254 lines
9.1 KiB
YAML
254 lines
9.1 KiB
YAML
heat_template_version: wallaby
|
|
|
|
description: >
|
|
OpenStack containerized bind9 for designate
|
|
|
|
parameters:
|
|
ContainerDesignateBackendBIND9Image:
|
|
description: image
|
|
type: string
|
|
tags:
|
|
- role_specific
|
|
ContainerDesignateConfigImage:
|
|
description: The container image to use for the designate config_volume
|
|
type: string
|
|
tags:
|
|
- role_specific
|
|
EndpointMap:
|
|
default: {}
|
|
description: Mapping of service endpoint -> protocol. Typically set
|
|
via parameter_defaults in the resource registry.
|
|
type: json
|
|
ServiceData:
|
|
default: {}
|
|
description: Dictionary packing service data
|
|
type: json
|
|
ServiceNetMap:
|
|
default: {}
|
|
description: Mapping of service_name -> network name. Typically set
|
|
via parameter_defaults in the resource registry. Use
|
|
parameter_merge_strategies to merge it with the defaults.
|
|
type: json
|
|
RoleName:
|
|
default: ''
|
|
description: Role name on which the service is applied
|
|
type: string
|
|
RoleParameters:
|
|
default: {}
|
|
description: Parameters specific to the role
|
|
type: json
|
|
MonitoringSubscriptionDesignateBind:
|
|
default: 'overcloud-designate-bind'
|
|
type: string
|
|
DesignateRndcKey:
|
|
description: The rndc key secret for communication with BIND.
|
|
type: string
|
|
hidden: true
|
|
DesignateBindQueryLogging:
|
|
description: Set to true to enable logging of queries on BIND.
|
|
type: boolean
|
|
default: false
|
|
DesignateBackendListenIPs:
|
|
default: []
|
|
description: A list of IPs to add to the externally accessible interface
|
|
(e.g. interface on the external network or the VIP interface
|
|
in standalone). If provided, the number of IPs must match the
|
|
number of deployed Bind instances. If left empty,
|
|
the deployment will create additional IPs using the external
|
|
network.
|
|
type: comma_delimited_list
|
|
|
|
conditions:
|
|
|
|
public_net_is_ctlplane:
|
|
equals:
|
|
- {get_param: [ServiceData, net_vip_map, {get_param: [ServiceNetMap, DesignateBindNetwork]}]}
|
|
- {get_param: [ServiceData, net_vip_map, ctlplane]}
|
|
|
|
resources:
|
|
|
|
ContainersCommon:
|
|
type: ../containers-common.yaml
|
|
|
|
DesignateBase:
|
|
type: ./designate-base.yaml
|
|
properties:
|
|
EndpointMap: {get_param: EndpointMap}
|
|
ServiceData: {get_param: ServiceData}
|
|
ServiceNetMap: {get_param: ServiceNetMap}
|
|
RoleName: {get_param: RoleName}
|
|
RoleParameters: {get_param: RoleParameters}
|
|
|
|
RoleParametersValue:
|
|
type: OS::Heat::Value
|
|
properties:
|
|
type: json
|
|
value:
|
|
map_replace:
|
|
- map_replace:
|
|
- ContainerDesignateBackendBIND9Image: ContainerDesignateBackendBIND9Image
|
|
ContainerDesignateConfigImage: ContainerDesignateConfigImage
|
|
- values: {get_param: [RoleParameters]}
|
|
- values:
|
|
ContainerDesignateBackendBIND9Image: {get_param: ContainerDesignateBackendBIND9Image}
|
|
ContainerDesignateConfigImage: {get_param: ContainerDesignateConfigImage}
|
|
|
|
outputs:
|
|
role_data:
|
|
description: Role data for the Designate Bind instance.
