Designate bind9 backend
Add bind9 backend for designate. It required worker and bind9 services for correct work. Change-Id: I79472fc80c1f48daaf64300f8a71ee50baa6ebd5
This commit is contained in:
parent
831a1b7f57
commit
822cb58246
|
@ -0,0 +1,13 @@
|
||||||
|
FROM {{ image_spec("designate-base") }}
|
||||||
|
MAINTAINER {{ maintainer }}
|
||||||
|
|
||||||
|
RUN apt-get update -y \
|
||||||
|
&& apt-get install -y --no-install-recommends \
|
||||||
|
--no-install-suggests \
|
||||||
|
bind9
|
||||||
|
|
||||||
|
RUN mkdir -p /var/run/named /etc/bind \
|
||||||
|
&& chmod 775 /var/run/named \
|
||||||
|
&& chown root:bind /var/run/named
|
||||||
|
|
||||||
|
RUN apt-get clean
|
|
@ -12,5 +12,5 @@ RUN useradd --user-group -G microservices designate \
|
||||||
&& sed -i 's|^exec_dirs.*|exec_dirs=/var/lib/microservices/venv/bin,/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin|g' /etc/designate/rootwrap.conf
|
&& sed -i 's|^exec_dirs.*|exec_dirs=/var/lib/microservices/venv/bin,/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin|g' /etc/designate/rootwrap.conf
|
||||||
|
|
||||||
COPY designate_sudoers /etc/sudoers.d/designate_sudoers
|
COPY designate_sudoers /etc/sudoers.d/designate_sudoers
|
||||||
RUN chmod 750 /etc/sudoers.d \
|
RUN chmod 750 /etc/sudoers.d /etc/designate/rootwrap.d/ \
|
||||||
&& chmod 440 /etc/sudoers.d/designate_sudoers
|
&& chmod 440 /etc/sudoers.d/designate_sudoers
|
||||||
|
|
|
@ -2,8 +2,11 @@ FROM {{ image_spec("designate-base") }}
|
||||||
MAINTAINER {{ maintainer }}
|
MAINTAINER {{ maintainer }}
|
||||||
|
|
||||||
#mysql-client only for provisioning need to be removed later
|
#mysql-client only for provisioning need to be removed later
|
||||||
RUN apt-get install -y --no-install-recommends \
|
RUN apt-get update -y \
|
||||||
mysql-client \
|
&& apt-get install -y --no-install-recommends mysql-client bind9 \
|
||||||
&& apt-get clean
|
&& apt-get clean \
|
||||||
|
&& mkdir -p /etc/bind \
|
||||||
|
&& chown -R designate:designate /etc/bind
|
||||||
|
|
||||||
USER designate
|
USER designate
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,8 @@
|
||||||
|
FROM {{ image_spec("designate-base") }}
|
||||||
|
MAINTAINER {{ maintainer }}
|
||||||
|
|
||||||
|
RUN apt-get update -y \
|
||||||
|
&& apt-get install -y --no-install-recommends bind9 \
|
||||||
|
&& apt-get clean \
|
||||||
|
&& mkdir -p /etc/bind \
|
||||||
|
&& chown -R designate:designate /etc/bind
|
|
@ -1,6 +1,11 @@
|
||||||
dsl_version: 0.5.0
|
dsl_version: 0.5.0
|
||||||
service:
|
service:
|
||||||
name: designate-mdns
|
name: designate-mdns
|
||||||
|
ports:
|
||||||
|
- {{ designate.bind_port }}
|
||||||
|
- {{ designate.worker_port }}
|
||||||
|
- {{ designate.mdns_port }}
|
||||||
|
- {{ designate.rndc_port }}
|
||||||
containers:
|
containers:
|
||||||
- name: designate-mdns
|
- name: designate-mdns
|
||||||
image: designate-mdns
|
image: designate-mdns
|
||||||
|
@ -10,8 +15,64 @@ service:
|
||||||
files:
|
files:
|
||||||
- designate-conf
|
- designate-conf
|
||||||
command: designate-mdns --config-file /etc/designate/designate.conf
|
command: designate-mdns --config-file /etc/designate/designate.conf
|
||||||
|
- name: designate-backend-bind9
|
||||||
|
image: designate-backend-bind9
|
||||||
|
daemon:
|
||||||
|
files:
|
||||||
|
- named-conf-options
|
||||||
|
- rndc-conf
|
||||||
|
- named-conf
|
||||||
|
- rndc-key
|
||||||
