Merge "Add validation to improve pep8 check for designate project"

This commit is contained in:
Zuul 2017-11-22 17:37:41 +00:00 committed by Gerrit Code Review
commit 2f75586379
40 changed files with 311 additions and 179 deletions

View File

@ -78,7 +78,8 @@ Branch, work, & submit:
Testing
-------
Execute a single test using py27 (test is CentralServiceTest.test_count_domains)
Execute a single test using py27
(test is CentralServiceTest.test_count_domains)
.. code-block:: shell

View File

@ -44,7 +44,7 @@ Response:
.. code-block:: http
HTTP/1.1 201 CREATED
HTTP/1.1 201 CREATED
Content-Type: application/json; charset=UTF-8
X-Openstack-Request-Id: req-bfcd0723-624c-4ec2-bbd5-99e985efe8db
@ -57,7 +57,7 @@ Response:
"created_at": "2016-05-20 06:15:42",
"updated_at": null,
"id": "af91edb5-ede8-453f-af13-feabdd088f9c"
}
}
Now, if someone were to try and create ``foo.example.com.``,

View File

@ -266,7 +266,8 @@ Update the designate pool manager cache database schema
show this help message and exit
``--revision REVISION``
The version that the designate pool manager cache database should be synced to.
The version that the designate pool manager cache database
should be synced to.
(Defaults to latest version)
@ -280,7 +281,8 @@ designate-manage pool_manager_cache version
usage: designate-manage pool_manager_cache version [-h]
Show what version of the pool manager cache database schema is currently in place
Show what version of the pool manager cache database schema
is currently in place
**Optional arguments:**
@ -314,7 +316,8 @@ Update the designate powerdns database schema
show this help message and exit
``--revision REVISION``
The version that the designate pool manager cache database should be synced to.
The version that the designate pool manager cache database
should be synced to.
(Defaults to latest version)

View File

@ -8,9 +8,11 @@ Notifications
In this context, "notifications" are not related to the DNS NOTIFY message.
Notifications are RPC calls that contain a JSON object. Designate both generates and receives notifications.
Notifications are RPC calls that contain a JSON object.
Designate both generates and receives notifications.
The purpose of notifications in to inform unrelated OpenStack components of events in real time and trigger actions.
The purpose of notifications in to inform unrelated OpenStack components
of events in real time and trigger actions.
Emitters
--------
@ -60,14 +62,18 @@ They are emitted by Central on the following events:
Receivers
---------
Notification from other OpenStack component outside of Designate are received by :ref:`designate-sink`.
Notification from other OpenStack component outside of Designate are
received by :ref:`designate-sink`.
Format
------
An example notification from Neutron:
.. literalinclude:: ../../../designate/tests/resources/sample_notifications/neutron/port.delete.start.json
.. code-block:: none
More examples can be found at :file:`designate/tests/resources/sample_notifications`
.. literalinclude:: ../../../designate/tests/resources/sample_notifications/neutron/port.delete.start.json
More examples can be found at
:file:`designate/tests/resources/sample_notifications`

View File

@ -26,18 +26,19 @@ You can set an ordered list of filters to run on each zone create api request.
We provide a few basic filters below, and creating custom filters follows a
similar pattern to schedulers.
You can create your own by extending :class:`designate.scheduler.filters.base.Filter`
You can create your own by extending
:class:`designate.scheduler.filters.base.Filter`
and registering a new entry point in the ``designate.scheduler.filters``
namespace like so in your ``setup.cfg`` file:
.. code-block:: ini
[entry_points]
designate.scheduler.filters =
my_custom_filter = my_extention.filters.my_custom_filter:MyCustomFilter
[entry_points]
designate.scheduler.filters =
my_custom_filter = my_extention.filters.my_custom_filter:MyCustomFilter
The new filter can be added to the ``scheduler_filters`` list in the ``[service:central]``
section like so:
The new filter can be added to the
``scheduler_filters`` list in the ``[service:central]`` section like so:
.. code-block:: ini
@ -53,7 +54,8 @@ The filters list is ran from left to right, so if the list is set to:
scheduler_filters = attribute, random
There will be two filters ran, the :class:`designate.scheduler.filters.attribute_filter.AttributeFilter`
There will be two filters ran,
the :class:`designate.scheduler.filters.attribute_filter.AttributeFilter`
followed by :class:`designate.scheduler.filters.random_filter.RandomFilter`

View File

@ -24,9 +24,9 @@ Overview
In designate we support the concept of multiple "pools" of DNS Servers.
This allows operators to scale out their DNS Service by adding more pools, avoiding
the scalling problems that some DNS servers have for number of zones, and the total
number of records hosted by a single server.
This allows operators to scale out their DNS Service by adding more pools,
avoiding the scalling problems that some DNS servers have for number of zones,
and the total number of records hosted by a single server.
This also allows providers to have tiers of service (i.e. the difference
between GOLD vs SILVER tiers may be the number of DNS Servers, and how they
@ -81,7 +81,8 @@ Managing Pools
In mitaka we moved the method of updating pools to a CLI in `designate-manage`
There is a YAML file that defines the pool, and is used to load this information into the database.
There is a YAML file that defines the pool, and is used to load
this information into the database.
.. literalinclude:: ../../../etc/designate/pools.yaml.sample

