puppet-generated/designate:/var/lib/kolla/config_files/src:ro + - /var/log/containers/designate:/var/log/designate:z + - /var/named-persistent:/var/named-persistent:z + environment: + KOLLA_CONFIG_STRATEGY: COPY_ALWAYS + host_prep_tasks: + - name: create persistent named directory + file: + path: /var/named-persistent + state: directory + setype: container_file_t + mode: '0750' diff --git a/deployment/experimental/designate/designate-worker-container-puppet.yaml b/deployment/experimental/designate/designate-worker-container-puppet.yaml index 9fbccb716f..2f33df2f5e 100644 --- a/deployment/experimental/designate/designate-worker-container-puppet.yaml +++ b/deployment/experimental/designate/designate-worker-container-puppet.yaml @@ -7,9 +7,6 @@ parameters: ContainerDesignateWorkerImage: description: image type: string - ContainerDesignateBackendBIND9Image: - description: image - type: string ContainerDesignateConfigImage: description: The container image to use for the designate config_volume type: string @@ -91,22 +88,6 @@ outputs: map_merge: - get_attr: [DesignateBase, role_data, config_settings] - designate_rndc_key: {get_param: DesignateRndcKey} - dns::vardir: /var/named-persistent - dns::recursion: 'no' - # Because we generate the key locally and don't want the puppet - # module to do it, we set its path to /dev/null. This means we need - # to explicitly include /etc/rndc.key though since the default config - # will just include /dev/null. - dns::rndckeypath: /dev/null - dns::additional_directives: - - include "/etc/rndc.key"; - dns::additional_options: - listen-on: - str_replace: - template: - "{ %{hiera('$NETWORK')}; }" - params: - $NETWORK: {get_param: [ServiceNetMap, BINDNetwork]} tripleo::profile::base::designate::rndc_host: str_replace: template: @@ -142,10 +123,7 @@ outputs: - "\n" - - {get_attr: [DesignateBase, role_data, step_config]} - "include tripleo::profile::base::designate::worker" - - include ::designate::backend::bind9 config_image: {get_param: ContainerDesignateConfigImage} - volumes: - - /var/named-persistent:/var/named-persistent:z kolla_config: /var/lib/kolla/config_files/designate_worker.json: command: /usr/bin/designate-worker --config-file=/etc/designate/designate.conf --log-file=/var/log/designate/worker.log @@ -158,27 +136,6 @@ outputs: - path: /var/log/designate owner: designate:designate recurse: true - /var/lib/kolla/config_files/designate_backend_bind9.json: - command: /usr/sbin/named -u named -c /etc/named.conf -f -g - config_files: - - source: "/var/lib/kolla/config_files/src/*" - dest: "/" - merge: true - preserve_properties: true - - source: "/var/named/*" - dest: "/var/named-persistent/" - merge: true - preserve_properties: true - permissions: - - path: /var/log/designate - owner: designate:designate - recurse: true - - path: /var/named-persistent - owner: root:named - perm: '0770' - - path: /etc/rndc.key - owner: root:named - perm: '0640' docker_config: step_4: designate_worker: @@ -198,22 +155,6 @@ outputs: - /var/log/containers/designate:/var/log/designate:z environment: KOLLA_CONFIG_STRATEGY: COPY_ALWAYS - designate_backend_bind9: - image: {get_param: ContainerDesignateBackendBIND9Image} - net: host - privileged: true - restart: always - volumes: - list_concat: - - {get_attr: [ContainersCommon, volumes]} - - - - /run:/run - - /var/lib/kolla/config_files/designate_backend_bind9.