summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPeter Razumovsky <prazumovsky@mirantis.com>2017-03-07 12:27:39 +0000
committerPeter Razumovsky <prazumovsky@mirantis.com>2017-03-21 09:20:48 +0000
commit822cb58246042dbb9054468d593dc7f34076985e (patch)
tree28c70f86229fb38bae48f684ceb89c37214651ff
parent831a1b7f5725f6ab8232a5f5817021e05add0e12 (diff)
Designate bind9 backend
Add bind9 backend for designate. It required worker and bind9 services for correct work. Change-Id: I79472fc80c1f48daaf64300f8a71ee50baa6ebd5
Notes
Notes (review): Code-Review+2: Andrey Pavlov <apavlov@mirantis.com> Code-Review+2: Proskurin Kirill <kproskurin@mirantis.com> Workflow+1: Proskurin Kirill <kproskurin@mirantis.com> Verified+2: Jenkins Submitted-by: Jenkins Submitted-at: Tue, 21 Mar 2017 10:44:40 +0000 Reviewed-on: https://review.openstack.org/442421 Project: openstack/fuel-ccp-designate Branch: refs/heads/master
-rw-r--r--docker/designate-backend-bind9/Dockerfile.j213
-rw-r--r--docker/designate-base/Dockerfile.j22
-rw-r--r--docker/designate-pool-manager/Dockerfile.j29
-rw-r--r--docker/designate-worker/Dockerfile.j28
-rw-r--r--service/designate-mdns.yaml63
-rw-r--r--service/designate-pool-manager.yaml13
-rw-r--r--service/files/bind9-pools.yaml.j227
-rw-r--r--service/files/defaults.yaml13
-rw-r--r--service/files/designate.conf.j215
-rw-r--r--service/files/named.conf.j212
-rw-r--r--service/files/named.conf.options.j239
-rw-r--r--service/files/rndc.conf.j28
-rw-r--r--service/files/rndc.key.j24
13 files changed, 215 insertions, 11 deletions
diff --git a/docker/designate-backend-bind9/Dockerfile.j2 b/docker/designate-backend-bind9/Dockerfile.j2
new file mode 100644
index 0000000..c743614
--- /dev/null
+++ b/docker/designate-backend-bind9/Dockerfile.j2
@@ -0,0 +1,13 @@
1FROM {{ image_spec("designate-base") }}
2MAINTAINER {{ maintainer }}
3
4RUN apt-get update -y \
5 && apt-get install -y --no-install-recommends \
6 --no-install-suggests \
7 bind9
8
9RUN mkdir -p /var/run/named /etc/bind \
10 && chmod 775 /var/run/named \
11 && chown root:bind /var/run/named
12
13RUN apt-get clean
diff --git a/docker/designate-base/Dockerfile.j2 b/docker/designate-base/Dockerfile.j2
index f6b8025..7e593dd 100644
--- a/docker/designate-base/Dockerfile.j2
+++ b/docker/designate-base/Dockerfile.j2
@@ -12,5 +12,5 @@ RUN useradd --user-group -G microservices designate \
12 && sed -i 's|^exec_dirs.*|exec_dirs=/var/lib/microservices/venv/bin,/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin|g' /etc/designate/rootwrap.conf 12 && sed -i 's|^exec_dirs.*|exec_dirs=/var/lib/microservices/venv/bin,/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin|g' /etc/designate/rootwrap.conf
13 13
14COPY designate_sudoers /etc/sudoers.d/designate_sudoers 14COPY designate_sudoers /etc/sudoers.d/designate_sudoers
15RUN chmod 750 /etc/sudoers.d \ 15RUN chmod 750 /etc/sudoers.d /etc/designate/rootwrap.d/ \
16 && chmod 440 /etc/sudoers.d/designate_sudoers 16 && chmod 440 /etc/sudoers.d/designate_sudoers
diff --git a/docker/designate-pool-manager/Dockerfile.j2 b/docker/designate-pool-manager/Dockerfile.j2
index 150f9f9..09b4fa4 100644
--- a/docker/designate-pool-manager/Dockerfile.j2
+++ b/docker/designate-pool-manager/Dockerfile.j2
@@ -2,8 +2,11 @@ FROM {{ image_spec("designate-base") }}
2MAINTAINER {{ maintainer }} 2MAINTAINER {{ maintainer }}
3 3
4#mysql-client only for provisioning need to be removed later 4#mysql-client only for provisioning need to be removed later
5RUN apt-get install -y --no-install-recommends \ 5RUN apt-get update -y \
6 mysql-client \ 6 && apt-get install -y --no-install-recommends mysql-client bind9 \
7 && apt-get clean 7 && apt-get clean \
8 && mkdir -p /etc/bind \
9 && chown -R designate:designate /etc/bind
8 10
9USER designate 11USER designate
12
diff --git a/docker/designate-worker/Dockerfile.j2 b/docker/designate-worker/Dockerfile.j2
new file mode 100644
index 0000000..1493962
--- /dev/null
+++ b/docker/designate-worker/Dockerfile.j2
@@ -0,0 +1,8 @@
1FROM {{ image_spec("designate-base") }}
2MAINTAINER {{ maintainer }}
3
4RUN apt-get update -y \
5 && apt-get install -y --no-install-recommends bind9 \