View File

@ -65,15 +65,15 @@ both owning different zones, can under the right circumstances inject content
into DNS responses for the other tenants zone. Let's consider an example:
Tenant A owns "example.com.", and has created an additional NS record within
their zone pointing to "ns.example.org." Tenant B, the attacker in this example,
can now create the "example.org." zone within their tenant. Within this zone,
they can legitimately create an A record with the name "ns.example.org.". Under
default configurations, many DNS servers (e.g. BIND), will now include Tenant
B's A record within responses for several queries for "example.com.". Should
the recursive resolver used by the end-user not be configured to ignore
out-of-bailiwick responses, this potentially invalid A record for
"ns.example.org." will be injected into the resolvers cache, resulting in
a cache poisoning attack.
their zone pointing to "ns.example.org." Tenant B, the attacker in this
example, can now create the "example.org." zone within their tenant. Within
this zone, they can legitimately create an A record with the name
"ns.example.org.". Under default configurations, many DNS servers (e.g. BIND),
will now include Tenant B's A record within responses for several queries
for "example.com.". Should the recursive resolver used by the end-user not be
configured to ignore out-of-bailiwick responses, this potentially invalid
A record for "ns.example.org." will be injected into the resolvers cache,
resulting in a cache poisoning attack.
This is an "interesting variation" of DNS cache poisoning, because the poison
records are returned by the authoritative nameserver for a given zone, rather

View File

@ -37,7 +37,7 @@ Response:
.. code-block:: http
HTTP/1.1 200 OK
HTTP/1.1 200 OK
Content-Type: application/json; charset=UTF-8
X-Openstack-Request-Id: req-bfcd0723-624c-4ec2-bbd5-99e985efe8db
@ -46,7 +46,7 @@ Response:
"recordset_records": 20,
"zone_records": 500,
"zone_recordsets": 500,
"zones": 500
"zones": 500
}
Administrators with the ability to use the ``X-Auth-All-Projects`` header
@ -68,15 +68,15 @@ Zones
Recordsets/Records
^^^^^^^^^^^^^^^^^^
+------------------+-------------------------------------------------+---------+
| Quota | Description | Default |
+------------------+-------------------------------------------------+---------+
| zone_recordsets | Number of recordsets allowed per zone | 500 |
+------------------+-------------------------------------------------+---------+
| zone_records | Number of records allowed per zone | 500 |
+------------------+-------------------------------------------------+---------+
| recordset_records| Number of records allowed per recordset | 20 |
+------------------+-------------------------------------------------+---------+
+------------------+------------------------------------------+---------+
| Quota | Description | Default |
+------------------+------------------------------------------+---------+
| zone_recordsets | Number of recordsets allowed per zone | 500 |
+------------------+------------------------------------------+---------+
| zone_records | Number of records allowed per zone | 500 |
+------------------+------------------------------------------+---------+
| recordset_records| Number of records allowed per recordset | 20 |
+------------------+------------------------------------------+---------+
Zone Exports
@ -103,10 +103,10 @@ All of the quotas above can be set as a default for all users by editing the
########################
## General Configuration
########################
quota_zones = 500
quota_zone_recordsets = 500
quota_zone_records = 500
quota_recordset_records = 20
quota_zones = 500
quota_zone_recordsets = 500
quota_zone_records = 500
quota_recordset_records = 20
quota_api_export_size = 1000
Per-Tenant via API
@ -133,7 +133,7 @@ The response would be:
.. code-block:: http
HTTP/1.1 200 OK
HTTP/1.1 200 OK
Content-Type: application/json; charset=UTF-8
X-Openstack-Request-Id: req-bfcd0723-624c-4ec2-bbd5-99e985efe8db
@ -142,5 +142,5 @@ The response would be:
"recordset_records": 20,
"zone_records": 500,
"zone_recordsets": 500,
"zones": 100
}
"zones": 100
}

View File

@ -4,17 +4,25 @@ Troubleshooting
I have a broken zone
--------------------
A zone is considered broken when it is not receiving updates anymore. Its status can be "ERROR" if Designate detected the error condition or it can be stuck in "PENDING" for a long time.
A zone is considered broken when it is not receiving updates anymore.
Its status can be "ERROR" if Designate detected the error condition
or it can be stuck in "PENDING" for a long time.
Review the logs from the API, Central, Producer, Worker and MiniDNS.
Identify the transaction ID of the last successful change and the first failing change. Using the ID, you can filter logs from the Designate components that are related to the same transaction.
Look for log messages with ERROR level before and after the first failing update.
Identify the transaction ID of the last successful change and the first
failing change. Using the ID, you can filter logs from the Designate
components that are related to the same transaction.
Look for log messages with ERROR level before and after
the first failing update.
Failures in updating a zone are usually related to problems in Producer, Worker, MiniDNS or the database.
Failures in updating a zone are usually related to problems in Producer,
Worker, MiniDNS or the database.
Ensure the services are running and network connectivity is not impaired.
Transient network issues can be the cause of a broken zone. Producer and Worker are stateful services and perform attempts at restoring failing zones over time. Restarting the services will trigger new attempts.
Transient network issues can be the cause of a broken zone.
Producer and Worker are stateful services and perform attempts at restoring
failing zones over time. Restarting the services will trigger new attempts.
I have a broken pool
@ -23,7 +31,8 @@ I have a broken pool
I deleted a zone but it's still in the database
-----------------------------------------------
Deleted zones are flagged with "status" set to "DELETED" and "task" set to "NONE" once the deletion process terminates successfully.
Deleted zones are flagged with "status" set to "DELETED" and "task" set to
"NONE" once the deletion process terminates successfully.
What ports should be open?
--------------------------
@ -66,7 +75,8 @@ The default values are:
What network protocol are used?
-------------------------------
HTTP[S] by the API, RabbitMQ and the MySQL protocol by most components, DNS (resolution and XFR), ZooKeeper, Memcached.
HTTP[S] by the API, RabbitMQ and the MySQL protocol by most components,
DNS (resolution and XFR), ZooKeeper, Memcached.
What needs access to the Database?
----------------------------------
@ -91,7 +101,8 @@ API and Worker
How do I monitor Designate?
---------------------------
Designate can be monitored by various `monitoring systems listed here <https://wiki.openstack.org/wiki/Operations/Monitoring>`_
Designate can be monitored by various
`monitoring systems listed here <https://wiki.openstack.org/wiki/Operations/Monitoring>`_
OpenStack recommends `Monasca <https://wiki.openstack.org/wiki/Monasca>`_
@ -101,10 +112,13 @@ What are useful metrics to monitor?
* General host monitoring, i.e. CPU load, memory usage, disk and network I/O
* MySQL performance, errors and free disk space
* Number of zones in ACTIVE, PENDING and ERROR status
* API queries per second, broken down by "read" and "write" operation on zones, records, etc
* Zone change propagation time i.e. how long does it takes for a record update to reach the resolvers
* API queries per second, broken down by "read" and "write" operation on zones,
records, etc
* Zone change propagation time i.e. how long does it takes for a record update
to reach the resolvers
* Log messages containing having "ERROR" level
* Quotas utilization i.e. number of existing records/zones against the maximum allowed
* Quotas utilization i.e. number of existing records/zones against the
maximum allowed
* Memcached, RabbitMQ, ZooKeeper performance and errors

