Merge "Generate bind pool and bind configuration using deployment info"

This commit is contained in:
Zuul 2021-04-13 18:37:00 +00:00 committed by Gerrit Code Review
commit ff2d39e846
9 changed files with 52 additions and 488 deletions

View File

@ -31,50 +31,6 @@ parameter_defaults:
NeutronPluginExtensions: qos,port_security,dns
RpcPort: 31459
NotifyPort: 5672
DesignatePools: |
- name: default
# The name is immutable. There will be no option to change the name after
# creation and the only way will to change it will be to delete it
# (and all zones associated with it) and recreate it.
description: Default Pool
attributes: {}
# List out the NS records for zones hosted within this pool
# This should be a record that is created outside of designate, that
# points to the public IP of the controller node.
ns_records:
- hostname: ns1-1.example.org.
priority: 1
# List out the nameservers for this pool. These are the actual BIND servers.
# We use these to verify changes have propagated to all nameservers.
nameservers:
- host: 192.168.24.251
port: 53
# List out the targets for this pool. For BIND there will be one
# entry for each BIND server, as we have to run rndc command on each server
targets:
- type: bind9
description: BIND9 Server 1
# List out the designate-mdns servers from which BIND servers should
# request zone transfers (AXFRs) from.
# This should be the IP of the controller node.
# If you have multiple controllers you can add multiple masters
# by running designate-mdns on them, and adding them here.
masters:
- host: 127.0.0.1
port: 5354
# BIND Configuration options
options:
host: 192.168.24.251
port: 53
rndc_host: 192.168.24.251
rndc_port: 953
rndc_key_file: /etc/rndc.key
ContainerCli: podman
ExtraFirewallRules:
'301 allow arbitrary tcp rule':

View File

@ -25,9 +25,6 @@ parameters:
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
@ -79,56 +76,12 @@ outputs:
config_settings:
map_merge:
- get_attr: [DesignateBase, role_data, config_settings]
- designate_rndc_key: {get_param: DesignateRndcKey}
dns::vardir: /var/named-persistent
dns::recursion: 'no'
# Because we generate the key locally and don't want the puppet
# module to do it, we set its path to /dev/null. This means we need
# to explicitly include /etc/rndc.key though since the default config
# will just include /dev/null.
dns::rndckeypath: /dev/null
dns::additional_directives:
- include "/etc/rndc.key";
dns::additional_options:
listen-on:
str_replace:
template:
"{ %{hiera('$NETWORK')}; }"
params:
$NETWORK: {get_param: [ServiceNetMap, BINDNetwork]}
tripleo::profile::base::designate::rndc_host:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, DesignateApiNetwork]}
tripleo::profile::base::designate::rndc_allowed_addresses:
get_param:
- ServiceData
- net_cidr_map
- {get_param: [ServiceNetMap, DesignateApiNetwork]}
designate::backend::bind9::rndc_host:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, DesignateApiNetwork]}
# BEGIN DOCKER SETTINGS
# TODO(beagles): puppet-desginate is doing some configuration in
# dns::options_path so it seems like we need to run this puppet here for
# the time being at least. I don't think there is a path from heat
# var->hiera->puppet->named configuration at the moment though.
- designate::backend::bind9::configure_bind: false
puppet_config:
config_volume: designate
puppet_tags: designate_config,dns_config
step_config:
list_join:
- "\n"
- - {get_attr: [DesignateBase, role_data, step_config]}
- include ::designate::backend::bind9
puppet_tags: designate_config
step_config: {get_attr: [DesignateBase, role_data, step_config]}
config_image: {get_param: ContainerDesignateConfigImage}
volumes:
- /var/named-persistent:/var/named-persistent:z
kolla_config:
/var/lib/kolla/config_files/designate_backend_bind9.json:
command: /usr/sbin/named -u named -c /etc/named.conf -f -g
@ -151,6 +104,24 @@ outputs:
- path: /etc/rndc.key
owner: root:named
perm: '0640'
deploy_steps_tasks:
- name: generate rndc key configuration files
when: step|int == 4
import_role:
name: designate_rndc_config
vars:
designate_rndc_key: {get_param: DesignateRndcKey}
designate_rndc_key_file_path: /var/lib/config-data/ansible-generated/designate/etc/
- name: generate bind configuration
when: step|int == 4
import_role:
name: designate_bind_config
vars:
rndc_allowed_addresses:
get_param:
- ServiceData
- net_cidr_map
- {get_param: [ServiceNetMap, DesignateApiNetwork]}
docker_config:
step_4:
designate_backend_bind9:
@ -164,7 +135,7 @@ outputs:
-
- /run:/run
- /var/lib/kolla/config_files/designate_backend_bind9.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/designate:/var/lib/kolla/config_files/src:ro
- /var/lib/config-data/ansible-generated/designate:/var/lib/kolla/config_files/src:ro
- /var/log/containers/designate:/var/log/designate:z
- /var/named-persistent:/var/named-persistent:z
environment:

