openstack/tripleo-heat-templates
Code Issues Proposed changes

Merge "Designate: split bind instance into separate template"

Browse Source
This commit is contained in:
Zuul 2021-03-30 00:43:03 +00:00 committed by Gerrit Code Review
commit aa601a280f
21 changed files with 198 additions and 64 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
ci/environments/scenario000-standalone.yaml
View File

@ -47,6 +47,7 @@ resource_registry:
OS::TripleO::Services::DesignateProducer: OS::Heat::None
OS::TripleO::Services::DesignateSink: OS::Heat::None
OS::TripleO::Services::DesignateWorker: OS::Heat::None
OS::TripleO::Services::DesignateBind: OS::Heat::None
OS::TripleO::Services::Etcd: OS::Heat::None
OS::TripleO::Services::ExternalSwiftProxy: OS::Heat::None
OS::TripleO::Services::GlanceApi: OS::Heat::None

1
ci/environments/scenario003-standalone.yaml
View File

@ -17,6 +17,7 @@ resource_registry:
OS::TripleO::Services::DesignateProducer: ../../deployment/experimental/designate/designate-producer-container-puppet.yaml
OS::TripleO::Services::DesignateWorker: ../../deployment/experimental/designate/designate-worker-container-puppet.yaml
OS::TripleO::Services::DesignateMDNS: ../../deployment/experimental/designate/designate-mdns-container-puppet.yaml
OS::TripleO::Services::DesignateBind: ../../deployment/experimental/designate/designate-bind-container.yaml
OS::TripleO::Services::Redis: ../../deployment/database/redis-container-puppet.yaml
OS::TripleO::Services::Unbound: ../../deployment/unbound/unbound-container-ansible.yaml

178
deployment/experimental/designate/designate-bind-container.yaml Normal file
View File

@ -0,0 +1,178 @@
heat_template_version: rocky
description: >
OpenStack containerized bind9 for designate
parameters:
ContainerDesignateBackendBIND9Image:
description: image
type: string
ContainerDesignateConfigImage:
description: The container image to use for the designate config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
MonitoringSubscriptionDesignateBind:
default: 'overcloud-designate-bind'
type: string
DesignateRndcKey:
description: The rndc key secret for communication with BIND.
type: string
hidden: true
resources:
ContainersCommon:
type: ../../containers-common.yaml
DesignateBase:
type: ./designate-base.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the Designate Bind instance.
value:
service_name: designate_bind
firewall_rules:
'140 designate_worker udp':
proto: 'udp'
dport:
- 53
- 953
'141 designate_worker tcp':
proto: 'tcp'
dport:
- 53
- 953
monitoring_subscription: {get_param: MonitoringSubscriptionDesignateBind}
config_settings:
map_merge:
- get_attr: [DesignateBase, role_data, config_settings]
- designate_rndc_key: {get_param: DesignateRndcKey}
dns::vardir: /var/named-persistent
dns::recursion: 'no'
# Because we generate the key locally and don't want the puppet
# module to do it, we set its path to /dev/null. This means we need
# to explicitly include /etc/rndc.key though since the default config
# will just include /dev/null.
dns::rndckeypath: /dev/null
dns::additional_directives:
- include "/etc/rndc.key";
dns::additional_options:
listen-on:
str_replace:
template:
"{ %{hiera('$NETWORK')}; }"
params:
$NETWORK: {get_param: [ServiceNetMap, BINDNetwork]}
tripleo::profile::base::designate::rndc_host:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, DesignateApiNetwork]}
tripleo::profile::base::designate::rndc_allowed_addresses:
get_param:
- ServiceData
- net_cidr_map
- {get_param: [ServiceNetMap, DesignateApiNetwork]}
designate::backend::bind9::rndc_host:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, DesignateApiNetwork]}
# BEGIN DOCKER SETTINGS
# TODO(beagles): puppet-desginate is doing some configuration in
# dns::options_path so it seems like we need to run this puppet here for
# the time being at least. I don't think there is a path from heat
# var->hiera->puppet->named configuration at the moment though.
puppet_config:
config_volume: designate
puppet_tags: designate_config,dns_config
step_config:
list_join:
- "\n"
- - {get_attr: [DesignateBase, role_data, step_config]}
- include ::designate::backend::bind9
config_image: {get_param: ContainerDesignateConfigImage}
volumes:
- /var/named-persistent:/var/named-persistent:z
kolla_config:
/var/lib/kolla/config_files/designate_backend_bind9.json:
command: /usr/sbin/named -u named -c /etc/named.conf -f -g
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
- source: "/var/named/*"
dest: "/var/named-persistent/"
merge: true
preserve_properties: true
permissions:
- path: /var/log/designate
owner: designate:designate
recurse: true
- path: /var/named-persistent
owner: root:named
perm: '0770'
- path: /etc/rndc.key
owner: root:named
perm: '0640'
docker_config:
step_4:
designate_backend_bind9:
image: {get_param: ContainerDesignateBackendBIND9Image}
net: host
privileged: true
restart: always
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /run:/run
- /var/lib/kolla/config_files/designate_backend_bind9.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/designate:/var/lib/kolla/config_files/src:ro
- /var/log/containers/designate:/var/log/designate:z
- /var/named-persistent:/var/named-persistent:z
environment:
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
host_prep_tasks:
- name: create persistent named directory
file:
path: /var/named-persistent
state: directory
setype: container_file_t
mode: '0750'