View File

@ -12,4 +12,4 @@ Contents:
kilo
mitaka
newton
ocata
ocata

View File

@ -25,13 +25,13 @@ We have updated how the config data for pools is now stored.
Previously there was a mix of content in the ``designate.conf`` file and in the
designate database.
We have moved all of the data to the database in Mitaka, to avoid confusion, and
avoid the massive complexity that exists in the config file.
We have moved all of the data to the database in Mitaka, to avoid confusion,
and avoid the massive complexity that exists in the config file.
.. warning:: This part of the upgrade **requires** downtime.
We have 2 new commands in the ``designate-manage`` utility that are able to assist
the migration.
We have 2 new commands in the ``designate-manage`` utility that are
able to assist the migration.
To make the config syntax simpler we have a new YAML based config file that is
used to load information into the database.
@ -51,12 +51,14 @@ export it to the new YAML format.
designate-manage pool generate_file --file output.yml
This will create a YAML file, with all the currently defined pools, and all of their config.
This will create a YAML file, with all the currently defined pools, and all
of their config.
We suggest this is then migrated into a config management system, or other document management system.
We suggest this is then migrated into a config management system,
or other document management system.
From this point on all updates to pools should be done by updating this file, and
running:
From this point on all updates to pools should be done by updating this file,
and running:
.. code-block:: console

View File

@ -27,9 +27,9 @@ configurations, as there is no breaking change from Mitaka.
Breaking Changes
----------------
The default port the ``designate-agent`` service listens on has changed from 53 to 5358.
This matches the port we have always used in the sample configuration, and the port used
in the agent backend class.
The default port the ``designate-agent`` service listens on has changed
from 53 to 5358. This matches the port we have always used in the sample
configuration, and the port used in the agent backend class.
Upgrading Code and Enabling Services
------------------------------------
@ -73,8 +73,10 @@ be followed. This assumes you have all Mitaka Designate services running.
[producer_task:worker_periodic_recovery]
#interval = 120
3. Stop the ``designate-pool-manager`` and ``designate-zone-manager`` processes.
4. Restart the ``designate-api``, ``designate-central`` and ``designate-mdns`` services.
3. Stop the ``designate-pool-manager`` and
``designate-zone-manager`` processes.
4. Restart the ``designate-api``, ``designate-central`` and
``designate-mdns`` services.
5. Start the ``designate-producer`` and ``designate-worker`` services.
@ -85,8 +87,8 @@ New Features
multiple host:port pairs via the new "listen" configuration arguments for
each service.
- New pool scheduler "attribute" filter for scheduling zones across pools.
This can be enabled in the ``[service:central]`` section of the config by adding
``attribute`` to the list of values in the ``filters`` option.
This can be enabled in the ``[service:central]`` section of the config by
adding ``attribute`` to the list of values in the ``filters`` option.
- An experimental agent backend to support TinyDNS, the DNS resolver from the
djbdns tools.
- An experimental agent backend to support Knot DNS 2
@ -102,8 +104,8 @@ Deprecation Notices
- ``designate-api``'s api_host and api_port configuration options have been
deprecated, please use the new combined "listen" argument in place of these.
- ``designate-mdns``'s host and port configuration options have been deprecated,
please use the new combined "listen" argument in place of these.
- ``designate-mdns``'s host and port configuration options have been
deprecated, please use the new combined "listen" argument in place of these.
- ``designate-agents``'s host and port configuration options have been
deprecated, please use the new combined "listen" argument in place of these.
- ``designate-zone-manager`` and ``designate-pool-manager`` are now deprecated