View File

@ -55,9 +55,6 @@ parameters:
description: The password for the Designate's database account.
type: string
hidden: true
DesignatePools:
description: The content for Designate's pools.yaml
type: string
conditions:
designate_workers_zero: {equals : [{get_param: DesignateWorkers}, 0]}
@ -89,8 +86,7 @@ outputs:
config_settings:
map_merge:
- get_attr: [DesignateBase, role_data, config_settings]
- tripleo::profile::base::designate::central::pools_file_content: {get_param: DesignatePools}
designate::db::database_connection:
- designate::db::database_connection:
make_url:
scheme: {get_param: [EndpointMap, MysqlInternal, protocol]}
username: designate
@ -147,6 +143,11 @@ outputs:
- path: /var/log/designate
owner: designate:designate
recurse: true
deploy_steps_tasks:
- name: generate designate pool
when: step|int == 4
import_role:
name: designate_bind_pool
docker_config:
# db sync runs before permissions set by kolla_config
step_2:
@ -204,7 +205,7 @@ outputs:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/config-data/designate/etc/designate/:/etc/designate/:ro
- /var/lib/config-data/puppet-generated/designate/etc/designate/:/etc/designate/:ro
- /var/log/containers/designate:/var/log/designate:z
command: "/usr/bin/bootstrap_host_exec designate_central su designate -s /bin/bash -c '/bin/designate-manage pool update'"
host_prep_tasks:

View File

@ -87,24 +87,6 @@ outputs:
config_settings:
map_merge:
- get_attr: [DesignateBase, role_data, config_settings]
- designate_rndc_key: {get_param: DesignateRndcKey}
tripleo::profile::base::designate::rndc_host:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, DesignateApiNetwork]}
tripleo::profile::base::designate::rndc_allowed_addresses:
get_param:
- ServiceData
- net_cidr_map
- {get_param: [ServiceNetMap, DesignateApiNetwork]}
designate::backend::bind9::rndc_host:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, DesignateApiNetwork]}
-
if:
- designate_workers_zero
@ -117,12 +99,13 @@ outputs:
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: designate
puppet_tags: designate_config,dns_config
puppet_tags: designate_config
step_config:
list_join:
- "\n"
- - {get_attr: [DesignateBase, role_data, step_config]}
- "include tripleo::profile::base::designate::worker"
- "include tripleo::profile::base::designate::backend"
config_image: {get_param: ContainerDesignateConfigImage}
kolla_config:
/var/lib/kolla/config_files/designate_worker.json:
@ -136,6 +119,13 @@ outputs:
- path: /var/log/designate
owner: designate:designate
recurse: true
deploy_steps_tasks:
- name: generate rndc key configuration files
when: step|int == 4
import_role:
name: designate_rndc_config
vars:
designate_rndc_key: {get_param: DesignateRndcKey}
docker_config:
step_4:
designate_worker:

