openstack
/
cookbook-openstack-dns
Code Issues Proposed changes

Initial commit

This commit is contained in:
Jens Harbott 2017-08-28 09:40:32 +00:00
commit 2ee603dabe
17 changed files with 720 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
.gitignore vendored Normal file
View File

@ -0,0 +1,9 @@
.bundle/
berks-cookbooks/
.kitchen
.vagrant
.coverage/
*.swp
Berksfile.lock
Vagrantfile
Gemfile.lock

30
.rubocop.yml Normal file
View File

@ -0,0 +1,30 @@
inherit_from: .rubocop_todo.yml
AllCops:
Include:
- metadata.rb
- Gemfile
- attributes/**
- libraries/**
- providers/**
- recipes/**
- resources/**
- spec/**
Exclude:
- .cookbooks/**/*
- berks-cookbooks/**/*
- .bundle/**/*
Encoding:
Exclude:
- metadata.rb
- Gemfile
NumericLiterals:
Enabled: false
LineLength:
Enabled: false
WordArray:
MinSize: 3

11
.rubocop_todo.yml Normal file
View File

@ -0,0 +1,11 @@
# This configuration was generated by `rubocop --auto-gen-config`
# on 2015-05-29 12:11:07 -0500 using RuboCop version 0.29.1.
# The point is for the user to remove these configuration records
# one by one as the offenses are removed from the code base.
# Note that changes in the inspected code, or installation of new
# versions of RuboCop, may require this file to be generated again.
# Offense count: 3
# Configuration parameters: EnforcedStyle, SupportedStyles.
Style/ClassAndModuleChildren:
Enabled: false

11
Berksfile Normal file
View File

@ -0,0 +1,11 @@
source "https://supermarket.chef.io"
metadata
cookbook "openstack-identity",
github: "openstack/cookbook-openstack-identity"
cookbook "openstack-common",
github: "openstack/cookbook-openstack-common"
cookbook "openstackclient",
github: "cloudbau/cookbook-openstackclient"

36
CONTRIBUTING.md Normal file
View File

@ -0,0 +1,36 @@
Contributing
============
How To Get Started
------------------
If you would like to contribute to the development of OpenStack Chef Cookbooks,
you must follow the steps in this page:
https://docs.openstack.org/infra/manual/developers.html
Gerrit Workflow
---------------
Once those steps have been completed, changes to OpenStack
should be submitted for review via the Gerrit tool, following
the workflow documented at:
https://docs.openstack.org/infra/manual/developers.html#development-workflow
Pull requests submitted through GitHub will be ignored.
Bugs
----
Bugs should be filed on Launchpad, not GitHub:
https://bugs.launchpad.net/openstack-chef
Contacts
--------
Mailing list: openstack-dev@lists.openstack.org
IRC: #openstack-chef is our channel on irc.freenode.net
Wiki: https://wiki.openstack.org/wiki/Chef/GettingStarted and https://docs.getchef.com/openstack.html
Twitter: @chefopenstack

79
README.md Normal file
View File

@ -0,0 +1,79 @@
![Chef OpenStack Logo](https://www.openstack.org/themes/openstack/images/project-mascots/Chef%20OpenStack/OpenStack_Project_Chef_horizontal.png)
Description
===========
This cookbook installs the OpenStack DNS service **Designate** as part of an
OpenStack reference deployment Chef for OpenStack.
https://docs.openstack.org/designate
Requirements
============
- Chef 12 or higher
- chefdk 0.9.0 or higher for testing (also includes berkshelf for cookbook
dependency resolution)
Platform
========
- ubuntu
- redhat
- centos
Cookbooks
=========
The following cookbooks are dependencies:
- 'openstack-common', '>= 16.0.0'
- 'openstack-identity', '>= 16.0.0'
- 'openstackclient', '>= 0.1.0'
Attributes
==========
Please see the extensive inline documentation in `attributes/*.rb` for
descriptions of all the settable attributes for this cookbook.
Note that all attributes are in the `default['openstack']` "namespace"
The usage of attributes to generate the designate.conf is described in the
openstack-common cookbook.
Recipes
=======
## openstack-dns::api
- Configure and start designate-api service
## openstack-dns::client
- Install the designate client package
## openstack-dns::common
- Installs the designate packages and setup configuration for Designate.
## openstack-dns::identity_registration
- Registers the Designate API endpoint, designate service and user
License and Author
==================
| | |
|:---------------------|:---------------------------------------------------|
| **Author** | Dr. Jens Harbott (<j.harbott@x-ion.de>) |
| | |
| **Copyright** | Copyright (c) 2017, x-ion GmbH. |
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

