c5dc8ef19a
For security, it is best to split authoritative and recursive nameservers. This way a security vulnerability that only affects one type of server won't provide an exploit for the other too. For Designate, the managed BIND server is the authoritative one. We can use Neutron's internal DNS server as the recursive server, or users can point at their DNS server of choice. To make sure our defaults work out of the box, this change enables the Neutron internal DNS by default and users can change that if they choose. Since that means we no longer need recursion in BIND, we should shut it off, which this also does. Change-Id: I4193436fdfd05bfd641fc32b58cc9bff24310a80
28 lines
1.2 KiB
YAML
28 lines
1.2 KiB
YAML
environments:
|
|
-
|
|
name: enable-designate
|
|
title: Enable Designate Service
|
|
description: |
|
|
EXPERIMENTAL: This service is not considered ready for production and
|
|
should only be used for development and test purposes at this time.
|
|
|
|
This environment enables the Designate services and provides sample
|
|
configuration values for other services to allow them to integrate with
|
|
Designate.
|
|
resource_registry:
|
|
OS::TripleO::Services::DesignateApi: ../docker/services/designate-api.yaml
|
|
OS::TripleO::Services::DesignateCentral: ../docker/services/designate-central.yaml
|
|
OS::TripleO::Services::DesignateProducer: ../docker/services/designate-producer.yaml
|
|
OS::TripleO::Services::DesignateWorker: ../docker/services/designate-worker.yaml
|
|
OS::TripleO::Services::DesignateMDNS: ../docker/services/designate-mdns.yaml
|
|
files:
|
|
puppet/services/neutron-plugin-ml2.yaml:
|
|
parameters:
|
|
- NeutronPluginExtensions
|
|
puppet/services/neutron-dhcp.yaml:
|
|
parameters:
|
|
- NeutronEnableInternalDNS
|
|
sample_values:
|
|
NeutronPluginExtensions: qos,port_security,dns
|
|
NeutronEnableInternalDNS: True
|