Merge "Designate: configure collocation IP on bind and neutron dns integration" into stable/wallaby
This commit is contained in:
commit
e4f624afac
|
@ -28,7 +28,7 @@ parameter_defaults:
|
|||
RpcPort: 31459
|
||||
NotifyPort: 5672
|
||||
ContainerCli: podman
|
||||
UnboundListenIPs: ["192.168.24.20"]
|
||||
DesignateBackendListenIPs: ["192.168.24.20"]
|
||||
ExtraFirewallRules:
|
||||
'301 allow arbitrary tcp rule':
|
||||
dport: 12345
|
||||
|
|
|
@ -63,6 +63,11 @@ parameters:
|
|||
type: comma_delimited_list
|
||||
default: 'noop'
|
||||
description: Driver or drivers to handle sending notifications.
|
||||
DesignateEnableNeutronIntegration:
|
||||
default: true
|
||||
description: Enable configuring neutron to use Designate managed DNS
|
||||
services.
|
||||
type: boolean
|
||||
|
||||
parameter_groups:
|
||||
- label: deprecated
|
||||
|
@ -90,3 +95,4 @@ outputs:
|
|||
- {get_param: Debug }
|
||||
designate::purge_config: {get_param: EnableConfigPurge}
|
||||
designate::notification_driver: {get_param: NotificationDriver}
|
||||
designate_enable_neutron_integration: {get_param: DesignateEnableNeutronIntegration}
|
||||
|
|
|
@ -44,6 +44,22 @@ parameters:
|
|||
description: Set to true to enable logging of queries on BIND.
|
||||
type: boolean
|
||||
default: false
|
||||
DesignateBackendListenIPs:
|
||||
default: []
|
||||
description: A list of IPs to add to the externally accessible interface
|
||||
(e.g. interface on the external network or the VIP interface
|
||||
in standalone). If provided, the number of IPs must match the
|
||||
number of deployed Bind instances. If left empty,
|
||||
the deployment will create additonal IPs using the external
|
||||
network.
|
||||
type: comma_delimited_list
|
||||
|
||||
conditions:
|
||||
|
||||
public_net_is_ctlplane:
|
||||
equals:
|
||||
- {get_param: [ServiceData, net_vip_map, {get_param: [ServiceNetMap, DesignateBindNetwork]}]}
|
||||
- {get_param: [ServiceData, net_vip_map, ctlplane]}
|
||||
|
||||
resources:
|
||||
|
||||
|
@ -112,24 +128,32 @@ outputs:
|
|||
owner: root:named
|
||||
perm: '0640'
|
||||
deploy_steps_tasks:
|
||||
- name: generate rndc key configuration files
|
||||
when: step|int == 4
|
||||
import_role:
|
||||
name: designate_rndc_config
|
||||
vars:
|
||||
designate_rndc_key: {get_param: DesignateRndcKey}
|
||||
designate_rndc_key_file_path: /var/lib/config-data/ansible-generated/designate/etc/
|
||||
- name: generate bind configuration
|
||||
when: step|int == 4
|
||||
import_role:
|
||||
name: designate_bind_config
|
||||
vars:
|
||||
designate_bind_enable_query_logging: {get_param: DesignateBindQueryLogging}
|
||||
rndc_allowed_addresses:
|
||||
get_param:
|
||||
- ServiceData
|
||||
- net_cidr_map
|
||||
- {get_param: [ServiceNetMap, DesignateApiNetwork]}
|
||||
- name: Configure extra IP on the network interfaces
|
||||
when:
|
||||
- step|int == 1
|
||||
include_role:
|
||||
name: designate_bind_config
|
||||
tasks_from: configure_interfaces
|
||||
vars:
|
||||
tripleo_designate_bind_network: {get_param: [ServiceNetMap, DesignateBindNetwork]}
|
||||
- name: generate rndc key configuration files
|
||||
when: step|int == 1
|
||||
import_role:
|
||||
name: designate_rndc_config
|
||||
vars:
|
||||
designate_rndc_key: {get_param: DesignateRndcKey}
|
||||
designate_rndc_key_file_path: /var/lib/config-data/ansible-generated/designate/etc/
|
||||
- name: generate bind configuration
|
||||
when: step|int == 1
|
||||
import_role:
|
||||
name: designate_bind_config
|
||||
vars:
|
||||
designate_bind_enable_query_logging: {get_param: DesignateBindQueryLogging}
|
||||
rndc_allowed_addresses:
|
||||
get_param:
|
||||
- ServiceData
|
||||
- net_cidr_map
|
||||
- {get_param: [ServiceNetMap, DesignateApiNetwork]}
|
||||