64
deployment/experimental/designate/designate-worker-container-puppet.yaml
View File

@ -7,9 +7,6 @@ parameters:
ContainerDesignateWorkerImage:
description: image
type: string
ContainerDesignateBackendBIND9Image:
description: image
type: string
ContainerDesignateConfigImage:
description: The container image to use for the designate config_volume
type: string
@ -91,22 +88,6 @@ outputs:
map_merge:
- get_attr: [DesignateBase, role_data, config_settings]
- designate_rndc_key: {get_param: DesignateRndcKey}
dns::vardir: /var/named-persistent
dns::recursion: 'no'
# Because we generate the key locally and don't want the puppet
# module to do it, we set its path to /dev/null. This means we need
# to explicitly include /etc/rndc.key though since the default config
# will just include /dev/null.
dns::rndckeypath: /dev/null
dns::additional_directives:
- include "/etc/rndc.key";
dns::additional_options:
listen-on:
str_replace:
template:
"{ %{hiera('$NETWORK')}; }"
params:
$NETWORK: {get_param: [ServiceNetMap, BINDNetwork]}
tripleo::profile::base::designate::rndc_host:
str_replace:
template:
@ -142,10 +123,7 @@ outputs:
- "\n"
- - {get_attr: [DesignateBase, role_data, step_config]}
- "include tripleo::profile::base::designate::worker"
- include ::designate::backend::bind9
config_image: {get_param: ContainerDesignateConfigImage}
volumes:
- /var/named-persistent:/var/named-persistent:z
kolla_config:
/var/lib/kolla/config_files/designate_worker.json:
command: /usr/bin/designate-worker --config-file=/etc/designate/designate.conf --log-file=/var/log/designate/worker.log
@ -158,27 +136,6 @@ outputs:
- path: /var/log/designate
owner: designate:designate
recurse: true
/var/lib/kolla/config_files/designate_backend_bind9.json:
command: /usr/sbin/named -u named -c /etc/named.conf -f -g
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
- source: "/var/named/*"
dest: "/var/named-persistent/"
merge: true
preserve_properties: true
permissions:
- path: /var/log/designate
owner: designate:designate
recurse: true
- path: /var/named-persistent
owner: root:named
perm: '0770'
- path: /etc/rndc.key
owner: root:named
perm: '0640'
docker_config:
step_4:
designate_worker:
@ -198,22 +155,6 @@ outputs:
- /var/log/containers/designate:/var/log/designate:z
environment:
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
designate_backend_bind9:
image: {get_param: ContainerDesignateBackendBIND9Image}
net: host
privileged: true
restart: always
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /run:/run
- /var/lib/kolla/config_files/designate_backend_bind9.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/designate:/var/lib/kolla/config_files/src:ro
- /var/log/containers/designate:/var/log/designate:z
- /var/named-persistent:/var/named-persistent:z
environment:
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
host_prep_tasks:
- name: create persistent directories
file:
@ -223,8 +164,3 @@ outputs:
mode: "{{ item.mode }}"
with_items:
- { 'path': /var/log/containers/designate, 'setype': container_file_t, 'mode': '0750' }
- name: create persistent named directory
file:
path: /var/named-persistent
state: directory
setype: container_file_t

1
environments/enable-designate.yaml
View File

@ -17,5 +17,6 @@ resource_registry:
OS::TripleO::Services::DesignateMDNS: ../deployment/experimental/designate/designate-mdns-container-puppet.yaml
OS::TripleO::Services::DesignateProducer: ../deployment/experimental/designate/designate-producer-container-puppet.yaml
OS::TripleO::Services::DesignateWorker: ../deployment/experimental/designate/designate-worker-container-puppet.yaml
OS::TripleO::Services::DesignateBind: ../deployment/experimental/designate/designate-bind-container.yaml
OS::TripleO::Services::Redis: ../deployment/database/redis-container-puppet.yaml
OS::TripleO::Services::Unbound: ../deployment/unbound/unbound-container-ansible.yaml

