From 2a3df8db327f61273fa9e973d297f19b3740c0e0 Mon Sep 17 00:00:00 2001 From: Ross Krumbeck Date: Wed, 10 Aug 2016 15:48:32 +1000 Subject: [PATCH] Ansible-ize OpenStack Designate Implement containers for main designate components. Add designate enable options and port configuration. Add designate groups to ansible inventory. Add designate configuration to haproxy. Add designate port checks. Add designate passwords to passwords.yml. Enable Designate and Neutron integration. Enable Designate and Nova integration. Fix designate-pool-manager container name for consistency. Co-Authored-By: zhubingbing Change-Id: I34d8126e0cd8d71d5ced9b62f3776cc354fbb549 Implements: blueprint ansible-designate --- ansible/group_vars/all.yml | 3 + ansible/inventory/all-in-one | 19 ++++ ansible/inventory/multinode | 19 ++++ ansible/roles/designate/defaults/main.yml | 56 +++++++++++ ansible/roles/designate/meta/main.yml | 3 + ansible/roles/designate/tasks/bootstrap.yml | 78 ++++++++++++++++ .../designate/tasks/bootstrap_service.yml | 20 ++++ ansible/roles/designate/tasks/config.yml | 43 +++++++++ ansible/roles/designate/tasks/deploy.yml | 20 ++++ ansible/roles/designate/tasks/main.yml | 2 + ansible/roles/designate/tasks/pull.yml | 35 +++++++ ansible/roles/designate/tasks/reconfigure.yml | 86 +++++++++++++++++ ansible/roles/designate/tasks/register.yml | 40 ++++++++ ansible/roles/designate/tasks/start.yml | 60 ++++++++++++ ansible/roles/designate/tasks/upgrade.yml | 6 ++ .../designate/templates/designate-api.json.j2 | 11 +++ .../templates/designate-central.json.j2 | 11 +++ .../templates/designate-mdns.json.j2 | 11 +++ .../templates/designate-pool-manager.json.j2 | 11 +++ .../templates/designate-sink.json.j2 | 11 +++ .../designate/templates/designate.conf.j2 | 92 +++++++++++++++++++ .../roles/haproxy/templates/haproxy.cfg.j2 | 16 ++++ .../roles/neutron/templates/neutron.conf.j2 | 5 +- ansible/roles/nova/templates/nova.conf.j2 | 5 +- ansible/roles/prechecks/tasks/port_checks.yml | 16 ++++ ansible/site.yml | 12 +++ etc/kolla/globals.yml | 1 + etc/kolla/passwords.yml | 4 + .../notes/add-designate-c789e47f8ced394d.yaml | 5 + 29 files changed, 697 insertions(+), 4 deletions(-) create mode 100644 ansible/roles/designate/defaults/main.yml create mode 100644 ansible/roles/designate/meta/main.yml create mode 100644 ansible/roles/designate/tasks/bootstrap.yml create mode 100644 ansible/roles/designate/tasks/bootstrap_service.yml create mode 100644 ansible/roles/designate/tasks/config.yml create mode 100644 ansible/roles/designate/tasks/deploy.yml create mode 100644 ansible/roles/designate/tasks/main.yml create mode 100644 ansible/roles/designate/tasks/pull.yml create mode 100644 ansible/roles/designate/tasks/reconfigure.yml create mode 100644 ansible/roles/designate/tasks/register.yml create mode 100644 ansible/roles/designate/tasks/start.yml create mode 100644 ansible/roles/designate/tasks/upgrade.yml create mode 100644 ansible/roles/designate/templates/designate-api.json.j2 create mode 100644 ansible/roles/designate/templates/designate-central.json.j2 create mode 100644 ansible/roles/designate/templates/designate-mdns.json.j2 create mode 100644 ansible/roles/designate/templates/designate-pool-manager.json.j2 create mode 100644 ansible/roles/designate/templates/designate-sink.json.j2 create mode 100644 ansible/roles/designate/templates/designate.conf.j2 create mode 100644 releasenotes/notes/add-designate-c789e47f8ced394d.yaml diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml index 24772f765c..3073537e3d 100644 --- a/ansible/group_vars/all.yml +++ b/ansible/group_vars/all.yml @@ -124,6 +124,8 @@ congress_api_port: "1789" cloudkitty_api_port: "8889" +designate_api_port: "9001" + iscsi_port: "3260" gnocchi_api_port: "8041" @@ -257,6 +259,7 @@ enable_cinder_backend_lvm: "no" enable_cloudkitty: "no" enable_congress: "no" enable_etcd: "no" +enable_designate: "no" enable_gnocchi: "no" enable_grafana: "no" enable_heat: "yes" diff --git a/ansible/inventory/all-in-one b/ansible/inventory/all-in-one index d75b3e2fe4..69f8ab1901 100644 --- a/ansible/inventory/all-in-one +++ b/ansible/inventory/all-in-one @@ -138,6 +138,9 @@ control [searchlight:children] control +[designate:children] +control + # Additional control implemented here. These groups allow you to control which # services run on which hosts at a per-service level. # @@ -398,3 +401,19 @@ searchlight [searchlight-listener:children] searchlight + +# Designate +[designate-api:children] +designate + +[designate-central:children] +designate + +[designate-mdns:children] +designate + +[designate-pool-manager:children] +designate + +[designate-sink:children] +designate diff --git a/ansible/inventory/multinode b/ansible/inventory/multinode index 9580f68196..f63aeafea8 100644 --- a/ansible/inventory/multinode +++ b/ansible/inventory/multinode @@ -153,6 +153,9 @@ control [searchlight:children] control +[designate:children] +control + # Additional control implemented here. These groups allow you to control which # services run on which hosts at a per-service level. # @@ -413,3 +416,19 @@ searchlight [searchlight-listener:children] searchlight + +# Designate +[designate-api:children] +designate + +[designate-central:children] +designate + +[designate-mdns:children] +designate + +[designate-pool-manager:children] +designate + +[designate-sink:children] +designate diff --git a/ansible/roles/designate/defaults/main.yml b/ansible/roles/designate/defaults/main.yml new file mode 100644 index 0000000000..5a47ee0f68 --- /dev/null +++ b/ansible/roles/designate/defaults/main.yml @@ -0,0 +1,56 @@ +--- +project_name: "designate" + +#################### +# Database +#################### +designate_database_name: "designate" +designate_database_user: "designate" +designate_database_address: "{{ kolla_internal_fqdn }}:{{ database_port }}" + +designate_pool_manager_database_name: "designate_pool_manager" +designate_pool_manager_database_user: "designate_pool_manager" +designate_pool_manager_database_address: "{{ kolla_internal_fqdn }}:{{ database_port }}" + + +#################### +# Docker +#################### + +designate_central_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-designate-central" +designate_central_tag: "{{ openstack_release }}" +designate_central_image_full: "{{ designate_central_image }}:{{ designate_central_tag }}" + +designate_api_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-designate-api" +designate_api_tag: "{{ openstack_release }}" +designate_api_image_full: "{{ designate_api_image }}:{{ designate_api_tag }}" + +designate_backend_bind9_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-designate-backend-bind9" +designate_backend_bind9_tag: "{{ openstack_release }}" +designate_backend_bind9_image_full: "{{ designate_backend_bind9_image }}:{{ designate_backend_bind9_tag }}" + +designate_mdns_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-designate-mdns" +designate_mdns_tag: "{{ openstack_release }}" +designate_mdns_image_full: "{{ designate_mdns_image }}:{{ designate_mdns_tag }}" + +designate_pool_manager_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-designate-pool-manager" +designate_pool_manager_tag: "{{ openstack_release }}" +designate_pool_manager_image_full: "{{ designate_pool_manager_image }}:{{ designate_pool_manager_tag }}" + +designate_sink_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-designate-sink" +designate_sink_tag: "{{ openstack_release }}" +designate_sink_image_full: "{{ designate_sink_image }}:{{ designate_sink_tag }}" + + +#################### +# OpenStack +#################### +designate_admin_endpoint: "{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ designate_api_port }}" +designate_internal_endpoint: "{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ designate_api_port }}" +designate_public_endpoint: "{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ designate_api_port }}" + +designate_logging_debug: "{{ openstack_logging_debug }}" + +designate_keystone_user: "designate" + +openstack_designate_auth: "{'auth_url':'{{ openstack_auth.auth_url }}','username':'{{ openstack_auth.username }}','password':'{{ openstack_auth.password }}','project_name':'{{ openstack_auth.project_name }}'}" diff --git a/ansible/roles/designate/meta/main.yml b/ansible/roles/designate/meta/main.yml new file mode 100644 index 0000000000..6b4fff8fef --- /dev/null +++ b/ansible/roles/designate/meta/main.yml @@ -0,0 +1,3 @@ +--- +dependencies: + - { role: common } diff --git a/ansible/roles/designate/tasks/bootstrap.yml b/ansible/roles/designate/tasks/bootstrap.yml new file mode 100644 index 0000000000..427e9db1ae --- /dev/null +++ b/ansible/roles/designate/tasks/bootstrap.yml @@ -0,0 +1,78 @@ +--- +- name: Creating Designate database + command: docker exec -t kolla_toolbox /usr/bin/ansible localhost + -m mysql_db + -a "login_host='{{ database_address }}' + login_port='{{ database_port }}' + login_user='{{ database_user }}' + login_password='{{ database_password }}' + name='{{ designate_database_name }}'" + register: database + changed_when: "{{ database.stdout.find('localhost | SUCCESS => ') != -1 and + (database.