View File

@ -1,127 +0,0 @@
# *******************************************************************
# This file was created automatically by the sample environment
# generator. Developers should use `tox -e genconfig` to update it.
# Users are recommended to make changes to a copy of the file instead
# of the original, if any customizations are needed.
# *******************************************************************
# title: Configure Designate Parameters for HA
# description: |
# Sample configuration parameters for Designate that are appropriate
# for an HA deployment. Requires the enable-designate environment.
parameter_defaults:
# The content for Designate's pools.yaml
# Mandatory. This parameter must be set by the user.
# Type: string
DesignatePools: |
- name: default
# The name is immutable. There will be no option to change the name after
# creation and the only way will to change it will be to delete it
# (and all zones associated with it) and recreate it.
description: Default Pool
attributes: {}
# List out the NS records for zones hosted within this pool
# This should be a record that is created outside of designate, that
# points to the public IP of the controller node.
ns_records:
- hostname: ns1-1.example.org.
priority: 1
- hostname: ns1-2.example.org.
priority: 2
- hostname: ns1-3.example.org.
priority: 3
# List out the nameservers for this pool. These are the actual BIND servers.
# We use these to verify changes have propagated to all nameservers.
nameservers:
- host: 10.0.0.51
port: 53
- host: 10.0.0.52
port: 53
- host: 10.0.0.53
port: 53
# List out the targets for this pool. For BIND there will be one
# entry for each BIND server, as we have to run rndc command on each server
targets:
- type: bind9
description: BIND9 Server 1
# List out the designate-mdns servers from which BIND servers should
# request zone transfers (AXFRs) from.
# This should be the IP of the controller node.
# If you have multiple controllers you can add multiple masters
# by running designate-mdns on them, and adding them here.
masters:
- host: 10.0.0.51
port: 5354
- host: 10.0.0.52
port: 5354
- host: 10.0.0.53
port: 5354
# BIND Configuration options
options:
host: 10.0.0.51
port: 53
rndc_host: 172.17.0.251
rndc_port: 953
rndc_key_file: /etc/rndc.key
- type: bind9
description: BIND9 Server 2
# List out the designate-mdns servers from which BIND servers should
# request zone transfers (AXFRs) from.
# This should be the IP of the controller node.
# If you have multiple controllers you can add multiple masters
# by running designate-mdns on them, and adding them here.
masters:
- host: 10.0.0.51
port: 5354
- host: 10.0.0.52
port: 5354
- host: 10.0.0.53
port: 5354
# BIND Configuration options
options:
host: 10.0.0.52
port: 53
rndc_host: 172.17.0.252
rndc_port: 953
rndc_key_file: /etc/rndc.key
- type: bind9
description: BIND9 Server 3
# List out the designate-mdns servers from which BIND servers should
# request zone transfers (AXFRs) from.
# This should be the IP of the controller node.
# If you have multiple controllers you can add multiple masters
# by running designate-mdns on them, and adding them here.
masters:
- host: 10.0.0.51
port: 5354
- host: 10.0.0.52
port: 5354
- host: 10.0.0.53
port: 5354
# BIND Configuration options
options:
host: 10.0.0.53
port: 53
rndc_host: 172.17.0.253
rndc_port: 953
rndc_key_file: /etc/rndc.key
# If True, enable the internal Neutron DNS server that provides name
# resolution between VMs. This parameter has no effect if
# NeutronDhcpAgentDnsmasqDnsServers is set.
# Type: boolean
NeutronEnableInternalDNS: True
# Comma-separated list of extensions enabled for the Neutron plugin.
# Type: comma_delimited_list
NeutronPluginExtensions: qos,port_security,dns

