Fixups for real world deployment
- Fix attributes - Add more services - Make pool definition more flexible - Add Neutron integration
This commit is contained in:
parent
ff4dc4f05b
commit
d74939e678
|
@ -30,25 +30,22 @@ default['openstack']['bind_service']['all']['dns-api']['port'] = 9001
|
|||
|
||||
# Set to some text value if you want templated config files
|
||||
# to contain a custom banner at the top of the written file
|
||||
default['openstack']['designate']['custom_template_banner'] = '
|
||||
default['openstack']['dns']['custom_template_banner'] = '
|
||||
# This file was autogenerated by Chef
|
||||
# Do not edit, changes will be overwritten
|
||||
'
|
||||
|
||||
default['openstack']['dns']['syslog']['use']
|
||||
|
||||
# This is the name of the Chef role that will install the Keystone Service API
|
||||
default['openstack']['dns']['identity_service_chef_role'] = 'os-identity'
|
||||
|
||||
# The name of the Chef role that knows about the message queue server
|
||||
# that Heat uses
|
||||
default['openstack']['dns']['rabbit_server_chef_role'] = 'os-ops-messaging'
|
||||
|
||||
default['openstack']['dns']['service_role'] = 'service'
|
||||
default['openstack']['dns']['syslog']['use'] = false
|
||||
|
||||
default['openstack']['dns']['ec2authtoken']['auth']['version'] = 'v2.0'
|
||||
default['openstack']['dns']['api']['auth']['version'] = node['openstack']['api']['auth']['version']
|
||||
|
||||
# Settings for the default pool
|
||||
default['openstack']['dns']['pool']['ns_hostname'] = 'ns1.example.org.'
|
||||
default['openstack']['dns']['pool']['ns_address'] = '127.0.0.1'
|
||||
default['openstack']['dns']['pool']['masters'] = ['127.0.0.1']
|
||||
default['openstack']['dns']['pool']['bind_host'] = '127.0.0.1'
|
||||
|
||||
# platform-specific settings
|
||||
default['openstack']['dns']['user'] = 'designate'
|
||||
default['openstack']['dns']['group'] = 'designate'
|
||||
|
@ -63,9 +60,12 @@ when 'rhel'
|
|||
}
|
||||
when 'debian'
|
||||
default['openstack']['dns']['platform'] = {
|
||||
'designate_packages' => ['designate'],
|
||||
'designate_packages' => ['designate-api','designate-central','designate-mdns','designate-producer','designate-worker'],
|
||||
'designate_api_service' => 'designate-api',
|
||||
'designate_central_service' => 'designate-central',
|
||||
'designate_mdns_service' => 'designate-mdns',
|
||||
'designate_producer_service' => 'designate-producer',
|
||||
'designate_worker_service' => 'designate-worker',
|
||||
'package_overrides' => "-o Dpkg::Options::='--force-confold' -o Dpkg::Options::='--force-confdef'"
|
||||
}
|
||||
end
|
||||
|
|
|
@ -24,7 +24,7 @@ default['openstack']['dns']['conf']['service:api']['enabled_extensions_v1'] = 'q
|
|||
default['openstack']['dns']['conf']['service:api']['enable_api_v2'] = 'True'
|
||||
default['openstack']['dns']['conf']['service:worker']['enabled'] = 'True'
|
||||
default['openstack']['dns']['conf']['service:worker']['notify'] = 'True'
|
||||
default['openstack']['dns']['conf']['keystone_authtoken']['auth_type'] = 'v3password'
|
||||
default['openstack']['dns']['conf']['keystone_authtoken']['auth_type'] = 'password'
|
||||
default['openstack']['dns']['conf']['keystone_authtoken']['username'] = 'designate'
|
||||
default['openstack']['dns']['conf']['keystone_authtoken']['project_name'] = 'service'
|
||||