View File

@ -19,7 +19,11 @@
Architecture
============
Designate provides multi-tenant DNS as a Service. Designate provides a REST API, applies business logic, persists DNS data to a database, and orchestrates the propagation of the DNS data to configured pools of DNS servers. For a more detailed breakdown of responsibilities and components, see the components below.
Designate provides multi-tenant DNS as a Service. Designate provides
a REST API, applies business logic, persists DNS data to a database,
and orchestrates the propagation of the DNS data to configured pools
of DNS servers. For a more detailed breakdown of responsibilities
and components, see the components below.
.. index::
double: architecture; brief
@ -33,60 +37,108 @@ High Level Topology
Designate API
-----------------------
designate-api provides the standard OpenStack style REST API service, accepting HTTP requests, validating authentication tokens with Keystone and passing them to the :ref:`designate-central` service over AMQP. Multiple versions of the API can be hosted, as well as API extensions, allowing for pluggable extensions to the core API.
designate-api provides the standard OpenStack style REST API service,
accepting HTTP requests, validating authentication tokens with Keystone and
passing them to the :ref:`designate-central` service over AMQP.
Multiple versions of the API can be hosted, as well as API extensions,
allowing for pluggable extensions to the core API.
Although designate-api is capable of handling HTTPS traffic, it's typical to terminate HTTPS elsewhere, for example by placing nginx in front of designate-api or by letting the external facing load balancers terminate HTTPS.
Although designate-api is capable of handling HTTPS traffic,
it's typical to terminate HTTPS elsewhere, for example by placing nginx
in front of designate-api or by letting the external facing load balancers
terminate HTTPS.
.. _designate-central:
Designate Central
-----------------------
designate-central is the service that handles RPC requests via the MQ, it coordinates the persistent storage of data and applies business logic to data from the API. Storage is provided via plugins, typically SQLAlchemy, although MongoDB or other storage drivers should be possible.
designate-central is the service that handles RPC requests via the MQ,
it coordinates the persistent storage of data and applies business logic
to data from the API. Storage is provided via plugins, typically SQLAlchemy,
although MongoDB or other storage drivers should be possible.
.. _designate-mdns:
Designate MiniDNS
-----------------------
designate-mdns is the service that sends DNS NOTIFY and answers zone transfer (AXFR) requests. This allows Designate to integrate with any DNS server that supports these very standard methods of communicating. designate-mdns also encapsulates all other forms of DNS protocol that Designate performs. For example, sending SOA queries to check that a change is live.
designate-mdns is the service that sends DNS NOTIFY and answers
zone transfer (AXFR) requests. This allows Designate to integrate with
any DNS server that supports these very standard methods of communicating.
designate-mdns also encapsulates all other forms of DNS protocol
that Designate performs. For example, sending SOA queries to check
that a change is live.
.. _designate-worker:
Designate Worker
----------------
designate-worker is a service that manages state of the DNS servers Designate manages, and any other long-running or otherwise complicated piece of work. The worker reads configuration for DNS servers from the Designate database, which is populated via the pools.yaml file. These DNS server backends are loaded into the worker so it understands how to create, update, and delete zones and recordsets on each DNS server. The Worker is fully aware of DNS Server 'Pools', so a single worker process can manage many pools of DNS servers.
designate-worker is a service that manages state of the DNS servers
Designate manages, and any other long-running or otherwise complicated piece
of work. The worker reads configuration for DNS servers from
the Designate database, which is populated via the pools.yaml file.
These DNS server backends are loaded into the worker so it understands
how to create, update, and delete zones and recordsets on each DNS server.
The Worker is fully aware of DNS Server 'Pools',
so a single worker process can manage many pools of DNS servers.
.. _designate-producer:
Designate Producer
------------------
designate-producer is a service that handles the invocation of long-running and potentially large jobs. Producer processes start work for an automatically assigned shard of the zones Designate manages. Shards are allocated based on the first three characters of the zone ID (a UUID field). The number of shards under management of a single producer process is equal to the total number of shards divided by the number of producer processes. This means the more producer processes are started, the less work is created at any one time.
designate-producer is a service that handles the invocation of long-running
and potentially large jobs. Producer processes start work for an automatically
assigned shard of the zones Designate manages. Shards are allocated based on
the first three characters of the zone ID (a UUID field).
The number of shards under management of a single producer process is equal
to the total number of shards divided by the number of producer processes.
This means the more producer processes are started, the less work is created
at any one time.
The current implemented tasks in producer include emitting dns.zone.exists events for Ceilometer, purging deleted zones from database, polling secondary zones at their refresh intervals, generating delayed NOTIFY transactions, and invoking a periodic recovery of zones in an error state.
The current implemented tasks in producer include emitting dns.zone.exists
events for Ceilometer, purging deleted zones from database,
polling secondary zones at their refresh intervals, generating delayed
NOTIFY transactions, and invoking a periodic recovery of
zones in an error state.
.. _designate-sink:
Designate Sink
-----------------------
designate-sink is an optional service which listens for event :ref:`notifications`, such as compute.instance.create.end, handlers are available for Nova and Neutron. Notification events can then be used to trigger record creation & deletion.
designate-sink is an optional service which listens for event
:ref:`notifications`, such as compute.instance.create.end,
handlers are available for Nova and Neutron.
Notification events can then be used to trigger record creation & deletion.
The current sink implementations generate simple forward lookup A records, using a format specified in handler-nova configuration. Any field in the event notification can be used to generate a record.
The current sink implementations generate simple forward lookup A records,
using a format specified in handler-nova configuration.
Any field in the event notification can be used to generate a record.
.. _dns-backend:
DNS Backend
-----------------------
Backends are drivers for a particular DNS server.
Designate supports multiple backend implementations, PowerDNS, BIND, NSD, DynECT, you are also free to implement your own backend to fit your needs, as well as extensions to provide extra functionality to complement existing backends.
Designate supports multiple backend implementations, PowerDNS, BIND, NSD,
DynECT, you are also free to implement your own backend to fit your needs,
as well as extensions to provide extra functionality to complement
existing backends.
.. _message-queue:
Message Queue
-----------------------
Designate uses oslo.rpc for messaging between components, therefore it inherits a requirement for a supported messaging bus (such as RabbitMQ, Qpid or ZeroMQ). Typically this means a RabbitMQ setup is dedicated to Designate, but as only a single virtualhost is required for a normal installation, youre free to use other RabbitMQ instances as you see fit.
Designate uses oslo.rpc for messaging between components, therefore it
inherits a requirement for a supported messaging bus
(such as RabbitMQ, Qpid or ZeroMQ). Typically this means a RabbitMQ
setup is dedicated to Designate, but as only a single virtualhost
is required for a normal installation, youre free to use other
RabbitMQ instances as you see fit.
.. _database:
Database/Storage
-----------------------
Storage drivers are drivers for a particular SQL/NoSQL server. Designate needs a SQLAlchemy-supported storage engine for the persistent storage of data. The recommended driver is MySQL.
Storage drivers are drivers for a particular SQL/NoSQL server.
Designate needs a SQLAlchemy-supported storage engine for the persistent
storage of data. The recommended driver is MySQL.