40
Rakefile Normal file
View File

@ -0,0 +1,40 @@
task default: ["test"]
task :test => [:lint, :style, :unit]
desc "Vendor the cookbooks in the Berksfile"
task :berks_prep do
sh %{chef exec berks vendor}
end
desc "Run FoodCritic (lint) tests"
task :lint do
sh %{chef exec foodcritic --epic-fail any --tags ~FC003 --tags ~FC023 .}
end
desc "Run RuboCop (style) tests"
task :style do
sh %{chef exec rubocop}
end
desc "Run RSpec (unit) tests"
task :unit => :berks_prep do
sh %{chef exec rspec --format documentation}
end
desc "Remove the berks-cookbooks directory and the Berksfile.lock"
task :clean do
rm_rf [
'berks-cookbooks',
'Berksfile.lock'
]
end
desc "All-in-One Neutron build Infra using Common task"
task :integration do
# Use the common integration task
sh %(wget -nv -t 3 -O Rakefile-Common https://raw.githubusercontent.com/openstack/cookbook-openstack-common/master/Rakefile)
load './Rakefile-Common'
Rake::Task["common_integration"].invoke
end

31
TESTING.md Normal file
View File

@ -0,0 +1,31 @@
# Testing the Cookbook #
This cookbook uses [chefdk](https://downloads.chef.io/chef-dk/) and [berkshelf](https://berkshelf.com/) to isolate dependencies. Make sure you have chefdk and the header files for `gecode` installed before continuing. Make sure that you're using gecode version 3. More info [here](https://github.com/opscode/dep-selector-libgecode/tree/0bad63fea305ede624c58506423ced697dd2545e#using-a-system-gecode-instead). For more detailed information on what needs to be installed, you can have a quick look into the bootstrap.sh file in this repository, which does install all the needed things to get going on ubuntu trusty. The tests defined in the Rakefile include lint, style and unit. For integration testing please refere to the [openstack-chef-repo](https://github.com/openstack/openstack-chef-repo).
We have three test suites which you can run either, individually (there are three rake tasks):
$ chef exec rake lint
$ chef exec rake style
$ chef exec rake unit
or altogether:
$ chef exec rake
The `rake` tasks will take care of installing the needed cookbooks with `berkshelf`.
## Rubocop ##
[Rubocop](https://github.com/bbatsov/rubocop) is a static Ruby code analyzer, based on the community [Ruby style guide](https://github.com/bbatsov/ruby-style-guide). We are attempting to adhere to this where applicable, slowly cleaning up the cookbooks until we can turn on Rubocop for gating the commits.
## Foodcritic ##
[Foodcritic](https://acrmp.github.io/foodcritic/) is a lint tool for Chef cookbooks. We ignore the following rules:
* [FC003](https://acrmp.github.io/foodcritic/#FC003) These cookbooks are not intended for Chef Solo.
* [FC023](https://acrmp.github.io/foodcritic/#FC023) Prefer conditional attributes.
## Chefspec
[ChefSpec](https://github.com/sethvargo/chefspec) is a unit testing framework for testing Chef cookbooks. ChefSpec makes it easy to write examples and get fast feedback on cookbook changes without the need for virtual machines or cloud servers.