docker_config:
|
||||
step_4:
|
||||
designate_backend_bind9:
|
||||
|
@ -150,6 +174,7 @@ outputs:
|
|||
- /var/lib/designate/named-persistent:/var/named-persistent:z
|
||||
environment:
|
||||
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
|
||||
|
||||
host_prep_tasks:
|
||||
- name: create persistent named directories
|
||||
file:
|
||||
|
@ -160,3 +185,51 @@ outputs:
|
|||
with_items:
|
||||
- { 'path': /var/lib/designate/named-persistent, 'setype': container_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/log/containers/designate-bind, 'setype': container_file_t, 'mode': '0750' }
|
||||
|
||||
external_deploy_tasks:
|
||||
- name: Get list of provided listen ips
|
||||
when:
|
||||
- step|int == 1
|
||||
set_fact:
|
||||
dns_listen_ips: { get_param: DesignateBackendListenIPs }
|
||||
- name: Distribute configured unbound listen IPs across nodes
|
||||
when:
|
||||
- step|int == 1
|
||||
- dns_listen_ips|length > 0
|
||||
block:
|
||||
- name: Set the host ip fact
|
||||
set_fact:
|
||||
tripleo_dns_listen_interfaces: "[ '{{ item.0 }}' ]"
|
||||
delegate_to: "{{ item.1 }}"
|
||||
delegate_facts: true
|
||||
with_together:
|
||||
- "{{ dns_listen_ips }}"
|
||||
- "{{ groups.designate_bind }}"
|
||||
|
||||
- name: Configure ports to allow bind to collocate with other services listening on DNS ports
|
||||
when:
|
||||
- step|int == 1
|
||||
- dns_listen_ips|length == 0
|
||||
block:
|
||||
- name: Get the subnet id for the proper network
|
||||
openstack.cloud.subnets_info:
|
||||
name:
|
||||
if:
|
||||
- public_net_is_ctlplane
|
||||
- ctlplane-subnet
|
||||
-
|
||||
str_replace:
|
||||
template:
|
||||
"$NETWORK_subnet"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, DesignateBindNetwork]}
|
||||
register: subnet_info
|
||||
|
||||
- name: Create the extra IPs
|
||||
include_role:
|
||||
name: designate_bind_config
|
||||
tasks_from: create_collocated_ips
|
||||
vars:
|
||||
hosts_for_ports: "{{ groups.designate_bind }}"
|
||||
network_name: {get_param: [ServiceNetMap, DesignateBindNetwork]}
|
||||
subnet_id: "{{ subnet_info.openstack_subnets[0].id }}"
|
||||
|
|
|
@ -171,10 +171,12 @@ outputs:
|
|||
config_files: *designate_central_config_files
|
||||
permissions: *designate_central_permissions
|
||||
deploy_steps_tasks:
|
||||
- name: generate designate pool
|
||||
when: step|int == 4
|
||||
import_role:
|
||||
name: designate_bind_pool
|
||||
- name: generate designate pool
|
||||
when: step|int == 4
|
||||
import_role:
|
||||
name: designate_bind_pool
|
||||
vars:
|
||||
alternate_bind: true
|
||||
docker_config:
|
||||
# db sync runs before permissions set by kolla_config
|
||||
step_2:
|
||||
|
|
|
@ -36,6 +36,14 @@ parameters:
|
|||
MonitoringSubscriptionUnbound:
|
||||
default: 'overcloud-unbound'
|
||||
type: string
|
||||
OVNDnsServers:
|
||||
default: []
|
||||
description: List of servers to use as as dns forwarders
|
||||
type: comma_delimited_list
|
||||
NeutronDhcpAgentDnsmasqDnsServers:
|
||||
default: []
|
||||
description: List of servers to use as dnsmasq forwarders
|
||||
type: comma_delimited_list
|
||||
|
||||
# Unbound specific parameters
|
||||
UnboundAllowedCIDRs:
|
||||
|
@ -58,15 +66,6 @@ parameters:
|
|||
unique IP so it can co-exist with bind on same host. Set
|
||||
to false to run unbound independently of designate
|
||||
type: boolean
|
||||
UnboundListenIPs:
|
||||
default: []
|
||||
description: A list of IPs to add to the externally accessible interface
|
||||
(e.g. interface on the external network or the VIP interface
|
||||
in standalone). If provided, the number of IPs must match the
|
||||
number of deployed Unbound instances. If left empty,
|
||||
the deployment will create additonal IPs using the external
|
||||
network.