View File

@ -1,69 +0,0 @@
# *******************************************************************
# This file was created automatically by the sample environment
# generator. Developers should use `tox -e genconfig` to update it.
# Users are recommended to make changes to a copy of the file instead
# of the original, if any customizations are needed.
# *******************************************************************
# title: Configure Designate Parameters
# description: |
# Sample configuration parameters for Designate. Requires the
# enable-designate environment.
parameter_defaults:
# The content for Designate's pools.yaml
# Mandatory. This parameter must be set by the user.
# Type: string
DesignatePools: |
- name: default
# The name is immutable. There will be no option to change the name after
# creation and the only way will to change it will be to delete it
# (and all zones associated with it) and recreate it.
description: Default Pool
attributes: {}
# List out the NS records for zones hosted within this pool
# This should be a record that is created outside of designate, that
# points to the public IP of the controller node.
ns_records:
- hostname: ns1-1.example.org.
priority: 1
# List out the nameservers for this pool. These are the actual BIND servers.
# We use these to verify changes have propagated to all nameservers.
nameservers:
- host: 10.0.0.51
port: 53
# List out the targets for this pool. For BIND there will be one
# entry for each BIND server, as we have to run rndc command on each server
targets:
- type: bind9
description: BIND9 Server 1
# List out the designate-mdns servers from which BIND servers should
# request zone transfers (AXFRs) from.
# This should be the IP of the controller node.
# If you have multiple controllers you can add multiple masters
# by running designate-mdns on them, and adding them here.
masters:
- host: 10.0.0.51
port: 5354
# BIND Configuration options
options:
host: 10.0.0.51
port: 53
rndc_host: 172.17.0.251
rndc_port: 953
rndc_key_file: /etc/rndc.key
# If True, enable the internal Neutron DNS server that provides name
# resolution between VMs. This parameter has no effect if
# NeutronDhcpAgentDnsmasqDnsServers is set.
# Type: boolean
NeutronEnableInternalDNS: True
# Comma-separated list of extensions enabled for the Neutron plugin.
# Type: comma_delimited_list
NeutronPluginExtensions: qos,port_security,dns

View File

@ -20,3 +20,15 @@ resource_registry:
OS::TripleO::Services::DesignateBind: ../deployment/experimental/designate/designate-bind-container.yaml
OS::TripleO::Services::Redis: ../deployment/database/redis-container-puppet.yaml
OS::TripleO::Services::Unbound: ../deployment/unbound/unbound-container-ansible.yaml
parameter_defaults:
# If True, enable the internal Neutron DNS server that provides name
# resolution between VMs. This parameter has no effect if
# NeutronDhcpAgentDnsmasqDnsServers is set.
# Type: boolean
NeutronEnableInternalDNS: True
# Comma-separated list of extensions enabled for the Neutron plugin.
# Type: comma_delimited_list
NeutronPluginExtensions: qos,port_security,dns