1
environments/standalone/standalone-overcloud.yaml
View File

@ -71,6 +71,7 @@ resource_registry:
OS::TripleO::Services::DesignateProducer: OS::Heat::None
OS::TripleO::Services::DesignateSink: OS::Heat::None
OS::TripleO::Services::DesignateWorker: OS::Heat::None
OS::TripleO::Services::DesignateBind: OS::Heat::None
OS::TripleO::Services::GnocchiApi: OS::Heat::None
OS::TripleO::Services::GnocchiMetricd: OS::Heat::None
OS::TripleO::Services::GnocchiStatsd: OS::Heat::None

1
environments/standalone/standalone-tripleo.yaml
View File

@ -81,6 +81,7 @@ resource_registry:
OS::TripleO::Services::DesignateProducer: OS::Heat::None
OS::TripleO::Services::DesignateSink: OS::Heat::None
OS::TripleO::Services::DesignateWorker: OS::Heat::None
OS::TripleO::Services::DesignateBind: OS::Heat::None
OS::TripleO::Services::Docker: OS::Heat::None
OS::TripleO::Services::DockerRegistry: ../../deployment/image-serve/image-serve-baremetal-ansible.yaml
OS::TripleO::Services::GnocchiApi: OS::Heat::None

1
environments/undercloud/undercloud-minion.yaml
View File

@ -155,6 +155,7 @@ resource_registry:
OS::TripleO::Services::DesignateProducer: OS::Heat::None
OS::TripleO::Services::DesignateSink: OS::Heat::None
OS::TripleO::Services::DesignateWorker: OS::Heat::None
OS::TripleO::Services::DesignateBind: OS::Heat::None
OS::TripleO::Services::Docker: OS::Heat::None
OS::TripleO::Services::DockerRegistry: OS::Heat::None
OS::TripleO::Services::Etcd: OS::Heat::None

1
overcloud-resource-registry-puppet.j2.yaml
View File

@ -320,6 +320,7 @@ resource_registry:
OS::TripleO::Services::DesignateWorker: OS::Heat::None
OS::TripleO::Services::DesignateMDNS: OS::Heat::None
OS::TripleO::Services::DesignateSink: OS::Heat::None
OS::TripleO::Services::DesignateBind: OS::Heat::None
OS::TripleO::Services::NeutronMl2PluginBase: deployment/neutron/neutron-plugin-ml2-ovn.yaml
OS::TripleO::Services::Multipathd: OS::Heat::None
OS::TripleO::Services::GlanceApiEdge: OS::Heat::None

1
roles/Controller.yaml
View File

@ -89,6 +89,7 @@
- OS::TripleO::Services::DesignateWorker
- OS::TripleO::Services::DesignateMDNS
- OS::TripleO::Services::DesignateSink
- OS::TripleO::Services::DesignateBind
- OS::TripleO::Services::Etcd
- OS::TripleO::Services::ExternalSwiftProxy
- OS::TripleO::Services::Frr

1
roles/ControllerAllNovaStandalone.yaml
View File

@ -55,6 +55,7 @@
- OS::TripleO::Services::DesignateWorker
- OS::TripleO::Services::DesignateMDNS
- OS::TripleO::Services::DesignateSink
- OS::TripleO::Services::DesignateBind
- OS::TripleO::Services::Etcd
- OS::TripleO::Services::Frr
- OS::TripleO::Services::IpaClient

1
roles/ControllerNoCeph.yaml
View File

@ -77,6 +77,7 @@
- OS::TripleO::Services::DesignateWorker
- OS::TripleO::Services::DesignateMDNS
- OS::TripleO::Services::DesignateSink
- OS::TripleO::Services::DesignateBind
- OS::TripleO::Services::Etcd
- OS::TripleO::Services::Frr
- OS::TripleO::Services::ExternalSwiftProxy

1
roles/ControllerOpenstack.yaml
View File

@ -60,6 +60,7 @@
- OS::TripleO::Services::DesignateWorker
- OS::TripleO::Services::DesignateMDNS
- OS::TripleO::Services::DesignateSink
- OS::TripleO::Services::DesignateBind
- OS::TripleO::Services::Etcd
- OS::TripleO::Services::Frr
- OS::TripleO::Services::IpaClient