72
attributes/default.rb Normal file
View File

@ -0,0 +1,72 @@
# encoding: UTF-8
#
# Cookbook Name:: openstack-dns
# Attributes:: default
#
# Copyright 2017, x-ion GmbH
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
%w(public internal).each do |ep_type|
# openstack designate-api service endpoints (used by users and services)
default['openstack']['endpoints'][ep_type]['designate-api']['host'] = '127.0.0.1'
default['openstack']['endpoints'][ep_type]['designate-api']['scheme'] = 'http'
default['openstack']['endpoints'][ep_type]['designate-api']['path'] = '/v1/%(tenant_id)s'
default['openstack']['endpoints'][ep_type]['designate-api']['port'] = 9001
end
default['openstack']['bind_service']['all']['designate-api']['host'] = '127.0.0.1'
default['openstack']['bind_service']['all']['designate-api']['port'] = 9001
# Set to some text value if you want templated config files
# to contain a custom banner at the top of the written file
default['openstack']['designate']['custom_template_banner'] = '
# This file was autogenerated by Chef
# Do not edit, changes will be overwritten
'
default['openstack']['dns']['syslog']['use']
# This is the name of the Chef role that will install the Keystone Service API
default['openstack']['dns']['identity_service_chef_role'] = 'os-identity'
# The name of the Chef role that knows about the message queue server
# that Heat uses
default['openstack']['dns']['rabbit_server_chef_role'] = 'os-ops-messaging'
default['openstack']['dns']['service_role'] = 'service'
default['openstack']['dns']['ec2authtoken']['auth']['version'] = 'v2.0'
default['openstack']['dns']['api']['auth']['version'] = node['openstack']['api']['auth']['version']
# platform-specific settings
case platform_family
# Note(jh): TBC
when 'rhel'
default['openstack']['dns']['user'] = 'designate'
default['openstack']['dns']['group'] = 'designate'
default['openstack']['dns']['platform'] = {
'designate_common_packages' => ['openstack-designate'],
'designate_api_service' => 'openstack-designate-api',
'designate_central_service' => 'openstack-designate-central',
'package_overrides' => ''
}
when 'debian'
default['openstack']['dns']['user'] = 'designate'
default['openstack']['dns']['group'] = 'designate'
default['openstack']['dns']['platform'] = {
'designate_packages' => ['designate'],
'designate_api_service' => 'designate-api',
'designate_central_service' => 'designate-central',
'package_overrides' => "-o Dpkg::Options::='--force-confold' -o Dpkg::Options::='--force-confdef'"
}
end

31
attributes/designate_conf.rb Normal file
View File

@ -0,0 +1,31 @@
# encoding: UTF-8
#
# Cookbook Name:: openstack-dns
# Attributes:: default
#
# Copyright 2017, x-ion GmbH
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
default['openstack']['dns']['conf']['DEFAULT']['log_dir'] = '/var/log/designate'
default['openstack']['dns']['conf']['service:api']['auth_strategy'] = 'keystone'
default['openstack']['dns']['conf']['service:api']['enable_api_v1'] = 'True'
default['openstack']['dns']['conf']['service:api']['enabled_extensions_v1'] = 'quotas, reports'
default['openstack']['dns']['conf']['service:api']['enable_api_v2'] = 'True'
default['openstack']['dns']['conf']['service:worker']['enabled'] = 'True'
default['openstack']['dns']['conf']['service:worker']['notify'] = 'True'
default['openstack']['dns']['conf']['keystone_authtoken']['auth_type'] = 'v3password'
default['openstack']['dns']['conf']['keystone_authtoken']['username'] = 'designate'
default['openstack']['dns']['conf']['keystone_authtoken']['project_name'] = 'service'
default['openstack']['dns']['conf']['keystone_authtoken']['project_domain_name'] = 'Default'
default['openstack']['dns']['conf']['keystone_authtoken']['user_domain_name'] = 'Default'

9
bootstrap.sh Executable file
View File

@ -0,0 +1,9 @@
#!/bin/bash -x
## This script is for installing all the needed packages on xenial to run the chef tests with 'chef exec rake'.
## It relies on the common bootstrap.sh from openstack/cookbook-openstack-common for installing common dependencies.
curl https://raw.githubusercontent.com/openstack/cookbook-openstack-common/master/bootstrap.sh \
--retry 3 \
--silent \
--show-error \
| /bin/bash -x

18
metadata.rb Normal file
View File

@ -0,0 +1,18 @@
# encoding: UTF-8
name 'openstack-dns'
maintainer 'openstack-chef'
maintainer_email 'openstack-dev@lists.openstack.org'
issues_url 'https://launchpad.net/openstack-chef' if respond_to?(:issues_url)
source_url 'https://github.com/cloudbau/cookbook-openstack-dns' if respond_to?(:source_url)
license 'Apache 2.0'
description 'Installs and configures the Designate Service'
long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
version '16.0.0'
%w(ubuntu redhat centos).each do |os|
supports os
end
depends 'openstack-common', '>= 16.0.0'
depends 'openstack-identity', '>= 16.0.0'
depends 'openstackclient'