|
command: /usr/sbin/named -g -c /etc/bind/named.conf -u bind
|
||||||
|
- name: designate-worker
|
||||||
|
image: designate-worker
|
||||||
|
pre:
|
||||||
|
- name: designate-pool-update
|
||||||
|
# {% if designate.backend == "bind9" %}
|
||||||
|
dependencies:
|
||||||
|
- designate-backend-bind9
|
||||||
|
# {% endif %}
|
||||||
|
files:
|
||||||
|
# {% if designate.backend == "bind9" %}
|
||||||
|
- bind9-pools
|
||||||
|
# {% else %}
|
||||||
|
- fake-pools
|
||||||
|
# {% endif %}
|
||||||
|
- designate-conf
|
||||||
|
type: local
|
||||||
|
command: designate-manage pool update --file /etc/designate/pools.yaml
|
||||||
|
daemon:
|
||||||
|
dependencies:
|
||||||
|
- designate-api
|
||||||
|
files:
|
||||||
|
# {% if designate.backend == "bind9" %}
|
||||||
|
- bind9-pools
|
||||||
|
# {% else %}
|
||||||
|
- fake-pools
|
||||||
|
# {% endif %}
|
||||||
|
- designate-conf
|
||||||
|
- rndc-conf
|
||||||
|
- rndc-key
|
||||||
|
command: designate-worker --config-file /etc/designate/designate.conf
|
||||||
files:
|
files:
|
||||||
|
rndc-conf:
|
||||||
|
path: /etc/bind/rndc.conf
|
||||||
|
content: rndc.conf.j2
|
||||||
|
named-conf-options:
|
||||||
|
path: /etc/bind/named.conf.options
|
||||||
|
content: named.conf.options.j2
|
||||||
|
named-conf:
|
||||||
|
path: /etc/bind/named.conf
|
||||||
|
content: named.conf.j2
|
||||||
|
rndc-key:
|
||||||
|
path: /etc/bind/rndc.key
|
||||||
|
content: rndc.key.j2
|
||||||
designate-conf:
|
designate-conf:
|
||||||
path: /etc/designate/designate.conf
|
path: /etc/designate/designate.conf
|
||||||
content: designate.conf.j2
|
content: designate.conf.j2
|
||||||
|
fake-pools:
|
||||||
|
path: /etc/designate/pools.yaml
|
||||||
|
content: pools.yaml.j2
|
||||||
|
bind9-pools:
|
||||||
|
path: /etc/designate/pools.yaml
|
||||||
|
content: bind9-pools.yaml.j2
|
||||||
|
|
|
@ -24,7 +24,7 @@ service:
|
||||||
command: designate-manage pool update --file /etc/designate/pools.yaml
|
command: designate-manage pool update --file /etc/designate/pools.yaml
|
||||||
- name: designate-pool-sync
|
- name: designate-pool-sync
|
||||||
dependencies:
|
dependencies:
|
||||||
- designate-pool-manager-db-create
|
- designate-pool-update
|
||||||
files:
|
files:
|
||||||
- designate-conf
|
- designate-conf
|
||||||
type: single
|
type: single
|
||||||
|
@ -34,6 +34,8 @@ service:
|
||||||
- designate-api
|
- designate-api
|
||||||
files:
|
files:
|
||||||
- designate-conf
|
- designate-conf
|
||||||
|
- rndc-conf
|
||||||
|
- rndc-key
|
||||||
command: designate-pool-manager --config-file /etc/designate/designate.conf
|
command: designate-pool-manager --config-file /etc/designate/designate.conf
|
||||||
|
|
||||||
files:
|
files:
|
||||||
|
@ -43,3 +45,12 @@ files:
|
||||||
pools:
|
pools:
|
||||||
path: /etc/designate/pools.yaml
|
path: /etc/designate/pools.yaml
|
||||||
content: pools.yaml.j2
|
content: pools.yaml.j2
|
||||||
|
named-conf:
|
||||||
|
path: /etc/bind/named.conf.options
|
||||||
|
content: named.conf.options.j2
|
||||||
|
rndc-conf:
|
||||||
|
path: /etc/bind/rndc.conf
|
||||||
|
content: rndc.conf.j2
|
||||||
|
rndc-key:
|
||||||
|
path: /etc/bind/rndc.key
|
||||||
|
content: rndc.key.j2
|
||||||
|
|
|
@ -0,0 +1,27 @@
|
||||||
|
---
|
||||||
|
- name: default
|
||||||
|
description: CCP BIND Pool
|
||||||
|
attributes: {}
|
||||||
|
|
||||||
|
ns_records:
|
||||||
|
- hostname: ns.ccp.org.