default['openstack']['dns']['conf']['keystone_authtoken']['project_domain_name'] = 'Default'
|
||||
|
|
|
@ -31,7 +31,6 @@ platform_options = node['openstack']['dns']['platform']
|
|||
platform_options['designate_packages'].each do |pkg|
|
||||
package pkg do
|
||||
options platform_options['package_overrides']
|
||||
|
||||
action :upgrade
|
||||
end
|
||||
end
|
||||
|
@ -68,7 +67,7 @@ end
|
|||
db_user = node['openstack']['db']['dns']['username']
|
||||
db_pass = get_password 'db', 'designate'
|
||||
|
||||
public_identity_endpoint = public_endpoint 'identity'
|
||||
public_identity_endpoint = identity_uri_transform(public_endpoint 'identity')
|
||||
identity_endpoint = internal_endpoint 'identity'
|
||||
|
||||
bind_services = node['openstack']['bind_service']['all']
|
||||
|
@ -113,11 +112,38 @@ template '/etc/designate/designate.conf' do
|
|||
)
|
||||
end
|
||||
|
||||
# delete all secrets saved in the attribute
|
||||
# node['openstack']['dns']['conf_secrets'] after creating the config file
|
||||
ruby_block "delete all attributes in node['openstack']['dns']['conf_secrets']" do
|
||||
block do
|
||||
node.rm(:openstack, :dns, :conf_secrets)
|
||||
end
|
||||
end
|
||||
|
||||
rndc_secret = get_password 'token', 'designate_rndc'
|
||||
template '/etc/designate/rndc.key' do
|
||||
source 'rndc.key.erb'
|
||||
owner node['openstack']['dns']['user']
|
||||
group node['openstack']['dns']['group']
|
||||
mode 00440
|
||||
variables(
|
||||
secret: rndc_secret
|
||||
)
|
||||
end
|
||||
|
||||
pool_config = node['openstack']['dns']['pool']
|
||||
template '/etc/designate/pools.yaml' do
|
||||
source 'pools.yaml.erb'
|
||||
owner node['openstack']['dns']['user']
|
||||
group node['openstack']['dns']['group']
|
||||
mode 00644
|
||||
variables(
|
||||
banner: node['openstack']['dns']['custom_template_banner'],
|
||||
bind_host: pool_config['bind_host'],
|
||||
masters: pool_config['masters'],
|
||||
ns_address: pool_config['ns_address'],
|
||||
ns_hostname: pool_config['ns_hostname']
|
||||
)
|
||||
end
|
||||
|
||||
execute 'designate-manage database sync' do
|
||||
|
|
|
@ -0,0 +1,30 @@
|
|||
# encoding: UTF-8
|
||||
#
|
||||
# Cookbook Name:: openstack-dns
|
||||
# Recipe:: mdns
|
||||
#
|
||||
# Copyright 2017, x-ion GmbH
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
#
|
||||
|
||||
include_recipe 'openstack-dns::common'
|
||||
|
||||
platform_options = node['openstack']['dns']['platform']
|
||||
|
||||
service 'designate_mdns' do
|
||||
service_name platform_options['designate_mdns_service']
|
||||
supports status: true, restart: true
|
||||
action :enable
|
||||
subscribes :restart, 'template[/etc/designate/designate.conf]'
|
||||
end
|
|
@ -0,0 +1,46 @@
|
|||
# encoding: UTF-8
|
||||
#
|
||||
# Cookbook Name:: openstack-dns
|
||||
# Recipe:: neutron_int
|
||||
#
|
||||
# Copyright 2017, x-ion GmbH
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
#
|
||||
|
||||
class ::Chef::Recipe
|
||||
include ::Openstack
|
||||
end
|
||||
|
||||
dns_endpoint = internal_endpoint 'dns-api'
|
||||
# TODO(jh): Make this more intelligent
|
||||
dns_url = dns_endpoint.to_s + '/v2'
|
||||
|
||||
identity_endpoint = internal_endpoint 'identity'
|
||||
auth_url = auth_uri_transform identity_endpoint.to_s, node['openstack']['dns']['api']['auth']['version']
|
||||
|
||||
node.default['openstack']['network']['conf'].tap do |conf|
|
||||