|
|
value:
|
|
service_name: designate_bind
|
|
firewall_rules:
|
|
'140 designate_worker udp':
|
|
proto: 'udp'
|
|
dport:
|
|
- 53
|
|
- 953
|
|
'141 designate_worker tcp':
|
|
proto: 'tcp'
|
|
dport:
|
|
- 53
|
|
- 953
|
|
monitoring_subscription: {get_param: MonitoringSubscriptionDesignateBind}
|
|
config_settings:
|
|
map_merge:
|
|
- get_attr: [DesignateBase, role_data, config_settings]
|
|
- designate::backend::bind9::configure_bind: false
|
|
puppet_config:
|
|
config_volume: designate
|
|
puppet_tags: designate_config
|
|
step_config: {get_attr: [DesignateBase, role_data, step_config]}
|
|
config_image: {get_attr: [RoleParametersValue, value, ContainerDesignateConfigImage]}
|
|
kolla_config:
|
|
/var/lib/kolla/config_files/designate_backend_bind9.json:
|
|
command: /usr/sbin/named -u named -c /etc/named.conf -f
|
|
config_files:
|
|
- source: "/var/lib/kolla/config_files/src/*"
|
|
dest: "/"
|
|
merge: true
|
|
preserve_properties: true
|
|
- source: "/var/named/*"
|
|
dest: "/var/named-persistent/"
|
|
merge: true
|
|
preserve_properties: true
|
|
permissions:
|
|
- path: /var/log/designate
|
|
owner: designate:designate
|
|
recurse: true
|
|
- path: /var/log/bind
|
|
owner: root:named
|
|
recurse: true
|
|
perm: '0775'
|
|
- path: /var/named-persistent
|
|
owner: root:named
|
|
perm: '0770'
|
|
- path: /etc/rndc.key
|
|
owner: root:named
|
|
perm: '0640'
|
|
deploy_steps_tasks:
|
|
- name: Configure extra IP on the network interfaces
|
|
when:
|
|
- step|int == 1
|
|
include_role:
|
|
name: designate_bind_config
|
|
tasks_from: configure_interfaces
|
|
vars:
|
|
tripleo_designate_bind_network: {get_param: [ServiceNetMap, DesignateBindNetwork]}
|
|
- name: generate rndc key configuration files
|
|
when: step|int == 1
|
|
import_role:
|
|
name: designate_rndc_config
|
|
vars:
|
|
designate_rndc_key: {get_param: DesignateRndcKey}
|
|
designate_rndc_key_file_path: /var/lib/config-data/ansible-generated/designate/etc/
|
|
- name: generate bind configuration
|
|
when: step|int == 1
|
|
import_role:
|
|
name: designate_bind_config
|
|
vars:
|
|
designate_bind_enable_query_logging: {get_param: DesignateBindQueryLogging}
|
|
rndc_allowed_addresses:
|
|
get_param:
|
|
- ServiceData
|
|
- net_cidr_map
|
|
- {get_param: [ServiceNetMap, DesignateBindNetwork]}
|
|
docker_config:
|
|
step_4:
|
|
designate_backend_bind9:
|
|
image: {get_attr: [RoleParametersValue, value, ContainerDesignateBackendBIND9Image]}
|
|
net: host
|
|
privileged: true
|
|
stop_grace_period: 300
|
|
restart: always
|
|
volumes:
|
|
list_concat:
|
|
- {get_attr: [ContainersCommon, volumes]}
|
|
-
|
|
- /run:/run
|
|
- /var/lib/kolla/config_files/designate_backend_bind9.json:/var/lib/kolla/config_files/config.json:ro
|
|
- /var/lib/config-data/ansible-generated/designate:/var/lib/kolla/config_files/src:ro
|
|
- /var/log/containers/designate:/var/log/designate:z
|
|
- /var/log/containers/designate-bind:/var/log/bind:z
|
|
- /var/lib/designate/named-persistent:/var/named-persistent:z
|
|
environment:
|
|
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
|
|
|
|
host_prep_tasks:
|
|
- name: create persistent named directories
|
|
file:
|
|
path: "{{ item.path }}"
|
|
state: directory
|
|
setype: "{{ item.setype }}"
|
|
mode: "{{ item.mode }}"
|
|
with_items:
|
|
- { 'path': /var/lib/designate/named-persistent, 'setype': container_file_t, 'mode': '0750' }
|
|
- { 'path': /var/log/containers/designate-bind, 'setype': container_file_t, 'mode': '0750' }
|
|
|
|
external_deploy_tasks:
|
|
- name: Get list of provided listen ips
|
|
when:
|
|
- step|int == 1
|
|
set_fact:
|
|
dns_listen_ips: { get_param: DesignateBackendListenIPs }
|
|
- name: Distribute configured unbound listen IPs across nodes
|
|
when:
|
|
- step|int == 1
|
|
- dns_listen_ips|length > 0
|
|
block:
|
|
- name: Set the host ip fact
|
|
set_fact:
|
|
tripleo_dns_listen_interfaces: "[ '{{ item.0 }}' ]"
|
|
delegate_to: "{{ item.1 }}"
|
|
delegate_facts: true
|
|
with_together:
|
|
- "{{ dns_listen_ips }}"
|
|
- "{{ groups.designate_bind }}"
|
|
|
|
- name: Configure ports to allow bind to collocate with other services listening on DNS ports
|
|
when:
|
|
- step|int == 1
|
|
- dns_listen_ips|length == 0
|
|
block:
|
|
- name: Get the subnet id for the proper network
|
|
openstack.cloud.subnets_info:
|
|
name:
|
|
if:
|
|
- public_net_is_ctlplane
|
|
- ctlplane-subnet
|
|
-
|
|
str_replace:
|
|
template:
|
|
"$NETWORK_subnet"
|
|
params:
|
|
$NETWORK: {get_param: [ServiceNetMap, DesignateBindNetwork]}
|
|
register: subnet_info
|
|
|
|
- name: Create the extra IPs
|
|
include_role:
|
|
name: designate_bind_config
|
|
tasks_from: create_collocated_ips
|
|
vars:
|
|
hosts_for_ports: "{{ groups.designate_bind }}"
|
|
network_name: {get_param: [ServiceNetMap, DesignateBindNetwork]}
|
|
subnet_id: "{{ subnet_info.openstack_subnets[0].id }}"
|