31
recipes/api.rb Normal file
View File

@ -0,0 +1,31 @@
# encoding: UTF-8
#
# Cookbook Name:: openstack-dns
# Recipe:: api
#
# Copyright 2017, x-ion GmbH
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
include_recipe 'openstack-dns::common'
platform_options = node['openstack']['dns']['platform']
service 'designate-api' do
service_name platform_options['designate_api_service']
supports status: true, restart: true
action :enable
subscribes :restart, 'template[/etc/designate/designate.conf]'
end

30
recipes/central.rb Normal file
View File

@ -0,0 +1,30 @@
# encoding: UTF-8
#
# Cookbook Name:: openstack-dns
# Recipe:: central
#
# Copyright 2017, x-ion GmbH
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
include_recipe 'openstack-dns::common'
platform_options = node['openstack']['dns']['platform']
service 'designate_central' do
service_name platform_options['designate_central_service']
supports status: true, restart: true
action :enable
subscribes :restart, 'template[/etc/designate/designate.conf]'
end

134
recipes/common.rb Normal file
View File

@ -0,0 +1,134 @@
# encoding: UTF-8
#
# Cookbook Name:: openstack-dns
# Recipe:: common
#
# Copyright 2017, x-ion Gmbh
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
class ::Chef::Recipe # rubocop:disable Documentation
include ::Openstack
end
if node['openstack']['dns']['syslog']['use']
include_recipe 'openstack-common::logging'
end
platform_options = node['openstack']['dns']['platform']
platform_options['designate_packages'].each do |pkg|
package pkg do
options platform_options['package_overrides']
action :upgrade
end
end
db_type = node['openstack']['db']['dns']['service_type']
node['openstack']['db']['python_packages'][db_type].each do |pkg|
package pkg do
action :upgrade
end
end
if node['openstack']['mq']['service_type'] == 'rabbit'
node.default['openstack']['dns']['conf_secrets']['DEFAULT']['transport_url'] = rabbit_transport_url 'dns'
# Note(jh): Workaround for https://bugs.launchpad.net/designate/+bug/1673403
# Stolen from rabbit_transport_url() in openstack-common/libraries/endpoints.rb
mq_user = node['openstack']['mq']['dns']['rabbit']['userid']
node.default['openstack']['dns']['conf_secrets']['oslo_messaging_rabbit']['rabbit_userid'] = mq_user
node.default['openstack']['dns']['conf_secrets']['oslo_messaging_rabbit']['rabbit_password'] = get_password 'user', mq_user
node.default['openstack']['dns']['conf_secrets']['oslo_messaging_rabbit']['rabbit_virtual_host'] = node['openstack']['mq']['vhost']
mq_port = node['openstack']['endpoints']['mq']['port']
url = ''
if node['openstack']['mq']['cluster']
node['openstack']['mq']['servers'].each do |server|
url += "#{server}:#{mq_port}"
url += ',' unless node['openstack']['mq']['servers'].last == server
end
else
bind_mq_address = bind_address node['openstack']['bind_service']['mq']
url += "#{bind_mq_address}:#{mq_port}"
end
node.default['openstack']['dns']['conf_secrets']['oslo_messaging_rabbit']['rabbit_hosts'] = url
end
db_user = node['openstack']['db']['dns']['username']
db_pass = get_password 'db', 'designate'
identity_endpoint = internal_endpoint 'identity'
bind_services = node['openstack']['bind_service']['all']
api_bind = bind_services['dns-api']
auth_uri = auth_uri_transform identity_endpoint.to_s, node['openstack']['dns']['api']['auth']['version']
# define attributes that are needed in designate.conf
node.default['openstack']['dns']['conf'].tap do |conf|
conf['service:api']['api_host'] = bind_address api_bind
conf['service:api']['api_port'] = api_bind.port
conf['keystone_authtoken']['auth_url'] = auth_uri
end
# define secrets that are needed in designate.conf
node.default['openstack']['dns']['conf_secrets'].tap do |conf_secrets|
conf_secrets['storage:sqlalchemy']['connection'] =
db_uri('dns', db_user, db_pass)
conf_secrets['keystone_authtoken']['password'] =
get_password 'service', 'openstack-dns'
end
# merge all config options and secrets to be used in designate.conf
designate_conf_options = merge_config_options 'dns'
directory '/etc/designate' do
owner node['openstack']['dns']['user']
group node['openstack']['dns']['group']
mode 00750
action :create
end
template '/etc/designate/designate.conf' do
source 'openstack-service.conf.erb'
cookbook 'openstack-common'
owner node['openstack']['dns']['user']
group node['openstack']['dns']['group']
mode 00640
variables(
service_config: designate_conf_options
)
end
template '/etc/designate/pools.yaml' do
source 'pools.yaml.erb'
owner node['openstack']['dns']['user']
group node['openstack']['dns']['group']
mode 00644
end
execute 'designate-manage database sync' do
user node['openstack']['dns']['user']
group node['openstack']['dns']['group']
command 'designate-manage database sync'
action :run
end
execute 'designate-manage pool update' do
user node['openstack']['dns']['user']
group node['openstack']['dns']['group']
command 'designate-manage pool update'
action :nothing
subscribes :run, 'template[/etc/designate/pools.yaml]'
end