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}" + failed_when: database.stdout.split()[2] != 'SUCCESS' + run_once: True + delegate_to: "{{ groups['designate-central'][0] }}" + +- name: Reading json from variable + set_fact: + database_created: "{{ (database.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}" + +- name: Creating Designate Pool Manager database + command: docker exec -t kolla_toolbox /usr/bin/ansible localhost + -m mysql_db + -a "login_host='{{ database_address }}' + login_port='{{ database_port }}' + login_user='{{ database_user }}' + login_password='{{ database_password }}' + name='{{ designate_pool_manager_database_name }}'" + register: database_pool_manager + changed_when: "{{ database.stdout.find('localhost | SUCCESS => ') != -1 and + (database.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}" + failed_when: database.stdout.split()[2] != 'SUCCESS' + run_once: True + delegate_to: "{{ groups['designate-central'][0] }}" + +- name: Reading json from variable + set_fact: + database_pool_manager_created: "{{ (database_pool_manager.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}" + +- name: Creating Designate database user and setting permissions + command: docker exec -t kolla_toolbox /usr/bin/ansible localhost + -m mysql_user + -a "login_host='{{ database_address }}' + login_port='{{ database_port }}' + login_user='{{ database_user }}' + login_password='{{ database_password }}' + name='{{ designate_database_name }}' + password='{{ designate_database_password }}' + host='%' + priv='{{ designate_database_name }}.*:ALL' + append_privs='yes'" + register: database_user_create + changed_when: "{{ database_user_create.stdout.find('localhost | SUCCESS => ') != -1 and + (database_user_create.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}" + failed_when: database_user_create.stdout.split()[2] != 'SUCCESS' + run_once: True + delegate_to: "{{ groups['designate-central'][0] }}" + +- name: Creating Designate Pool Manager database user and setting permissions + command: docker exec -t kolla_toolbox /usr/bin/ansible localhost + -m mysql_user + -a "login_host='{{ database_address }}' + login_port='{{ database_port }}' + login_user='{{ database_user }}' + login_password='{{ database_password }}' + name='{{ designate_pool_manager_database_name }}' + password='{{ designate_pool_manager_database_password }}' + host='%' + priv='{{ designate_pool_manager_database_name }}.*:ALL' + append_privs='yes'" + register: database_pool_manager_user_create + changed_when: "{{ database_pool_manager_user_create.stdout.find('localhost | SUCCESS => ') != -1 and + (database_pool_manager_user_create.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}" + failed_when: database_pool_manager_user_create.stdout.split()[2] != 'SUCCESS' + run_once: True + +- include: bootstrap_service.yml + when: database_created diff --git a/ansible/roles/designate/tasks/bootstrap_service.yml b/ansible/roles/designate/tasks/bootstrap_service.yml new file mode 100644 index 0000000000..ab530e8b73 --- /dev/null +++ b/ansible/roles/designate/tasks/bootstrap_service.yml @@ -0,0 +1,20 @@ +--- +- name: Running Designate bootstrap container + kolla_docker: + action: "start_container" + common_options: "{{ docker_common_options }}" + detach: False + environment: + KOLLA_BOOTSTRAP: + KOLLA_CONFIG_STRATEGY: "{{ config_strategy }}" + image: "{{ designate_central_image_full }}" + labels: + BOOTSTRAP: + name: "bootstrap_designate" + restart_policy: "never" + volumes: + - "{{ node_config_directory }}/designate-central/:{{ container_config_directory }}/:ro" + - "/etc/localtime:/etc/localtime:ro" + - "kolla_logs:/var/log/kolla/" + run_once: True + delegate_to: "{{ groups['designate-central'][0] }}" diff --git a/ansible/roles/designate/tasks/config.yml b/ansible/roles/designate/tasks/config.yml new file mode 100644 index 0000000000..f42f2415cd --- /dev/null +++ b/ansible/roles/designate/tasks/config.yml @@ -0,0 +1,43 @@ +--- +- name: Ensuring config directories exist + file: + path: "{{ node_config_directory }}/{{ item }}" + state: "directory" + recurse: yes + with_items: + - "designate-api" + - "designate-central" + - "designate-mdns" + - "designate-pool-manager" + - "designate-sink" + +- name: Copying over config.json files for services + template: + src: "{{ item }}.json.j2" + dest: "{{ node_config_directory }}/{{ item }}/config.json" + with_items: + - "designate-api" + - "designate-central" + - "designate-mdns" + - "designate-pool-manager" + - "designate-sink" + +- name: Copying over designate.conf + merge_configs: + vars: + service_name: "{{ item }}" + sources: + - "{{ role_path }}/templates/designate.conf.j2" + - "{{ node_custom_config }}/global.conf" + - "{{ node_custom_config }}/database.conf" + - "{{ node_custom_config }}/messaging.conf" + - "{{ node_custom_config }}/designate.conf" + - "{{ node_custom_config }}/designate/{{ item }}.conf" + - "{{ node_custom_config }}/designate/{{ inventory_hostname }}/designate.conf" + dest: "{{ node_config_directory }}/{{ item }}/designate.conf" + with_items: + - "designate-api" + - "designate-central" + - "designate-mdns" + - "designate-pool-manager" + - "designate-sink" diff --git a/ansible/roles/designate/tasks/deploy.yml b/ansible/roles/designate/tasks/deploy.yml new file mode 100644 index 0000000000..71d43606a6 --- /dev/null +++ b/ansible/roles/designate/tasks/deploy.yml @@ -0,0 +1,20 @@ +--- +- include: register.yml + when: inventory_hostname in groups['designate-api'] + +- include: config.yml + when: inventory_hostname in groups['designate-api'] or + inventory_hostname in groups['designate-central'] or + inventory_hostname in groups['designate-mdns'] or + inventory_hostname in groups['designate-pool-manager'] or + inventory_hostname in groups['designate-sink'] + +- include: bootstrap.yml + when: inventory_hostname in groups['designate-central'] + +- include: start.yml + when: inventory_hostname in groups['designate-api'] or + inventory_hostname in groups['designate-central'] or + inventory_hostname in groups['designate-mdns'] or + inventory_hostname in groups['designate-pool-manager'] or + inventory_hostname in groups['designate-sink'] diff --git a/ansible/roles/designate/tasks/main.yml b/ansible/roles/designate/tasks/main.yml new file mode 100644 index 0000000000..b017e8b4ad --- /dev/null +++ b/ansible/roles/designate/tasks/main.yml @@ -0,0 +1,2 @@ +--- +- include: "{{ action }}.yml" diff --git a/ansible/roles/designate/tasks/pull.yml b/ansible/roles/designate/tasks/pull.yml new file mode 100644 index 0000000000..b3896c1037 --- /dev/null +++ b/ansible/roles/designate/tasks/pull.yml @@ -0,0 +1,35 @@ +--- +- name: Pulling designate-api image + kolla_docker: + action: "pull_image" + common_options: "{{ docker_common_options }}" + image: "{{ designate_api_image_full }}" + when: inventory_hostname in groups['designate-api'] + +- name: Pulling designate-central image + kolla_docker: + action: "pull_image" + common_options: "{{ docker_common_options }}" + image: "{{ designate_central_image_full }}" + when: inventory_hostname in groups['designate-central'] + +- name: Pulling designate-mdns image + kolla_docker: + action: "pull_image" + common_options: "{{ docker_common_options }}" + image: "{{ designate_mdns_image_full }}" + when: inventory_hostname in groups['designate-mdns'] + +- name: Pulling designate-pool-manager image + kolla_docker: + action: "pull_image" + common_options: "{{ docker_common_options }}" + image: "{{ designate_pool_manager_image_full }}" + when: inventory_hostname in groups['designate-pool-manager'] + +- name: Pulling designate-sink image + kolla_docker: + action: "pull_image" + common_options: "{{ docker_common_options }}" + image: "{{ designate_sink_image_full }}" + when: inventory_hostname in groups['designate-sink'] diff --git a/ansible/roles/designate/tasks/reconfigure.yml b/ansible/roles/designate/tasks/reconfigure.yml new file mode 100644 index 0000000000..ace5333de3 --- /dev/null +++ b/ansible/roles/designate/tasks/reconfigure.yml @@ -0,0 +1,86 @@ +--- +- name: Ensuring the containers up + kolla_docker: + name: "{{ item.name }}" + action: "get_container_state" + register: container_states + failed_when: container_states.Running == false + when: + - "{{ item.enabled|default(True) }}" + - inventory_hostname in groups[item.group] + with_items: + - { name: designate_central, group: designate-central } + - { name: designate_api, group: designate-api } + - { name: designate_mdns, group: designate-mdns } + - { name: designate_pool_manager, group: designate-pool-manager } + - { name: designate_sink, group: designate-sink } + +- include: config.yml + +- name: Check the configs + command: docker exec {{ item.name }} /usr/local/bin/kolla_set_configs --check + changed_when: false + failed_when: false + register: check_results + when: inventory_hostname in