Browse Source

Designate bind9 backend

Add bind9 backend for designate. It required worker
and bind9 services for correct work.

Change-Id: I79472fc80c1f48daaf64300f8a71ee50baa6ebd5
changes/21/442421/10
Peter Razumovsky 2 years ago
parent
commit
822cb58246
13 changed files with 215 additions and 11 deletions
  1. +13
    -0
      docker/designate-backend-bind9/Dockerfile.j2
  2. +1
    -1
      docker/designate-base/Dockerfile.j2
  3. +6
    -3
      docker/designate-pool-manager/Dockerfile.j2
  4. +8
    -0
      docker/designate-worker/Dockerfile.j2
  5. +62
    -1
      service/designate-mdns.yaml
  6. +12
    -1
      service/designate-pool-manager.yaml
  7. +27
    -0
      service/files/bind9-pools.yaml.j2
  8. +11
    -2
      service/files/defaults.yaml
  9. +12
    -3
      service/files/designate.conf.j2
  10. +12
    -0
      service/files/named.conf.j2
  11. +39
    -0
      service/files/named.conf.options.j2
  12. +8
    -0
      service/files/rndc.conf.j2
  13. +4
    -0
      service/files/rndc.key.j2

+ 13
- 0
docker/designate-backend-bind9/Dockerfile.j2 View File

@@ -0,0 +1,13 @@
FROM {{ image_spec("designate-base") }}
MAINTAINER {{ maintainer }}

RUN apt-get update -y \
&& apt-get install -y --no-install-recommends \
--no-install-suggests \
bind9

RUN mkdir -p /var/run/named /etc/bind \
&& chmod 775 /var/run/named \
&& chown root:bind /var/run/named

RUN apt-get clean

+ 1
- 1
docker/designate-base/Dockerfile.j2 View File

@@ -12,5 +12,5 @@ RUN useradd --user-group -G microservices designate \
&& sed -i 's|^exec_dirs.*|exec_dirs=/var/lib/microservices/venv/bin,/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin|g' /etc/designate/rootwrap.conf

COPY designate_sudoers /etc/sudoers.d/designate_sudoers
RUN chmod 750 /etc/sudoers.d \
RUN chmod 750 /etc/sudoers.d /etc/designate/rootwrap.d/ \
&& chmod 440 /etc/sudoers.d/designate_sudoers

+ 6
- 3
docker/designate-pool-manager/Dockerfile.j2 View File

@@ -2,8 +2,11 @@ FROM {{ image_spec("designate-base") }}
MAINTAINER {{ maintainer }}

#mysql-client only for provisioning need to be removed later
RUN apt-get install -y --no-install-recommends \
mysql-client \
&& apt-get clean
RUN apt-get update -y \
&& apt-get install -y --no-install-recommends mysql-client bind9 \
&& apt-get clean \
&& mkdir -p /etc/bind \
&& chown -R designate:designate /etc/bind

USER designate


+ 8
- 0
docker/designate-worker/Dockerfile.j2 View File

@@ -0,0 +1,8 @@
FROM {{ image_spec("designate-base") }}
MAINTAINER {{ maintainer }}

RUN apt-get update -y \
&& apt-get install -y --no-install-recommends bind9 \
&& apt-get clean \
&& mkdir -p /etc/bind \
&& chown -R designate:designate /etc/bind

+ 62
- 1
service/designate-mdns.yaml View File

@@ -1,6 +1,11 @@
dsl_version: 0.5.0
service:
name: designate-mdns
ports:
- {{ designate.bind_port }}
- {{ designate.worker_port }}
- {{ designate.mdns_port }}
- {{ designate.rndc_port }}
containers:
- name: designate-mdns
image: designate-mdns
@@ -10,8 +15,64 @@ service:
files:
- designate-conf
command: designate-mdns --config-file /etc/designate/designate.conf

- name: designate-backend-bind9
image: designate-backend-bind9
daemon:
files:
- named-conf-options
- rndc-conf
- named-conf
- rndc-key
command: /usr/sbin/named -g -c /etc/bind/named.conf -u bind
- name: designate-worker
image: designate-worker
pre:
- name: designate-pool-update
# {% if designate.backend == "bind9" %}
dependencies:
- designate-backend-bind9
# {% endif %}
files:
# {% if designate.backend == "bind9" %}
- bind9-pools
# {% else %}
- fake-pools
# {% endif %}
- designate-conf
type: local
command: designate-manage pool update --file /etc/designate/pools.yaml
daemon:
dependencies:
- designate-api
files:
# {% if designate.backend == "bind9" %}
- bind9-pools
# {% else %}
- fake-pools
# {% endif %}
- designate-conf
- rndc-conf
- rndc-key
command: designate-worker --config-file /etc/designate/designate.conf
files:
rndc-conf:
path: /etc/bind/rndc.conf
content: rndc.conf.j2
named-conf-options:
path: /etc/bind/named.conf.options
content: named.conf.options.j2
named-conf:
path: /etc/bind/named.conf
content: named.conf.j2
rndc-key:
path: /etc/bind/rndc.key
content: rndc.key.j2
designate-conf:
path: /etc/designate/designate.conf
content: designate.conf.j2
fake-pools:
path: /etc/designate/pools.yaml
content: pools.yaml.j2
bind9-pools:
path: /etc/designate/pools.yaml
content: bind9-pools.yaml.j2