105
recipes/identity_registration.rb Normal file
View File

@ -0,0 +1,105 @@
# encoding: UTF-8
#
# Cookbook Name:: openstack-dns
# Recipe:: identity_registration
#
# Copyright 2017, x-ion GmbH
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
require 'uri'
class ::Chef::Recipe # rubocop:disable Documentation
include ::Openstack
end
identity_admin_endpoint = admin_endpoint 'identity'
auth_url = ::URI.decode identity_admin_endpoint.to_s
internal_designate_endpoint = internal_endpoint 'dns-api'
public_designate_endpoint = public_endpoint 'dns-api'
service_pass = get_password 'service', 'openstack-dns'
service_project_name = node['openstack']['dns']['conf']['keystone_authtoken']['project_name']
service_user = node['openstack']['dns']['conf']['keystone_authtoken']['username']
service_role = node['openstack']['dns']['service_role']
service_type = 'dns'
service_name = 'designate'
service_domain_name = node['openstack']['dns']['conf']['keystone_authtoken']['user_domain_name']
admin_user = node['openstack']['identity']['admin_user']
admin_pass = get_password 'user', node['openstack']['identity']['admin_user']
admin_project = node['openstack']['identity']['admin_project']
admin_domain = node['openstack']['identity']['admin_domain_name']
region = node['openstack']['region']
connection_params = {
openstack_auth_url: "#{auth_url}/auth/tokens",
openstack_username: admin_user,
openstack_api_key: admin_pass,
openstack_project_name: admin_project,
openstack_domain_name: admin_domain
}
# Register DNS Service
openstack_service service_name do
type service_type
connection_params connection_params
end
# Register DNS Public-Endpoint
openstack_endpoint service_type do
service_name service_name
interface 'public'
url public_designate_endpoint.to_s
region region
connection_params connection_params
end
# Register DNS Internal-Endpoint
openstack_endpoint service_type do
service_name service_name
url internal_designate_endpoint.to_s
region region
connection_params connection_params
end
# Register Service Project
openstack_project service_project_name do
connection_params connection_params
end
# Register Service User
openstack_user service_user do
project_name service_project_name
role_name service_role
password service_pass
connection_params connection_params
end
## Grant Service role to Service User for Service Project ##
openstack_user service_user do
role_name service_role
project_name service_project_name
connection_params connection_params
action :grant_role
end
openstack_user service_user do
domain_name service_domain_name
role_name service_role
user_name service_user
connection_params connection_params
action :grant_domain
end

43
templates/default/pools.yaml.erb Normal file
View File

@ -0,0 +1,43 @@
- name: default
# The name is immutable. There will be no option to change the name after
# creation and the only way will to change it will be to delete it
# (and all zones associated with it) and recreate it.
description: Default Pool
attributes: {}
# List out the NS records for zones hosted within this pool
# This should be a record that is created outside of designate, that
# points to the public IP of the controller node.
ns_records:
- hostname: ns1-1.example.org.
priority: 1
# List out the nameservers for this pool. These are the actual BIND servers.
# We use these to verify changes have propagated to all nameservers.
nameservers:
- host: 127.0.0.1
port: 53
# List out the targets for this pool. For BIND there will be one
# entry for each BIND server, as we have to run rndc command on each server
targets:
- type: bind9
description: BIND9 Server 1
# List out the designate-mdns servers from which BIND servers should
# request zone transfers (AXFRs) from.
# This should be the IP of the controller node.
# If you have multiple controllers you can add multiple masters
# by running designate-mdns on them, and adding them here.
masters:
- host: 127.0.0.1
port: 5354
# BIND Configuration options
options:
host: 127.0.0.1
port: 53
rndc_host: 127.0.0.1
rndc_port: 953
rndc_key_file: /etc/designate/rndc.key