conf['DEFAULT']['external_dns_driver'] = 'designate'
|
||||
conf['designate']['url'] = dns_url
|
||||
conf['designate']['auth_type'] = 'password'
|
||||
conf['designate']['auth_url'] = auth_url
|
||||
conf['designate']['username'] = 'designate'
|
||||
conf['designate']['project_name'] = 'service'
|
||||
conf['designate']['project_domain_name'] = 'Default'
|
||||
conf['designate']['user_domain_name'] = 'Default'
|
||||
end
|
||||
|
||||
node.default['openstack']['network']['conf_secrets'].tap do |conf_secrets|
|
||||
conf_secrets['designate']['password'] =
|
||||
get_password 'service', 'openstack-dns'
|
||||
end
|
|
@ -0,0 +1,30 @@
|
|||
# encoding: UTF-8
|
||||
#
|
||||
# Cookbook Name:: openstack-dns
|
||||
# Recipe:: producer
|
||||
#
|
||||
# Copyright 2017, x-ion GmbH
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
#
|
||||
|
||||
include_recipe 'openstack-dns::common'
|
||||
|
||||
platform_options = node['openstack']['dns']['platform']
|
||||
|
||||
service 'designate_producer' do
|
||||
service_name platform_options['designate_producer_service']
|
||||
supports status: true, restart: true
|
||||
action :enable
|
||||
subscribes :restart, 'template[/etc/designate/designate.conf]'
|
||||
end
|
|
@ -0,0 +1,30 @@
|
|||
# encoding: UTF-8
|
||||
#
|
||||
# Cookbook Name:: openstack-dns
|
||||
# Recipe:: worker
|
||||
#
|
||||
# Copyright 2017, x-ion GmbH
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
#
|
||||
|
||||
include_recipe 'openstack-dns::common'
|
||||
|
||||
platform_options = node['openstack']['dns']['platform']
|
||||
|
||||
service 'designate_worker' do
|
||||
service_name platform_options['designate_worker_service']
|
||||
supports status: true, restart: true
|
||||
action :enable
|
||||
subscribes :restart, 'template[/etc/designate/designate.conf]'
|
||||
end
|
|
@ -1,3 +1,4 @@
|
|||
<%= @banner %>
|
||||
- name: default
|
||||
# The name is immutable. There will be no option to change the name after
|
||||
# creation and the only way will to change it will be to delete it
|
||||
|
@ -10,13 +11,13 @@
|
|||
# This should be a record that is created outside of designate, that
|
||||
# points to the public IP of the controller node.
|
||||
ns_records:
|
||||
- hostname: ns1-1.example.org.
|
||||
- hostname: <%= @ns_hostname %>
|
||||
priority: 1
|
||||
|
||||
# List out the nameservers for this pool. These are the actual BIND servers.
|
||||
# We use these to verify changes have propagated to all nameservers.
|
||||
nameservers:
|
||||
- host: 127.0.0.1
|
||||
- host: <%= @ns_address %>
|
||||
port: 53
|
||||
|
||||
# List out the targets for this pool. For BIND there will be one
|
||||
|
@ -31,13 +32,15 @@
|
|||
# If you have multiple controllers you can add multiple masters
|
||||
# by running designate-mdns on them, and adding them here.
|
||||
masters:
|
||||
- host: 127.0.0.1
|
||||
<% @masters.each do |host| %>
|
||||
- host: <%= host %>
|
||||
port: 5354
|
||||
<% end %>
|
||||
|
||||
# BIND Configuration options
|
||||
options:
|
||||
host: 127.0.0.1
|
||||
host: <%= @bind_host %>
|
||||
port: 53
|
||||
rndc_host: 127.0.0.1
|
||||
rndc_host: <%= @bind_host %>
|
||||
rndc_port: 953
|
||||
rndc_key_file: /etc/designate/rndc.key
|
||||
|
|
|
@ -0,0 +1,4 @@
|
|||
key "designate" {
|
||||
algorithm hmac-md5;
|
||||
secret "<%= @secret %>";
|
||||
};
|
Loading…
Reference in New Issue