|
||||
type: comma_delimited_list
|
||||
UnboundForwardResolvers:
|
||||
default: []
|
||||
description: A list of DNS resolver IP addresses, with optional port,
|
||||
|
@ -88,14 +87,6 @@ parameters:
|
|||
type: boolean
|
||||
|
||||
|
||||
conditions:
|
||||
|
||||
public_net_is_ctlplane:
|
||||
equals:
|
||||
- {get_param: [ServiceData, net_vip_map, {get_param: [ServiceNetMap, UnboundNetwork]}]}
|
||||
- {get_param: [ServiceData, net_vip_map, ctlplane]}
|
||||
|
||||
|
||||
resources:
|
||||
|
||||
ContainersCommon:
|
||||
|
@ -118,7 +109,11 @@ outputs:
|
|||
- 853
|
||||
monitoring_subscription: {get_param: MonitoringSubscriptionUnbound}
|
||||
config_settings: {}
|
||||
service_config_settings: {}
|
||||
service_config_settings:
|
||||
neutron_dhcp:
|
||||
tripleo::profile::base::neutron::dhcp::neutron_dns_integration: {get_param: UnboundDesignateIntegration}
|
||||
neutron_plugin_ml2_ovn:
|
||||
tripleo::profile::base::neutron::plugins::ml2::ovn::neutron_dns_integration: {get_param: UnboundDesignateIntegration}
|
||||
kolla_config:
|
||||
/var/lib/kolla/config_files/unbound.json:
|
||||
command: /usr/sbin/unbound -d -d -p
|
||||
|
@ -162,69 +157,6 @@ outputs:
|
|||
with_items:
|
||||
- { 'path': /var/log/containers/unbound, 'setype': container_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/lib/config-data/ansible-generated/unbound, 'setype': container_file_t, 'mode': '0750' }
|
||||
external_deploy_tasks:
|
||||
- name: Get list of provided listen ips
|
||||
when:
|
||||
- step|int == 1
|
||||
set_fact:
|
||||
unbound_listen_ips: { get_param: UnboundListenIPs }
|
||||
- name: Distribute configured unbound listen IPs across nodes
|
||||
when:
|
||||
- step|int == 1
|
||||
- unbound_listen_ips|length > 0
|
||||
block:
|
||||
- name: Set the unbound host ip fact
|
||||
set_fact:
|
||||
tripleo_unbound_listen_interfaces: "[ '{{ item.0 }}' ]"
|
||||
delegate_to: "{{ item.1 }}"
|
||||
delegate_facts: true
|
||||
with_together:
|
||||
- "{{ unbound_listen_ips }}"
|
||||
- "{{ groups.unbound }}"
|
||||
|
||||
- name: Handle a bind and unbound collocated on the same host
|
||||
when:
|
||||
- step|int == 1
|
||||
- unbound_listen_ips|length == 0
|
||||
block:
|
||||
- name: Get the subnet id for the proper network
|
||||
openstack.cloud.subnets_info:
|
||||
name:
|
||||
if:
|
||||
- public_net_is_ctlplane
|
||||
- ctlplane_subnet
|
||||
-
|
||||
str_replace:
|
||||
template:
|
||||
"$NETWORK_subnet"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, PublicNetwork] }
|
||||
register: subnet_info
|
||||
- name: Create a neutron port for a new address
|
||||
os_port:
|
||||
state: present
|
||||
network:
|
||||
if:
|
||||
- public_net_is_ctlplane
|
||||
- 'ctlplane'
|
||||
- { get_param: [ServiceNetMap, PublicNetwork] }
|
||||
# NOTE(beagles): Seems to be required for some deployments to make sure
|
||||
# port gets an IP address.
|
||||
fixed_ips:
|
||||
- subnet_id: "{{ subnet_info.openstack_subnets[0].id }}"
|
||||
no_security_groups: True
|
||||
name: "unbound-designate-{{ item }}-integration-port"
|
||||
register: _unbound_designate_ports
|
||||
with_items:
|
||||
- "{{ groups.unbound }}"
|
||||
|
||||
- name: Set the unbound host ip fact
|
||||
set_fact:
|
||||
tripleo_unbound_listen_interfaces: "[ '{{ item.port.fixed_ips[0].ip_address }}' ]"
|
||||
delegate_to: "{{ item.item }}"
|
||||
delegate_facts: true
|
||||
with_items:
|
||||
- "{{ _unbound_designate_ports.results }}"
|
||||
|
||||
deploy_steps_tasks:
|
||||
- name: Configure Unbound
|
||||
|
@ -239,8 +171,6 @@ outputs:
|
|||
tripleo_unbound_allowed_cidrs: {get_param: UnboundAllowedCIDRs}
|
||||
tripleo_unbound_log_queries: {get_param: UnboundLogQueries}
|
||||
tripleo_unbound_security_harden: {get_param: UnboundSecurityHarden}
|
||||
tripleo_unbound_designate_integration: {get_param: UnboundDesignateIntegration}
|
||||
tripleo_unbound_bind_network: {if: ["public_net_is_ctlplane", "ctlplane", {get_param: [ServiceNetMap, UnboundNetwork]}]}
|
||||
tripleo_unbound_forward_resolvers: {get_param: UnboundForwardResolvers}
|
||||
tripleo_unbound_forward_fallback: {get_param: UnboundForwardFallback}
|
||||
tripleo_unbound_allow_recursion: {get_param: UnboundAllowRecursion}
|
||||
|
|
Loading…
Reference in New Issue