View File

@ -24,16 +24,17 @@ The traffic between rndc and Bind is authenticated with a key.
Designate Configuration
-----------------------
Example configuration required for Bind9 operation. One section for each pool target
Example configuration required for Bind9 operation.
One section for each pool target
.. literalinclude:: sample_yaml_snippets/bind.yaml
:language: yaml
The key and config files are relative to the host running Pool Manager (and can
be different from the hosts running Bind)
The key and config files are relative to the host running Pool Manager
(and can be different from the hosts running Bind)
Then update the pools in designate - see :ref:`designate_manage_pool` for further details on
the ``designate-manage pool`` command
Then update the pools in designate - see :ref:`designate_manage_pool`
for further details on the ``designate-manage pool`` command
.. code-block:: console
@ -45,7 +46,8 @@ Bind9 Configuration
Ensure Bind can access the /etc/bind/rndc.conf and /etc/bind/rndc.key files and
receive rndc traffic from Pool Manager.
Enable rndc addzone/delzone functionality by editing named.conf.options or named.conf and add this line under options
Enable rndc addzone/delzone functionality by editing named.conf.options
or named.conf and add this line under options
.. code-block:: c

View File

@ -25,8 +25,9 @@ Djbdns User documentation
This page documents the Agent backend for `djbdns <https://cr.yp.to/djbdns.html>`_.
The agent runs on the same host as the `tinydns <https://cr.yp.to/djbdns/tinydns.html>`_ resolver.
It receives DNS messages from Mini DNS using private DNS OPCODEs and classes and creates or deletes
zones in the data.cdb file using `axfr-get <https://cr.yp.to/djbdns/axfr-get.html>`_ and
It receives DNS messages from Mini DNS using private DNS OPCODEs
and classes and creates or deletes zones in the data.cdb file using
`axfr-get <https://cr.yp.to/djbdns/axfr-get.html>`_ and
`tinydns-data <https://cr.yp.to/djbdns/tinydns-data.html>`_
Setting up Djbdns on Ubuntu Trusty
@ -79,7 +80,8 @@ If needed, create the rootwrap filters, as root:
sudo /usr/local/bin/designate-rootwrap /etc/designate/rootwrap.conf tcpclient -h
sudo /usr/local/bin/designate-rootwrap /etc/designate/rootwrap.conf axfr-get -h
Configure the "service.agent" and "backend.agent.djbdns" sections in /etc/designate/designate.conf
Configure the "service.agent" and "backend.agent.djbdns"
sections in /etc/designate/designate.conf
Look in designate.conf.example for examples.

View File

@ -24,7 +24,10 @@ User documentation
This page documents the Agent backend for `gdnsd <http://gdnsd.org/>`_.
The agent runs on the same host as the resolver. It receives DNS messages from Mini DNS using private DNS OPCODEs and classes and creates/updates/deletes zones on gdnsd using zone files under the gdnsd configuration directory.
The agent runs on the same host as the resolver. It receives DNS messages
from Mini DNS using private DNS OPCODEs and classes and
creates/updates/deletes zones on gdnsd using zone files under
the gdnsd configuration directory.
The backend supports gdnsd from version 2.0
@ -63,7 +66,8 @@ Assuming gdnsd has been freshly installed on the system, run as root:
# Test the daemon: it should respond with "gdnsd"
dig @127.0.0.1 CH TXT +short
Configure the "service.agent" and "backend.agent.gdnsd" sections in /etc/designate/designate.conf
Configure the "service.agent" and "backend.agent.gdnsd" sections
in /etc/designate/designate.conf
Look in designate.conf.example for more complete examples
@ -79,7 +83,8 @@ Look in designate.conf.example for more complete examples
#confdir_path = /etc/gdnsd
#query_destination = 127.0.0.1
Ensure that the "zones" directory under "confdir_path" (default /etc/gdnsd) is readable and writable by the system user running the Designate Agent
Ensure that the "zones" directory under "confdir_path" (default /etc/gdnsd)
is readable and writable by the system user running the Designate Agent
Create an agent pool:

View File

@ -78,8 +78,9 @@ DNS view will be chosen as follows:
* If found, then DNS view used will be <dns_view>.<network_view>, where
<dns_view> is the value specified in designate.conf, and <network_view> is
the name of the view found in the search.
* If no such network view is found, then a network view will be created with the
name <network_view>.<tenant_id>, where <network_view> is the value specified
in designate.conf. This network view will be tagged with the TenantID EA.
* If no such network view is found, then a network view will be created with
the name <network_view>.<tenant_id>, where <network_view> is the value
specified in designate.conf.
This network view will be tagged with the TenantID EA.
* If the DNS view does not exist (in either case above), then it will be
created.

