9a69426508
It isn't useful for much of anything in a production deployment and it conflicts with the local DNS server in CI. Change-Id: Ied3ecdc71bfdf9bb6439e2c9464aa01346e69226 Closes-Bug: 1795043
127 lines
4.2 KiB
YAML
127 lines
4.2 KiB
YAML
heat_template_version: rocky
|
|
|
|
description: >
|
|
OpenStack Designate Worker service configured with Puppet
|
|
parameters:
|
|
ServiceData:
|
|
default: {}
|
|
description: Dictionary packing service data
|
|
type: json
|
|
ServiceNetMap:
|
|
default: {}
|
|
description: Mapping of service_name -> network name. Typically set
|
|
via parameter_defaults in the resource registry. This
|
|
mapping overrides those in ServiceNetMapDefaults.
|
|
type: json
|
|
DefaultPasswords:
|
|
default: {}
|
|
type: json
|
|
RoleName:
|
|
default: ''
|
|
description: Role name on which the service is applied
|
|
type: string
|
|
RoleParameters:
|
|
default: {}
|
|
description: Parameters specific to the role
|
|
type: json
|
|
EndpointMap:
|
|
default: {}
|
|
description: Mapping of service endpoint -> protocol. Typically set
|
|
via parameter_defaults in the resource registry.
|
|
type: json
|
|
MonitoringSubscriptionDesignateWorker:
|
|
default: 'overcloud-designate-worker'
|
|
type: string
|
|
DesignateWorkerLoggingSource:
|
|
type: json
|
|
default:
|
|
tag: openstack.designate.worker
|
|
path: /var/log/designate/designate-worker.log
|
|
DesignateWorkers:
|
|
default: 0
|
|
description: Number of workers for Designate services.
|
|
type: number
|
|
DesignateRndcKey:
|
|
description: The rndc key secret for communication with BIND.
|
|
type: string
|
|
hidden: true
|
|
|
|
conditions:
|
|
designate_workers_zero: {equals : [{get_param: DesignateWorkers}, 0]}
|
|
|
|
resources:
|
|
DesignateBase:
|
|
type: ./designate-base.yaml
|
|
properties:
|
|
ServiceData: {get_param: ServiceData}
|
|
ServiceNetMap: {get_param: ServiceNetMap}
|
|
DefaultPasswords: {get_param: DefaultPasswords}
|
|
EndpointMap: {get_param: EndpointMap}
|
|
RoleName: {get_param: RoleName}
|
|
RoleParameters: {get_param: RoleParameters}
|
|
|
|
outputs:
|
|
role_data:
|
|
description: Role data for the Designate Worker service.
|
|
value:
|
|
service_name: designate_worker
|
|
monitoring_subscription: {get_param: MonitoringSubscriptionDesignateWorker}
|
|
logging_source: {get_param: DesignateWorkerLoggingSource}
|
|
config_settings:
|
|
map_merge:
|
|
- get_attr: [DesignateBase, role_data, config_settings]
|
|
- designate::worker::worker_notify: true
|
|
designate_rndc_key: {get_param: DesignateRndcKey}
|
|
dns::vardir: /var/named-persistent
|
|
dns::recursion: 'no'
|
|
# Because we generate the key locally and don't want the puppet
|
|
# module to do it, we set its path to /dev/null. This means we need
|
|
# to explicitly include /etc/rndc.key though since the default config
|
|
# will just include /dev/null.
|
|
dns::rndckeypath: /dev/null
|
|
dns::additional_directives:
|
|
- include "/etc/rndc.key";
|
|
dns::additional_options:
|
|
listen-on:
|
|
str_replace:
|
|
template:
|
|
"{ %{hiera('$NETWORK')}; }"
|
|
params:
|
|
$NETWORK: {get_param: [ServiceNetMap, BINDNetwork]}
|
|
tripleo::profile::base::designate::rndc_host:
|
|
str_replace:
|
|
template:
|
|
"%{hiera('$NETWORK')}"
|
|
params:
|
|
$NETWORK: {get_param: [ServiceNetMap, DesignateApiNetwork]}
|
|
tripleo::profile::base::designate::rndc_allowed_addresses:
|
|
- str_replace:
|
|
template:
|
|
"%{hiera('$NETWORK_subnet')}"
|
|
params:
|
|
$NETWORK: {get_param: [ServiceNetMap, DesignateApiNetwork]}
|
|
designate::backend::bind9::rndc_host:
|
|
str_replace:
|
|
template:
|
|
"%{hiera('$NETWORK')}"
|
|
params:
|
|
$NETWORK: {get_param: [ServiceNetMap, DesignateApiNetwork]}
|
|
tripleo.designate_worker.firewall_rules:
|
|
'140 designate_worker udp':
|
|
proto: 'udp'
|
|
dport:
|
|
- 53
|
|
- 953
|
|
'141 designate_worker tcp':
|
|
proto: 'tcp'
|
|
dport:
|
|
- 53
|
|
- 953
|
|
-
|
|
if:
|
|
- designate_workers_zero
|
|
- {}
|
|
- designate::worker::workers: {get_param: DesignateWorkers}
|
|
step_config: |
|
|
include tripleo::profile::base::designate::worker
|