|
||||||
|
priority: 1
|
||||||
|
|
||||||
|
nameservers:
|
||||||
|
- host: {{ network_topology["private"]["address"] }}
|
||||||
|
port: {{ designate.bind_port.cont }}
|
||||||
|
|
||||||
|
targets:
|
||||||
|
- type: bind9
|
||||||
|
description: BIND Instance
|
||||||
|
|
||||||
|
masters:
|
||||||
|
- host: {{ network_topology["private"]["address"] }}
|
||||||
|
port: {{ designate.mdns_port.cont }}
|
||||||
|
|
||||||
|
options:
|
||||||
|
host: {{ network_topology["private"]["address"] }}
|
||||||
|
port: {{ designate.bind_port.cont }}
|
||||||
|
rndc_host: {{ network_topology["private"]["address"] }}
|
||||||
|
rndc_port: {{ designate.rndc_port.cont }}
|
||||||
|
rndc_key_file: /etc/bind/rndc.key
|
|
@ -3,13 +3,21 @@ configs:
|
||||||
api_port:
|
api_port:
|
||||||
cont: 9001
|
cont: 9001
|
||||||
ingress: dns
|
ingress: dns
|
||||||
|
mdns_port:
|
||||||
debug: false
|
cont: 5354
|
||||||
|
rndc_port:
|
||||||
|
cont: 953
|
||||||
|
bind_port:
|
||||||
|
cont: 53
|
||||||
|
worker_port:
|
||||||
|
cont: 5358
|
||||||
|
debug: true
|
||||||
notification:
|
notification:
|
||||||
driver: noop
|
driver: noop
|
||||||
topics:
|
topics:
|
||||||
enabled: false
|
enabled: false
|
||||||
names: changeme
|
names: changeme
|
||||||
|
backend: bind9
|
||||||
# options, allows to configure services particularly
|
# options, allows to configure services particularly
|
||||||
service:
|
service:
|
||||||
central:
|
central:
|
||||||
|
@ -36,6 +44,7 @@ configs:
|
||||||
|
|
||||||
secret_configs:
|
secret_configs:
|
||||||
designate:
|
designate:
|
||||||
|
rndc_key_secret: fapwtRlIgYwYeQeyY3U1+Q==
|
||||||
username: designate
|
username: designate
|
||||||
password: password
|
password: password
|
||||||
db:
|
db:
|
||||||
|
|
|
@ -19,12 +19,12 @@ notification_topics = {{ designate.notification.topics.names }}
|
||||||
|
|
||||||
rabbit_userid = {{ rabbitmq.user }}
|
rabbit_userid = {{ rabbitmq.user }}
|
||||||
rabbit_password = {{ rabbitmq.password }}
|
rabbit_password = {{ rabbitmq.password }}
|
||||||
rabbit_hosts = {{ address("rabbitmq", rabbitmq.port) }}
|
rabbit_hosts = {{ address("rpc", rabbitmq.port) }}
|
||||||
|
|
||||||
[oslo_messaging_rabbit]
|
[oslo_messaging_rabbit]
|
||||||
rabbit_userid = {{ rabbitmq.user }}
|
rabbit_userid = {{ rabbitmq.user }}
|
||||||
rabbit_password = {{ rabbitmq.password }}
|
rabbit_password = {{ rabbitmq.password }}
|
||||||
rabbit_hosts = {{ address("rabbitmq", rabbitmq.port) }}
|
rabbit_hosts = {{ address("rpc", rabbitmq.port) }}
|
||||||
|
|
||||||
#--------------------
|
#--------------------
|
||||||
# Keystone Middleware
|
# Keystone Middleware
|
||||||
|
@ -55,6 +55,8 @@ enable_api_v1 = True
|
||||||
enabled_extensions_v1 = diagnostics, quotas, reports, sync, touch
|
enabled_extensions_v1 = diagnostics, quotas, reports, sync, touch
|
||||||
enable_api_v2 = True
|
enable_api_v2 = True
|
||||||
enabled_extensions_v2 = quotas, reports
|
enabled_extensions_v2 = quotas, reports
|
||||||
|
enable_api_admin = True
|
||||||
|
listen = {{ address("designate-api", designate.api_port) }}
|
||||||
|
|
||||||
#-------------
|
#-------------
|
||||||
# Sink Service
|
# Sink Service
|
||||||
|
@ -68,6 +70,7 @@ enabled_notification_handlers = nova_fixed, neutron_floatingip
|
||||||
[service:mdns]
|
[service:mdns]
|
||||||
workers = {{ designate.service.mdns.workers }}
|
workers = {{ designate.service.mdns.workers }}
|
||||||
threads = {{ designate.service.mdns.threads }}
|
threads = {{ designate.service.mdns.threads }}
|
||||||
|
all_tcp = True
|
||||||
|
|
||||||
#--------------
|
#--------------
|
||||||
# Agent Service
|
# Agent Service
|
||||||
|
@ -75,6 +78,10 @@ threads = {{ designate.service.mdns.threads }}
|
||||||