View File

@ -24,8 +24,10 @@ Knot DNS 2 User documentation
This page documents the Agent backend for `Knot DNS <https://www.knot-dns.cz/>`_.
The agent runs on the same host as the resolver. It receives DNS messages from Mini DNS using private DNS OPCODEs and classes and creates or deletes zones on Knot using the knotc tool.
It also instructs Knot to request AXFR from MiniDNS when a zone is created or updated.
The agent runs on the same host as the resolver. It receives DNS messages from
Mini DNS using private DNS OPCODEs and classes and creates or deletes zones
on Knot using the knotc tool. It also instructs Knot to request AXFR
from MiniDNS when a zone is created or updated.
Support matrix:
@ -133,7 +135,8 @@ If needed, create a rootwrap filter, as root:
# Check the filter:
sudo /usr/local/bin/designate-rootwrap /etc/designate/rootwrap.conf knotc status
Configure the "service.agent" and "backend.agent.knot2" sections in /etc/designate/designate.conf
Configure the "service.agent" and "backend.agent.knot2" sections
in /etc/designate/designate.conf
Look in designate.conf.example for examples

View File

@ -58,12 +58,14 @@ and do a pip install. Example:
git clone https://github.com/openstack/designate
pip install .\\designate
After that, we need to configure the Designate Agent. Inside the github repository,
there is a folder named "etc/designate" which can be used as default configuration.
After that, we need to configure the Designate Agent.
Inside the github repository, there is a folder named "etc/designate"
which can be used as default configuration.
Copy the folder somewhere else, for this example we will copy it to C:\\etc\\designate
Inside the configuration folder, make a copy of designate.conf.sample and rename
the copy to designate.conf
Copy the folder somewhere else, for this example we will copy it to
C:\\etc\\designate
Inside the configuration folder, make a copy of designate.conf.sample
and rename the copy to designate.conf
Example:
.. code-block:: console
@ -89,7 +91,8 @@ Ensure that "policy_file" under the [default] section is set:
policy_file = C:\\etc\\designate\\policy.json
Start the designate agent using (Python 2.7 was installed in the default location C:\\Python27):
Start the designate agent using
(Python 2.7 was installed in the default location C:\\Python27):
.. code-block:: console

View File

@ -51,7 +51,8 @@ See `PowerDNS Docs`_ for details.
$ designate-manage pool update
See :ref:`designate_manage_pool` for further details on the ``designate-manage pool``
command, and :ref:`pools` for information about the yaml file syntax
See :ref:`designate_manage_pool` for further details on
the ``designate-manage pool`` command, and :ref:`pools`
for information about the yaml file syntax
.. _PowerDNS Docs: https://doc.powerdns.com/md/authoritative/installation/

View File

@ -60,8 +60,9 @@ You need to configure PowerDNS to use the MySQL backend.
$ designate-manage pool update
See :ref:`designate_manage_pool` for further details on the ``designate-manage pool``
command, and :ref:`pools` for information about the yaml file syntax
See :ref:`designate_manage_pool` for further details on
the ``designate-manage pool`` command, and :ref:`pools`
for information about the yaml file syntax
4. Setup the database schema.
@ -69,7 +70,9 @@ command, and :ref:`pools` for information about the yaml file syntax
$ designate-manage powerdns sync <pool_id>
See :ref:`designate_manage_powerdns` for further details on the ``designate-manage powerdns`` command
See :ref:`designate_manage_powerdns` for further details on
the ``designate-manage powerdns`` command
5. Restart PowerDNS and it should be ready to serve queries using the MySQL database as the backing store.
5. Restart PowerDNS and it should be ready to serve queries
using the MySQL database as the backing store.

View File

@ -9,22 +9,27 @@ Getting Involved
#openstack-dns
--------------
There is an active IRC channel at irc://freenode.net/#openstack-dns, where many of the designate contributors can be found, as
There is an active IRC channel at irc://freenode.net/#openstack-dns,
where many of the designate contributors can be found, as
well as users from various organisations.
Weekly meetings
---------------
There is a weekly irc meet. The agenda and other details are listed at
`Designate meetings wiki page`_. Currently the meeting is
held every Wednesday at 17:00 UTC on the IRC channel irc://freenode.net/#openstack-meeting-alt
held every Wednesday at 17:00 UTC on the IRC channel
irc://freenode.net/#openstack-meeting-alt
Contributing
------------
We welcome fixes, extensions, documentation, pretty much anything that helps improve Designate, contributing is easy & follows
the standard OpenStack `Gerrit workflow`_, if you're looking for something to do, you could always checkout the blueprint_ & bug_
We welcome fixes, extensions, documentation, pretty much anything that
helps improve Designate, contributing is easy & follows
the standard OpenStack `Gerrit workflow`_, if you're looking for
something to do, you could always checkout the blueprint_ & bug_
lists.
Assuming you've already got a working :ref:`Development Environment`, here's a quick summary:
Assuming you've already got a working :ref:`Development Environment`,
here's a quick summary:
Install the git-review package to make life easier
@ -70,10 +75,11 @@ follow this guidance, for example, there is currently no reserved IDN domain
name.
We prefer to use these names and IP blocks to avoid causing any unexpected
collateral damage to the rightful owners of the non-reserved names and IP space.
For example, publishing an email address in our codebase will more than likely
be picked up by spammers, while published URLs etc using non-reserved names or
IP space will likely trigger search indexers etc to begin crawling.
collateral damage to the rightful owners of the non-reserved names and
IP space. For example, publishing an email address in our codebase will
more than likely be picked up by spammers, while published URLs etc using
non-reserved names or IP space will likely trigger search indexers etc
to begin crawling.
Reserved Domains
~~~~~~~~~~~~~~~~
@ -156,7 +162,8 @@ Example:
`User documentation <backend.html>`_
When updating a module, please ensure that the related user documentation is updated as well.
When updating a module, please ensure that the related user documentation is
updated as well.
Docstrings
~~~~~~~~~~

