tripleo-heat-templates/deployment/designate/designate-mdns-container-puppet.yaml
Brent Eagles acf032a098 Designate: miniDNS and bind9 instances on the proper networks
This changes the listen/bind address for the designate's miniDNS
instances from "all" to the internal API network. It also properly
configures the designate BIND backend to be on the external network.
(Both will default to ctlplane if it is absent)

Change-Id: I5e900354676a30ae8cf53d0a2f4db0201f05207d
2022-02-03 19:41:23 +00:00

199 lines
6.9 KiB
YAML

heat_template_version: wallaby
description: >
OpenStack containerized Designate MiniDNS service
parameters:
ContainerDesignateMDNSImage:
description: image
type: string
tags:
- role_specific
ContainerDesignateConfigImage:
description: The container image to use for the designate config_volume
type: string
tags:
- role_specific
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. Use
parameter_merge_strategies to merge it with the defaults.
type: json
EnableSQLAlchemyCollectd:
type: boolean
description: >
Set to true to enable the SQLAlchemy-collectd server plugin
default: false
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
MonitoringSubscriptionDesignateMiniDNS:
default: 'overcloud-designate-mdns'
type: string
DesignateWorkers:
default: 0
description: Number of workers for Designate services.
type: number
DesignatePassword:
description: The password for the Designate's database account.
type: string
hidden: true
conditions:
designate_workers_zero: {equals : [{get_param: DesignateWorkers}, 0]}
enable_sqlalchemy_collectd: {equals : [{get_param: EnableSQLAlchemyCollectd}, true]}
resources:
ContainersCommon:
type: ../containers-common.yaml
MySQLClient:
type: ../database/mysql-client.yaml
DesignateBase:
type: ./designate-base.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
RoleParametersValue:
type: OS::Heat::Value
properties:
type: json
value:
map_replace:
- map_replace:
- ContainerDesignateMDNSImage: ContainerDesignateMDNSImage
ContainerDesignateConfigImage: ContainerDesignateConfigImage
- values: {get_param: [RoleParameters]}
- values:
ContainerDesignateMDNSImage: {get_param: ContainerDesignateMDNSImage}
ContainerDesignateConfigImage: {get_param: ContainerDesignateConfigImage}
outputs:
role_data:
description: Role data for the Designate MDNS role.
value:
service_name: designate_mdns
firewall_rules:
'142 designate_mdns udp':
proto: 'udp'
dport:
- 5354
'143 designate_mdns tcp':
proto: 'tcp'
dport:
- 5354
monitoring_subscription: {get_param: MonitoringSubscriptionDesignateMiniDNS}
config_settings:
map_merge:
- get_attr: [DesignateBase, role_data, config_settings]
- designate::mdns::listen:
str_replace:
template:
"%{hiera('$NETWORK')}:5354"
params:
$NETWORK: {get_param: [ServiceNetMap, DesignateMdnsNetwork]}
- designate::db::database_connection:
make_url:
scheme: {get_param: [EndpointMap, MysqlInternal, protocol]}
username: designate
password: {get_param: DesignatePassword}
host: {get_param: [EndpointMap, MysqlInternal, host]}
path: /designate
query:
if:
- enable_sqlalchemy_collectd
-
read_default_file: /etc/my.cnf.d/tripleo.cnf
read_default_group: tripleo
plugin: collectd
collectd_program_name: designate_mdns
collectd_host: localhost
-
read_default_file: /etc/my.cnf.d/tripleo.cnf
read_default_group: tripleo
-
if:
- designate_workers_zero
- {}
- designate::mdns::workers: {get_param: DesignateWorkers}
service_config_settings:
mysql:
designate::db::mysql::password: {get_param: DesignatePassword}
designate::db::mysql::user: designate
designate::db::mysql::host: '%'
designate::db::mysql::dbname: designate
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: designate
puppet_tags: designate_config
step_config:
list_join:
- "\n"
- - {get_attr: [DesignateBase, role_data, step_config]}
- "include tripleo::profile::base::designate::mdns"
- {get_attr: [MySQLClient, role_data, step_config]}
config_image: {get_attr: [RoleParametersValue, value, ContainerDesignateConfigImage]}
kolla_config:
/var/lib/kolla/config_files/designate_mdns.json:
command: /usr/bin/designate-mdns --config-file=/etc/designate/designate.conf --log-file=/var/log/designate/mdns.log
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
permissions:
- path: /var/log/designate
owner: designate:designate
recurse: true
docker_config:
step_4:
designate_mdns:
image: &designate_mdns_image {get_attr: [RoleParametersValue, value, ContainerDesignateMDNSImage]}
net: host
privileged: false
restart: always
stop_grace_period: 300
healthcheck:
test: /openstack/healthcheck
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /run:/run
- /var/lib/kolla/config_files/designate_mdns.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/designate:/var/lib/kolla/config_files/src:ro
- /var/log/containers/designate:/var/log/designate:z
environment:
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
host_prep_tasks:
- name: create persistent directories
file:
path: "{{ item.path }}"
state: directory
setype: "{{ item.setype }}"
mode: "{{ item.mode|default(omit) }}"
with_items:
- { 'path': /var/log/designate, 'setype': container_file_t }
- { 'path': /var/log/containers/designate, 'setype': container_file_t, 'mode': '0750' }