From a9ade20beebfef0709949ce383ff7a59b360549c Mon Sep 17 00:00:00 2001 From: Ross Krumbeck Date: Wed, 10 Aug 2016 15:48:32 +1000 Subject: [PATCH] Ansible-ize OpenStack Designate Implement ansible role to deploy designate and dependencies. The backend used is bind9. Co-Authored-By: zhubingbing Co-Authored-By: Eduardo Gonzalez Depends-On: 6d0dc3e0f931c7c50b64a4659900cc50b0d860a2 Implements: blueprint ansible-designate Change-Id: I34d8126e0cd8d71d5ced9b62f3776cc354fbb549 --- ansible/group_vars/all.yml | 10 ++ ansible/inventory/all-in-one | 22 +++++ ansible/inventory/multinode | 22 +++++ ansible/roles/common/tasks/config.yml | 1 + .../cron-logrotate-designate.conf.j2 | 3 + ansible/roles/common/templates/cron.json.j2 | 1 + .../common/templates/heka-openstack.toml.j2 | 2 +- ansible/roles/designate/defaults/main.yml | 55 +++++++++++ ansible/roles/designate/meta/main.yml | 3 + ansible/roles/designate/tasks/bootstrap.yml | 79 +++++++++++++++ .../designate/tasks/bootstrap_service.yml | 20 ++++ ansible/roles/designate/tasks/config.yml | 96 +++++++++++++++++++ ansible/roles/designate/tasks/deploy.yml | 25 +++++ ansible/roles/designate/tasks/main.yml | 2 + ansible/roles/designate/tasks/precheck.yml | 48 ++++++++++ ansible/roles/designate/tasks/pull.yml | 42 ++++++++ ansible/roles/designate/tasks/reconfigure.yml | 93 ++++++++++++++++++ ansible/roles/designate/tasks/register.yml | 40 ++++++++ ansible/roles/designate/tasks/start.yml | 73 ++++++++++++++ .../roles/designate/tasks/update_pools.yml | 4 + ansible/roles/designate/tasks/upgrade.yml | 8 ++ .../designate/templates/designate-api.json.j2 | 25 +++++ .../templates/designate-backend-bind9.json.j2 | 35 +++++++ .../templates/designate-central.json.j2 | 25 +++++ .../templates/designate-mdns.json.j2 | 25 +++++ .../templates/designate-sink.json.j2 | 25 +++++ .../templates/designate-worker.json.j2 | 46 +++++++++ .../designate/templates/designate.conf.j2 | 88 +++++++++++++++++ .../roles/designate/templates/named.conf.j2 | 15 +++ .../roles/designate/templates/pools.yaml.j2 | 28 ++++++ .../roles/designate/templates/rndc.conf.j2 | 6 ++ ansible/roles/designate/templates/rndc.key.j2 | 4 + ansible/roles/haproxy/tasks/precheck.yml | 12 ++- .../roles/haproxy/templates/haproxy.cfg.j2 | 16 ++++ .../roles/neutron/templates/neutron.conf.j2 | 5 +- ansible/roles/nova/templates/nova.conf.j2 | 7 +- ansible/site.yml | 13 +++ etc/kolla/globals.yml | 7 ++ etc/kolla/passwords.yml | 8 ++ kolla/cmd/genpwd.py | 11 ++- .../ansible-designate-948c56a8e14d5029.yaml | 6 ++ 41 files changed, 1048 insertions(+), 8 deletions(-) create mode 100644 ansible/roles/common/templates/cron-logrotate-designate.conf.j2 create mode 100644 ansible/roles/designate/defaults/main.yml create mode 100644 ansible/roles/designate/meta/main.yml create mode 100644 ansible/roles/designate/tasks/bootstrap.yml create mode 100644 ansible/roles/designate/tasks/bootstrap_service.yml create mode 100644 ansible/roles/designate/tasks/config.yml create mode 100644 ansible/roles/designate/tasks/deploy.yml create mode 100644 ansible/roles/designate/tasks/main.yml create mode 100644 ansible/roles/designate/tasks/precheck.yml create mode 100644 ansible/roles/designate/tasks/pull.yml create mode 100644 ansible/roles/designate/tasks/reconfigure.yml create mode 100644 ansible/roles/designate/tasks/register.yml create mode 100644 ansible/roles/designate/tasks/start.yml create mode 100644 ansible/roles/designate/tasks/update_pools.yml create mode 100644 ansible/roles/designate/tasks/upgrade.yml create mode 100644 ansible/roles/designate/templates/designate-api.json.j2 create mode 100644 ansible/roles/designate/templates/designate-backend-bind9.json.j2 create mode 100644 ansible/roles/designate/templates/designate-central.json.j2 create mode 100644 ansible/roles/designate/templates/designate-mdns.json.j2 create mode 100644 ansible/roles/designate/templates/designate-sink.json.j2 create mode 100644 ansible/roles/designate/templates/designate-worker.json.j2 create mode 100644 ansible/roles/designate/templates/designate.conf.j2 create mode 100644 ansible/roles/designate/templates/named.conf.j2 create mode 100644 ansible/roles/designate/templates/pools.yaml.j2 create mode 100644 ansible/roles/designate/templates/rndc.conf.j2 create mode 100644 ansible/roles/designate/templates/rndc.key.j2 create mode 100644 releasenotes/notes/ansible-designate-948c56a8e14d5029.yaml diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml index f20bcef4c9..ab5a6e9c97 100644 --- a/ansible/group_vars/all.yml +++ b/ansible/group_vars/all.yml @@ -124,6 +124,11 @@ congress_api_port: "1789" cloudkitty_api_port: "8889" +designate_api_port: "9001" +designate_bind_port: "53" +designate_mdns_port: "5354" +designate_rndc_port: "953" + iscsi_port: "3260" gnocchi_api_port: "8041" @@ -272,6 +277,7 @@ enable_cinder_backend_nfs: "no" enable_cloudkitty: "no" enable_congress: "no" enable_etcd: "no" +enable_designate: "no" enable_gnocchi: "no" enable_grafana: "no" enable_heat: "yes" @@ -403,6 +409,10 @@ cinder_backup_mount_options_nfs: "" # Valid options are [ ceilometer, gnocchi ] cloudkitty_collector_backend: "ceilometer" +####################### +# Designate options +####################### +designate_ns_record: "sample.openstack.org" ####################### # Nova options diff --git a/ansible/inventory/all-in-one b/ansible/inventory/all-in-one index a90fb922b3..ce756118c2 100644 --- a/ansible/inventory/all-in-one +++ b/ansible/inventory/all-in-one @@ -154,6 +154,9 @@ control [octavia:children] control +[designate:children] +control + # Additional control implemented here. These groups allow you to control which # services run on which hosts at a per-service level. # @@ -450,3 +453,22 @@ octavia [octavia-worker:children] octavia + +# Designate +[designate-api:children] +designate + +[designate-central:children] +designate + +[designate-mdns:children] +designate + +[designate-worker:children] +designate + +[designate-sink:children] +designate + +[designate-backend-bind9:children] +designate diff --git a/ansible/inventory/multinode b/ansible/inventory/multinode index 90835054d2..a716505bd6 100644 --- a/ansible/inventory/multinode +++ b/ansible/inventory/multinode @@ -170,6 +170,9 @@ control [octavia:children] control +[designate:children] +control + # Additional control implemented here. These groups allow you to control which # services run on which hosts at a per-service level. # @@ -466,3 +469,22 @@ octavia [octavia-worker:children] octavia + +# Designate +[designate-api:children] +designate + +[designate-central:children] +designate + +[designate-mdns:children] +designate + +[designate-worker:children] +designate + +[designate-sink:children] +designate + +[designate-backend-bind9:children] +designate diff --git a/ansible/roles/common/tasks/config.yml b/ansible/roles/common/tasks/config.yml index f2dd09d5d4..225f72d8a0 100644 --- a/ansible/roles/common/tasks/config.yml +++ b/ansible/roles/common/tasks/config.yml @@ -77,6 +77,7 @@ - { name: "ceilometer", enabled: "{{ enable_ceilometer }}" } - { name: "cinder", enabled: "{{ enable_cinder }}" } - { name: "cloudkitty", enabled: "{{ enable_cloudkitty }}" } + - { name: "designate", enabled: "{{ enable_designate }}" } - { name: "elasticsearch", enabled: "{{ enable_elasticsearch }}" } - { name: "glance", enabled: "{{ enable_glance }}" } - { name: "global", enabled: "yes" } diff --git a/ansible/roles/common/templates/cron-logrotate-designate.conf.j2 b/ansible/roles/common/templates/cron-logrotate-designate.conf.j2 new file mode 100644 index 0000000000..c3c4751251 --- /dev/null +++ b/ansible/roles/common/templates/cron-logrotate-designate.conf.j2 @@ -0,0 +1,3 @@ +"/var/log/kolla/designate/*.log" +{ +} diff --git a/ansible/roles/common/templates/cron.json.j2 b/ansible/roles/common/templates/cron.json.j2 index adc437a489..399fee2042 100644 --- a/ansible/roles/common/templates/cron.json.j2 +++ b/ansible/roles/common/templates/cron.json.j2 @@ -6,6 +6,7 @@ ( 'ceilometer', enable_ceilometer ), ( 'cinder', enable_cinder ), ( 'cloudkitty', enable_cloudkitty ), + ( 'designate', enable_designate ), ( 'elasticsearch', enable_elasticsearch ), ( 'glance', enable_glance ), ( 'gnocchi', enable_gnocchi ), diff --git a/ansible/roles/common/templates/heka-openstack.toml.j2 b/ansible/roles/common/templates/heka-openstack.toml.j2 index 3bbe25a52b..2715965089 100644 --- a/ansible/roles/common/templates/heka-openstack.toml.j2 +++ b/ansible/roles/common/templates/heka-openstack.toml.j2 @@ -6,6 +6,6 @@ filename = "lua_decoders/os_openstack_log.lua" type = "LogstreamerInput" decoder = "openstack_log_decoder" log_directory = "/var/log/kolla" -file_match = '(?Pcloudkitty|nova|glance|keystone|neutron|ceph|cinder|heat|murano|magnum|mistral|manila|octavia|searchlight|senlin|sahara|tacker)/(?P.*)\.log\.?(?P\d*)$' +file_match = '(?Pcloudkitty|designate|nova|glance|keystone|neutron|ceph|cinder|heat|murano|magnum|mistral|manila|octavia|searchlight|senlin|sahara|tacker)/(?P.*)\.log\.?(?P\d*)$' priority = ["^Seq"] differentiator = ["Service", "_", "Program"] diff --git a/ansible/roles/designate/defaults/main.yml b/ansible/roles/designate/defaults/main.yml new file mode 100644 index 0000000000..49d27a9d6d --- /dev/null +++ b/ansible/roles/designate/defaults/main.yml @@ -0,0 +1,55 @@ +--- +project_name: "designate" + +#################### +# Database +#################### +designate_database_name: "designate" +designate_database_user: "designate" +designate_database_address: "{{ kolla_internal_fqdn }}:{{ database_port }}" + +designate_pool_manager_database_name: "designate_pool_manager" +designate_pool_manager_database_user: "designate_pool_manager" +designate_pool_manager_database_address: "{{ kolla_internal_fqdn }}:{{ database_port }}" + + +#################### +# Docker +#################### + +designate_central_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-designate-central" +designate_central_tag: "{{ openstack_release }}" +designate_central_image_full: "{{ designate_central_image }}:{{ designate_central_tag }}" + +designate_api_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-designate-api" +designate_api_tag: "{{ openstack_release }}" +designate_api_image_full: "{{ designate_api_image }}:{{ designate_api_tag }}" + +designate_backend_bind9_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-designate-backend-bind9" +designate_backend_bind9_tag: "{{ openstack_release }}" +designate_backend_bind9_image_full: "{{ designate_backend_bind9_image }}:{{ designate_backend_bind9_tag }}" + +designate_mdns_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-designate-mdns" +designate_mdns_tag: "{{ openstack_release }}" +designate_mdns_image_full: "{{ designate_mdns_image }}:{{ designate_mdns_tag }}" + +designate_sink_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-designate-sink" +designate_sink_tag: "{{ openstack_release }}" +designate_sink_image_full: "{{ designate_sink_image }}:{{ designate_sink_tag }}" + +designate_worker_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-designate-worker" +designate_worker_tag: "{{ openstack_release }}" +designate_worker_image_full: "{{ designate_worker_image }}:{{ designate_worker_tag }}" + +#################### +# OpenStack +#################### +designate_admin_endpoint: "{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ designate_api_port }}" +designate_internal_endpoint: "{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ designate_api_port }}" +designate_public_endpoint: "{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ designate_api_port }}" + +designate_logging_debug: "{{ openstack_logging_debug }}" + +designate_keystone_user: "designate" + +openstack_designate_auth: "{'auth_url':'{{ openstack_auth.auth_url }}','username':'{{ openstack_auth.username }}','password':'{{ openstack_auth.password }}','project_name':'{{ openstack_auth.project_name }}'}" diff --git a/ansible/roles/designate/meta/main.yml b/ansible/roles/designate/meta/main.yml new file mode 100644 index 0000000000..6b4fff8fef --- /dev/null +++ b/ansible/roles/designate/meta/main.yml @@ -0,0 +1,3 @@ +--- +dependencies: + - { role: common } diff --git a/ansible/roles/designate/tasks/bootstrap.yml b/ansible/roles/designate/tasks/bootstrap.yml new file mode 100644 index 0000000000..09bc6ceafb --- /dev/null +++ b/ansible/roles/designate/tasks/bootstrap.yml @@ -0,0 +1,79 @@ +--- +- name: Creating Designate database + command: docker exec -t kolla_toolbox /usr/bin/ansible localhost + -m mysql_db + -a "login_host='{{ database_address }}' + login_port='{{ database_port }}' + login_user='{{ database_user }}' + login_password='{{ database_password }}' + name='{{ designate_database_name }}'" + register: database + changed_when: "{{ database.stdout.find('localhost | SUCCESS => ') != -1 and + (database.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}" + failed_when: database.stdout.split()[2] != 'SUCCESS' + run_once: True + delegate_to: "{{ groups['designate-central'][0] }}" + +- name: Reading json from variable + set_fact: + database_created: "{{ (database.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}" + +- name: Creating Designate Pool Manager database + command: docker exec -t kolla_toolbox /usr/bin/ansible localhost + -m mysql_db + -a "login_host='{{ database_address }}' + login_port='{{ database_port }}' + login_user='{{ database_user }}' + login_password='{{ database_password }}' + name='{{ designate_pool_manager_database_name }}'" + register: database_pool_manager + changed_when: "{{ database.stdout.find('localhost | SUCCESS => ') != -1 and + (database.