View File

@ -1,4 +1,4 @@
Source Code Documentation
Source Code Documentation
-------------------------
.. toctree::
@ -12,4 +12,3 @@ Source Code Documentation
quota
sink
storage

View File

@ -2,9 +2,11 @@
DNS Server Driver Support Matrix
================================
This info should be maintained along with the list of current driver maintainers responsible for the “Non Integrated” backends.
This info should be maintained along with the list of current driver
maintainers responsible for the “Non Integrated” backends.
The upkeep of this list will fall on the PTL or his/her delegate.
Should a backends grade be in dispute, it falls on the current project PTL to make the final decision after listening to all sides concerns.
Should a backends grade be in dispute, it falls on the current project PTL
to make the final decision after listening to all sides concerns.
.. support_matrix::

View File

@ -17,19 +17,21 @@
Development Environment on Ubuntu
*********************************
Designate is comprised of four main components :ref:`designate-api`, :ref:`designate-central`,
designate-mdns, and designate-pool-manager, supported by a few
standard open source components. For more information see :ref:`architecture`.
Designate is comprised of four main components :ref:`designate-api`,
:ref:`designate-central`, designate-mdns, and designate-pool-manager,
supported by a few standard open source components.
For more information see :ref:`architecture`.
There are many different options for customizing Designate, and two of these options
have a major impact on the installation process:
There are many different options for customizing Designate, and two of
these options have a major impact on the installation process:
* The storage backend used (SQLite or MySQL)
* The DNS backend used (PowerDNS or BIND9)
This guide will walk you through setting up a typical development environment for Designate,
using BIND9 as the DNS backend and MySQL as the storage backend. For a more complete discussion on
installation & configuration options, please see :ref:`architecture`.
This guide will walk you through setting up a typical development environment
for Designate, using BIND9 as the DNS backend and MySQL as the storage
backend. For a more complete discussion on installation & configuration
options, please see :ref:`architecture`.
For this guide you will need access to an Ubuntu Server (16.04).
@ -92,7 +94,8 @@ Installing Designate
6. Change directories to the etc/designate folder.
.. note::
Everything from here on out should take place in or below your etc/designate folder
Everything from here on out should take place in or below your
etc/designate folder
::
@ -154,12 +157,15 @@ Install the MySQL server package
$ sudo apt install mysql-server
If you do not have MySQL previously installed, you will be prompted to change the root password.
By default, the MySQL root password for Designate is "password". You can:
If you do not have MySQL previously installed, you will be prompted to change
the root password. By default, the MySQL root password for Designate
is "password". You can:
* Change the root password to "password"
* If you want your own password, edit the designate.conf file and change any instance of
"mysql+pymysql://root:password@127.0.0.1/designate?charset=utf8" to "mysql+pymysql://root:YOUR_PASSWORD@127.0.0.1/designate?charset=utf8"
* If you want your own password, edit the designate.conf file and change
any instance of
"mysql+pymysql://root:password@127.0.0.1/designate?charset=utf8"
to "mysql+pymysql://root:YOUR_PASSWORD@127.0.0.1/designate?charset=utf8"
You can change your MySQL password anytime with the following command::
@ -293,7 +299,8 @@ Start the other Services
.. index::
double: install; services
Open up some new ssh windows and log in to your server (or open some new screen/tmux sessions).
Open up some new ssh windows and log in to your server
(or open some new screen/tmux sessions).
::
@ -314,7 +321,8 @@ Youll now be seeing the logs from the other services.
Exercising the API
==================
.. note:: If you have a firewall enabled, make sure to open port 53, as well as Designate's default port (9001).
.. note:: If you have a firewall enabled, make sure to open port 53,
as well as Designate's default port (9001).
Using a web browser, curl statement, or a REST client, calls can be made to the
Designate API. You can find the various API calls on the api-ref_ document.
@ -333,8 +341,8 @@ For example:
$ curl 127.0.0.1:9001/v2/zones
{"zones": [{"status": "ACTIVE",.....
The ``ACTIVE`` status shows that the zone propagated. So you should be able to perform a DNS query and
see it:
The ``ACTIVE`` status shows that the zone propagated. So you should be able to
perform a DNS query and see it:
::
@ -347,8 +355,10 @@ You can find the IP Address of your server by running
ip addr show eth0 | grep "inet\b" | awk '{print $2}' | cut -d/ -f1
If you have Keystone set up, you can use it by configuring the ``[keystone_authtoken]`` section and changing
the ``auth_strategy = keystone`` in the ``service:api`` section. This will make it easier to use clients
like the ``openstack`` CLI that expect Keystone.
If you have Keystone set up, you can use it by configuring
the ``[keystone_authtoken]`` section and changing
the ``auth_strategy = keystone`` in the ``service:api`` section.
This will make it easier to use clients like the ``openstack``
CLI that expect Keystone.
.. _api-ref: https://developer.openstack.org/api-ref/dns/