+ 12
- 1
service/designate-pool-manager.yaml View File

@@ -24,7 +24,7 @@ service:
command: designate-manage pool update --file /etc/designate/pools.yaml
- name: designate-pool-sync
dependencies:
- designate-pool-manager-db-create
- designate-pool-update
files:
- designate-conf
type: single
@@ -34,6 +34,8 @@ service:
- designate-api
files:
- designate-conf
- rndc-conf
- rndc-key
command: designate-pool-manager --config-file /etc/designate/designate.conf

files:
@@ -43,3 +45,12 @@ files:
pools:
path: /etc/designate/pools.yaml
content: pools.yaml.j2
named-conf:
path: /etc/bind/named.conf.options
content: named.conf.options.j2
rndc-conf:
path: /etc/bind/rndc.conf
content: rndc.conf.j2
rndc-key:
path: /etc/bind/rndc.key
content: rndc.key.j2

+ 27
- 0
service/files/bind9-pools.yaml.j2 View File

@@ -0,0 +1,27 @@
---
- name: default
description: CCP BIND Pool
attributes: {}

ns_records:
- hostname: ns.ccp.org.
priority: 1

nameservers:
- host: {{ network_topology["private"]["address"] }}
port: {{ designate.bind_port.cont }}

targets:
- type: bind9
description: BIND Instance

masters:
- host: {{ network_topology["private"]["address"] }}
port: {{ designate.mdns_port.cont }}

options:
host: {{ network_topology["private"]["address"] }}
port: {{ designate.bind_port.cont }}
rndc_host: {{ network_topology["private"]["address"] }}
rndc_port: {{ designate.rndc_port.cont }}
rndc_key_file: /etc/bind/rndc.key

+ 11
- 2
service/files/defaults.yaml View File

@@ -3,13 +3,21 @@ configs:
api_port:
cont: 9001
ingress: dns

debug: false
mdns_port:
cont: 5354
rndc_port:
cont: 953
bind_port:
cont: 53
worker_port:
cont: 5358
debug: true
notification:
driver: noop
topics:
enabled: false
names: changeme
backend: bind9
# options, allows to configure services particularly
service:
central:
@@ -36,6 +44,7 @@ configs:

secret_configs:
designate:
rndc_key_secret: fapwtRlIgYwYeQeyY3U1+Q==
username: designate
password: password
db:

+ 12
- 3
service/files/designate.conf.j2 View File

@@ -19,12 +19,12 @@ notification_topics = {{ designate.notification.topics.names }}

rabbit_userid = {{ rabbitmq.user }}
rabbit_password = {{ rabbitmq.password }}
rabbit_hosts = {{ address("rabbitmq", rabbitmq.port) }}
rabbit_hosts = {{ address("rpc", rabbitmq.port) }}

[oslo_messaging_rabbit]
rabbit_userid = {{ rabbitmq.user }}
rabbit_password = {{ rabbitmq.password }}
rabbit_hosts = {{ address("rabbitmq", rabbitmq.port) }}
rabbit_hosts = {{ address("rpc", rabbitmq.port) }}

#--------------------
# Keystone Middleware
@@ -55,6 +55,8 @@ enable_api_v1 = True
enabled_extensions_v1 = diagnostics, quotas, reports, sync, touch
enable_api_v2 = True
enabled_extensions_v2 = quotas, reports
enable_api_admin = True
listen = {{ address("designate-api", designate.api_port) }}

#-------------
# Sink Service
@@ -68,6 +70,7 @@ enabled_notification_handlers = nova_fixed, neutron_floatingip
[service:mdns]
workers = {{ designate.service.mdns.workers }}
threads = {{ designate.service.mdns.threads }}
all_tcp = True

#--------------
# Agent Service
@@ -75,6 +78,10 @@ threads = {{ designate.service.mdns.threads }}
[service:agent]
workers = {{ designate.service.agent.workers }}

[service:worker]
enabled = True
notify = True

#---------------------
# Zone Manager Service
#---------------------
@@ -99,6 +106,9 @@ threads = {{ designate.service.pool_manager.threads }}
{% if designate.pool is defined %}
pool_id = {{ designate.pool.pool_id }}
{%- endif %}
periodic_sync_interval = 1800
periodic_recovery_interval = 120


###################################
## Pool Manager Cache Configuration
@@ -139,4 +149,3 @@ notification_topics = notifications
control_exchange = 'neutron'
format = '%(hostname)s.%(domain)s'



+ 12
- 0
service/files/named.conf.j2 View File

@@ -0,0 +1,12 @@
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
include "/etc/bind/rndc.key";

controls {
inet * port {{ designate.rndc_port.cont }}
allow { any; } keys { "rndc-key"; };
inet * port {{ designate.bind_port.cont }}
allow { any; } keys { "rndc-key"; };
};


+ 39
- 0
service/files/named.conf.options.j2 View File

@@ -0,0 +1,39 @@
options {
directory "/var/cache/bind";

// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113

// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.

// forwarders {
// 0.0.0.0;
// };

//========================================================================
// If BIND logs error messages about the root key being expired,
// you will need to update your keys. See https://www.isc.org/bind-keys
//========================================================================
dnssec-validation yes;
dnssec-enable yes;
auth-nxdomain no; # conform to RFC1035
allow-new-zones yes;
request-ixfr no;
recursion no;
query-source address * port {{ designate.bind_port.cont }};
listen-on { any; };
listen-on-v6 { ipv-6-address; };
allow-query {
any;
10.233.0.0/16;
};
allow-notify {
any;
10.233.0.0/16;
};
};


+ 8
- 0
service/files/rndc.conf.j2 View File

@@ -0,0 +1,8 @@
include "/etc/bind/rndc.key";

options {
default-key "rndc-key";
default-server {{ network_topology["private"]["address"] }};
default-port {{ designate.rndc_port.cont }};
};


+ 4
- 0
service/files/rndc.key.j2 View File

@@ -0,0 +1,4 @@
key "rndc-key" {
algorithm hmac-md5;
secret "{{ designate.rndc_key_secret }}";
};

Loading…
Cancel
Save