groups[item.group] + with_items: + - { name: designate_central, group: designate-central } + - { name: designate_api, group: designate-api } + - { name: designate_mdns, group: designate-mdns } + - { name: designate_pool_manager, group: designate-pool-manager } + - { name: designate_sink, group: designate-sink } + +# NOTE(jeffrey4l): when config_strategy == 'COPY_ALWAYS' +# and container env['KOLLA_CONFIG_STRATEGY'] == 'COPY_ONCE', +# just remove the container and start again +- name: Containers config strategy + kolla_docker: + name: "{{ item.name }}" + action: "get_container_env" + register: container_envs + when: inventory_hostname in groups[item.group] + with_items: + - { name: designate_central, group: designate-central } + - { name: designate_api, group: designate-api } + - { name: designate_mdns, group: designate-mdns } + - { name: designate_pool_manager, group: designate-pool-manager } + - { name: designate_sink, group: designate-sink } + +- name: Remove the containers + kolla_docker: + name: "{{ item[0]['name'] }}" + action: "remove_container" + register: remove_containers + when: + - inventory_hostname in groups[item[0]['group']] + - config_strategy == "COPY_ONCE" or item[1]['KOLLA_CONFIG_STRATEGY'] == 'COPY_ONCE' + - item[2]['rc'] == 1 + with_together: + - [{ name: designate_central, group: designate-central }, + { name: designate_api, group: designate-api }, + { name: designate_mdns, group: designate-mdns }, + { name: designate_pool_manager, group: designate-pool-manager }, + { name: designate_sink, group: designate-sink }] + - "{{ container_envs.results }}" + - "{{ check_results.results }}" + +- include: start.yml + when: remove_containers.changed + +- name: Restart containers + kolla_docker: + name: "{{ item[0]['name'] }}" + action: "restart_container" + when: + - inventory_hostname in groups[item[0]['group']] + - config_strategy == 'COPY_ALWAYS' + - item[1]['KOLLA_CONFIG_STRATEGY'] != 'COPY_ONCE' + - item[2]['rc'] == 1 + with_together: + - [{ name: designate_central, group: designate-central }, + { name: designate_api, group: designate-api }, + { name: designate_mdns, group: designate-mdns }, + { name: designate_pool_manager, group: designate-pool-manager }, + { name: designate_sink, group: designate-sink }] + - "{{ container_envs.results }}" + - "{{ check_results.results }}" diff --git a/ansible/roles/designate/tasks/register.yml b/ansible/roles/designate/tasks/register.yml new file mode 100644 index 0000000000..e17db9bc27 --- /dev/null +++ b/ansible/roles/designate/tasks/register.yml @@ -0,0 +1,40 @@ +--- +- name: Creating the Designate service and endpoint + command: docker exec -t kolla_toolbox /usr/bin/ansible localhost + -m kolla_keystone_service + -a "service_name=designate + service_type=dns + description='Designate DNS Service' + endpoint_region={{ openstack_region_name }} + url='{{ item.url }}' + interface='{{ item.interface }}' + region_name={{ openstack_region_name }} + auth={{ '{{ openstack_designate_auth }}' }}" + -e "{'openstack_designate_auth':{{ openstack_designate_auth }}}" + register: designate_endpoint + changed_when: "{{ designate_endpoint.stdout.find('localhost | SUCCESS => ') != -1 and (designate_endpoint.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}" + until: designate_endpoint.stdout.split()[2] == 'SUCCESS' + retries: 10 + delay: 5 + run_once: True + with_items: + - {'interface': 'admin', 'url': '{{ designate_admin_endpoint }}'} + - {'interface': 'internal', 'url': '{{ designate_internal_endpoint }}'} + - {'interface': 'public', 'url': '{{ designate_public_endpoint }}'} + +- name: Creating the Designate project, user, and role + command: docker exec -t kolla_toolbox /usr/bin/ansible localhost + -m kolla_keystone_user + -a "project=service + user=designate + password={{ designate_keystone_password }} + role=admin + region_name={{ openstack_region_name }} + auth={{ '{{ openstack_designate_auth }}' }}" + -e "{'openstack_designate_auth':{{ openstack_designate_auth }}}" + register: designate_user + changed_when: "{{ designate_user.stdout.find('localhost | SUCCESS => ') != -1 and (designate_user.