View File

@ -137,8 +137,8 @@ Install and configure components
# su -s /bin/sh -c "designate-manage database sync" designate
#. Start the designate central and API services and configure them to start when
the system boots:
#. Start the designate central and API services and configure them
to start when the system boots:
.. code-block:: console

View File

@ -137,8 +137,8 @@ Install and configure components
# su -s /bin/sh -c "designate-manage database sync" designate
#. Start the designate central and API services and configure them to start when
the system boots:
#. Start the designate central and API services and configure them
to start when the system boots:
.. code-block:: console

View File

@ -12,4 +12,4 @@ Contents:
rest
manage-ptr-records
secondary-zones
secondary-zones

View File

@ -52,11 +52,14 @@ HTTP Headers
These headers work for all APIs
* X-Designate-Edit-Managed-Records
- Allows admins (or users with the right role) to modify managed records (records created by designate-sink / reverse floating ip API)
- Allows admins (or users with the right role) to modify managed records
(records created by designate-sink / reverse floating ip API)
* X-Auth-All-Projects
- Allows admins (or users with the right role) to view and edit zones / recordsets for all tenants
- Allows admins (or users with the right role) to view and edit
zones / recordsets for all tenants
* X-Auth-Sudo-Tenant-ID / X-Auth-Sudo-Project-ID
- Allows admins (or users with the right role) to impersonate another tenant specified by this header
- Allows admins (or users with the right role) to impersonate another
tenant specified by this header
API Versions
============

View File

@ -11,10 +11,10 @@
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
License for the specific language governing permissions and limitations
under the License.
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions
and limitations under the License.
Quotas
======
@ -30,8 +30,8 @@ added to the designate.conf file under ``[service:api]`` section ::
enable_api_admin = True
enabled_extensions_admin = quotas
Once these lines have been added, restart the designate-central and designate-api
services.
Once these lines have been added, restart the designate-central
and designate-api services.
Get Quotas
----------

View File

@ -63,4 +63,4 @@ Ping a host on a RPC topic
}
:statuscode 200: Success
:statuscode 401: Access Denied
:statuscode 401: Access Denied

View File

@ -235,4 +235,4 @@ Report record counts
:form records: Records count
:statuscode 200: Success
:statuscode 401: Access Denied
:statuscode 401: Access Denied

View File

@ -109,4 +109,4 @@ Synchronize one record
Content-Type: application/json
:statuscode 200: Success
:statuscode 401: Access Denied
:statuscode 401: Access Denied

View File

@ -61,7 +61,9 @@ Skip this section if you have a master already to use.
Install
^^^^^^^
For some reason there's a bug with the nsd package so it doesn't create the user that it needs for the installation. So we'll create that before installing the package.
For some reason there's a bug with the nsd package so it doesn't create
the user that it needs for the installation.
So we'll create that before installing the package.
.. code-block:: bash
@ -80,7 +82,8 @@ Add the following to /etc/nsd/nsd.conf
.. note::
If you're wondering why we set notify to `192.168.27.100`:`5354` it's because MDNS runs on 5354 by default.
If you're wondering why we set notify to `192.168.27.100`:`5354`
it's because MDNS runs on 5354 by default.
.. code-block:: bash
@ -173,8 +176,8 @@ Creating the Zone
When you create a domain in Designate there are two possible initial actions:
- Domain is created but transfer fails if it's not available yet in master,
then typically the initial transfer will be done once the master sends first
NOTIFY.
then typically the initial transfer will be done once the master sends
first NOTIFY.
- Domain is created and transfers straight away.

View File

@ -3,6 +3,7 @@ Rally job related files
This directory contains rally tasks and plugins that are run by OpenStack CI.
Structure:
* designate-designate.yaml is rally task that will be run in gates

View File

@ -1,8 +1,9 @@
Rally plugins
=============
All *.py modules from this directory will auto loaded by Rally and all
All `*.py` modules from this directory will auto loaded by Rally and all
plugins will be discoverable. There is no need in any extra configuration
and there is no difference between writing them here and in rally code base.

View File

@ -3,4 +3,4 @@
==============================
.. release-notes::
:branch: origin/stable/liberty
:branch: origin/stable/liberty

View File

@ -2,4 +2,4 @@
Current Series Release Notes
==============================
.. release-notes::
.. release-notes::

View File

@ -22,3 +22,4 @@ bandit>=1.1.0 # Apache-2.0
os-api-ref>=1.4.0 # Apache-2.0
zake>=0.1.6 # Apache-2.0
openstackdocstheme>=1.17.0 # Apache-2.0
doc8>=0.6.0 # Apache-2.0

View File

@ -68,6 +68,8 @@ deps = -r{toxinidir}/test-requirements.txt
basepython = python2.7
commands = sh tools/pretty_flake8.sh
{[testenv:bandit]commands}
doc8 README.rst releasenotes/source doc/source rally-jobs \
devstack/README.rst contrib --ignore D000
[testenv:genconfig]
commands = oslo-config-generator --config-file=etc/designate/designate-config-generator.conf