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}" + failed_when: database.stdout.split()[2] != 'SUCCESS' + run_once: True + delegate_to: "{{ groups['designate-central'][0] }}" + +- name: Reading json from variable + set_fact: + database_pool_manager_created: "{{ (database_pool_manager.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}" + +- name: Creating Designate database user and setting permissions + command: docker exec -t kolla_toolbox /usr/bin/ansible localhost + -m mysql_user + -a "login_host='{{ database_address }}' + login_port='{{ database_port }}' + login_user='{{ database_user }}' + login_password='{{ database_password }}' + name='{{ designate_database_name }}' + password='{{ designate_database_password }}' + host='%' + priv='{{ designate_database_name }}.*:ALL' + append_privs='yes'" + register: database_user_create + changed_when: "{{ database_user_create.stdout.find('localhost | SUCCESS => ') != -1 and + (database_user_create.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}" + failed_when: database_user_create.stdout.split()[2] != 'SUCCESS' + run_once: True + delegate_to: "{{ groups['designate-central'][0] }}" + +- name: Creating Designate Pool Manager database user and setting permissions + command: docker exec -t kolla_toolbox /usr/bin/ansible localhost + -m mysql_user + -a "login_host='{{ database_address }}' + login_port='{{ database_port }}' + login_user='{{ database_user }}' + login_password='{{ database_password }}' + name='{{ designate_pool_manager_database_name }}' + password='{{ designate_pool_manager_database_password }}' + host='%' + priv='{{ designate_pool_manager_database_name }}.*:ALL' + append_privs='yes'" + register: database_pool_manager_user_create + changed_when: "{{ database_pool_manager_user_create.stdout.find('localhost | SUCCESS => ') != -1 and + (database_pool_manager_user_create.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}" + failed_when: database_pool_manager_user_create.stdout.split()[2] != 'SUCCESS' + run_once: True + delegate_to: "{{ groups['designate-central'][0] }}" + +- include: bootstrap_service.yml + when: database_created diff --git a/ansible/roles/designate/tasks/bootstrap_service.yml b/ansible/roles/designate/tasks/bootstrap_service.yml new file mode 100644 index 0000000000..ab530e8b73 --- /dev/null +++ b/ansible/roles/designate/tasks/bootstrap_service.yml @@ -0,0 +1,20 @@ +--- +- name: Running Designate bootstrap container + kolla_docker: + action: "start_container" + common_options: "{{ docker_common_options }}" + detach: False + environment: + KOLLA_BOOTSTRAP: + KOLLA_CONFIG_STRATEGY: "{{ config_strategy }}" + image: "{{ designate_central_image_full }}" + labels: + BOOTSTRAP: + name: "bootstrap_designate" + restart_policy: "never" + volumes: + - "{{ node_config_directory }}/designate-central/:{{ container_config_directory }}/:ro" + - "/etc/localtime:/etc/localtime:ro" + - "kolla_logs:/var/log/kolla/" + run_once: True + delegate_to: "{{ groups['designate-central'][0] }}" diff --git a/ansible/roles/designate/tasks/config.yml b/ansible/roles/designate/tasks/config.yml new file mode 100644 index 0000000000..0cd4066508 --- /dev/null +++ b/ansible/roles/designate/tasks/config.yml @@ -0,0 +1,96 @@ +--- +- name: Ensuring config directories exist + file: + path: "{{ node_config_directory }}/{{ item }}" + state: "directory" + recurse: yes + with_items: + - "designate-api" + - "designate-central" + - "designate-mdns" + - "designate-sink" + - "designate-backend-bind9" + - "designate-worker" + +- name: Copying over config.json files for services + template: + src: "{{ item }}.json.j2" + dest: "{{ node_config_directory }}/{{ item }}/config.json" + with_items: + - "designate-api" + - "designate-central" + - "designate-mdns" + - "designate-sink" + - "designate-backend-bind9" + - "designate-worker" + +- name: Copying over designate.conf + merge_configs: + vars: + service_name: "{{ item }}" + sources: + - "{{ role_path }}/templates/designate.conf.j2" + - "{{ node_custom_config }}/global.conf" + - "{{ node_custom_config }}/database.conf" + - "{{ node_custom_config }}/messaging.conf" + - "{{ node_custom_config }}/designate.conf" + - "{{ node_custom_config }}/designate/{{ item }}.conf" + - "{{ node_custom_config }}/designate/{{ inventory_hostname }}/designate.conf" + dest: "{{ node_config_directory }}/{{ item }}/designate.conf" + with_items: + - "designate-api" + - "designate-central" + - "designate-mdns" + - "designate-sink" + - "designate-worker" + +- name: Copying over pools.yaml + template: + src: "{{ item }}" + dest: "{{ node_config_directory }}/designate-worker/pools.yaml" + with_first_found: + - "{{ node_custom_config }}/designate/pools.yaml" + - "{{ role_path }}/templates/pools.yaml.j2" + +- name: Copying over named.conf + template: + src: "{{ item }}" + dest: "{{ node_config_directory }}/designate-backend-bind9/named.conf" + with_first_found: + - "{{ node_custom_config }}/designate/designate-backend-bind9/{{ inventory_hostname }}/named.conf" + - "{{ node_custom_config }}/designate/designate-backend-bind9/named.conf" + - "{{ node_custom_config }}/designate/named.conf" + - "{{ role_path }}/templates/named.conf.j2" + +- name: Copying over rndc.conf + template: + src: "rndc.conf.j2" + dest: "{{ node_config_directory }}/{{ item }}/rndc.conf" + with_items: + - "designate-backend-bind9" + - "designate-worker" + +- name: Copying over rndc.key + template: + src: "rndc.key.j2" + dest: "{{ node_config_directory }}/{{ item }}/rndc.key" + with_items: + - "designate-backend-bind9" + - "designate-worker" + +- name: Check if policies shall be overwritten + local_action: stat path="{{ node_custom_config }}/designate/policy.json" + register: designate_policy + +- name: Copying over existing policy.json + template: + src: "{{ node_custom_config }}/designate/policy.json" + dest: "{{ node_config_directory }}/{{ item }}/policy.json" + with_items: + - "designate-api" + - "designate-central" + - "designate-mdns" + - "designate-sink" + - "designate-worker" + when: + designate_policy.stat.exists diff --git a/ansible/roles/designate/tasks/deploy.yml b/ansible/roles/designate/tasks/deploy.yml new file mode 100644 index 0000000000..8c5a6c9224 --- /dev/null +++ b/ansible/roles/designate/tasks/deploy.yml @@ -0,0 +1,25 @@ +--- +- include: register.yml + when: inventory_hostname in groups['designate-api'] + +- include: config.yml + when: inventory_hostname in groups['designate-api'] or + inventory_hostname in groups['designate-central'] or + inventory_hostname in groups['designate-mdns'] or + inventory_hostname in groups['designate-worker'] or + inventory_hostname in groups['designate-sink'] or + inventory_hostname in groups['designate-backend-bind9'] + +- include: bootstrap.yml + when: inventory_hostname in groups['designate-central'] + +- include: start.yml + when: inventory_hostname in groups['designate-api'] or + inventory_hostname in groups['designate-central'] or + inventory_hostname in groups['designate-mdns'] or + inventory_hostname in groups['designate-worker'] or + inventory_hostname in groups['designate-sink'] or + inventory_hostname in groups['designate-backend-bind9'] + +- include: update_pools.yml + when: inventory_hostname in groups['designate-worker'][0] diff --git a/ansible/roles/designate/tasks/main.yml b/ansible/roles/designate/tasks/main.yml new file mode 100644 index 0000000000..b017e8b4ad --- /dev/null +++ b/ansible/roles/designate/tasks/main.yml @@ -0,0 +1,2 @@ +--- +- include: "{{ action }}.yml" diff --git a/ansible/roles/designate/tasks/precheck.yml b/ansible/roles/designate/tasks/precheck.yml new file mode 100644 index 0000000000..e88acfdf69 --- /dev/null +++ b/ansible/roles/designate/tasks/precheck.yml @@ -0,0 +1,48 @@ +- name: Get container facts + kolla_container_facts: + name: + - "{{ item }}" + register: container_facts + with_items: + - designate_api + - designate_backend_bind9 + +- name: Checking free port for designate API + wait_for: + host: "{{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}" + port: "{{ designate_api_port }}" + connect_timeout: 1 + state: stopped + when: + - container_facts['designate_api'] is not defined + - inventory_hostname in groups['designate-api'] + +- name: Checking free port for designate mdns + wait_for: + host: "{{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}" + port: "{{ designate_mdns_port }}" + connect_timeout: 1 + state: stopped + when: + - container_facts['designate_mdns'] is not defined + - inventory_hostname in groups['designate-mdns'] + +- name: Checking free port for designate backend bind9 port + wait_for: + host: "{{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}" + port: "{{ designate_bind_port }}" + connect_timeout: 1 + state: stopped + when: + - container_facts['designate_backend_bind9'] is not defined + - inventory_hostname in groups['designate-backend-bind9'] + +- name: Checking free port for designate backend rndc port + wait_for: + host: "{{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}" + port: "{{ designate_rndc_port }}" + connect_timeout: 1 + state: stopped + when: + - container_facts['designate_backend_bind9'] is not defined + - inventory_hostname in groups['designate-backend-bind9'] diff --git a/ansible/roles/designate/tasks/pull.yml b/ansible/roles/designate/tasks/pull.yml new file mode 100644 index 0000000000..4a67bfe62f --- /dev/null +++ b/ansible/roles/designate/tasks/pull.yml @@ -0,0 +1,42 @@ +--- +- name: Pulling designate-api image + kolla_docker: + action: "pull_image" + common_options: "{{ docker_common_options }}" + image: "{{ designate_api_image_full }}" + when: inventory_hostname in groups['designate-api'] + +- name: Pulling designate-central image + kolla_docker: + action: "pull_image" + common_options: "{{ docker_common_options }}" + image: "{{ designate_central_image_full }}" + when: inventory_hostname in groups['designate-central'] + +- name: Pulling designate-mdns image + kolla_docker: + action: "pull_image" + common_options: "{{ docker_common_options }}" + image: "{{ designate_mdns_image_full }}" + when: inventory_hostname in groups['designate-mdns'] + +- name: Pulling designate-worker image + kolla_docker: + action: "pull_image" + common_options: "{{ docker_common_options }}" + image: "{{ designate_worker_image_full }}" + when: inventory_hostname in groups['designate-worker'] + +- name: Pulling designate-sink image + kolla_docker: + action: "pull_image" + common_options: "{{ docker_common_options }}" + image: "{{ designate_sink_image_full }}" + when: inventory_hostname in groups['designate-sink'] + +- name: Pulling designate-backend-bind9 image + kolla_docker: + action: "pull_image" + common_options: "{{ docker_common_options }}" + image: "{{ designate_backend_bind9_image_full }}" + when: inventory_hostname in groups['designate-backend-bind9'] diff --git a/ansible/roles/designate/tasks/reconfigure.yml b/ansible/roles/designate/tasks/reconfigure.yml new file mode 100644 index 0000000000..9c8e4b7cff --- /dev/null +++ b/ansible/roles/designate/tasks/reconfigure.yml @@ -0,0 +1,93 @@ +--- +- name: Ensuring the containers up + kolla_docker: + name: "{{ item.name }}" + action: "get_container_state" + register: container_state + failed_when: container_state.Running == false + when: + - "{{ item.enabled|default(True) }}" + - inventory_hostname in groups[item.group] + with_items: + - { name: designate_central, group: designate-central } + - { name: designate_api, group: designate-api } + - { name: designate_mdns, group: designate-mdns } + - { name: designate_worker, group: designate-worker } + - { name: designate_sink, group: designate-sink } + - { name: designate_backend_bind9, group: designate-backend-bind9 } + +- include: config.yml + +- name: Check the configs + command: docker exec {{ item.name }} /usr/local/bin/kolla_set_configs --check + changed_when: false + failed_when: false + register: check_results + when: inventory_hostname in groups[item.group] + with_items: + - { name: designate_central, group: designate-central } + - { name: designate_api, group: designate-api } + - { name: designate_mdns, group: designate-mdns } + - { name: designate_worker, group: designate-worker } + - { name: designate_sink, group: designate-sink } + - { name: designate_backend_bind9, group: designate-backend-bind9 } + +# NOTE(jeffrey4l): when config_strategy == 'COPY_ALWAYS' +# and container env['KOLLA_CONFIG_STRATEGY'] == 'COPY_ONCE', +# just remove the container and start again +- name: Containers config strategy + kolla_docker: + name: "{{ item.name }}" + action: "get_container_env" + register: container_envs + when: inventory_hostname in groups[item.group] + with_items: + - { name: designate_central, group: designate-central } + - { name: designate_api, group: designate-api } + - { name: designate_mdns, group: designate-mdns } + - { name: designate_worker, group: designate-worker } + - { name: designate_sink, group: designate-sink } + - { name: designate_backend_bind9, group: designate-backend-bind9 } + +- name: Remove the containers + kolla_docker: + name: "{{ item[0]['name'] }}" + action: "remove_container" + register: remove_containers + when: + - inventory_hostname in groups[item[0]['group']] + - config_strategy == "COPY_ONCE" or item[1]['KOLLA_CONFIG_STRATEGY'] == 'COPY_ONCE' + - item[2]['rc'] == 1 + with_together: + - [{ name: designate_central, group: designate-central }, + { name: designate_api, group: designate-api }, + { name: designate_mdns, group: designate-mdns }, + { name: designate_worker, group: designate-worker }, + { name: designate_sink, group: designate-sink }, + { name: designate_backend_bind9, group: designate-backend-bind9 }] + - "{{ container_envs.results }}" + - "{{ check_results.results }}" + +- include: start.yml + when: remove_containers.changed + +- name: Restart containers + kolla_docker: + name: "{{ item[0]['name'] }}" + action: "restart_container" + when: + - inventory_hostname in groups[item[0]['group']] + - config_strategy == 'COPY_ALWAYS' + - item[1]['KOLLA_CONFIG_STRATEGY'] != 'COPY_ONCE' + - item[2]['rc'] == 1 + with_together: + - [{ name: designate_central, group: designate-central }, + { name: designate_api, group: designate-api }, + { name: designate_mdns, group: designate-mdns }, + { name: designate_worker, group: designate-worker }, + { name: designate_sink, group: designate-sink }, + { name: designate_backend_bind9, group: designate-backend-bind9 }] + - "{{ container_envs.results }}" + - "{{ check_results.results }}" + +- include: update_pools.yml diff --git a/ansible/roles/designate/tasks/register.yml b/ansible/roles/designate/tasks/register.yml new file mode 100644 index 0000000000..e17db9bc27 --- /dev/null +++ b/ansible/roles/designate/tasks/register.yml @@ -0,0 +1,40 @@ +--- +- name: Creating the Designate service and endpoint + command: docker exec -t kolla_toolbox /usr/bin/ansible localhost + -m kolla_keystone_service + -a "service_name=designate + service_type=dns + description='Designate DNS Service' + endpoint_region={{ openstack_region_name }} + url='{{ item.url }}' + interface='{{ item.interface }}' + region_name={{ openstack_region_name }} + auth={{ '{{ openstack_designate_auth }}' }}" + -e "{'openstack_designate_auth':{{ openstack_designate_auth }}}" + register: designate_endpoint + changed_when: "{{ designate_endpoint.stdout.find('localhost | SUCCESS => ') != -1 and (designate_endpoint.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}" + until: designate_endpoint.stdout.split()[2] == 'SUCCESS' + retries: 10 + delay: 5 + run_once: True + with_items: + - {'interface': 'admin', 'url': '{{ designate_admin_endpoint }}'} + - {'interface': 'internal', 'url': '{{ designate_internal_endpoint }}'} + - {'interface': 'public', 'url': '{{ designate_public_endpoint }}'} + +- name: Creating the Designate project, user, and role + command: docker exec -t kolla_toolbox /usr/bin/ansible localhost + -m kolla_keystone_user + -a "project=service + user=designate + password={{ designate_keystone_password }} + role=admin + region_name={{ openstack_region_name }} + auth={{ '{{ openstack_designate_auth }}' }}" + -e "{'openstack_designate_auth':{{ openstack_designate_auth }}}" + register: designate_user + changed_when: "{{ designate_user.stdout.find('localhost | SUCCESS => ') != -1 and (designate_user.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}" + until: designate_user.stdout.split()[2] == 'SUCCESS' + retries: 10 + delay: 5 + run_once: True diff --git a/ansible/roles/designate/tasks/start.yml b/ansible/roles/designate/tasks/start.yml new file mode 100644 index 0000000000..d1ff1ca998 --- /dev/null +++ b/ansible/roles/designate/tasks/start.yml @@ -0,0 +1,73 @@ +--- +- name: Starting designate-backend-bind9 container + kolla_docker: + action: "start_container" + common_options: "{{ docker_common_options }}" + image: "{{ designate_backend_bind9_image_full }}" + name: "designate_backend_bind9" + volumes: + - "{{ node_config_directory }}/designate-backend-bind9/:{{ container_config_directory }}/:ro" + - "/etc/localtime:/etc/localtime:ro" + - "kolla_logs:/var/log/kolla/" + - "designate_backend_bind9:/var/lib/named/" + when: inventory_hostname in groups['designate-backend-bind9'] + +- name: Starting designate-central container + kolla_docker: + action: "start_container" + common_options: "{{ docker_common_options }}" + image: "{{ designate_central_image_full }}" + name: "designate_central" + volumes: + - "{{ node_config_directory }}/designate-central/:{{ container_config_directory }}/:ro" + - "/etc/localtime:/etc/localtime:ro" + - "kolla_logs:/var/log/kolla/" + when: inventory_hostname in groups['designate-central'] + +- name: Starting designate-api container + kolla_docker: + action: "start_container" + common_options: "{{ docker_common_options }}" + image: "{{ designate_api_image_full }}" + name: "designate_api" + volumes: + - "{{ node_config_directory }}/designate-api/:{{ container_config_directory }}/:ro" + - "/etc/localtime:/etc/localtime:ro" + - "kolla_logs:/var/log/kolla/" + when: inventory_hostname in groups['designate-api'] + +- name: Starting designate-mdns container + kolla_docker: + action: "start_container" + common_options: "{{ docker_common_options }}" + image: "{{ designate_mdns_image_full }}" + name: "designate_mdns" + volumes: + - "{{ node_config_directory }}/designate-mdns/:{{ container_config_directory }}/:ro" + - "/etc/localtime:/etc/localtime:ro" + - "kolla_logs:/var/log/kolla/" + when: inventory_hostname in groups['designate-mdns'] + +- name: Starting designate-worker container + kolla_docker: + action: "start_container" + common_options: "{{ docker_common_options }}" + image: "{{ designate_worker_image_full }}" + name: "designate_worker" + volumes: + - "{{ node_config_directory }}/designate-worker/:{{ container_config_directory }}/:ro" + - "/etc/localtime:/etc/localtime:ro" + - "kolla_logs:/var/log/kolla/" + when: inventory_hostname in groups['designate-worker'] + +- name: Starting designate-sink container + kolla_docker: + action: "start_container" + common_options: "{{ docker_common_options }}" + image: "{{ designate_sink_image_full }}" + name: "designate_sink" + volumes: + - "{{ node_config_directory }}/designate-sink/:{{ container_config_directory }}/:ro" + - "/etc/localtime:/etc/localtime:ro" + - "kolla_logs:/var/log/kolla/" + when: inventory_hostname in groups['designate-sink'] diff --git a/ansible/roles/designate/tasks/update_pools.yml b/ansible/roles/designate/tasks/update_pools.yml new file mode 100644 index 0000000000..dc9692aa12 --- /dev/null +++ b/ansible/roles/designate/tasks/update_pools.yml @@ -0,0 +1,4 @@ +--- +- name: Update DNS pools + command: docker exec -t designate_worker designate-manage pool update --file /etc/designate/pools.yaml + when: inventory_hostname in groups['designate-worker'][0] diff --git a/ansible/roles/designate/tasks/upgrade.yml b/ansible/roles/designate/tasks/upgrade.yml new file mode 100644 index 0000000000..f784d0227f --- /dev/null +++ b/ansible/roles/designate/tasks/upgrade.yml @@ -0,0 +1,8 @@ +--- +- include: config.yml + +- include: bootstrap_service.yml + +- include: start.yml + +- include: update_pools.yml diff --git a/ansible/roles/designate/templates/designate-api.json.j2 b/ansible/roles/designate/templates/designate-api.json.j2 new file mode 100644 index 0000000000..31ad788480 --- /dev/null +++ b/ansible/roles/designate/templates/designate-api.json.j2 @@ -0,0 +1,25 @@ +{ + "command": "designate-api --config-file /etc/designate/designate.conf", + "config_files": [ + { + "source": "{{ container_config_directory }}/designate.conf", + "dest": "/etc/designate/designate.conf", + "owner": "designate", + "perm": "0600" + }, + { + "source": "{{ container_config_directory }}/policy.json", + "dest": "/etc/designate/policy.json", + "owner": "designate", + "perm": "0600", + "optional": true + } + ], + "permissions": [ + { + "path": "/var/log/kolla/designate", + "owner": "designate:designate", + "recurse": true + } + ] +} diff --git a/ansible/roles/designate/templates/designate-backend-bind9.json.j2 b/ansible/roles/designate/templates/designate-backend-bind9.json.j2 new file mode 100644 index 0000000000..c1e0c0448c --- /dev/null +++ b/ansible/roles/designate/templates/designate-backend-bind9.json.j2 @@ -0,0 +1,35 @@ +{% set bind_cmd = 'named' if kolla_base_distro in ['ubuntu', 'debian'] else 'named' %} +{% set bind_file = 'bind/named.conf' if kolla_base_distro in ['ubuntu', 'debian'] else 'named.conf' %} + +{ + "command": "/usr/sbin/{{ bind_cmd }} -g", + "config_files": [ + { + "source": "{{ container_config_directory }}/named.conf", + "dest": "/etc/{{ bind_file }}", + "owner": "root", + "perm": "0660" + }, + { + "source": "{{ container_config_directory }}/rndc.conf", + "dest": "/etc/rndc.conf", + "owner": "root", + "perm": "0600", + "optional": true + }, + { + "source": "{{ container_config_directory }}/rndc.key", + "dest": "/etc/rndc.key", + "owner": "root", + "perm": "0600", + "optional": true + } + ], + "permissions": [ + { + "path": "/var/log/kolla/named", + "owner": "root:root", + "recurse": true + } + ] +} diff --git a/ansible/roles/designate/templates/designate-central.json.j2 b/ansible/roles/designate/templates/designate-central.json.j2 new file mode 100644 index 0000000000..ddde828cd3 --- /dev/null +++ b/ansible/roles/designate/templates/designate-central.json.j2 @@ -0,0 +1,25 @@ +{ + "command": "designate-central --config-file /etc/designate/designate.conf", + "config_files": [ + { + "source": "{{ container_config_directory }}/designate.conf", + "dest": "/etc/designate/designate.conf", + "owner": "designate", + "perm": "0600" + }, + { + "source": "{{ container_config_directory }}/policy.json", + "dest": "/etc/designate/policy.json", + "owner": "designate", + "perm": "0600", + "optional": true + } + ], + "permissions": [ + { + "path": "/var/log/kolla/designate", + "owner": "designate:designate", + "recurse": true + } + ] +} diff --git a/ansible/roles/designate/templates/designate-mdns.json.j2 b/ansible/roles/designate/templates/designate-mdns.json.j2 new file mode 100644 index 0000000000..d7b2d58a65 --- /dev/null +++ b/ansible/roles/designate/templates/designate-mdns.json.j2 @@ -0,0 +1,25 @@ +{ + "command": "designate-mdns --config-file /etc/designate/designate.conf", + "config_files": [ + { + "source": "{{ container_config_directory }}/designate.conf", + "dest": "/etc/designate/designate.conf", + "owner": "designate", + "perm": "0600" + }, + { + "source": "{{ container_config_directory }}/policy.json", + "dest": "/etc/designate/policy.json", + "owner": "designate", + "perm": "0600", + "optional": true + } + ], + "permissions": [ + { + "path": "/var/log/kolla/designate", + "owner": "designate:designate", + "recurse": true + } + ] +} diff --git a/ansible/roles/designate/templates/designate-sink.json.j2 b/ansible/roles/designate/templates/designate-sink.json.j2 new file mode 100644 index 0000000000..e2d8190010 --- /dev/null +++ b/ansible/roles/designate/templates/designate-sink.json.j2 @@ -0,0 +1,25 @@ +{ + "command": "designate-sink --config-file /etc/designate/designate.conf", + "config_files": [ + { + "source": "{{ container_config_directory }}/designate.conf", + "dest": "/etc/designate/designate.conf", + "owner": "designate", + "perm": "0600" + }, + { + "source": "{{ container_config_directory }}/policy.json", + "dest": "/etc/designate/policy.json", + "owner": "designate", + "perm": "0600", + "optional": true + } + ], + "permissions": [ + { + "path": "/var/log/kolla/designate", + "owner": "designate:designate", + "recurse": true + } + ] +} diff --git a/ansible/roles/designate/templates/designate-worker.json.j2 b/ansible/roles/designate/templates/designate-worker.json.j2 new file mode 100644 index 0000000000..9c394bd57a --- /dev/null +++ b/ansible/roles/designate/templates/designate-worker.json.j2 @@ -0,0 +1,46 @@ +{ + "command": "designate-worker --config-file /etc/designate/designate.conf", + "config_files": [ + { + "source": "{{ container_config_directory }}/designate.conf", + "dest": "/etc/designate/designate.conf", + "owner": "designate", + "perm": "0600" + }, + { + "source": "{{ container_config_directory }}/policy.json", + "dest": "/etc/designate/policy.json", + "owner": "designate", + "perm": "0600", + "optional": true + }, + { + "source": "{{ container_config_directory }}/pools.yaml", + "dest": "/etc/designate/pools.yaml", + "owner": "designate", + "perm": "0600", + "optional": true + }, + { + "source": "{{ container_config_directory }}/rndc.conf", + "dest": "/etc/designate/rndc.conf", + "owner": "designate", + "perm": "0600", + "optional": true + }, + { + "source": "{{ container_config_directory }}/rndc.key", + "dest": "/etc/designate/rndc.key", + "owner": "designate", + "perm": "0600", + "optional": true + } + ], + "permissions": [ + { + "path": "/var/log/kolla/designate", + "owner": "designate:designate", + "recurse": true + } + ] +} diff --git a/ansible/roles/designate/templates/designate.conf.j2 b/ansible/roles/designate/templates/designate.conf.j2 new file mode 100644 index 0000000000..d13f54a7c1 --- /dev/null +++ b/ansible/roles/designate/templates/designate.conf.j2 @@ -0,0 +1,88 @@ +[DEFAULT] + +debug = {{ designate_logging_debug }} + +log_dir = /var/log/kolla/designate + +transport_url = rabbit://{% for host in groups['rabbitmq'] %}{{ rabbitmq_user }}:{{ rabbitmq_password }}@{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ rabbitmq_port }}{% if not loop.last %},{% endif %}{% endfor %} + +[service:central] +default_pool_id = {{ designate_pool_id }} + +[service:api] +api_base_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ designate_api_port }} +api_host = {{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }} +api_port = {{ designate_api_port }} +enable_api_v1 = True +enabled_extensions_v1 = 'diagnostics, quotas, reports, sync, touch' +enable_api_v2 = True +enabled_extensions_v2 = 'quotas, reports' + + +[keystone_authtoken] +auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }} +auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }} +auth_type = password +project_domain_id = default +user_domain_id = default +project_name = service +username = {{ designate_keystone_user }} +password = {{ designate_keystone_password }} +http_connect_timeout = 60 + +memcache_security_strategy = ENCRYPT +memcache_secret_key = {{ memcache_secret_key }} +memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %} + +[service:sink] +enabled_notification_handlers = nova_fixed, neutron_floatingip +workers = {{ openstack_service_workers }} + +[service:mdns] +listen = {{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}:{{ designate_mdns_port }} +workers = {{ openstack_service_workers }} + +[service:worker] +enabled = True +notify = True +workers = {{ openstack_service_workers }} + +[service:pool_manager] +cache_driver = sqlalchemy +pool_id = {{ designate_pool_id }} +workers = {{ openstack_service_workers }} + +[pool_manager_cache:sqlalchemy] +connection = mysql+pymysql://{{ designate_pool_manager_database_user }}:{{ designate_pool_manager_database_password }}@{{ designate_pool_manager_database_address }}/{{ designate_pool_manager_database_name }} +max_retries = 10 +idle_timeout = 3600 + +[pool_manager_cache:memcache] +memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %} + +[storage:sqlalchemy] +connection = mysql+pymysql://{{ designate_database_user }}:{{ designate_database_password }}@{{ designate_database_address }}/{{ designate_database_name }} +max_retries = 10 +idle_timeout = 3600 + +[handler:nova_fixed] +notification_topics = notifications_designate +control_exchange = nova +format = '(display_name)s.%(domain)s' + +[handler:neutron_floatingip] +notification_topics = notifications_designate +control_exchange = neutron +format = '%(octet0)s-%(octet1)s-%(octet2)s-%(octet3)s.%(domain)s' + +[oslo_messaging_notifications] +topics = notifications_designate +driver = messaging + +[oslo_messaging_rabbit] +rabbit_userid = {{ rabbitmq_user }} +rabbit_password = {{ rabbitmq_password }} +rabbit_hosts = {% for host in groups['rabbitmq'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ rabbitmq_port }}{% if not loop.last %},{% endif %}{% endfor %} + +[oslo_concurrency] +lock_path = /var/lib/designate/tmp diff --git a/ansible/roles/designate/templates/named.conf.j2 b/ansible/roles/designate/templates/named.conf.j2 new file mode 100644 index 0000000000..f037534eda --- /dev/null +++ b/ansible/roles/designate/templates/named.conf.j2 @@ -0,0 +1,15 @@ +include "/etc/rndc.key"; +options { + listen-on port {{ designate_bind_port }} { {{ hostvars[inventory_hostname]['ansible_' + hostvars[inventory_hostname]['api_interface']]['ipv4']['address'] }}; }; + directory "/var/lib/named"; + allow-new-zones yes; + dnssec-validation auto; + auth-nxdomain no; + request-ixfr no; + recursion no; + minimal-responses yes; +}; + +controls { + inet {{ hostvars[inventory_hostname]['ansible_' + hostvars[inventory_hostname]['api_interface']]['ipv4']['address'] }} port {{ designate_rndc_port }} allow { {% for host in groups['designate-worker'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}; {% endfor %} } keys { "rndc-key"; }; +}; diff --git a/ansible/roles/designate/templates/pools.yaml.j2 b/ansible/roles/designate/templates/pools.yaml.j2 new file mode 100644 index 0000000000..14b8078733 --- /dev/null +++ b/ansible/roles/designate/templates/pools.yaml.j2 @@ -0,0 +1,28 @@ +- name: default-bind + id: {{ designate_pool_id }} + description: Default BIND9 Pool + attributes: {} + ns_records: + - hostname: {{ designate_ns_record }}. + priority: 1 + nameservers: +{% for host in groups['designate-backend-bind9'] %} + - host: {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }} + port: {{ designate_bind_port }} +{% endfor %} + targets: +{% for bind_host in groups['designate-backend-bind9'] %} + - type: bind9 + description: BIND9 Server {{ hostvars[bind_host]['ansible_' + hostvars[bind_host]['api_interface']]['ipv4']['address'] }} + masters: +{% for mdns_host in groups['designate-mdns'] %} + - host: {{ hostvars[mdns_host]['ansible_' + hostvars[mdns_host]['api_interface']]['ipv4']['address'] }} + port: 5354 +{% endfor %} + options: + host: {{ hostvars[bind_host]['ansible_' + hostvars[bind_host]['api_interface']]['ipv4']['address'] }} + port: {{ designate_bind_port }} + rndc_host: {{ hostvars[bind_host]['ansible_' + hostvars[bind_host]['api_interface']]['ipv4']['address'] }} + rndc_port: {{ designate_rndc_port }} + rndc_key_file: /etc/designate/rndc.key +{% endfor %} diff --git a/ansible/roles/designate/templates/rndc.conf.j2 b/ansible/roles/designate/templates/rndc.conf.j2 new file mode 100644 index 0000000000..69ec742987 --- /dev/null +++ b/ansible/roles/designate/templates/rndc.conf.j2 @@ -0,0 +1,6 @@ +#include "/etc/rndc.key"; +options { + default-key "rndc-key"; + default-server {{ hostvars[inventory_hostname]['ansible_' + hostvars[inventory_hostname]['api_interface']]['ipv4']['address'] }}; + default-port {{ designate_rndc_port }}; +}; diff --git a/ansible/roles/designate/templates/rndc.key.j2 b/ansible/roles/designate/templates/rndc.key.j2 new file mode 100644 index 0000000000..c4a798689c --- /dev/null +++ b/ansible/roles/designate/templates/rndc.key.j2 @@ -0,0 +1,4 @@ +key "rndc-key" { + algorithm hmac-md5; + secret "{{ designate_rndc_key }}"; +}; diff --git a/ansible/roles/haproxy/tasks/precheck.yml b/ansible/roles/haproxy/tasks/precheck.yml index 021d221541..fc5ee19f51 100644 --- a/ansible/roles/haproxy/tasks/precheck.yml +++ b/ansible/roles/haproxy/tasks/precheck.yml @@ -36,6 +36,17 @@ - "{{ 'cloudkitty_api' not in haproxy_stat }}" - inventory_hostname in groups['haproxy'] +- name: Checking free port for Designate API HAProxy + wait_for: + host: "{{ kolla_internal_vip_address }}" + port: "{{ designate_api_port }}" + connect_timeout: 1 + state: stopped + when: + - enable_designate | bool + - inventory_hostname in groups['haproxy'] + - "{{ 'designate_api' not in haproxy_stat }}" + - name: Checking free port for Glance API HAProxy wait_for: host: "{{ kolla_internal_vip_address }}" @@ -123,4 +134,3 @@ - enable_watcher | bool - "{{ 'watcher_api' not in haproxy_stat }}" - inventory_hostname in groups['haproxy'] - diff --git a/ansible/roles/haproxy/templates/haproxy.cfg.j2 b/ansible/roles/haproxy/templates/haproxy.cfg.j2 index 2d5b17eb48..49983a6f03 100644 --- a/ansible/roles/haproxy/templates/haproxy.cfg.j2 +++ b/ansible/roles/haproxy/templates/haproxy.cfg.j2 @@ -650,6 +650,22 @@ listen congress_api_external {% endif %} {% endif %} +{% if enable_designate | bool %} +listen designate_api + bind {{ kolla_internal_vip_address }}:{{ designate_api_port }} +{% for host in groups['designate-api'] %} + server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ designate_api_port }} check inter 2000 rise 2 fall 5 +{% endfor %} +{% if haproxy_enable_external_vip | bool %} + +listen designate_api_external + bind {{ kolla_external_vip_address }}:{{ designate_api_port }} {{ tls_bind_info }} +{% for host in groups['designate-api'] %} + server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ designate_api_port }} check inter 2000 rise 2 fall 5 +{% endfor %} +{% endif %} +{% endif %} + {% if enable_mistral | bool %} listen mistral_api bind {{ kolla_internal_vip_address }}:{{ mistral_api_port }} diff --git a/ansible/roles/neutron/templates/neutron.conf.j2 b/ansible/roles/neutron/templates/neutron.conf.j2 index 7f679d6724..c3bd75e15c 100644 --- a/ansible/roles/neutron/templates/neutron.conf.j2 +++ b/ansible/roles/neutron/templates/neutron.conf.j2 @@ -91,9 +91,10 @@ memcached_servers = {% for host in groups['memcached'] %}{% if orchestration_eng {% endif %} [oslo_messaging_notifications] -{% if enable_ceilometer | bool or enable_searchlight | bool %} +{% if enable_ceilometer | bool or enable_searchlight | bool or enable_designate | bool %} driver = messagingv2 -topics = notifications +{% set topics=["notifications" if enable_ceilometer | bool else "", "notifications_designate" if enable_designate | bool else ""] %} +topics = {{ topics|reject("equalto", "")|list|join(",") }} {% else %} driver = noop {% endif %} diff --git a/ansible/roles/nova/templates/nova.conf.j2 b/ansible/roles/nova/templates/nova.conf.j2 index db274b9f5d..50a7767e4e 100644 --- a/ansible/roles/nova/templates/nova.conf.j2 +++ b/ansible/roles/nova/templates/nova.conf.j2 @@ -50,7 +50,7 @@ compute_driver = libvirt.LibvirtDriver # Though my_ip is not used directly, lots of other variables use $my_ip my_ip = {{ api_interface_address }} -{% if enable_ceilometer | bool or enable_searchlight | bool %} +{% if enable_ceilometer | bool or enable_searchlight | bool or enable_designate | bool %} instance_usage_audit = True instance_usage_audit_period = hour notify_on_state_change = vm_and_task_state @@ -185,9 +185,10 @@ rbd_secret_uuid = {{ rbd_secret_uuid }} compute = auto [oslo_messaging_notifications] -{% if enable_ceilometer | bool or enable_searchlight | bool %} +{% if enable_ceilometer | bool or enable_searchlight | bool or enable_designate | bool %} driver = messagingv2 -topics = notifications +{% set topics=["notifications" if enable_ceilometer | bool else "", "notifications_designate" if enable_designate | bool else ""] %} +topics = {{ topics|reject("equalto", "")|list|join(",") }} {% else %} driver = noop {% endif %} diff --git a/ansible/site.yml b/ansible/site.yml index 14e8a28e25..d00075d2b3 100644 --- a/ansible/site.yml +++ b/ansible/site.yml @@ -401,6 +401,19 @@ tags: tempest, when: enable_tempest | bool } +- name: Apply role designate + hosts: + - designate-api + - designate-central + - designate-mdns + - designate-worker + - designate-sink + serial: '{{ serial|default("0") }}' + roles: + - { role: designate, + tags: designate, + when: enable_designate | bool } + - name: Apply role rally hosts: rally serial: '{{ serial|default("0") }}' diff --git a/etc/kolla/globals.yml b/etc/kolla/globals.yml index b0c27f1f0f..fabdaba4ae 100644 --- a/etc/kolla/globals.yml +++ b/etc/kolla/globals.yml @@ -129,6 +129,7 @@ kolla_internal_vip_address: "10.10.10.254" #enable_cinder_backend_nfs: "no" #enable_cloudkitty: "no" #enable_congress: "no" +#enable_designate: "no" #enable_destroy_images: "no" #enable_etcd: "no" #enable_gnocchi: "no" @@ -228,6 +229,12 @@ kolla_internal_vip_address: "10.10.10.254" #cinder_backup_mount_options_nfs: "" +####################### +# Designate options +####################### +designate_ns_record: "sample.openstack.org" + + ######################### # Nova - Compute Options ######################### diff --git a/etc/kolla/passwords.yml b/etc/kolla/passwords.yml index 7aea8a1830..18e1e965c9 100644 --- a/etc/kolla/passwords.yml +++ b/etc/kolla/passwords.yml @@ -58,6 +58,14 @@ cloudkitty_keystone_password: sahara_database_password: sahara_keystone_password: +designate_database_password: +designate_pool_manager_database_password: +designate_keystone_password: +# This option must be UUID4 value in string format +designate_pool_id: +# This option must be HMAC-MD5 value in string format +designate_rndc_key: + swift_keystone_password: swift_hash_path_suffix: swift_hash_path_prefix: diff --git a/kolla/cmd/genpwd.py b/kolla/cmd/genpwd.py index 5ed46410c2..ed716b58e0 100755 --- a/kolla/cmd/genpwd.py +++ b/kolla/cmd/genpwd.py @@ -13,12 +13,14 @@ # limitations under the License. import argparse +import hmac import os import random import string import sys from Crypto.PublicKey import RSA +from hashlib import md5 from oslo_utils import uuidutils import yaml @@ -51,7 +53,7 @@ def main(): # These keys should be random uuids uuid_keys = ['ceph_cluster_fsid', 'rbd_secret_uuid', 'gnocchi_project_id', 'gnocchi_resource_id', - 'gnocchi_user_id'] + 'gnocchi_user_id', 'designate_pool_id'] # SSH key pair ssh_keys = ['kolla_ssh_key', 'nova_ssh_key', @@ -60,6 +62,9 @@ def main(): # If these keys are None, leave them as None blank_keys = ['docker_registry_password'] + # HMAC-MD5 keys + hmac_md5_keys = ['designate_rndc_key'] + # length of password length = 40 @@ -82,6 +87,10 @@ def main(): continue if k in uuid_keys: passwords[k] = uuidutils.generate_uuid() + elif k in hmac_md5_keys: + passwords[k] = (hmac.new( + uuidutils.generate_uuid(), '', md5) + .digest().encode('base64')[:-1]) else: passwords[k] = ''.join([ random.SystemRandom().choice( diff --git a/releasenotes/notes/ansible-designate-948c56a8e14d5029.yaml b/releasenotes/notes/ansible-designate-948c56a8e14d5029.yaml new file mode 100644 index 0000000000..b4abd35299 --- /dev/null +++ b/releasenotes/notes/ansible-designate-948c56a8e14d5029.yaml @@ -0,0 +1,6 @@ +--- +prelude: > + Designate is an OpenStack project, providing DNSaaS. +features: + - Designate deployment through Ansible with Bind9 + as backend for DNS.