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}" + until: designate_user.stdout.split()[2] == 'SUCCESS' + retries: 10 + delay: 5 + run_once: True diff --git a/ansible/roles/designate/tasks/start.yml b/ansible/roles/designate/tasks/start.yml new file mode 100644 index 0000000000..e4c80990fb --- /dev/null +++ b/ansible/roles/designate/tasks/start.yml @@ -0,0 +1,60 @@ +--- +- name: Starting designate-central container + kolla_docker: + action: "start_container" + common_options: "{{ docker_common_options }}" + image: "{{ designate_central_image_full }}" + name: "designate_central" + volumes: + - "{{ node_config_directory }}/designate-central/:{{ container_config_directory }}/:ro" + - "/etc/localtime:/etc/localtime:ro" + - "kolla_logs:/var/log/kolla/" + when: inventory_hostname in groups['designate-central'] + +- name: Starting designate-api container + kolla_docker: + action: "start_container" + common_options: "{{ docker_common_options }}" + image: "{{ designate_api_image_full }}" + name: "designate_api" + volumes: + - "{{ node_config_directory }}/designate-api/:{{ container_config_directory }}/:ro" + - "/etc/localtime:/etc/localtime:ro" + - "kolla_logs:/var/log/kolla/" + when: inventory_hostname in groups['designate-api'] + +- name: Starting designate-mdns container + kolla_docker: + action: "start_container" + common_options: "{{ docker_common_options }}" + image: "{{ designate_mdns_image_full }}" + name: "designate_mdns" + volumes: + - "{{ node_config_directory }}/designate-mdns/:{{ container_config_directory }}/:ro" + - "/etc/localtime:/etc/localtime:ro" + - "kolla_logs:/var/log/kolla/" + when: inventory_hostname in groups['designate-mdns'] + +- name: Starting designate-pool-manager container + kolla_docker: + action: "start_container" + common_options: "{{ docker_common_options }}" + image: "{{ designate_pool_manager_image_full }}" + name: "designate_pool_manager" + volumes: + - "{{ node_config_directory }}/designate-pool-manager/:{{ container_config_directory }}/:ro" + - "/etc/localtime:/etc/localtime:ro" + - "kolla_logs:/var/log/kolla/" + when: inventory_hostname in groups['designate-pool-manager'] + +- name: Starting designate-sink container + kolla_docker: + action: "start_container" + common_options: "{{ docker_common_options }}" + image: "{{ designate_sink_image_full }}" + name: "designate_sink" + volumes: + - "{{ node_config_directory }}/designate-sink/:{{ container_config_directory }}/:ro" + - "/etc/localtime:/etc/localtime:ro" + - "kolla_logs:/var/log/kolla/" + when: inventory_hostname in groups['designate-sink'] diff --git a/ansible/roles/designate/tasks/upgrade.yml b/ansible/roles/designate/tasks/upgrade.yml new file mode 100644 index 0000000000..308053080c --- /dev/null +++ b/ansible/roles/designate/tasks/upgrade.yml @@ -0,0 +1,6 @@ +--- +- include: config.yml + +- include: bootstrap_service.yml + +- include: start.yml diff --git a/ansible/roles/designate/templates/designate-api.json.j2 b/ansible/roles/designate/templates/designate-api.json.j2 new file mode 100644 index 0000000000..92f6e0c6a4 --- /dev/null +++ b/ansible/roles/designate/templates/designate-api.json.j2 @@ -0,0 +1,11 @@ +{ + "command": "designate-api --config-file /etc/designate/designate.conf", + "config_files": [ + { + "source": "{{ container_config_directory }}/designate.conf", + "dest": "/etc/designate/designate.conf", + "owner": "designate", + "perm": "0600" + } + ] +} diff --git a/ansible/roles/designate/templates/designate-central.json.j2 b/ansible/roles/designate/templates/designate-central.json.j2 new file mode 100644 index 0000000000..bd4bf299aa --- /dev/null +++ b/ansible/roles/designate/templates/designate-central.json.j2 @@ -0,0 +1,11 @@ +{ + "command": "designate-central --config-file /etc/designate/designate.conf", + "config_files": [ + { + "source": "{{ container_config_directory }}/designate.conf", + "dest": "/etc/designate/designate.conf", + "owner": "designate", + "perm": "0600" + } + ] +} diff --git a/ansible/roles/designate/templates/designate-mdns.json.j2 b/ansible/roles/designate/templates/designate-mdns.json.j2 new file mode 100644 index 0000000000..dbb098e47e --- /dev/null +++ b/ansible/roles/designate/templates/designate-mdns.json.j2 @@ -0,0 +1,11 @@ +{ + "command": "designate-mdns --config-file /etc/designate/designate.conf", + "config_files": [ + { + "source": "{{ container_config_directory }}/designate.conf", + "dest": "/etc/designate/designate.conf", + "owner": "designate", + "perm": "0600" + } + ] +} diff --git a/ansible/roles/designate/templates/designate-pool-manager.json.j2 b/ansible/roles/designate/templates/designate-pool-manager.json.j2 new file mode 100644 index 0000000000..59d09171fd --- /dev/null +++ b/ansible/roles/designate/templates/designate-pool-manager.json.j2 @@ -0,0 +1,11 @@ +{ + "command": "designate-pool-manager --config-file /etc/designate/designate.conf", + "config_files": [ + { + "source": "{{ container_config_directory }}/designate.conf", + "dest": "/etc/designate/designate.conf", + "owner": "designate", + "perm": "0600" + } + ] +} diff --git a/ansible/roles/designate/templates/designate-sink.json.j2 b/ansible/roles/designate/templates/designate-sink.json.j2 new file mode 100644 index 0000000000..41b11dce3e --- /dev/null +++ b/ansible/roles/designate/templates/designate-sink.json.j2 @@ -0,0 +1,11 @@ +{ + "command": "designate-sink --config-file /etc/designate/designate.conf", + "config_files": [ + { + "source": "{{ container_config_directory }}/designate.conf", + "dest": "/etc/designate/designate.conf", + "owner": "designate", + "perm": "0600" + } + ] +} diff --git a/ansible/roles/designate/templates/designate.conf.j2 b/ansible/roles/designate/templates/designate.conf.j2 new file mode 100644 index 0000000000..17e0e59740 --- /dev/null +++ b/ansible/roles/designate/templates/designate.conf.j2 @@ -0,0 +1,92 @@ +[DEFAULT] + +debug = {{ designate_logging_debug }} + +log-dir = /var/log/kolla/designate + +notification_driver = messaging +notification_topics = notifications_designate + +transport_url = rabbit://{% for host in groups['rabbitmq'] %}{{ rabbitmq_user }}:{{ rabbitmq_password }}@{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ rabbitmq_port }}{% if not loop.last %},{% endif %}{% endfor %} + +[service:api] +api_base_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ designate_api_port }} +api_host = {{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }} +api_port = {{ designate_api_port }} + +enable_api_v1 = True +enabled_extensions_v1 = 'diagnostics, quotas, reports, sync, touch' +enable_api_v2 = True +enabled_extensions_v2 = 'quotas, reports' + +api_paste_config = /usr/share/designate/api-paste.ini + +[keystone_authtoken] +auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }} +auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }} +auth_type = password +project_domain_id = default +user_domain_id = default +project_name = service +username = {{ designate_keystone_user }} +password = {{ designate_keystone_password }} +http_connect_timeout = 60 + +memcache_security_strategy = ENCRYPT +memcache_secret_key = {{ memcache_secret_key }} +memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %} + +[cors] + +[cors.subdomain] + +[service:sink] +enabled_notification_handlers = nova_fixed, neutron_floatingip + +[service:mdns] +host = {{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }} + +[service:agent] +host = {{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }} + +[service:zone_manager] + +[zone_manager_task:domain_purge] + +[zone_manager_task:delayed_notify] + +[service:pool_manager] +cache_driver = memcache + +[pool_manager_cache:sqlalchemy] +connection = mysql+pymysql://{{ designate_pool_manager_database_user }}:{{ designate_pool_manager_database_password }}@{{ designate_pool_manager_database_address }}/{{ designate_pool_manager_database_name }} +max_retries = 10 +idle_timeout = 3600 + +[pool_manager_cache:memcache] +memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %} + +[network_api:neutron] + +[storage:sqlalchemy] +connection = mysql+pymysql://{{ designate_database_user }}:{{ designate_database_password }}@{{ designate_database_address }}/{{ designate_database_name }} +max_retries = 10 +idle_timeout = 3600 + +[handler:nova_fixed] +notification_topics = notifications_designate +control_exchange = nova +format = '(display_name)s.%(domain)s' + +[handler:neutron_floatingip] +notification_topics = notifications_designate +control_exchange = neutron +format = '%(octet0)s-%(octet1)s-%(octet2)s-%(octet3)s.%(domain)s' + +[backend:agent:bind9] + +[backend:agent:denominator] + +[oslo_concurrency] + +[coordination] diff --git a/ansible/roles/haproxy/templates/haproxy.cfg.j2 b/ansible/roles/haproxy/templates/haproxy.cfg.j2 index 89b7997c64..23244582dd 100644 --- a/ansible/roles/haproxy/templates/haproxy.cfg.j2 +++ b/ansible/roles/haproxy/templates/haproxy.cfg.j2 @@ -587,6 +587,22 @@ listen congress_api_external {% endif %} {% endif %} +{% if enable_designate | bool %} +listen designate_api + bind {{ kolla_internal_vip_address }}:{{ designate_api_port }} +{% for host in groups['designate-api'] %} + server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ designate_api_port }} check inter 2000 rise 2 fall 5 +{% endfor %} +{% if haproxy_enable_external_vip | bool %} + +listen designate_api_external + bind {{ kolla_external_vip_address }}:{{ designate_api_port }} {{ tls_bind_info }} +{% for host in groups['designate-api'] %} + server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ designate_api_port }} check inter 2000 rise 2 fall 5 +{% endfor %} +{% endif %} +{% endif %} + {% if enable_mistral | bool %} listen mistral_api bind {{ kolla_internal_vip_address }}:{{ mistral_api_port }} diff --git a/ansible/roles/neutron/templates/neutron.conf.j2 b/ansible/roles/neutron/templates/neutron.conf.j2 index d9f6256220..b3c7ada0be 100644 --- a/ansible/roles/neutron/templates/neutron.conf.j2 +++ b/ansible/roles/neutron/templates/neutron.conf.j2 @@ -91,9 +91,10 @@ memcached_servers = {% for host in groups['memcached'] %}{% if orchestration_eng {% endif %} [oslo_messaging_notifications] -{% if enable_ceilometer | bool %} +{% if enable_ceilometer | bool or enable_designate | bool %} driver = messagingv2 -topics = notifications +{% set topics=["notifications" if enable_ceilometer|bool else "", "notifications_designate" if enable_designate|bool else ""] %} +topcis = {{ topics|reject("equalto", "")|list|join(",") }} {% else %} driver = noop {% endif %} diff --git a/ansible/roles/nova/templates/nova.conf.j2 b/ansible/roles/nova/templates/nova.conf.j2 index 6706d16e96..a64565fc9b 100644 --- a/ansible/roles/nova/templates/nova.conf.j2 +++ b/ansible/roles/nova/templates/nova.conf.j2 @@ -187,9 +187,10 @@ rbd_secret_uuid = {{ rbd_secret_uuid }} compute = auto [oslo_messaging_notifications] -{% if enable_ceilometer | bool %} +{% if enable_ceilometer | bool or enable_designate | bool %} driver = messagingv2 -topics = notifications +{% set topics=["notifications" if enable_ceilometer|bool else "", "notifications_designate" if enable_designate|bool else ""] %} +topcis = {{ topics|reject("equalto", "")|list|join(",") }} {% else %} driver = noop {% endif %} diff --git a/ansible/roles/prechecks/tasks/port_checks.yml b/ansible/roles/prechecks/tasks/port_checks.yml index 9ed04e5912..ae7a48a52c 100644 --- a/ansible/roles/prechecks/tasks/port_checks.yml +++ b/ansible/roles/prechecks/tasks/port_checks.yml @@ -139,6 +139,22 @@ - inventory_hostname in groups['etcd'] - enable_etcd | bool +- name: Checking free port for Designate API + wait_for: + host: "{{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}" + port: "{{ designate_api_port }}" + connect_timeout: 1 + state: stopped + when: inventory_hostname in groups['designate-api'] + +- name: Checking free port for Designate API HAProxy + wait_for: + host: "{{ kolla_internal_vip_address }}" + port: "{{ designate_api_port }}" + connect_timeout: 1 + state: stopped + when: inventory_hostname in groups['haproxy'] + - name: Checking free port for Glance API wait_for: host: "{{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}" diff --git a/ansible/site.yml b/ansible/site.yml index 49f6f89d18..e82c0b5010 100644 --- a/ansible/site.yml +++ b/ansible/site.yml @@ -327,6 +327,18 @@ tags: congress, when: enable_congress | bool } +- hosts: + - designate-api + - designate-central + - designate-mdns + - designate-pool-manager + - designate-sink + serial: '{{ serial|default("0") }}' + roles: + - { role: designate, + tags: designate, + when: enable_designate | bool } + - hosts: - tempest serial: '{{ serial|default("0") }}' diff --git a/etc/kolla/globals.yml b/etc/kolla/globals.yml index f5c9f2adae..08e5cb0255 100644 --- a/etc/kolla/globals.yml +++ b/etc/kolla/globals.yml @@ -127,6 +127,7 @@ kolla_internal_vip_address: "10.10.10.254" #enable_cinder_backend_lvm: "no" #enable_cloudkitty: "no" #enable_congress: "no" +#enable_designate: "no" #enable_etcd: "no" #enable_gnocchi: "no" #enable_grafana: "no" diff --git a/etc/kolla/passwords.yml b/etc/kolla/passwords.yml index b0995abc07..bde0a324d0 100644 --- a/etc/kolla/passwords.yml +++ b/etc/kolla/passwords.yml @@ -58,6 +58,10 @@ cloudkitty_keystone_password: sahara_database_password: sahara_keystone_password: +designate_database_password: +designate_pool_manager_database_password: +designate_keystone_password: + swift_keystone_password: swift_hash_path_suffix: swift_hash_path_prefix: diff --git a/releasenotes/notes/add-designate-c789e47f8ced394d.yaml b/releasenotes/notes/add-designate-c789e47f8ced394d.yaml new file mode 100644 index 0000000000..6528dcf2f1 --- /dev/null +++ b/releasenotes/notes/add-designate-c789e47f8ced394d.yaml @@ -0,0 +1,5 @@ +--- +features: + - Add deployment and management of Designate OpenStack services. +issues: + - Customer facing DNS servers for use with Designate still required to be set up manually.