6 && apt-get clean \
7 && mkdir -p /etc/bind \
8 && chown -R designate:designate /etc/bind
diff --git a/service/designate-mdns.yaml b/service/designate-mdns.yaml
index 063739a..0b275e2 100644
--- a/service/designate-mdns.yaml
+++ b/service/designate-mdns.yaml
@@ -1,6 +1,11 @@
1dsl_version: 0.5.0 1dsl_version: 0.5.0
2service: 2service:
3 name: designate-mdns 3 name: designate-mdns
4 ports:
5 - {{ designate.bind_port }}
6 - {{ designate.worker_port }}
7 - {{ designate.mdns_port }}
8 - {{ designate.rndc_port }}
4 containers: 9 containers:
5 - name: designate-mdns 10 - name: designate-mdns
6 image: designate-mdns 11 image: designate-mdns
@@ -10,8 +15,64 @@ service:
10 files: 15 files:
11 - designate-conf 16 - designate-conf
12 command: designate-mdns --config-file /etc/designate/designate.conf 17 command: designate-mdns --config-file /etc/designate/designate.conf
13 18 - name: designate-backend-bind9
19 image: designate-backend-bind9
20 daemon:
21 files:
22 - named-conf-options
23 - rndc-conf
24 - named-conf
25 - rndc-key
26 command: /usr/sbin/named -g -c /etc/bind/named.conf -u bind
27 - name: designate-worker
28 image: designate-worker
29 pre:
30 - name: designate-pool-update
31 # {% if designate.backend == "bind9" %}
32 dependencies:
33 - designate-backend-bind9
34 # {% endif %}
35 files:
36 # {% if designate.backend == "bind9" %}
37 - bind9-pools
38 # {% else %}
39 - fake-pools
40 # {% endif %}
41 - designate-conf
42 type: local
43 command: designate-manage pool update --file /etc/designate/pools.yaml
44 daemon:
45 dependencies:
46 - designate-api
47 files:
48 # {% if designate.backend == "bind9" %}
49 - bind9-pools
50 # {% else %}
51 - fake-pools
52 # {% endif %}
53 - designate-conf
54 - rndc-conf
55 - rndc-key
56 command: designate-worker --config-file /etc/designate/designate.conf
14files: 57files:
58 rndc-conf:
59 path: /etc/bind/rndc.conf
60 content: rndc.conf.j2
61 named-conf-options:
62 path: /etc/bind/named.conf.options
63 content: named.conf.options.j2
64 named-conf:
65 path: /etc/bind/named.conf
66 content: named.conf.j2
67 rndc-key:
68 path: /etc/bind/rndc.key
69 content: rndc.key.j2
15 designate-conf: 70 designate-conf:
16 path: /etc/designate/designate.conf 71 path: /etc/designate/designate.conf
17 content: designate.conf.j2 72 content: designate.conf.j2
73 fake-pools:
74 path: /etc/designate/pools.yaml
75 content: pools.yaml.j2
76 bind9-pools:
77 path: /etc/designate/pools.yaml
78 content: bind9-pools.yaml.j2
diff --git a/service/designate-pool-manager.yaml b/service/designate-pool-manager.yaml
index bffd34a..52e657d 100644
--- a/service/designate-pool-manager.yaml
+++ b/service/designate-pool-manager.yaml
@@ -24,7 +24,7 @@ service:
24 command: designate-manage pool update --file /etc/designate/pools.yaml 24 command: designate-manage pool update --file /etc/designate/pools.yaml
25 - name: designate-pool-sync 25 - name: designate-pool-sync
26 dependencies: 26 dependencies:
27 - designate-pool-manager-db-create 27 - designate-pool-update
28 files: 28 files:
29 - designate-conf 29 - designate-conf
30 type: single 30 type: single
@@ -34,6 +34,8 @@ service:
34 - designate-api 34 - designate-api
35 files: 35 files:
36 - designate-conf 36 - designate-conf
37 - rndc-conf
38 - rndc-key
37 command: designate-pool-manager --config-file /etc/designate/designate.conf 39 command: designate-pool-manager --config-file /etc/designate/designate.conf
38 40
39files: 41files:
@@ -43,3 +45,12 @@ files:
43 pools: 45 pools:
44 path: /etc/designate/pools.yaml 46 path: /etc/designate/pools.yaml
45 content: pools.yaml.j2 47 content: pools.yaml.j2
48 named-conf:
49 path: /etc/bind/named.conf.options
50 content: named.conf.options.j2
51 rndc-conf:
52 path: /etc/bind/rndc.conf
53 content: rndc.conf.j2
54 rndc-key:
55 path: /etc/bind/rndc.key
56 content: rndc.key.j2
diff --git a/service/files/bind9-pools.yaml.j2 b/service/files/bind9-pools.yaml.j2
new file mode 100644
index 0000000..4f54280
--- /dev/null
+++ b/service/files/bind9-pools.yaml.j2
@@ -0,0 +1,27 @@
1---
2- name: default
3 description: CCP BIND Pool
4 attributes: {}
5
6 ns_records:
7 - hostname: ns.ccp.org.