View File

@ -8,23 +8,15 @@ environments:
This environment enables the Designate services. One of the
designate-config* environment files must also be included.
# FIXME(bnemec): files should not be a required key.
files: {}
resource_registry:
OS::TripleO::Services::DesignateApi: ../deployment/experimental/designate/designate-api-container-puppet.yaml
OS::TripleO::Services::DesignateCentral: ../deployment/experimental/designate/designate-central-container-puppet.yaml
OS::TripleO::Services::DesignateMDNS: ../deployment/experimental/designate/designate-mdns-container-puppet.yaml
OS::TripleO::Services::DesignateProducer: ../deployment/experimental/designate/designate-producer-container-puppet.yaml
OS::TripleO::Services::DesignateWorker: ../deployment/experimental/designate/designate-worker-container-puppet.yaml
OS::TripleO::Services::DesignateMDNS: ../deployment/experimental/designate/designate-mdns-container-puppet.yaml
OS::TripleO::Services::DesignateBind: ../deployment/experimental/designate/designate-bind-container.yaml
OS::TripleO::Services::Redis: ../deployment/database/redis-container-puppet.yaml
OS::TripleO::Services::Unbound: ../deployment/unbound/unbound-container-ansible.yaml
-
name: designate-config
title: Configure Designate Parameters
description: |
Sample configuration parameters for Designate. Requires the
enable-designate environment.
files:
deployment/neutron/neutron-plugin-ml2.yaml:
parameters:
@ -32,167 +24,6 @@ environments:
deployment/neutron/neutron-dhcp-container-puppet.yaml:
parameters:
- NeutronEnableInternalDNS
deployment/experimental/designate/designate-central-container-puppet.yaml:
parameters:
- DesignatePools
sample_values:
NeutronPluginExtensions: qos,port_security,dns
NeutronEnableInternalDNS: True
DesignatePools: |-
|
- name: default
# The name is immutable. There will be no option to change the name after
# creation and the only way will to change it will be to delete it
# (and all zones associated with it) and recreate it.
description: Default Pool
attributes: {}
# List out the NS records for zones hosted within this pool
# This should be a record that is created outside of designate, that
# points to the public IP of the controller node.
ns_records:
- hostname: ns1-1.example.org.
priority: 1
# List out the nameservers for this pool. These are the actual BIND servers.
# We use these to verify changes have propagated to all nameservers.
nameservers:
- host: 10.0.0.51
port: 53
# List out the targets for this pool. For BIND there will be one
# entry for each BIND server, as we have to run rndc command on each server
targets:
- type: bind9
description: BIND9 Server 1
# List out the designate-mdns servers from which BIND servers should
# request zone transfers (AXFRs) from.
# This should be the IP of the controller node.
# If you have multiple controllers you can add multiple masters
# by running designate-mdns on them, and adding them here.
masters:
- host: 10.0.0.51
port: 5354
# BIND Configuration options
options:
host: 10.0.0.51
port: 53
rndc_host: 172.17.0.251
rndc_port: 953
rndc_key_file: /etc/rndc.key
children:
-
name: designate-config-ha
title: Configure Designate Parameters for HA
description: |
Sample configuration parameters for Designate that are appropriate
for an HA deployment. Requires the enable-designate environment.
sample_values:
NeutronPluginExtensions: qos,port_security,dns
NeutronEnableInternalDNS: True
DesignatePools: |-
|
- name: default
# The name is immutable. There will be no option to change the name after
# creation and the only way will to change it will be to delete it
# (and all zones associated with it) and recreate it.
description: Default Pool
attributes: {}
# List out the NS records for zones hosted within this pool
# This should be a record that is created outside of designate, that
# points to the public IP of the controller node.
ns_records:
- hostname: ns1-1.example.org.
priority: 1
- hostname: ns1-2.example.org.
priority: 2
- hostname: ns1-3.example.org.
priority: 3
# List out the nameservers for this pool. These are the actual BIND servers.
# We use these to verify changes have propagated to all nameservers.
nameservers:
- host: 10.0.0.51
port: 53
- host: 10.0.0.52
port: 53
- host: 10.0.0.53
port: 53
# List out the targets for this pool. For BIND there will be one
# entry for each BIND server, as we have to run rndc command on each server
targets:
- type: bind9
description: BIND9 Server 1
# List out the designate-mdns servers from which BIND servers should
# request zone transfers (AXFRs) from.
# This should be the IP of the controller node.
# If you have multiple controllers you can add multiple masters
# by running designate-mdns on them, and adding them here.
masters:
- host: 10.0.0.51
port: 5354
- host: 10.0.0.52
port: 5354
- host: 10.0.0.53
port: 5354
# BIND Configuration options
options:
host: 10.0.0.51
port: 53
rndc_host: 172.17.0.251
rndc_port: 953
rndc_key_file: /etc/rndc.key
- type: bind9
description: BIND9 Server 2
# List out the designate-mdns servers from which BIND servers should
# request zone transfers (AXFRs) from.
# This should be the IP of the controller node.
# If you have multiple controllers you can add multiple masters
# by running designate-mdns on them, and adding them here.
masters:
- host: 10.0.0.51
port: 5354
- host: 10.0.0.52
port: 5354
- host: 10.0.0.53
port: 5354
# BIND Configuration options
options:
host: 10.0.0.52
port: 53
rndc_host: 172.17.0.252
rndc_port: 953
rndc_key_file: /etc/rndc.key
- type: bind9
description: BIND9 Server 3
# List out the designate-mdns servers from which BIND servers should
# request zone transfers (AXFRs) from.
# This should be the IP of the controller node.
# If you have multiple controllers you can add multiple masters
# by running designate-mdns on them, and adding them here.
masters:
- host: 10.0.0.51
port: 5354
- host: 10.0.0.52
port: 5354
- host: 10.0.0.53
port: 5354
# BIND Configuration options
options:
host: 10.0.0.53
port: 53
rndc_host: 172.17.0.253
rndc_port: 953
rndc_key_file: /etc/rndc.key

View File

@ -1015,8 +1015,7 @@ def validate_service_hiera_interpol(f, tpl):
if 'apache::mod::remoteip::proxy_ips' in path:
continue
# Omit Designate rndc_allowed_addressses
if ('tripleo::profile::base::designate::rndc_allowed_addresses' in
path):
if ('rndc_allowed_addresses' in path):
continue
# Omit Neutron ml2 overlay_ip_version
if 'neutron::plugins::ml2::overlay_ip_version' in path: