Merge "Ansible-ize OpenStack Designate"
This commit is contained in:
commit
40e443da57
@ -124,6 +124,11 @@ congress_api_port: "1789"
|
|||||||
|
|
||||||
cloudkitty_api_port: "8889"
|
cloudkitty_api_port: "8889"
|
||||||
|
|
||||||
|
designate_api_port: "9001"
|
||||||
|
designate_bind_port: "53"
|
||||||
|
designate_mdns_port: "5354"
|
||||||
|
designate_rndc_port: "953"
|
||||||
|
|
||||||
iscsi_port: "3260"
|
iscsi_port: "3260"
|
||||||
|
|
||||||
gnocchi_api_port: "8041"
|
gnocchi_api_port: "8041"
|
||||||
@ -272,6 +277,7 @@ enable_cinder_backend_nfs: "no"
|
|||||||
enable_cloudkitty: "no"
|
enable_cloudkitty: "no"
|
||||||
enable_congress: "no"
|
enable_congress: "no"
|
||||||
enable_etcd: "no"
|
enable_etcd: "no"
|
||||||
|
enable_designate: "no"
|
||||||
enable_gnocchi: "no"
|
enable_gnocchi: "no"
|
||||||
enable_grafana: "no"
|
enable_grafana: "no"
|
||||||
enable_heat: "yes"
|
enable_heat: "yes"
|
||||||
@ -403,6 +409,10 @@ cinder_backup_mount_options_nfs: ""
|
|||||||
# Valid options are [ ceilometer, gnocchi ]
|
# Valid options are [ ceilometer, gnocchi ]
|
||||||
cloudkitty_collector_backend: "ceilometer"
|
cloudkitty_collector_backend: "ceilometer"
|
||||||
|
|
||||||
|
#######################
|
||||||
|
# Designate options
|
||||||
|
#######################
|
||||||
|
designate_ns_record: "sample.openstack.org"
|
||||||
|
|
||||||
#######################
|
#######################
|
||||||
# Nova options
|
# Nova options
|
||||||
|
@ -154,6 +154,9 @@ control
|
|||||||
[octavia:children]
|
[octavia:children]
|
||||||
control
|
control
|
||||||
|
|
||||||
|
[designate:children]
|
||||||
|
control
|
||||||
|
|
||||||
# Additional control implemented here. These groups allow you to control which
|
# Additional control implemented here. These groups allow you to control which
|
||||||
# services run on which hosts at a per-service level.
|
# services run on which hosts at a per-service level.
|
||||||
#
|
#
|
||||||
@ -450,3 +453,22 @@ octavia
|
|||||||
|
|
||||||
[octavia-worker:children]
|
[octavia-worker:children]
|
||||||
octavia
|
octavia
|
||||||
|
|
||||||
|
# Designate
|
||||||
|
[designate-api:children]
|
||||||
|
designate
|
||||||
|
|
||||||
|
[designate-central:children]
|
||||||
|
designate
|
||||||
|
|
||||||
|
[designate-mdns:children]
|
||||||
|
designate
|
||||||
|
|
||||||
|
[designate-worker:children]
|
||||||
|
designate
|
||||||
|
|
||||||
|
[designate-sink:children]
|
||||||
|
designate
|
||||||
|
|
||||||
|
[designate-backend-bind9:children]
|
||||||
|
designate
|
||||||
|
@ -170,6 +170,9 @@ control
|
|||||||
[octavia:children]
|
[octavia:children]
|
||||||
control
|
control
|
||||||
|
|
||||||
|
[designate:children]
|
||||||
|
control
|
||||||
|
|
||||||
# Additional control implemented here. These groups allow you to control which
|
# Additional control implemented here. These groups allow you to control which
|
||||||
# services run on which hosts at a per-service level.
|
# services run on which hosts at a per-service level.
|
||||||
#
|
#
|
||||||
@ -466,3 +469,22 @@ octavia
|
|||||||
|
|
||||||
[octavia-worker:children]
|
[octavia-worker:children]
|
||||||
octavia
|
octavia
|
||||||
|
|
||||||
|
# Designate
|
||||||
|
[designate-api:children]
|
||||||
|
designate
|
||||||
|
|
||||||
|
[designate-central:children]
|
||||||
|
designate
|
||||||
|
|
||||||
|
[designate-mdns:children]
|
||||||
|
designate
|
||||||
|
|
||||||
|
[designate-worker:children]
|
||||||
|
designate
|
||||||
|
|
||||||
|
[designate-sink:children]
|
||||||
|
designate
|
||||||
|
|
||||||
|
[designate-backend-bind9:children]
|
||||||
|
designate
|
||||||
|
@ -77,6 +77,7 @@
|
|||||||
- { name: "ceilometer", enabled: "{{ enable_ceilometer }}" }
|
- { name: "ceilometer", enabled: "{{ enable_ceilometer }}" }
|
||||||
- { name: "cinder", enabled: "{{ enable_cinder }}" }
|
- { name: "cinder", enabled: "{{ enable_cinder }}" }
|
||||||
- { name: "cloudkitty", enabled: "{{ enable_cloudkitty }}" }
|
- { name: "cloudkitty", enabled: "{{ enable_cloudkitty }}" }
|
||||||
|
- { name: "designate", enabled: "{{ enable_designate }}" }
|
||||||
- { name: "elasticsearch", enabled: "{{ enable_elasticsearch }}" }
|
- { name: "elasticsearch", enabled: "{{ enable_elasticsearch }}" }
|
||||||
- { name: "glance", enabled: "{{ enable_glance }}" }
|
- { name: "glance", enabled: "{{ enable_glance }}" }
|
||||||
- { name: "global", enabled: "yes" }
|
- { name: "global", enabled: "yes" }
|
||||||
|
@ -0,0 +1,3 @@
|
|||||||
|
"/var/log/kolla/designate/*.log"
|
||||||
|
{
|
||||||
|
}
|
@ -6,6 +6,7 @@
|
|||||||
( 'ceilometer', enable_ceilometer ),
|
( 'ceilometer', enable_ceilometer ),
|
||||||
( 'cinder', enable_cinder ),
|
( 'cinder', enable_cinder ),
|
||||||
( 'cloudkitty', enable_cloudkitty ),
|
( 'cloudkitty', enable_cloudkitty ),
|
||||||
|
( 'designate', enable_designate ),
|
||||||
( 'elasticsearch', enable_elasticsearch ),
|
( 'elasticsearch', enable_elasticsearch ),
|
||||||
( 'glance', enable_glance ),
|
( 'glance', enable_glance ),
|
||||||
( 'gnocchi', enable_gnocchi ),
|
( 'gnocchi', enable_gnocchi ),
|
||||||
|
@ -6,6 +6,6 @@ filename = "lua_decoders/os_openstack_log.lua"
|
|||||||
type = "LogstreamerInput"
|
type = "LogstreamerInput"
|
||||||
decoder = "openstack_log_decoder"
|
decoder = "openstack_log_decoder"
|
||||||
log_directory = "/var/log/kolla"
|
log_directory = "/var/log/kolla"
|
||||||
file_match = '(?P<Service>cloudkitty|nova|glance|keystone|neutron|ceph|cinder|heat|murano|magnum|mistral|manila|octavia|searchlight|senlin|sahara|tacker)/(?P<Program>.*)\.log\.?(?P<Seq>\d*)$'
|
file_match = '(?P<Service>cloudkitty|designate|nova|glance|keystone|neutron|ceph|cinder|heat|murano|magnum|mistral|manila|octavia|searchlight|senlin|sahara|tacker)/(?P<Program>.*)\.log\.?(?P<Seq>\d*)$'
|
||||||
priority = ["^Seq"]
|
priority = ["^Seq"]
|
||||||
differentiator = ["Service", "_", "Program"]
|
differentiator = ["Service", "_", "Program"]
|
||||||
|
55
ansible/roles/designate/defaults/main.yml
Normal file
55
ansible/roles/designate/defaults/main.yml
Normal file
@ -0,0 +1,55 @@
|
|||||||
|
---
|
||||||
|
project_name: "designate"
|
||||||
|
|
||||||
|
####################
|
||||||
|
# Database
|
||||||
|
####################
|
||||||
|
designate_database_name: "designate"
|
||||||
|
designate_database_user: "designate"
|
||||||
|
designate_database_address: "{{ kolla_internal_fqdn }}:{{ database_port }}"
|
||||||
|
|
||||||
|
designate_pool_manager_database_name: "designate_pool_manager"
|
||||||
|
designate_pool_manager_database_user: "designate_pool_manager"
|
||||||
|
designate_pool_manager_database_address: "{{ kolla_internal_fqdn }}:{{ database_port }}"
|
||||||
|
|
||||||
|
|
||||||
|
####################
|
||||||
|
# Docker
|
||||||
|
####################
|
||||||
|
|
||||||
|
designate_central_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-designate-central"
|
||||||
|
designate_central_tag: "{{ openstack_release }}"
|
||||||
|
designate_central_image_full: "{{ designate_central_image }}:{{ designate_central_tag }}"
|
||||||
|
|
||||||
|
designate_api_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-designate-api"
|
||||||
|
designate_api_tag: "{{ openstack_release }}"
|
||||||
|
designate_api_image_full: "{{ designate_api_image }}:{{ designate_api_tag }}"
|
||||||
|
|
||||||
|
designate_backend_bind9_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-designate-backend-bind9"
|
||||||
|
designate_backend_bind9_tag: "{{ openstack_release }}"
|
||||||
|
designate_backend_bind9_image_full: "{{ designate_backend_bind9_image }}:{{ designate_backend_bind9_tag }}"
|
||||||
|
|
||||||
|
designate_mdns_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-designate-mdns"
|
||||||
|
designate_mdns_tag: "{{ openstack_release }}"
|
||||||
|
designate_mdns_image_full: "{{ designate_mdns_image }}:{{ designate_mdns_tag }}"
|
||||||
|
|
||||||
|
designate_sink_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-designate-sink"
|
||||||
|
designate_sink_tag: "{{ openstack_release }}"
|
||||||
|
designate_sink_image_full: "{{ designate_sink_image }}:{{ designate_sink_tag }}"
|
||||||
|
|
||||||
|
designate_worker_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-designate-worker"
|
||||||
|
designate_worker_tag: "{{ openstack_release }}"
|
||||||
|
designate_worker_image_full: "{{ designate_worker_image }}:{{ designate_worker_tag }}"
|
||||||
|
|
||||||
|
####################
|
||||||
|
# OpenStack
|
||||||
|
####################
|
||||||
|
designate_admin_endpoint: "{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ designate_api_port }}"
|
||||||
|
designate_internal_endpoint: "{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ designate_api_port }}"
|
||||||
|
designate_public_endpoint: "{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ designate_api_port }}"
|
||||||
|
|
||||||
|
designate_logging_debug: "{{ openstack_logging_debug }}"
|
||||||
|
|
||||||
|
designate_keystone_user: "designate"
|
||||||
|
|
||||||
|
openstack_designate_auth: "{'auth_url':'{{ openstack_auth.auth_url }}','username':'{{ openstack_auth.username }}','password':'{{ openstack_auth.password }}','project_name':'{{ openstack_auth.project_name }}'}"
|
3
ansible/roles/designate/meta/main.yml
Normal file
3
ansible/roles/designate/meta/main.yml
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
---
|
||||||
|
dependencies:
|
||||||
|
- { role: common }
|
79
ansible/roles/designate/tasks/bootstrap.yml
Normal file
79
ansible/roles/designate/tasks/bootstrap.yml
Normal file
@ -0,0 +1,79 @@
|
|||||||
|
---
|
||||||
|
- name: Creating Designate database
|
||||||
|
command: docker exec -t kolla_toolbox /usr/bin/ansible localhost
|
||||||
|
-m mysql_db
|
||||||
|
-a "login_host='{{ database_address }}'
|
||||||
|
login_port='{{ database_port }}'
|
||||||
|
login_user='{{ database_user }}'
|
||||||
|
login_password='{{ database_password }}'
|
||||||
|
name='{{ designate_database_name }}'"
|
||||||
|
register: database
|
||||||
|
changed_when: "{{ database.stdout.find('localhost | SUCCESS => ') != -1 and
|
||||||
|
(database.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
|
||||||
|
failed_when: database.stdout.split()[2] != 'SUCCESS'
|
||||||
|
run_once: True
|
||||||
|
delegate_to: "{{ groups['designate-central'][0] }}"
|
||||||
|
|
||||||
|
- name: Reading json from variable
|
||||||
|
set_fact:
|
||||||
|
database_created: "{{ (database.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
|
||||||
|
|
||||||
|
- name: Creating Designate Pool Manager database
|
||||||
|
command: docker exec -t kolla_toolbox /usr/bin/ansible localhost
|
||||||
|
-m mysql_db
|
||||||
|
-a "login_host='{{ database_address }}'
|
||||||
|
login_port='{{ database_port }}'
|
||||||
|
login_user='{{ database_user }}'
|
||||||
|
login_password='{{ database_password }}'
|
||||||
|
name='{{ designate_pool_manager_database_name }}'"
|
||||||
|
register: database_pool_manager
|
||||||
|
changed_when: "{{ database.stdout.find('localhost | SUCCESS => ') != -1 and
|
||||||
|
(database.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
|
||||||
|
failed_when: database.stdout.split()[2] != 'SUCCESS'
|
||||||
|
run_once: True
|
||||||
|
delegate_to: "{{ groups['designate-central'][0] }}"
|
||||||
|
|
||||||
|
- name: Reading json from variable
|
||||||
|
set_fact:
|
||||||
|
database_pool_manager_created: "{{ (database_pool_manager.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
|
||||||
|
|
||||||
|
- name: Creating Designate database user and setting permissions
|
||||||
|
command: docker exec -t kolla_toolbox /usr/bin/ansible localhost
|
||||||
|
-m mysql_user
|
||||||
|
-a "login_host='{{ database_address }}'
|
||||||
|
login_port='{{ database_port }}'
|
||||||
|
login_user='{{ database_user }}'
|
||||||
|
login_password='{{ database_password }}'
|
||||||
|
name='{{ designate_database_name }}'
|
||||||
|
password='{{ designate_database_password }}'
|
||||||
|
host='%'
|
||||||
|
priv='{{ designate_database_name }}.*:ALL'
|
||||||
|
append_privs='yes'"
|
||||||
|
register: database_user_create
|
||||||
|
changed_when: "{{ database_user_create.stdout.find('localhost | SUCCESS => ') != -1 and
|
||||||
|
(database_user_create.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
|
||||||
|
failed_when: database_user_create.stdout.split()[2] != 'SUCCESS'
|
||||||
|
run_once: True
|
||||||
|
delegate_to: "{{ groups['designate-central'][0] }}"
|
||||||
|
|
||||||
|
- name: Creating Designate Pool Manager database user and setting permissions
|
||||||
|
command: docker exec -t kolla_toolbox /usr/bin/ansible localhost
|
||||||
|
-m mysql_user
|
||||||
|
-a "login_host='{{ database_address }}'
|
||||||
|
login_port='{{ database_port }}'
|
||||||
|
login_user='{{ database_user }}'
|
||||||
|
login_password='{{ database_password }}'
|
||||||
|
name='{{ designate_pool_manager_database_name }}'
|
||||||
|
password='{{ designate_pool_manager_database_password }}'
|
||||||
|
host='%'
|
||||||
|
priv='{{ designate_pool_manager_database_name }}.*:ALL'
|
||||||
|
append_privs='yes'"
|
||||||
|
register: database_pool_manager_user_create
|
||||||
|
changed_when: "{{ database_pool_manager_user_create.stdout.find('localhost | SUCCESS => ') != -1 and
|
||||||
|
(database_pool_manager_user_create.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
|
||||||
|
failed_when: database_pool_manager_user_create.stdout.split()[2] != 'SUCCESS'
|
||||||
|
run_once: True
|
||||||
|
delegate_to: "{{ groups['designate-central'][0] }}"
|
||||||
|
|
||||||
|
- include: bootstrap_service.yml
|
||||||
|
when: database_created
|
20
ansible/roles/designate/tasks/bootstrap_service.yml
Normal file
20
ansible/roles/designate/tasks/bootstrap_service.yml
Normal file
@ -0,0 +1,20 @@
|
|||||||
|
---
|
||||||
|
- name: Running Designate bootstrap container
|
||||||
|
kolla_docker:
|
||||||
|
action: "start_container"
|
||||||
|
common_options: "{{ docker_common_options }}"
|
||||||
|
detach: False
|
||||||
|
environment:
|
||||||
|
KOLLA_BOOTSTRAP:
|
||||||
|
KOLLA_CONFIG_STRATEGY: "{{ config_strategy }}"
|
||||||
|
image: "{{ designate_central_image_full }}"
|
||||||
|
labels:
|
||||||
|
BOOTSTRAP:
|
||||||
|
name: "bootstrap_designate"
|
||||||
|
restart_policy: "never"
|
||||||
|
volumes:
|
||||||
|
- "{{ node_config_directory }}/designate-central/:{{ container_config_directory }}/:ro"
|
||||||
|
- "/etc/localtime:/etc/localtime:ro"
|
||||||
|
- "kolla_logs:/var/log/kolla/"
|
||||||
|
run_once: True
|
||||||
|
delegate_to: "{{ groups['designate-central'][0] }}"
|
96
ansible/roles/designate/tasks/config.yml
Normal file
96
ansible/roles/designate/tasks/config.yml
Normal file
@ -0,0 +1,96 @@
|
|||||||
|
---
|
||||||
|
- name: Ensuring config directories exist
|
||||||
|
file:
|
||||||
|
path: "{{ node_config_directory }}/{{ item }}"
|
||||||
|
state: "directory"
|
||||||
|
recurse: yes
|
||||||
|
with_items:
|
||||||
|
- "designate-api"
|
||||||
|
- "designate-central"
|
||||||
|
- "designate-mdns"
|
||||||
|
- "designate-sink"
|
||||||
|
- "designate-backend-bind9"
|
||||||
|
- "designate-worker"
|
||||||
|
|
||||||
|
- name: Copying over config.json files for services
|
||||||
|
template:
|
||||||
|
src: "{{ item }}.json.j2"
|
||||||
|
dest: "{{ node_config_directory }}/{{ item }}/config.json"
|
||||||
|
with_items:
|
||||||
|
- "designate-api"
|
||||||
|
- "designate-central"
|
||||||
|
- "designate-mdns"
|
||||||
|
- "designate-sink"
|
||||||
|
- "designate-backend-bind9"
|
||||||
|
- "designate-worker"
|
||||||
|
|
||||||
|
- name: Copying over designate.conf
|
||||||
|
merge_configs:
|
||||||
|
vars:
|
||||||
|
service_name: "{{ item }}"
|
||||||
|
sources:
|
||||||
|
- "{{ role_path }}/templates/designate.conf.j2"
|
||||||
|
- "{{ node_custom_config }}/global.conf"
|
||||||
|
- "{{ node_custom_config }}/database.conf"
|
||||||
|
- "{{ node_custom_config }}/messaging.conf"
|
||||||
|
- "{{ node_custom_config }}/designate.conf"
|
||||||
|
- "{{ node_custom_config }}/designate/{{ item }}.conf"
|
||||||
|
- "{{ node_custom_config }}/designate/{{ inventory_hostname }}/designate.conf"
|
||||||
|
dest: "{{ node_config_directory }}/{{ item }}/designate.conf"
|
||||||
|
with_items:
|
||||||
|
- "designate-api"
|
||||||
|
- "designate-central"
|
||||||
|
- "designate-mdns"
|
||||||
|
- "designate-sink"
|
||||||
|
- "designate-worker"
|
||||||
|
|
||||||
|
- name: Copying over pools.yaml
|
||||||
|
template:
|
||||||
|
src: "{{ item }}"
|
||||||
|
dest: "{{ node_config_directory }}/designate-worker/pools.yaml"
|
||||||
|
with_first_found:
|
||||||
|
- "{{ node_custom_config }}/designate/pools.yaml"
|
||||||
|
- "{{ role_path }}/templates/pools.yaml.j2"
|
||||||
|
|
||||||
|
- name: Copying over named.conf
|
||||||
|
template:
|
||||||
|
src: "{{ item }}"
|
||||||
|
dest: "{{ node_config_directory }}/designate-backend-bind9/named.conf"
|
||||||
|
with_first_found:
|
||||||
|
- "{{ node_custom_config }}/designate/designate-backend-bind9/{{ inventory_hostname }}/named.conf"
|
||||||
|
- "{{ node_custom_config }}/designate/designate-backend-bind9/named.conf"
|
||||||
|
- "{{ node_custom_config }}/designate/named.conf"
|
||||||
|
- "{{ role_path }}/templates/named.conf.j2"
|
||||||
|
|
||||||
|
- name: Copying over rndc.conf
|
||||||
|
template:
|
||||||
|
src: "rndc.conf.j2"
|
||||||
|
dest: "{{ node_config_directory }}/{{ item }}/rndc.conf"
|
||||||
|
with_items:
|
||||||
|
- "designate-backend-bind9"
|
||||||
|
- "designate-worker"
|
||||||
|
|
||||||
|
- name: Copying over rndc.key
|
||||||
|
template:
|
||||||
|
src: "rndc.key.j2"
|
||||||
|
dest: "{{ node_config_directory }}/{{ item }}/rndc.key"
|
||||||
|
with_items:
|
||||||
|
- "designate-backend-bind9"
|
||||||
|
- "designate-worker"
|
||||||
|
|
||||||
|
- name: Check if policies shall be overwritten
|
||||||
|
local_action: stat path="{{ node_custom_config }}/designate/policy.json"
|
||||||
|
register: designate_policy
|
||||||
|
|
||||||
|
- name: Copying over existing policy.json
|
||||||
|
template:
|
||||||
|
src: "{{ node_custom_config }}/designate/policy.json"
|
||||||
|
dest: "{{ node_config_directory }}/{{ item }}/policy.json"
|
||||||
|
with_items:
|
||||||
|
- "designate-api"
|
||||||
|
- "designate-central"
|
||||||
|
- "designate-mdns"
|
||||||
|
- "designate-sink"
|
||||||
|
- "designate-worker"
|
||||||
|
when:
|
||||||
|
designate_policy.stat.exists
|
25
ansible/roles/designate/tasks/deploy.yml
Normal file
25
ansible/roles/designate/tasks/deploy.yml
Normal file
@ -0,0 +1,25 @@
|
|||||||
|
---
|
||||||
|
- include: register.yml
|
||||||
|
when: inventory_hostname in groups['designate-api']
|
||||||
|
|
||||||
|
- include: config.yml
|
||||||
|
when: inventory_hostname in groups['designate-api'] or
|
||||||
|
inventory_hostname in groups['designate-central'] or
|
||||||
|
inventory_hostname in groups['designate-mdns'] or
|
||||||
|
inventory_hostname in groups['designate-worker'] or
|
||||||
|
inventory_hostname in groups['designate-sink'] or
|
||||||
|
inventory_hostname in groups['designate-backend-bind9']
|
||||||
|
|
||||||
|
- include: bootstrap.yml
|
||||||
|
when: inventory_hostname in groups['designate-central']
|
||||||
|
|
||||||
|
- include: start.yml
|
||||||
|
when: inventory_hostname in groups['designate-api'] or
|
||||||
|
inventory_hostname in groups['designate-central'] or
|
||||||
|
inventory_hostname in groups['designate-mdns'] or
|
||||||
|
inventory_hostname in groups['designate-worker'] or
|
||||||
|
inventory_hostname in groups['designate-sink'] or
|
||||||
|
inventory_hostname in groups['designate-backend-bind9']
|
||||||
|
|
||||||
|
- include: update_pools.yml
|
||||||
|
when: inventory_hostname in groups['designate-worker'][0]
|
2
ansible/roles/designate/tasks/main.yml
Normal file
2
ansible/roles/designate/tasks/main.yml
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
---
|
||||||
|
- include: "{{ action }}.yml"
|
48
ansible/roles/designate/tasks/precheck.yml
Normal file
48
ansible/roles/designate/tasks/precheck.yml
Normal file
@ -0,0 +1,48 @@
|
|||||||
|
- name: Get container facts
|
||||||
|
kolla_container_facts:
|
||||||
|
name:
|
||||||
|
- "{{ item }}"
|
||||||
|
register: container_facts
|
||||||
|
with_items:
|
||||||
|
- designate_api
|
||||||
|
- designate_backend_bind9
|
||||||
|
|
||||||
|
- name: Checking free port for designate API
|
||||||
|
wait_for:
|
||||||
|
host: "{{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}"
|
||||||
|
port: "{{ designate_api_port }}"
|
||||||
|
connect_timeout: 1
|
||||||
|
state: stopped
|
||||||
|
when:
|
||||||
|
- container_facts['designate_api'] is not defined
|
||||||
|
- inventory_hostname in groups['designate-api']
|
||||||
|
|
||||||
|
- name: Checking free port for designate mdns
|
||||||
|
wait_for:
|
||||||
|
host: "{{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}"
|
||||||
|
port: "{{ designate_mdns_port }}"
|
||||||
|
connect_timeout: 1
|
||||||
|
state: stopped
|
||||||
|
when:
|
||||||
|
- container_facts['designate_mdns'] is not defined
|
||||||
|
- inventory_hostname in groups['designate-mdns']
|
||||||
|
|
||||||
|
- name: Checking free port for designate backend bind9 port
|
||||||
|
wait_for:
|
||||||
|
host: "{{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}"
|
||||||
|
port: "{{ designate_bind_port }}"
|
||||||
|
connect_timeout: 1
|
||||||
|
state: stopped
|
||||||
|
when:
|
||||||
|
- container_facts['designate_backend_bind9'] is not defined
|
||||||
|
- inventory_hostname in groups['designate-backend-bind9']
|
||||||
|
|
||||||
|
- name: Checking free port for designate backend rndc port
|
||||||
|
wait_for:
|
||||||
|
host: "{{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}"
|
||||||
|
port: "{{ designate_rndc_port }}"
|
||||||
|
connect_timeout: 1
|
||||||
|
state: stopped
|
||||||
|
when:
|
||||||
|
- container_facts['designate_backend_bind9'] is not defined
|
||||||
|
- inventory_hostname in groups['designate-backend-bind9']
|
42
ansible/roles/designate/tasks/pull.yml
Normal file
42
ansible/roles/designate/tasks/pull.yml
Normal file
@ -0,0 +1,42 @@
|
|||||||
|
---
|
||||||
|
- name: Pulling designate-api image
|
||||||
|
kolla_docker:
|
||||||
|
action: "pull_image"
|
||||||
|
common_options: "{{ docker_common_options }}"
|
||||||
|
image: "{{ designate_api_image_full }}"
|
||||||
|
when: inventory_hostname in groups['designate-api']
|
||||||
|
|
||||||
|
- name: Pulling designate-central image
|
||||||
|
kolla_docker:
|
||||||
|
action: "pull_image"
|
||||||
|
common_options: "{{ docker_common_options }}"
|
||||||
|
image: "{{ designate_central_image_full }}"
|
||||||
|
when: inventory_hostname in groups['designate-central']
|
||||||
|
|
||||||
|
- name: Pulling designate-mdns image
|
||||||
|
kolla_docker:
|
||||||
|
action: "pull_image"
|
||||||
|
common_options: "{{ docker_common_options }}"
|
||||||
|
image: "{{ designate_mdns_image_full }}"
|
||||||
|
when: inventory_hostname in groups['designate-mdns']
|
||||||
|
|
||||||
|
- name: Pulling designate-worker image
|
||||||
|
kolla_docker:
|
||||||
|
action: "pull_image"
|
||||||
|
common_options: "{{ docker_common_options }}"
|
||||||
|
image: "{{ designate_worker_image_full }}"
|
||||||
|
when: inventory_hostname in groups['designate-worker']
|
||||||
|
|
||||||
|
- name: Pulling designate-sink image
|
||||||
|
kolla_docker:
|
||||||
|
action: "pull_image"
|
||||||
|
common_options: "{{ docker_common_options }}"
|
||||||
|
image: "{{ designate_sink_image_full }}"
|
||||||
|
when: inventory_hostname in groups['designate-sink']
|
||||||
|
|
||||||
|
- name: Pulling designate-backend-bind9 image
|
||||||
|
kolla_docker:
|
||||||
|
action: "pull_image"
|
||||||
|
common_options: "{{ docker_common_options }}"
|
||||||
|
image: "{{ designate_backend_bind9_image_full }}"
|
||||||
|
when: inventory_hostname in groups['designate-backend-bind9']
|
93
ansible/roles/designate/tasks/reconfigure.yml
Normal file
93
ansible/roles/designate/tasks/reconfigure.yml
Normal file
@ -0,0 +1,93 @@
|
|||||||
|
---
|
||||||
|
- name: Ensuring the containers up
|
||||||
|
kolla_docker:
|
||||||
|
name: "{{ item.name }}"
|
||||||
|
action: "get_container_state"
|
||||||
|
register: container_state
|
||||||
|
failed_when: container_state.Running == false
|
||||||
|
when:
|
||||||
|
- "{{ item.enabled|default(True) }}"
|
||||||
|
- inventory_hostname in groups[item.group]
|
||||||
|
with_items:
|
||||||
|
- { name: designate_central, group: designate-central }
|
||||||
|
- { name: designate_api, group: designate-api }
|
||||||
|
- { name: designate_mdns, group: designate-mdns }
|
||||||
|
- { name: designate_worker, group: designate-worker }
|
||||||
|
- { name: designate_sink, group: designate-sink }
|
||||||
|
- { name: designate_backend_bind9, group: designate-backend-bind9 }
|
||||||
|
|
||||||
|
- include: config.yml
|
||||||
|
|
||||||
|
- name: Check the configs
|
||||||
|
command: docker exec {{ item.name }} /usr/local/bin/kolla_set_configs --check
|
||||||
|
changed_when: false
|
||||||
|
failed_when: false
|
||||||
|
register: check_results
|
||||||
|
when: inventory_hostname in groups[item.group]
|
||||||
|
with_items:
|
||||||
|
- { name: designate_central, group: designate-central }
|
||||||
|
- { name: designate_api, group: designate-api }
|
||||||
|
- { name: designate_mdns, group: designate-mdns }
|
||||||
|
- { name: designate_worker, group: designate-worker }
|
||||||
|
- { name: designate_sink, group: designate-sink }
|
||||||
|
- { name: designate_backend_bind9, group: designate-backend-bind9 }
|
||||||
|
|
||||||
|
# NOTE(jeffrey4l): when config_strategy == 'COPY_ALWAYS'
|
||||||
|
# and container env['KOLLA_CONFIG_STRATEGY'] == 'COPY_ONCE',
|
||||||
|
# just remove the container and start again
|
||||||
|
- name: Containers config strategy
|
||||||
|
kolla_docker:
|
||||||
|
name: "{{ item.name }}"
|
||||||
|
action: "get_container_env"
|
||||||
|
register: container_envs
|
||||||
|
when: inventory_hostname in groups[item.group]
|
||||||
|
with_items:
|
||||||
|
- { name: designate_central, group: designate-central }
|
||||||
|
- { name: designate_api, group: designate-api }
|
||||||
|
- { name: designate_mdns, group: designate-mdns }
|
||||||
|
- { name: designate_worker, group: designate-worker }
|
||||||
|
- { name: designate_sink, group: designate-sink }
|
||||||
|
- { name: designate_backend_bind9, group: designate-backend-bind9 }
|
||||||
|
|
||||||
|
- name: Remove the containers
|
||||||
|
kolla_docker:
|
||||||
|
name: "{{ item[0]['name'] }}"
|
||||||
|
action: "remove_container"
|
||||||
|
register: remove_containers
|
||||||
|
when:
|
||||||
|
- inventory_hostname in groups[item[0]['group']]
|
||||||
|
- config_strategy == "COPY_ONCE" or item[1]['KOLLA_CONFIG_STRATEGY'] == 'COPY_ONCE'
|
||||||
|
- item[2]['rc'] == 1
|
||||||
|
with_together:
|
||||||
|
- [{ name: designate_central, group: designate-central },
|
||||||
|
{ name: designate_api, group: designate-api },
|
||||||
|
{ name: designate_mdns, group: designate-mdns },
|
||||||
|
{ name: designate_worker, group: designate-worker },
|
||||||
|
{ name: designate_sink, group: designate-sink },
|
||||||
|
{ name: designate_backend_bind9, group: designate-backend-bind9 }]
|
||||||
|
- "{{ container_envs.results }}"
|
||||||
|
- "{{ check_results.results }}"
|
||||||
|
|
||||||
|
- include: start.yml
|
||||||
|
when: remove_containers.changed
|
||||||
|
|
||||||
|
- name: Restart containers
|
||||||
|
kolla_docker:
|
||||||
|
name: "{{ item[0]['name'] }}"
|
||||||
|
action: "restart_container"
|
||||||
|
when:
|
||||||
|
- inventory_hostname in groups[item[0]['group']]
|
||||||
|
- config_strategy == 'COPY_ALWAYS'
|
||||||
|
- item[1]['KOLLA_CONFIG_STRATEGY'] != 'COPY_ONCE'
|
||||||
|
- item[2]['rc'] == 1
|
||||||
|
with_together:
|
||||||
|
- [{ name: designate_central, group: designate-central },
|
||||||
|
{ name: designate_api, group: designate-api },
|
||||||
|
{ name: designate_mdns, group: designate-mdns },
|
||||||
|
{ name: designate_worker, group: designate-worker },
|
||||||
|
{ name: designate_sink, group: designate-sink },
|
||||||
|
{ name: designate_backend_bind9, group: designate-backend-bind9 }]
|
||||||
|
- "{{ container_envs.results }}"
|
||||||
|
- "{{ check_results.results }}"
|
||||||
|
|
||||||
|
- include: update_pools.yml
|
40
ansible/roles/designate/tasks/register.yml
Normal file
40
ansible/roles/designate/tasks/register.yml
Normal file
@ -0,0 +1,40 @@
|
|||||||
|
---
|
||||||
|
- name: Creating the Designate service and endpoint
|
||||||
|
command: docker exec -t kolla_toolbox /usr/bin/ansible localhost
|
||||||
|
-m kolla_keystone_service
|
||||||
|
-a "service_name=designate
|
||||||
|
service_type=dns
|
||||||
|
description='Designate DNS Service'
|
||||||
|
endpoint_region={{ openstack_region_name }}
|
||||||
|
url='{{ item.url }}'
|
||||||
|
interface='{{ item.interface }}'
|
||||||
|
region_name={{ openstack_region_name }}
|
||||||
|
auth={{ '{{ openstack_designate_auth }}' }}"
|
||||||
|
-e "{'openstack_designate_auth':{{ openstack_designate_auth }}}"
|
||||||
|
register: designate_endpoint
|
||||||
|
changed_when: "{{ designate_endpoint.stdout.find('localhost | SUCCESS => ') != -1 and (designate_endpoint.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
|
||||||
|
until: designate_endpoint.stdout.split()[2] == 'SUCCESS'
|
||||||
|
retries: 10
|
||||||
|
delay: 5
|
||||||
|
run_once: True
|
||||||
|
with_items:
|
||||||
|
- {'interface': 'admin', 'url': '{{ designate_admin_endpoint }}'}
|
||||||
|
- {'interface': 'internal', 'url': '{{ designate_internal_endpoint }}'}
|
||||||
|
- {'interface': 'public', 'url': '{{ designate_public_endpoint }}'}
|
||||||
|
|
||||||
|
- name: Creating the Designate project, user, and role
|
||||||
|
command: docker exec -t kolla_toolbox /usr/bin/ansible localhost
|
||||||
|
-m kolla_keystone_user
|
||||||
|
-a "project=service
|
||||||
|
user=designate
|
||||||
|
password={{ designate_keystone_password }}
|
||||||
|
role=admin
|
||||||
|
region_name={{ openstack_region_name }}
|
||||||
|
auth={{ '{{ openstack_designate_auth }}' }}"
|
||||||
|
-e "{'openstack_designate_auth':{{ openstack_designate_auth }}}"
|
||||||
|
register: designate_user
|
||||||
|
changed_when: "{{ designate_user.stdout.find('localhost | SUCCESS => ') != -1 and (designate_user.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
|
||||||
|
until: designate_user.stdout.split()[2] == 'SUCCESS'
|
||||||
|
retries: 10
|
||||||
|
delay: 5
|
||||||
|
run_once: True
|
73
ansible/roles/designate/tasks/start.yml
Normal file
73
ansible/roles/designate/tasks/start.yml
Normal file
@ -0,0 +1,73 @@
|
|||||||
|
---
|
||||||
|
- name: Starting designate-backend-bind9 container
|
||||||
|
kolla_docker:
|
||||||
|
action: "start_container"
|
||||||
|
common_options: "{{ docker_common_options }}"
|
||||||
|
image: "{{ designate_backend_bind9_image_full }}"
|
||||||
|
name: "designate_backend_bind9"
|
||||||
|
volumes:
|
||||||
|
- "{{ node_config_directory }}/designate-backend-bind9/:{{ container_config_directory }}/:ro"
|
||||||
|
- "/etc/localtime:/etc/localtime:ro"
|
||||||
|
- "kolla_logs:/var/log/kolla/"
|
||||||
|
- "designate_backend_bind9:/var/lib/named/"
|
||||||
|
when: inventory_hostname in groups['designate-backend-bind9']
|
||||||
|
|
||||||
|
- name: Starting designate-central container
|
||||||
|
kolla_docker:
|
||||||
|
action: "start_container"
|
||||||
|
common_options: "{{ docker_common_options }}"
|
||||||
|
image: "{{ designate_central_image_full }}"
|
||||||
|
name: "designate_central"
|
||||||
|
volumes:
|
||||||
|
- "{{ node_config_directory }}/designate-central/:{{ container_config_directory }}/:ro"
|
||||||
|
- "/etc/localtime:/etc/localtime:ro"
|
||||||
|
- "kolla_logs:/var/log/kolla/"
|
||||||
|
when: inventory_hostname in groups['designate-central']
|
||||||
|
|
||||||
|
- name: Starting designate-api container
|
||||||
|
kolla_docker:
|
||||||
|
action: "start_container"
|
||||||
|
common_options: "{{ docker_common_options }}"
|
||||||
|
image: "{{ designate_api_image_full }}"
|
||||||
|
name: "designate_api"
|
||||||
|
volumes:
|
||||||
|
- "{{ node_config_directory }}/designate-api/:{{ container_config_directory }}/:ro"
|
||||||
|
- "/etc/localtime:/etc/localtime:ro"
|
||||||
|
- "kolla_logs:/var/log/kolla/"
|
||||||
|
when: inventory_hostname in groups['designate-api']
|
||||||
|
|
||||||
|
- name: Starting designate-mdns container
|
||||||
|
kolla_docker:
|
||||||
|
action: "start_container"
|
||||||
|
common_options: "{{ docker_common_options }}"
|
||||||
|
image: "{{ designate_mdns_image_full }}"
|
||||||
|
name: "designate_mdns"
|
||||||
|
volumes:
|
||||||
|
- "{{ node_config_directory }}/designate-mdns/:{{ container_config_directory }}/:ro"
|
||||||
|
- "/etc/localtime:/etc/localtime:ro"
|
||||||
|
- "kolla_logs:/var/log/kolla/"
|
||||||
|
when: inventory_hostname in groups['designate-mdns']
|
||||||
|
|
||||||
|
- name: Starting designate-worker container
|
||||||
|
kolla_docker:
|
||||||
|
action: "start_container"
|
||||||
|
common_options: "{{ docker_common_options }}"
|
||||||
|
image: "{{ designate_worker_image_full }}"
|
||||||
|
name: "designate_worker"
|
||||||
|
volumes:
|
||||||
|
- "{{ node_config_directory }}/designate-worker/:{{ container_config_directory }}/:ro"
|
||||||
|
- "/etc/localtime:/etc/localtime:ro"
|
||||||
|
- "kolla_logs:/var/log/kolla/"
|
||||||
|
when: inventory_hostname in groups['designate-worker']
|
||||||
|
|
||||||
|
- name: Starting designate-sink container
|
||||||
|
kolla_docker:
|
||||||
|
action: "start_container"
|
||||||
|
common_options: "{{ docker_common_options }}"
|
||||||
|
image: "{{ designate_sink_image_full }}"
|
||||||
|
name: "designate_sink"
|
||||||
|
volumes:
|
||||||
|
- "{{ node_config_directory }}/designate-sink/:{{ container_config_directory }}/:ro"
|
||||||
|
- "/etc/localtime:/etc/localtime:ro"
|
||||||
|
- "kolla_logs:/var/log/kolla/"
|
||||||
|
when: inventory_hostname in groups['designate-sink']
|
4
ansible/roles/designate/tasks/update_pools.yml
Normal file
4
ansible/roles/designate/tasks/update_pools.yml
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
---
|
||||||
|
- name: Update DNS pools
|
||||||
|
command: docker exec -t designate_worker designate-manage pool update --file /etc/designate/pools.yaml
|
||||||
|
when: inventory_hostname in groups['designate-worker'][0]
|
8
ansible/roles/designate/tasks/upgrade.yml
Normal file
8
ansible/roles/designate/tasks/upgrade.yml
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
---
|
||||||
|
- include: config.yml
|
||||||
|
|
||||||
|
- include: bootstrap_service.yml
|
||||||
|
|
||||||
|
- include: start.yml
|
||||||
|
|
||||||
|
- include: update_pools.yml
|
25
ansible/roles/designate/templates/designate-api.json.j2
Normal file
25
ansible/roles/designate/templates/designate-api.json.j2
Normal file
@ -0,0 +1,25 @@
|
|||||||
|
{
|
||||||
|
"command": "designate-api --config-file /etc/designate/designate.conf",
|
||||||
|
"config_files": [
|
||||||
|
{
|
||||||
|
"source": "{{ container_config_directory }}/designate.conf",
|
||||||
|
"dest": "/etc/designate/designate.conf",
|
||||||
|
"owner": "designate",
|
||||||
|
"perm": "0600"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"source": "{{ container_config_directory }}/policy.json",
|
||||||
|
"dest": "/etc/designate/policy.json",
|
||||||
|
"owner": "designate",
|
||||||
|
"perm": "0600",
|
||||||
|
"optional": true
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"permissions": [
|
||||||
|
{
|
||||||
|
"path": "/var/log/kolla/designate",
|
||||||
|
"owner": "designate:designate",
|
||||||
|
"recurse": true
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
@ -0,0 +1,35 @@
|
|||||||
|
{% set bind_cmd = 'named' if kolla_base_distro in ['ubuntu', 'debian'] else 'named' %}
|
||||||
|
{% set bind_file = 'bind/named.conf' if kolla_base_distro in ['ubuntu', 'debian'] else 'named.conf' %}
|
||||||
|
|
||||||
|
{
|
||||||
|
"command": "/usr/sbin/{{ bind_cmd }} -g",
|
||||||
|
"config_files": [
|
||||||
|
{
|
||||||
|
"source": "{{ container_config_directory }}/named.conf",
|
||||||
|
"dest": "/etc/{{ bind_file }}",
|
||||||
|
"owner": "root",
|
||||||
|
"perm": "0660"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"source": "{{ container_config_directory }}/rndc.conf",
|
||||||
|
"dest": "/etc/rndc.conf",
|
||||||
|
"owner": "root",
|
||||||
|
"perm": "0600",
|
||||||
|
"optional": true
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"source": "{{ container_config_directory }}/rndc.key",
|
||||||
|
"dest": "/etc/rndc.key",
|
||||||
|
"owner": "root",
|
||||||
|
"perm": "0600",
|
||||||
|
"optional": true
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"permissions": [
|
||||||
|
{
|
||||||
|
"path": "/var/log/kolla/named",
|
||||||
|
"owner": "root:root",
|
||||||
|
"recurse": true
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
25
ansible/roles/designate/templates/designate-central.json.j2
Normal file
25
ansible/roles/designate/templates/designate-central.json.j2
Normal file
@ -0,0 +1,25 @@
|
|||||||
|
{
|
||||||
|
"command": "designate-central --config-file /etc/designate/designate.conf",
|
||||||
|
"config_files": [
|
||||||
|
{
|
||||||
|
"source": "{{ container_config_directory }}/designate.conf",
|
||||||
|
"dest": "/etc/designate/designate.conf",
|
||||||
|
"owner": "designate",
|
||||||
|
"perm": "0600"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"source": "{{ container_config_directory }}/policy.json",
|
||||||
|
"dest": "/etc/designate/policy.json",
|
||||||
|
"owner": "designate",
|
||||||
|
"perm": "0600",
|
||||||
|
"optional": true
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"permissions": [
|
||||||
|
{
|
||||||
|
"path": "/var/log/kolla/designate",
|
||||||
|
"owner": "designate:designate",
|
||||||
|
"recurse": true
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
25
ansible/roles/designate/templates/designate-mdns.json.j2
Normal file
25
ansible/roles/designate/templates/designate-mdns.json.j2
Normal file
@ -0,0 +1,25 @@
|
|||||||
|
{
|
||||||
|
"command": "designate-mdns --config-file /etc/designate/designate.conf",
|
||||||
|
"config_files": [
|
||||||
|
{
|
||||||
|
"source": "{{ container_config_directory }}/designate.conf",
|
||||||
|
"dest": "/etc/designate/designate.conf",
|
||||||
|
"owner": "designate",
|
||||||
|
"perm": "0600"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"source": "{{ container_config_directory }}/policy.json",
|
||||||
|
"dest": "/etc/designate/policy.json",
|
||||||
|
"owner": "designate",
|
||||||
|
"perm": "0600",
|
||||||
|
"optional": true
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"permissions": [
|
||||||
|
{
|
||||||
|
"path": "/var/log/kolla/designate",
|
||||||
|
"owner": "designate:designate",
|
||||||
|
"recurse": true
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
25
ansible/roles/designate/templates/designate-sink.json.j2
Normal file
25
ansible/roles/designate/templates/designate-sink.json.j2
Normal file
@ -0,0 +1,25 @@
|
|||||||
|
{
|
||||||
|
"command": "designate-sink --config-file /etc/designate/designate.conf",
|
||||||
|
"config_files": [
|
||||||
|
{
|
||||||
|
"source": "{{ container_config_directory }}/designate.conf",
|
||||||
|
"dest": "/etc/designate/designate.conf",
|
||||||
|
"owner": "designate",
|
||||||
|
"perm": "0600"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"source": "{{ container_config_directory }}/policy.json",
|
||||||
|
"dest": "/etc/designate/policy.json",
|
||||||
|
"owner": "designate",
|
||||||
|
"perm": "0600",
|
||||||
|
"optional": true
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"permissions": [
|
||||||
|
{
|
||||||
|
"path": "/var/log/kolla/designate",
|
||||||
|
"owner": "designate:designate",
|
||||||
|
"recurse": true
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
46
ansible/roles/designate/templates/designate-worker.json.j2
Normal file
46
ansible/roles/designate/templates/designate-worker.json.j2
Normal file
@ -0,0 +1,46 @@
|
|||||||
|
{
|
||||||
|
"command": "designate-worker --config-file /etc/designate/designate.conf",
|
||||||
|
"config_files": [
|
||||||
|
{
|
||||||
|
"source": "{{ container_config_directory }}/designate.conf",
|
||||||
|
"dest": "/etc/designate/designate.conf",
|
||||||
|
"owner": "designate",
|
||||||
|
"perm": "0600"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"source": "{{ container_config_directory }}/policy.json",
|
||||||
|
"dest": "/etc/designate/policy.json",
|
||||||
|
"owner": "designate",
|
||||||
|
"perm": "0600",
|
||||||
|
"optional": true
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"source": "{{ container_config_directory }}/pools.yaml",
|
||||||
|
"dest": "/etc/designate/pools.yaml",
|
||||||
|
"owner": "designate",
|
||||||
|
"perm": "0600",
|
||||||
|
"optional": true
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"source": "{{ container_config_directory }}/rndc.conf",
|
||||||
|
"dest": "/etc/designate/rndc.conf",
|
||||||
|
"owner": "designate",
|
||||||
|
"perm": "0600",
|
||||||
|
"optional": true
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"source": "{{ container_config_directory }}/rndc.key",
|
||||||
|
"dest": "/etc/designate/rndc.key",
|
||||||
|
"owner": "designate",
|
||||||
|
"perm": "0600",
|
||||||
|
"optional": true
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"permissions": [
|
||||||
|
{
|
||||||
|
"path": "/var/log/kolla/designate",
|
||||||
|
"owner": "designate:designate",
|
||||||
|
"recurse": true
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
88
ansible/roles/designate/templates/designate.conf.j2
Normal file
88
ansible/roles/designate/templates/designate.conf.j2
Normal file
@ -0,0 +1,88 @@
|
|||||||
|
[DEFAULT]
|
||||||
|
|
||||||
|
debug = {{ designate_logging_debug }}
|
||||||
|
|
||||||
|
log_dir = /var/log/kolla/designate
|
||||||
|
|
||||||
|
transport_url = rabbit://{% for host in groups['rabbitmq'] %}{{ rabbitmq_user }}:{{ rabbitmq_password }}@{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ rabbitmq_port }}{% if not loop.last %},{% endif %}{% endfor %}
|
||||||
|
|
||||||
|
[service:central]
|
||||||
|
default_pool_id = {{ designate_pool_id }}
|
||||||
|
|
||||||
|
[service:api]
|
||||||
|
api_base_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ designate_api_port }}
|
||||||
|
api_host = {{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}
|
||||||
|
api_port = {{ designate_api_port }}
|
||||||
|
enable_api_v1 = True
|
||||||
|
enabled_extensions_v1 = 'diagnostics, quotas, reports, sync, touch'
|
||||||
|
enable_api_v2 = True
|
||||||
|
enabled_extensions_v2 = 'quotas, reports'
|
||||||
|
|
||||||
|
|
||||||
|
[keystone_authtoken]
|
||||||
|
auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}
|
||||||
|
auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
|
||||||
|
auth_type = password
|
||||||
|
project_domain_id = default
|
||||||
|
user_domain_id = default
|
||||||
|
project_name = service
|
||||||
|
username = {{ designate_keystone_user }}
|
||||||
|
password = {{ designate_keystone_password }}
|
||||||
|
http_connect_timeout = 60
|
||||||
|
|
||||||
|
memcache_security_strategy = ENCRYPT
|
||||||
|
memcache_secret_key = {{ memcache_secret_key }}
|
||||||
|
memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}
|
||||||
|
|
||||||
|
[service:sink]
|
||||||
|
enabled_notification_handlers = nova_fixed, neutron_floatingip
|
||||||
|
workers = {{ openstack_service_workers }}
|
||||||
|
|
||||||
|
[service:mdns]
|
||||||
|
listen = {{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}:{{ designate_mdns_port }}
|
||||||
|
workers = {{ openstack_service_workers }}
|
||||||
|
|
||||||
|
[service:worker]
|
||||||
|
enabled = True
|
||||||
|
notify = True
|
||||||
|
workers = {{ openstack_service_workers }}
|
||||||
|
|
||||||
|
[service:pool_manager]
|
||||||
|
cache_driver = sqlalchemy
|
||||||
|
pool_id = {{ designate_pool_id }}
|
||||||
|
workers = {{ openstack_service_workers }}
|
||||||
|
|
||||||
|
[pool_manager_cache:sqlalchemy]
|
||||||
|
connection = mysql+pymysql://{{ designate_pool_manager_database_user }}:{{ designate_pool_manager_database_password }}@{{ designate_pool_manager_database_address }}/{{ designate_pool_manager_database_name }}
|
||||||
|
max_retries = 10
|
||||||
|
idle_timeout = 3600
|
||||||
|
|
||||||
|
[pool_manager_cache:memcache]
|
||||||
|
memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}
|
||||||
|
|
||||||
|
[storage:sqlalchemy]
|
||||||
|
connection = mysql+pymysql://{{ designate_database_user }}:{{ designate_database_password }}@{{ designate_database_address }}/{{ designate_database_name }}
|
||||||
|
max_retries = 10
|
||||||
|
idle_timeout = 3600
|
||||||
|
|
||||||
|
[handler:nova_fixed]
|
||||||
|
notification_topics = notifications_designate
|
||||||
|
control_exchange = nova
|
||||||
|
format = '(display_name)s.%(domain)s'
|
||||||
|
|
||||||
|
[handler:neutron_floatingip]
|
||||||
|
notification_topics = notifications_designate
|
||||||
|
control_exchange = neutron
|
||||||
|
format = '%(octet0)s-%(octet1)s-%(octet2)s-%(octet3)s.%(domain)s'
|
||||||
|
|
||||||
|
[oslo_messaging_notifications]
|
||||||
|
topics = notifications_designate
|
||||||
|
driver = messaging
|
||||||
|
|
||||||
|
[oslo_messaging_rabbit]
|
||||||
|
rabbit_userid = {{ rabbitmq_user }}
|
||||||
|
rabbit_password = {{ rabbitmq_password }}
|
||||||
|
rabbit_hosts = {% for host in groups['rabbitmq'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ rabbitmq_port }}{% if not loop.last %},{% endif %}{% endfor %}
|
||||||
|
|
||||||
|
[oslo_concurrency]
|
||||||
|
lock_path = /var/lib/designate/tmp
|
15
ansible/roles/designate/templates/named.conf.j2
Normal file
15
ansible/roles/designate/templates/named.conf.j2
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
include "/etc/rndc.key";
|
||||||
|
options {
|
||||||
|
listen-on port {{ designate_bind_port }} { {{ hostvars[inventory_hostname]['ansible_' + hostvars[inventory_hostname]['api_interface']]['ipv4']['address'] }}; };
|
||||||
|
directory "/var/lib/named";
|
||||||
|
allow-new-zones yes;
|
||||||
|
dnssec-validation auto;
|
||||||
|
auth-nxdomain no;
|
||||||
|
request-ixfr no;
|
||||||
|
recursion no;
|
||||||
|
minimal-responses yes;
|
||||||
|
};
|
||||||
|
|
||||||
|
controls {
|
||||||
|
inet {{ hostvars[inventory_hostname]['ansible_' + hostvars[inventory_hostname]['api_interface']]['ipv4']['address'] }} port {{ designate_rndc_port }} allow { {% for host in groups['designate-worker'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}; {% endfor %} } keys { "rndc-key"; };
|
||||||
|
};
|
28
ansible/roles/designate/templates/pools.yaml.j2
Normal file
28
ansible/roles/designate/templates/pools.yaml.j2
Normal file
@ -0,0 +1,28 @@
|
|||||||
|
- name: default-bind
|
||||||
|
id: {{ designate_pool_id }}
|
||||||
|
description: Default BIND9 Pool
|
||||||
|
attributes: {}
|
||||||
|
ns_records:
|
||||||
|
- hostname: {{ designate_ns_record }}.
|
||||||
|
priority: 1
|
||||||
|
nameservers:
|
||||||
|
{% for host in groups['designate-backend-bind9'] %}
|
||||||
|
- host: {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}
|
||||||
|
port: {{ designate_bind_port }}
|
||||||
|
{% endfor %}
|
||||||
|
targets:
|
||||||
|
{% for bind_host in groups['designate-backend-bind9'] %}
|
||||||
|
- type: bind9
|
||||||
|
description: BIND9 Server {{ hostvars[bind_host]['ansible_' + hostvars[bind_host]['api_interface']]['ipv4']['address'] }}
|
||||||
|
masters:
|
||||||
|
{% for mdns_host in groups['designate-mdns'] %}
|
||||||
|
- host: {{ hostvars[mdns_host]['ansible_' + hostvars[mdns_host]['api_interface']]['ipv4']['address'] }}
|
||||||
|
port: 5354
|
||||||
|
{% endfor %}
|
||||||
|
options:
|
||||||
|
host: {{ hostvars[bind_host]['ansible_' + hostvars[bind_host]['api_interface']]['ipv4']['address'] }}
|
||||||
|
port: {{ designate_bind_port }}
|
||||||
|
rndc_host: {{ hostvars[bind_host]['ansible_' + hostvars[bind_host]['api_interface']]['ipv4']['address'] }}
|
||||||
|
rndc_port: {{ designate_rndc_port }}
|
||||||
|
rndc_key_file: /etc/designate/rndc.key
|
||||||
|
{% endfor %}
|
6
ansible/roles/designate/templates/rndc.conf.j2
Normal file
6
ansible/roles/designate/templates/rndc.conf.j2
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
#include "/etc/rndc.key";
|
||||||
|
options {
|
||||||
|
default-key "rndc-key";
|
||||||
|
default-server {{ hostvars[inventory_hostname]['ansible_' + hostvars[inventory_hostname]['api_interface']]['ipv4']['address'] }};
|
||||||
|
default-port {{ designate_rndc_port }};
|
||||||
|
};
|
4
ansible/roles/designate/templates/rndc.key.j2
Normal file
4
ansible/roles/designate/templates/rndc.key.j2
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
key "rndc-key" {
|
||||||
|
algorithm hmac-md5;
|
||||||
|
secret "{{ designate_rndc_key }}";
|
||||||
|
};
|
@ -36,6 +36,17 @@
|
|||||||
- "{{ 'cloudkitty_api' not in haproxy_stat }}"
|
- "{{ 'cloudkitty_api' not in haproxy_stat }}"
|
||||||
- inventory_hostname in groups['haproxy']
|
- inventory_hostname in groups['haproxy']
|
||||||
|
|
||||||
|
- name: Checking free port for Designate API HAProxy
|
||||||
|
wait_for:
|
||||||
|
host: "{{ kolla_internal_vip_address }}"
|
||||||
|
port: "{{ designate_api_port }}"
|
||||||
|
connect_timeout: 1
|
||||||
|
state: stopped
|
||||||
|
when:
|
||||||
|
- enable_designate | bool
|
||||||
|
- inventory_hostname in groups['haproxy']
|
||||||
|
- "{{ 'designate_api' not in haproxy_stat }}"
|
||||||
|
|
||||||
- name: Checking free port for Glance API HAProxy
|
- name: Checking free port for Glance API HAProxy
|
||||||
wait_for:
|
wait_for:
|
||||||
host: "{{ kolla_internal_vip_address }}"
|
host: "{{ kolla_internal_vip_address }}"
|
||||||
|
@ -650,6 +650,22 @@ listen congress_api_external
|
|||||||
{% endif %}
|
{% endif %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
|
{% if enable_designate | bool %}
|
||||||
|
listen designate_api
|
||||||
|
bind {{ kolla_internal_vip_address }}:{{ designate_api_port }}
|
||||||
|
{% for host in groups['designate-api'] %}
|
||||||
|
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ designate_api_port }} check inter 2000 rise 2 fall 5
|
||||||
|
{% endfor %}
|
||||||
|
{% if haproxy_enable_external_vip | bool %}
|
||||||
|
|
||||||
|
listen designate_api_external
|
||||||
|
bind {{ kolla_external_vip_address }}:{{ designate_api_port }} {{ tls_bind_info }}
|
||||||
|
{% for host in groups['designate-api'] %}
|
||||||
|
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ designate_api_port }} check inter 2000 rise 2 fall 5
|
||||||
|
{% endfor %}
|
||||||
|
{% endif %}
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
{% if enable_mistral | bool %}
|
{% if enable_mistral | bool %}
|
||||||
listen mistral_api
|
listen mistral_api
|
||||||
bind {{ kolla_internal_vip_address }}:{{ mistral_api_port }}
|
bind {{ kolla_internal_vip_address }}:{{ mistral_api_port }}
|
||||||
|
@ -91,9 +91,10 @@ memcached_servers = {% for host in groups['memcached'] %}{% if orchestration_eng
|
|||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
[oslo_messaging_notifications]
|
[oslo_messaging_notifications]
|
||||||
{% if enable_ceilometer | bool or enable_searchlight | bool %}
|
{% if enable_ceilometer | bool or enable_searchlight | bool or enable_designate | bool %}
|
||||||
driver = messagingv2
|
driver = messagingv2
|
||||||
topics = notifications
|
{% set topics=["notifications" if enable_ceilometer | bool else "", "notifications_designate" if enable_designate | bool else ""] %}
|
||||||
|
topics = {{ topics|reject("equalto", "")|list|join(",") }}
|
||||||
{% else %}
|
{% else %}
|
||||||
driver = noop
|
driver = noop
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
@ -50,7 +50,7 @@ compute_driver = libvirt.LibvirtDriver
|
|||||||
# Though my_ip is not used directly, lots of other variables use $my_ip
|
# Though my_ip is not used directly, lots of other variables use $my_ip
|
||||||
my_ip = {{ api_interface_address }}
|
my_ip = {{ api_interface_address }}
|
||||||
|
|
||||||
{% if enable_ceilometer | bool or enable_searchlight | bool %}
|
{% if enable_ceilometer | bool or enable_searchlight | bool or enable_designate | bool %}
|
||||||
instance_usage_audit = True
|
instance_usage_audit = True
|
||||||
instance_usage_audit_period = hour
|
instance_usage_audit_period = hour
|
||||||
notify_on_state_change = vm_and_task_state
|
notify_on_state_change = vm_and_task_state
|
||||||
@ -185,9 +185,10 @@ rbd_secret_uuid = {{ rbd_secret_uuid }}
|
|||||||
compute = auto
|
compute = auto
|
||||||
|
|
||||||
[oslo_messaging_notifications]
|
[oslo_messaging_notifications]
|
||||||
{% if enable_ceilometer | bool or enable_searchlight | bool %}
|
{% if enable_ceilometer | bool or enable_searchlight | bool or enable_designate | bool %}
|
||||||
driver = messagingv2
|
driver = messagingv2
|
||||||
topics = notifications
|
{% set topics=["notifications" if enable_ceilometer | bool else "", "notifications_designate" if enable_designate | bool else ""] %}
|
||||||
|
topics = {{ topics|reject("equalto", "")|list|join(",") }}
|
||||||
{% else %}
|
{% else %}
|
||||||
driver = noop
|
driver = noop
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
@ -401,6 +401,19 @@
|
|||||||
tags: tempest,
|
tags: tempest,
|
||||||
when: enable_tempest | bool }
|
when: enable_tempest | bool }
|
||||||
|
|
||||||
|
- name: Apply role designate
|
||||||
|
hosts:
|
||||||
|
- designate-api
|
||||||
|
- designate-central
|
||||||
|
- designate-mdns
|
||||||
|
- designate-worker
|
||||||
|
- designate-sink
|
||||||
|
serial: '{{ serial|default("0") }}'
|
||||||
|
roles:
|
||||||
|
- { role: designate,
|
||||||
|
tags: designate,
|
||||||
|
when: enable_designate | bool }
|
||||||
|
|
||||||
- name: Apply role rally
|
- name: Apply role rally
|
||||||
hosts: rally
|
hosts: rally
|
||||||
serial: '{{ serial|default("0") }}'
|
serial: '{{ serial|default("0") }}'
|
||||||
|
@ -129,6 +129,7 @@ kolla_internal_vip_address: "10.10.10.254"
|
|||||||
#enable_cinder_backend_nfs: "no"
|
#enable_cinder_backend_nfs: "no"
|
||||||
#enable_cloudkitty: "no"
|
#enable_cloudkitty: "no"
|
||||||
#enable_congress: "no"
|
#enable_congress: "no"
|
||||||
|
#enable_designate: "no"
|
||||||
#enable_destroy_images: "no"
|
#enable_destroy_images: "no"
|
||||||
#enable_etcd: "no"
|
#enable_etcd: "no"
|
||||||
#enable_gnocchi: "no"
|
#enable_gnocchi: "no"
|
||||||
@ -228,6 +229,12 @@ kolla_internal_vip_address: "10.10.10.254"
|
|||||||
#cinder_backup_mount_options_nfs: ""
|
#cinder_backup_mount_options_nfs: ""
|
||||||
|
|
||||||
|
|
||||||
|
#######################
|
||||||
|
# Designate options
|
||||||
|
#######################
|
||||||
|
designate_ns_record: "sample.openstack.org"
|
||||||
|
|
||||||
|
|
||||||
#########################
|
#########################
|
||||||
# Nova - Compute Options
|
# Nova - Compute Options
|
||||||
#########################
|
#########################
|
||||||
|
@ -58,6 +58,14 @@ cloudkitty_keystone_password:
|
|||||||
sahara_database_password:
|
sahara_database_password:
|
||||||
sahara_keystone_password:
|
sahara_keystone_password:
|
||||||
|
|
||||||
|
designate_database_password:
|
||||||
|
designate_pool_manager_database_password:
|
||||||
|
designate_keystone_password:
|
||||||
|
# This option must be UUID4 value in string format
|
||||||
|
designate_pool_id:
|
||||||
|
# This option must be HMAC-MD5 value in string format
|
||||||
|
designate_rndc_key:
|
||||||
|
|
||||||
swift_keystone_password:
|
swift_keystone_password:
|
||||||
swift_hash_path_suffix:
|
swift_hash_path_suffix:
|
||||||
swift_hash_path_prefix:
|
swift_hash_path_prefix:
|
||||||
|
@ -13,12 +13,14 @@
|
|||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
|
|
||||||
import argparse
|
import argparse
|
||||||
|
import hmac
|
||||||
import os
|
import os
|
||||||
import random
|
import random
|
||||||
import string
|
import string
|
||||||
import sys
|
import sys
|
||||||
|
|
||||||
from Crypto.PublicKey import RSA
|
from Crypto.PublicKey import RSA
|
||||||
|
from hashlib import md5
|
||||||
from oslo_utils import uuidutils
|
from oslo_utils import uuidutils
|
||||||
import yaml
|
import yaml
|
||||||
|
|
||||||
@ -51,7 +53,7 @@ def main():
|
|||||||
# These keys should be random uuids
|
# These keys should be random uuids
|
||||||
uuid_keys = ['ceph_cluster_fsid', 'rbd_secret_uuid',
|
uuid_keys = ['ceph_cluster_fsid', 'rbd_secret_uuid',
|
||||||
'gnocchi_project_id', 'gnocchi_resource_id',
|
'gnocchi_project_id', 'gnocchi_resource_id',
|
||||||
'gnocchi_user_id']
|
'gnocchi_user_id', 'designate_pool_id']
|
||||||
|
|
||||||
# SSH key pair
|
# SSH key pair
|
||||||
ssh_keys = ['kolla_ssh_key', 'nova_ssh_key',
|
ssh_keys = ['kolla_ssh_key', 'nova_ssh_key',
|
||||||
@ -60,6 +62,9 @@ def main():
|
|||||||
# If these keys are None, leave them as None
|
# If these keys are None, leave them as None
|
||||||
blank_keys = ['docker_registry_password']
|
blank_keys = ['docker_registry_password']
|
||||||
|
|
||||||
|
# HMAC-MD5 keys
|
||||||
|
hmac_md5_keys = ['designate_rndc_key']
|
||||||
|
|
||||||
# length of password
|
# length of password
|
||||||
length = 40
|
length = 40
|
||||||
|
|
||||||
@ -82,6 +87,10 @@ def main():
|
|||||||
continue
|
continue
|
||||||
if k in uuid_keys:
|
if k in uuid_keys:
|
||||||
passwords[k] = uuidutils.generate_uuid()
|
passwords[k] = uuidutils.generate_uuid()
|
||||||
|
elif k in hmac_md5_keys:
|
||||||
|
passwords[k] = (hmac.new(
|
||||||
|
uuidutils.generate_uuid(), '', md5)
|
||||||
|
.digest().encode('base64')[:-1])
|
||||||
else:
|
else:
|
||||||
passwords[k] = ''.join([
|
passwords[k] = ''.join([
|
||||||
random.SystemRandom().choice(
|
random.SystemRandom().choice(
|
||||||
|
@ -0,0 +1,6 @@
|
|||||||
|
---
|
||||||
|
prelude: >
|
||||||
|
Designate is an OpenStack project, providing DNSaaS.
|
||||||
|
features:
|
||||||
|
- Designate deployment through Ansible with Bind9
|
||||||
|
as backend for DNS.
|
Loading…
x
Reference in New Issue
Block a user