openstack
/
tripleo-heat-templates
Code Issues Proposed changes

Merge "Designate: configure collocation IP on bind and neutron dns integration" into stable/wallaby

This commit is contained in:
Zuul 2022-07-06 13:40:22 +00:00 committed by Gerrit Code Review
parent e10f1f9698 c5f10ff70b
commit e4f624afac
5 changed files with 117 additions and 106 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ci/environments/scenario003-standalone.yaml
View File

@ -28,7 +28,7 @@ parameter_defaults:
RpcPort: 31459
NotifyPort: 5672
ContainerCli: podman
UnboundListenIPs: ["192.168.24.20"]
DesignateBackendListenIPs: ["192.168.24.20"]
ExtraFirewallRules:
'301 allow arbitrary tcp rule':
dport: 12345

6
deployment/designate/designate-base.yaml
View File

@ -63,6 +63,11 @@ parameters:
type: comma_delimited_list
default: 'noop'
description: Driver or drivers to handle sending notifications.
DesignateEnableNeutronIntegration:
default: true
description: Enable configuring neutron to use Designate managed DNS
services.
type: boolean
parameter_groups:
- label: deprecated
@ -90,3 +95,4 @@ outputs:
- {get_param: Debug }
designate::purge_config: {get_param: EnableConfigPurge}
designate::notification_driver: {get_param: NotificationDriver}
designate_enable_neutron_integration: {get_param: DesignateEnableNeutronIntegration}

109
deployment/designate/designate-bind-container.yaml
View File

@ -44,6 +44,22 @@ parameters:
description: Set to true to enable logging of queries on BIND.
type: boolean
default: false
DesignateBackendListenIPs:
default: []
description: A list of IPs to add to the externally accessible interface
(e.g. interface on the external network or the VIP interface
in standalone). If provided, the number of IPs must match the
number of deployed Bind instances. If left empty,
the deployment will create additonal IPs using the external
network.
type: comma_delimited_list
conditions:
public_net_is_ctlplane:
equals:
- {get_param: [ServiceData, net_vip_map, {get_param: [ServiceNetMap, DesignateBindNetwork]}]}
- {get_param: [ServiceData, net_vip_map, ctlplane]}
resources:
@ -112,24 +128,32 @@ outputs:
owner: root:named
perm: '0640'
deploy_steps_tasks:
- name: generate rndc key configuration files
when: step|int == 4
import_role:
name: designate_rndc_config
vars:
designate_rndc_key: {get_param: DesignateRndcKey}
designate_rndc_key_file_path: /var/lib/config-data/ansible-generated/designate/etc/
- name: generate bind configuration
when: step|int == 4
import_role:
name: designate_bind_config
vars:
designate_bind_enable_query_logging: {get_param: DesignateBindQueryLogging}
rndc_allowed_addresses:
get_param:
- ServiceData
- net_cidr_map
- {get_param: [ServiceNetMap, DesignateApiNetwork]}
- name: Configure extra IP on the network interfaces
when:
- step|int == 1
include_role:
name: designate_bind_config
tasks_from: configure_interfaces
vars:
tripleo_designate_bind_network: {get_param: [ServiceNetMap, DesignateBindNetwork]}
- name: generate rndc key configuration files
when: step|int == 1
import_role:
name: designate_rndc_config
vars:
designate_rndc_key: {get_param: DesignateRndcKey}
designate_rndc_key_file_path: /var/lib/config-data/ansible-generated/designate/etc/
- name: generate bind configuration
when: step|int == 1
import_role:
name: designate_bind_config
vars:
designate_bind_enable_query_logging: {get_param: DesignateBindQueryLogging}
rndc_allowed_addresses:
get_param:
- ServiceData
- net_cidr_map
- {get_param: [ServiceNetMap, DesignateApiNetwork]}
docker_config:
step_4:
designate_backend_bind9:
@ -150,6 +174,7 @@ outputs:
- /var/lib/designate/named-persistent:/var/named-persistent:z
environment:
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
host_prep_tasks:
- name: create persistent named directories
file:
@ -160,3 +185,51 @@ outputs:
with_items:
- { 'path': /var/lib/designate/named-persistent, 'setype': container_file_t, 'mode': '0750' }
- { 'path': /var/log/containers/designate-bind, 'setype': container_file_t, 'mode': '0750' }
external_deploy_tasks:
- name: Get list of provided listen ips
when:
- step|int == 1
set_fact:
dns_listen_ips: { get_param: DesignateBackendListenIPs }
- name: Distribute configured unbound listen IPs across nodes
when:
- step|int == 1
- dns_listen_ips|length > 0
block:
- name: Set the host ip fact
set_fact:
tripleo_dns_listen_interfaces: "[ '{{ item.0 }}' ]"
delegate_to: "{{ item.1 }}"
delegate_facts: true
with_together:
- "{{ dns_listen_ips }}"
- "{{ groups.designate_bind }}"
- name: Configure ports to allow bind to collocate with other services listening on DNS ports
when:
- step|int == 1
- dns_listen_ips|length == 0
block:
- name: Get the subnet id for the proper network
openstack.cloud.subnets_info:
name:
if:
- public_net_is_ctlplane
- ctlplane-subnet
-
str_replace:
template:
"$NETWORK_subnet"
params:
$NETWORK: {get_param: [ServiceNetMap, DesignateBindNetwork]}
register: subnet_info
- name: Create the extra IPs
include_role:
name: designate_bind_config
tasks_from: create_collocated_ips
vars:
hosts_for_ports: "{{ groups.designate_bind }}"
network_name: {get_param: [ServiceNetMap, DesignateBindNetwork]}
subnet_id: "{{ subnet_info.openstack_subnets[0].id }}"