[service:agent]
|
[service:agent]
|
||||||
workers = {{ designate.service.agent.workers }}
|
workers = {{ designate.service.agent.workers }}
|
||||||
|
|
||||||
|
[service:worker]
|
||||||
|
enabled = True
|
||||||
|
notify = True
|
||||||
|
|
||||||
#---------------------
|
#---------------------
|
||||||
# Zone Manager Service
|
# Zone Manager Service
|
||||||
#---------------------
|
#---------------------
|
||||||
|
@ -99,6 +106,9 @@ threads = {{ designate.service.pool_manager.threads }}
|
||||||
{% if designate.pool is defined %}
|
{% if designate.pool is defined %}
|
||||||
pool_id = {{ designate.pool.pool_id }}
|
pool_id = {{ designate.pool.pool_id }}
|
||||||
{%- endif %}
|
{%- endif %}
|
||||||
|
periodic_sync_interval = 1800
|
||||||
|
periodic_recovery_interval = 120
|
||||||
|
|
||||||
|
|
||||||
###################################
|
###################################
|
||||||
## Pool Manager Cache Configuration
|
## Pool Manager Cache Configuration
|
||||||
|
@ -139,4 +149,3 @@ notification_topics = notifications
|
||||||
control_exchange = 'neutron'
|
control_exchange = 'neutron'
|
||||||
format = '%(hostname)s.%(domain)s'
|
format = '%(hostname)s.%(domain)s'
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,12 @@
|
||||||
|
include "/etc/bind/named.conf.options";
|
||||||
|
include "/etc/bind/named.conf.local";
|
||||||
|
include "/etc/bind/named.conf.default-zones";
|
||||||
|
include "/etc/bind/rndc.key";
|
||||||
|
|
||||||
|
controls {
|
||||||
|
inet * port {{ designate.rndc_port.cont }}
|
||||||
|
allow { any; } keys { "rndc-key"; };
|
||||||
|
inet * port {{ designate.bind_port.cont }}
|
||||||
|
allow { any; } keys { "rndc-key"; };
|
||||||
|
};
|
||||||
|
|
|
@ -0,0 +1,39 @@
|
||||||
|
options {
|
||||||
|
directory "/var/cache/bind";
|
||||||
|
|
||||||
|
// If there is a firewall between you and nameservers you want
|
||||||
|
// to talk to, you may need to fix the firewall to allow multiple
|
||||||
|
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
|
||||||
|
|
||||||
|
// If your ISP provided one or more IP addresses for stable
|
||||||
|
// nameservers, you probably want to use them as forwarders.
|
||||||
|
// Uncomment the following block, and insert the addresses replacing
|
||||||
|
// the all-0's placeholder.
|
||||||
|
|
||||||
|
// forwarders {
|
||||||
|
// 0.0.0.0;
|
||||||
|
// };
|
||||||
|
|
||||||
|
//========================================================================
|
||||||
|
// If BIND logs error messages about the root key being expired,
|
||||||
|
// you will need to update your keys. See https://www.isc.org/bind-keys
|
||||||
|
//========================================================================
|
||||||
|
dnssec-validation yes;
|
||||||
|
dnssec-enable yes;
|
||||||
|
auth-nxdomain no; # conform to RFC1035
|
||||||
|
allow-new-zones yes;
|
||||||
|
request-ixfr no;
|
||||||
|
recursion no;
|
||||||
|
query-source address * port {{ designate.bind_port.cont }};
|
||||||
|
listen-on { any; };
|
||||||
|
listen-on-v6 { ipv-6-address; };
|
||||||
|
allow-query {
|
||||||
|
any;
|
||||||
|
10.233.0.0/16;
|
||||||
|
};
|
||||||
|
allow-notify {
|
||||||
|
any;
|
||||||
|
10.233.0.0/16;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
|
@ -0,0 +1,8 @@
|
||||||
|
include "/etc/bind/rndc.key";
|
||||||
|
|
||||||
|
options {
|
||||||
|
default-key "rndc-key";
|
||||||
|
default-server {{ network_topology["private"]["address"] }};
|
||||||
|
default-port {{ designate.rndc_port.cont }};
|
||||||
|
};
|
||||||
|
|
|
@ -0,0 +1,4 @@
|
||||||
|
key "rndc-key" {
|
||||||
|
algorithm hmac-md5;
|
||||||
|
secret "{{ designate.rndc_key_secret }}";
|
||||||
|
};
|
Loading…
Reference in New Issue