1
roles/ControllerSriov.yaml
View File

@ -81,6 +81,7 @@
- OS::TripleO::Services::DesignateWorker
- OS::TripleO::Services::DesignateMDNS
- OS::TripleO::Services::DesignateSink
- OS::TripleO::Services::DesignateBind
- OS::TripleO::Services::Docker
- OS::TripleO::Services::Etcd
- OS::TripleO::Services::Frr

1
roles/ControllerStorageDashboard.yaml
View File

@ -87,6 +87,7 @@
- OS::TripleO::Services::DesignateWorker
- OS::TripleO::Services::DesignateMDNS
- OS::TripleO::Services::DesignateSink
- OS::TripleO::Services::DesignateBind
- OS::TripleO::Services::Etcd
- OS::TripleO::Services::Frr
- OS::TripleO::Services::ExternalSwiftProxy

1
roles/ControllerStorageNfs.yaml
View File

@ -88,6 +88,7 @@
- OS::TripleO::Services::DesignateWorker
- OS::TripleO::Services::DesignateMDNS
- OS::TripleO::Services::DesignateSink
- OS::TripleO::Services::DesignateBind
- OS::TripleO::Services::Etcd
- OS::TripleO::Services::Frr
- OS::TripleO::Services::ExternalSwiftProxy

1
roles/Standalone.yaml
View File

@ -85,6 +85,7 @@
- OS::TripleO::Services::DesignateMDNS
- OS::TripleO::Services::DesignateProducer
- OS::TripleO::Services::DesignateSink
- OS::TripleO::Services::DesignateBind
- OS::TripleO::Services::DesignateWorker
- OS::TripleO::Services::DockerRegistry
- OS::TripleO::Services::Etcd

1
roles_data.yaml
View File

@ -92,6 +92,7 @@
- OS::TripleO::Services::DesignateWorker
- OS::TripleO::Services::DesignateMDNS
- OS::TripleO::Services::DesignateSink
- OS::TripleO::Services::DesignateBind
- OS::TripleO::Services::Etcd
- OS::TripleO::Services::ExternalSwiftProxy
- OS::TripleO::Services::Frr

1
sample-env-generator/enable-services.yaml
View File

@ -16,6 +16,7 @@ environments:
OS::TripleO::Services::DesignateProducer: ../deployment/experimental/designate/designate-producer-container-puppet.yaml
OS::TripleO::Services::DesignateWorker: ../deployment/experimental/designate/designate-worker-container-puppet.yaml
OS::TripleO::Services::DesignateMDNS: ../deployment/experimental/designate/designate-mdns-container-puppet.yaml
OS::TripleO::Services::DesignateBind: ../deployment/experimental/designate/designate-bind-container.yaml
OS::TripleO::Services::Redis: ../deployment/database/redis-container-puppet.yaml
OS::TripleO::Services::Unbound: ../deployment/unbound/unbound-container-ansible.yaml
-

2
sample-env-generator/standalone.yaml
View File

@ -96,6 +96,7 @@ environments:
OS::TripleO::Services::DesignateProducer: OS::Heat::None
OS::TripleO::Services::DesignateSink: OS::Heat::None
OS::TripleO::Services::DesignateWorker: OS::Heat::None
OS::TripleO::Services::DesignateBind: OS::Heat::None
# Gnocchi
OS::TripleO::Services::GnocchiApi: OS::Heat::None
OS::TripleO::Services::GnocchiMetricd: OS::Heat::None
@ -212,6 +213,7 @@ environments:
OS::TripleO::Services::DesignateProducer: OS::Heat::None
OS::TripleO::Services::DesignateSink: OS::Heat::None
OS::TripleO::Services::DesignateWorker: OS::Heat::None
OS::TripleO::Services::DesignateBind: OS::Heat::None
# Gnocchi
OS::TripleO::Services::GnocchiApi: OS::Heat::None
OS::TripleO::Services::GnocchiMetricd: OS::Heat::None

1
sample-env-generator/undercloud-minion.yaml
View File

@ -144,6 +144,7 @@ environments:
OS::TripleO::Services::DesignateProducer: OS::Heat::None
OS::TripleO::Services::DesignateSink: OS::Heat::None
OS::TripleO::Services::DesignateWorker: OS::Heat::None
OS::TripleO::Services::DesignateBind: OS::Heat::None
OS::TripleO::Services::Docker: OS::Heat::None
OS::TripleO::Services::DockerRegistry: OS::Heat::None
OS::TripleO::Services::Etcd: OS::Heat::None