10
deployment/designate/designate-central-container-puppet.yaml
View File

@ -171,10 +171,12 @@ outputs:
config_files: *designate_central_config_files
permissions: *designate_central_permissions
deploy_steps_tasks:
- name: generate designate pool
when: step|int == 4
import_role:
name: designate_bind_pool
- name: generate designate pool
when: step|int == 4
import_role:
name: designate_bind_pool
vars:
alternate_bind: true
docker_config:
# db sync runs before permissions set by kolla_config
step_2:

96
deployment/unbound/unbound-container-ansible.yaml
View File

@ -36,6 +36,14 @@ parameters:
MonitoringSubscriptionUnbound:
default: 'overcloud-unbound'
type: string
OVNDnsServers:
default: []
description: List of servers to use as as dns forwarders
type: comma_delimited_list
NeutronDhcpAgentDnsmasqDnsServers:
default: []
description: List of servers to use as dnsmasq forwarders
type: comma_delimited_list
# Unbound specific parameters
UnboundAllowedCIDRs:
@ -58,15 +66,6 @@ parameters:
unique IP so it can co-exist with bind on same host. Set
to false to run unbound independently of designate
type: boolean
UnboundListenIPs:
default: []
description: A list of IPs to add to the externally accessible interface
(e.g. interface on the external network or the VIP interface
in standalone). If provided, the number of IPs must match the
number of deployed Unbound instances. If left empty,
the deployment will create additonal IPs using the external
network.
type: comma_delimited_list
UnboundForwardResolvers:
default: []
description: A list of DNS resolver IP addresses, with optional port,
@ -88,14 +87,6 @@ parameters:
type: boolean
conditions:
public_net_is_ctlplane:
equals:
- {get_param: [ServiceData, net_vip_map, {get_param: [ServiceNetMap, UnboundNetwork]}]}
- {get_param: [ServiceData, net_vip_map, ctlplane]}
resources:
ContainersCommon:
@ -118,7 +109,11 @@ outputs:
- 853
monitoring_subscription: {get_param: MonitoringSubscriptionUnbound}
config_settings: {}
service_config_settings: {}
service_config_settings:
neutron_dhcp:
tripleo::profile::base::neutron::dhcp::neutron_dns_integration: {get_param: UnboundDesignateIntegration}
neutron_plugin_ml2_ovn:
tripleo::profile::base::neutron::plugins::ml2::ovn::neutron_dns_integration: {get_param: UnboundDesignateIntegration}
kolla_config:
/var/lib/kolla/config_files/unbound.json:
command: /usr/sbin/unbound -d -d -p
@ -162,69 +157,6 @@ outputs:
with_items:
- { 'path': /var/log/containers/unbound, 'setype': container_file_t, 'mode': '0750' }
- { 'path': /var/lib/config-data/ansible-generated/unbound, 'setype': container_file_t, 'mode': '0750' }
external_deploy_tasks:
- name: Get list of provided listen ips
when:
- step|int == 1
set_fact:
unbound_listen_ips: { get_param: UnboundListenIPs }
- name: Distribute configured unbound listen IPs across nodes
when:
- step|int == 1
- unbound_listen_ips|length > 0
block:
- name: Set the unbound host ip fact
set_fact:
tripleo_unbound_listen_interfaces: "[ '{{ item.0 }}' ]"
delegate_to: "{{ item.1 }}"
delegate_facts: true
with_together:
- "{{ unbound_listen_ips }}"
- "{{ groups.unbound }}"
- name: Handle a bind and unbound collocated on the same host
when:
- step|int == 1
- unbound_listen_ips|length == 0
block:
- name: Get the subnet id for the proper network
openstack.cloud.subnets_info:
name:
if:
- public_net_is_ctlplane
- ctlplane_subnet
-
str_replace:
template:
"$NETWORK_subnet"
params:
$NETWORK: {get_param: [ServiceNetMap, PublicNetwork] }
register: subnet_info
- name: Create a neutron port for a new address
os_port:
state: present
network:
if:
- public_net_is_ctlplane
- 'ctlplane'
- { get_param: [ServiceNetMap, PublicNetwork] }
# NOTE(beagles): Seems to be required for some deployments to make sure
# port gets an IP address.
fixed_ips:
- subnet_id: "{{ subnet_info.openstack_subnets[0].id }}"
no_security_groups: True
name: "unbound-designate-{{ item }}-integration-port"
register: _unbound_designate_ports
with_items:
- "{{ groups.unbound }}"
- name: Set the unbound host ip fact
set_fact:
tripleo_unbound_listen_interfaces: "[ '{{ item.port.fixed_ips[0].ip_address }}' ]"
delegate_to: "{{ item.item }}"
delegate_facts: true
with_items:
- "{{ _unbound_designate_ports.results }}"
deploy_steps_tasks:
- name: Configure Unbound
@ -239,8 +171,6 @@ outputs:
tripleo_unbound_allowed_cidrs: {get_param: UnboundAllowedCIDRs}
tripleo_unbound_log_queries: {get_param: UnboundLogQueries}
tripleo_unbound_security_harden: {get_param: UnboundSecurityHarden}
tripleo_unbound_designate_integration: {get_param: UnboundDesignateIntegration}
tripleo_unbound_bind_network: {if: ["public_net_is_ctlplane", "ctlplane", {get_param: [ServiceNetMap, UnboundNetwork]}]}
tripleo_unbound_forward_resolvers: {get_param: UnboundForwardResolvers}
tripleo_unbound_forward_fallback: {get_param: UnboundForwardFallback}
tripleo_unbound_allow_recursion: {get_param: UnboundAllowRecursion}