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/puppet-generated/designate:/var/lib/kolla/config_files/src:ro - - /var/log/containers/designate:/var/log/designate:z - - /var/named-persistent:/var/named-persistent:z - environment: - KOLLA_CONFIG_STRATEGY: COPY_ALWAYS host_prep_tasks: - name: create persistent directories file: @@ -223,8 +164,3 @@ outputs: mode: "{{ item.mode }}" with_items: - { 'path': /var/log/containers/designate, 'setype': container_file_t, 'mode': '0750' } - - name: create persistent named directory - file: - path: /var/named-persistent - state: directory - setype: container_file_t diff --git a/environments/enable-designate.yaml b/environments/enable-designate.yaml index 4e51c013c3..f082b7f041 100644 --- a/environments/enable-designate.yaml +++ b/environments/enable-designate.yaml @@ -17,5 +17,6 @@ resource_registry: OS::TripleO::Services::DesignateMDNS: ../deployment/experimental/designate/designate-mdns-container-puppet.yaml OS::TripleO::Services::DesignateProducer: ../deployment/experimental/designate/designate-producer-container-puppet.yaml OS::TripleO::Services::DesignateWorker: ../deployment/experimental/designate/designate-worker-container-puppet.yaml + OS::TripleO::Services::DesignateBind: ../deployment/experimental/designate/designate-bind-container.yaml OS::TripleO::Services::Redis: ../deployment/database/redis-container-puppet.yaml OS::TripleO::Services::Unbound: ../deployment/unbound/unbound-container-ansible.yaml diff --git a/environments/standalone/standalone-overcloud.yaml b/environments/standalone/standalone-overcloud.yaml index 78e468231a..164c08e699 100644 --- a/environments/standalone/standalone-overcloud.yaml +++ b/environments/standalone/standalone-overcloud.yaml @@ -71,6 +71,7 @@ resource_registry: OS::TripleO::Services::DesignateProducer: OS::Heat::None OS::TripleO::Services::DesignateSink: OS::Heat::None OS::TripleO::Services::DesignateWorker: OS::Heat::None + OS::TripleO::Services::DesignateBind: OS::Heat::None OS::TripleO::Services::GnocchiApi: OS::Heat::None OS::TripleO::Services::GnocchiMetricd: OS::Heat::None OS::TripleO::Services::GnocchiStatsd: OS::Heat::None diff --git a/environments/standalone/standalone-tripleo.yaml b/environments/standalone/standalone-tripleo.yaml index 67623eb0bd..c36e60e87a 100644 --- a/environments/standalone/standalone-tripleo.yaml +++ b/environments/standalone/standalone-tripleo.yaml @@ -81,6 +81,7 @@ resource_registry: OS::TripleO::Services::DesignateProducer: OS::Heat::None OS::TripleO::Services::DesignateSink: OS::Heat::None OS::TripleO::Services::DesignateWorker: OS::Heat::None + OS::TripleO::Services::DesignateBind: OS::Heat::None OS::TripleO::Services::Docker: OS::Heat::None OS::TripleO::Services::DockerRegistry: ../../deployment/image-serve/image-serve-baremetal-ansible.yaml OS::TripleO::Services::GnocchiApi: OS::Heat::None diff --git a/environments/undercloud/undercloud-minion.yaml b/environments/undercloud/undercloud-minion.yaml index fb1d6fe2ab..a43fb7324f 100644 --- a/environments/undercloud/undercloud-minion.yaml +++ b/environments/undercloud/undercloud-minion.yaml @@ -155,6 +155,7 @@ resource_registry: OS::TripleO::Services::DesignateProducer: OS::Heat::None OS::TripleO::Services::DesignateSink: OS::Heat::None OS::TripleO::Services::DesignateWorker: OS::Heat::None + OS::TripleO::Services::DesignateBind: OS::Heat::None OS::TripleO::Services::Docker: OS::Heat::None OS::TripleO::Services::DockerRegistry: OS::Heat::None OS::TripleO::Services::Etcd: OS::Heat::None diff --git a/overcloud-resource-registry-puppet.j2.yaml b/overcloud-resource-registry-puppet.j2.yaml index 0dfb6b6909..e6b16886f7 100644 --- a/overcloud-resource-registry-puppet.j2.yaml +++ b/overcloud-resource-registry-puppet.j2.yaml @@ -320,6 +320,7 @@ resource_registry: OS::TripleO::Services::DesignateWorker: OS::Heat::None OS::TripleO::Services::DesignateMDNS: OS::Heat::None OS::TripleO::Services::DesignateSink: OS::Heat::None + OS::TripleO::Services::DesignateBind: OS::Heat::None OS::TripleO::Services::NeutronMl2PluginBase: deployment/neutron/neutron-plugin-ml2-ovn.yaml OS::TripleO::Services::Multipathd: OS::Heat::None OS::TripleO::Services::GlanceApiEdge: OS::Heat::None diff --git a/roles/Controller.yaml b/roles/Controller.yaml index 7487bd1df7..6d9812af6a 100644 --- a/roles/Controller.yaml +++ b/roles/Controller.yaml @@ -89,6 +89,7 @@ - OS::TripleO::Services::DesignateWorker - OS::TripleO::Services::DesignateMDNS - OS::TripleO::Services::DesignateSink + - OS::TripleO::Services::DesignateBind - OS::TripleO::Services::Etcd - OS::TripleO::Services::ExternalSwiftProxy - OS::TripleO::Services::Frr diff --git a/roles/ControllerAllNovaStandalone.yaml b/roles/ControllerAllNovaStandalone.yaml index 27ed49a67a..e3ea8a3e0d 100644 --- a/roles/ControllerAllNovaStandalone.yaml +++ b/roles/ControllerAllNovaStandalone.yaml @@ -55,6 +55,7 @@ - OS::TripleO::Services::DesignateWorker - OS::TripleO::Services::DesignateMDNS - OS::TripleO::Services::DesignateSink + - OS::TripleO::Services::DesignateBind - OS::TripleO::Services::Etcd - OS::TripleO::Services::Frr - OS::TripleO::Services::IpaClient diff --git a/roles/ControllerNoCeph.yaml b/roles/ControllerNoCeph.yaml index 4da35ebc22..0c96f16ce5 100644 --- a/roles/ControllerNoCeph.yaml +++ b/roles/ControllerNoCeph.yaml @@ -77,6 +77,7 @@ - OS::TripleO::Services::DesignateWorker - OS::TripleO::Services::DesignateMDNS - OS::TripleO::Services::DesignateSink + - OS::TripleO::Services::DesignateBind - OS::TripleO::Services::Etcd - OS::TripleO::Services::Frr - OS::TripleO::Services::ExternalSwiftProxy diff --git a/roles/ControllerOpenstack.yaml b/roles/ControllerOpenstack.yaml index 0329817601..eb676f413e 100644 --- a/roles/ControllerOpenstack.yaml +++ b/roles/ControllerOpenstack.yaml @@ -60,6 +60,7 @@ - OS::TripleO::Services::DesignateWorker - OS::TripleO::Services::DesignateMDNS - OS::TripleO::Services::DesignateSink + - OS::TripleO::Services::DesignateBind - OS::TripleO::Services::Etcd - OS::TripleO::Services::Frr - OS::TripleO::Services::IpaClient diff --git a/roles/ControllerSriov.yaml b/roles/ControllerSriov.yaml index a670cce0e6..7b199f55eb 100644 --- a/roles/ControllerSriov.yaml +++ b/roles/ControllerSriov.yaml @@ -81,6 +81,7 @@ - OS::TripleO::Services::DesignateWorker - OS::TripleO::Services::DesignateMDNS - OS::TripleO::Services::DesignateSink + - OS::TripleO::Services::DesignateBind - OS::TripleO::Services::Docker - OS::TripleO::Services::Etcd - OS::TripleO::Services::Frr diff --git a/roles/ControllerStorageDashboard.yaml b/roles/ControllerStorageDashboard.yaml index bce1b223ad..800b292578 100644 --- a/roles/ControllerStorageDashboard.yaml +++ b/roles/ControllerStorageDashboard.yaml @@ -87,6 +87,7 @@ - OS::TripleO::Services::DesignateWorker - OS::TripleO::Services::DesignateMDNS - OS::TripleO::Services::DesignateSink + - OS::TripleO::Services::DesignateBind - OS::TripleO::Services::Etcd - OS::TripleO::Services::Frr - OS::TripleO::Services::ExternalSwiftProxy diff --git a/roles/ControllerStorageNfs.yaml b/roles/ControllerStorageNfs.yaml index 38ce5c565b..86b836dbf3 100644 --- a/roles/ControllerStorageNfs.yaml +++ b/roles/ControllerStorageNfs.yaml @@ -88,6 +88,7 @@ - OS::TripleO::Services::DesignateWorker - OS::TripleO::Services::DesignateMDNS - OS::TripleO::Services::DesignateSink + - OS::TripleO::Services::DesignateBind - OS::TripleO::Services::Etcd - OS::TripleO::Services::Frr - OS::TripleO::Services::ExternalSwiftProxy diff --git a/roles/Standalone.yaml b/roles/Standalone.yaml index 7ab8fd068e..383910ce73 100644 --- a/roles/Standalone.yaml +++ b/roles/Standalone.yaml @@ -85,6 +85,7 @@ - OS::TripleO::Services::DesignateMDNS - OS::TripleO::Services::DesignateProducer - OS::TripleO::Services::DesignateSink + - OS::TripleO::Services::DesignateBind - OS::TripleO::Services::DesignateWorker - OS::TripleO::Services::DockerRegistry - OS::TripleO::Services::Etcd diff --git a/roles_data.yaml b/roles_data.yaml index b04b199a5f..c2c1cf92d0 100644 --- a/roles_data.yaml +++ b/roles_data.yaml @@ -92,6 +92,7 @@ - OS::TripleO::Services::DesignateWorker - OS::TripleO::Services::DesignateMDNS - OS::TripleO::Services::DesignateSink + - OS::TripleO::Services::DesignateBind - OS::TripleO::Services::Etcd - OS::TripleO::Services::ExternalSwiftProxy - OS::TripleO::Services::Frr diff --git a/sample-env-generator/enable-services.yaml b/sample-env-generator/enable-services.yaml index 70a8d8e78a..9151f23c21 100644 --- a/sample-env-generator/enable-services.yaml +++ b/sample-env-generator/enable-services.yaml @@ -16,6 +16,7 @@ environments: OS::TripleO::Services::DesignateProducer: ../deployment/experimental/designate/designate-producer-container-puppet.yaml OS::TripleO::Services::DesignateWorker: ../deployment/experimental/designate/designate-worker-container-puppet.yaml OS::TripleO::Services::DesignateMDNS: ../deployment/experimental/designate/designate-mdns-container-puppet.yaml + OS::TripleO::Services::DesignateBind: ../deployment/experimental/designate/designate-bind-container.yaml OS::TripleO::Services::Redis: ../deployment/database/redis-container-puppet.yaml OS::TripleO::Services::Unbound: ../deployment/unbound/unbound-container-ansible.yaml - diff --git a/sample-env-generator/standalone.yaml b/sample-env-generator/standalone.yaml index 0d64a5f8d5..f9598743fe 100644 --- a/sample-env-generator/standalone.yaml +++ b/sample-env-generator/standalone.yaml @@ -96,6 +96,7 @@ environments: OS::TripleO::Services::DesignateProducer: OS::Heat::None OS::TripleO::Services::DesignateSink: OS::Heat::None OS::TripleO::Services::DesignateWorker: OS::Heat::None + OS::TripleO::Services::DesignateBind: OS::Heat::None # Gnocchi OS::TripleO::Services::GnocchiApi: OS::Heat::None OS::TripleO::Services::GnocchiMetricd: OS::Heat::None @@ -212,6 +213,7 @@ environments: OS::TripleO::Services::DesignateProducer: OS::Heat::None OS::TripleO::Services::DesignateSink: OS::Heat::None OS::TripleO::Services::DesignateWorker: OS::Heat::None + OS::TripleO::Services::DesignateBind: OS::Heat::None # Gnocchi OS::TripleO::Services::GnocchiApi: OS::Heat::None OS::TripleO::Services::GnocchiMetricd: OS::Heat::None diff --git a/sample-env-generator/undercloud-minion.yaml b/sample-env-generator/undercloud-minion.yaml index c5d6f7454e..1f586e7e5e 100644 --- a/sample-env-generator/undercloud-minion.yaml +++ b/sample-env-generator/undercloud-minion.yaml @@ -144,6 +144,7 @@ environments: OS::TripleO::Services::DesignateProducer: OS::Heat::None OS::TripleO::Services::DesignateSink: OS::Heat::None OS::TripleO::Services::DesignateWorker: OS::Heat::None + OS::TripleO::Services::DesignateBind: OS::Heat::None OS::TripleO::Services::Docker: OS::Heat::None OS::TripleO::Services::DockerRegistry: OS::Heat::None OS::TripleO::Services::Etcd: OS::Heat::None