8 priority: 1
9
10 nameservers:
11 - host: {{ network_topology["private"]["address"] }}
12 port: {{ designate.bind_port.cont }}
13
14 targets:
15 - type: bind9
16 description: BIND Instance
17
18 masters:
19 - host: {{ network_topology["private"]["address"] }}
20 port: {{ designate.mdns_port.cont }}
21
22 options:
23 host: {{ network_topology["private"]["address"] }}
24 port: {{ designate.bind_port.cont }}
25 rndc_host: {{ network_topology["private"]["address"] }}
26 rndc_port: {{ designate.rndc_port.cont }}
27 rndc_key_file: /etc/bind/rndc.key
diff --git a/service/files/defaults.yaml b/service/files/defaults.yaml
index 3f13db9..faa8f9f 100644
--- a/service/files/defaults.yaml
+++ b/service/files/defaults.yaml
@@ -3,13 +3,21 @@ configs:
3 api_port: 3 api_port:
4 cont: 9001 4 cont: 9001
5 ingress: dns 5 ingress: dns
6 6 mdns_port:
7 debug: false 7 cont: 5354
8 rndc_port:
9 cont: 953
10 bind_port:
11 cont: 53
12 worker_port:
13 cont: 5358
14 debug: true
8 notification: 15 notification:
9 driver: noop 16 driver: noop
10 topics: 17 topics:
11 enabled: false 18 enabled: false
12 names: changeme 19 names: changeme
20 backend: bind9
13 # options, allows to configure services particularly 21 # options, allows to configure services particularly
14 service: 22 service:
15 central: 23 central:
@@ -36,6 +44,7 @@ configs:
36 44
37secret_configs: 45secret_configs:
38 designate: 46 designate:
47 rndc_key_secret: fapwtRlIgYwYeQeyY3U1+Q==
39 username: designate 48 username: designate
40 password: password 49 password: password
41 db: 50 db:
diff --git a/service/files/designate.conf.j2 b/service/files/designate.conf.j2
index 0454033..c9e364c 100644
--- a/service/files/designate.conf.j2
+++ b/service/files/designate.conf.j2
@@ -19,12 +19,12 @@ notification_topics = {{ designate.notification.topics.names }}
19 19
20rabbit_userid = {{ rabbitmq.user }} 20rabbit_userid = {{ rabbitmq.user }}
21rabbit_password = {{ rabbitmq.password }} 21rabbit_password = {{ rabbitmq.password }}
22rabbit_hosts = {{ address("rabbitmq", rabbitmq.port) }} 22rabbit_hosts = {{ address("rpc", rabbitmq.port) }}
23 23
24[oslo_messaging_rabbit] 24[oslo_messaging_rabbit]
25rabbit_userid = {{ rabbitmq.user }} 25rabbit_userid = {{ rabbitmq.user }}
26rabbit_password = {{ rabbitmq.password }} 26rabbit_password = {{ rabbitmq.password }}
27rabbit_hosts = {{ address("rabbitmq", rabbitmq.port) }} 27rabbit_hosts = {{ address("rpc", rabbitmq.port) }}
28 28
29#-------------------- 29#--------------------
30# Keystone Middleware 30# Keystone Middleware
@@ -55,6 +55,8 @@ enable_api_v1 = True
55enabled_extensions_v1 = diagnostics, quotas, reports, sync, touch 55enabled_extensions_v1 = diagnostics, quotas, reports, sync, touch
56enable_api_v2 = True 56enable_api_v2 = True
57enabled_extensions_v2 = quotas, reports 57enabled_extensions_v2 = quotas, reports
58enable_api_admin = True
59listen = {{ address("designate-api", designate.api_port) }}
58 60
59#------------- 61#-------------
60# Sink Service 62# Sink Service
@@ -68,6 +70,7 @@ enabled_notification_handlers = nova_fixed, neutron_floatingip
68[service:mdns] 70[service:mdns]
69workers = {{ designate.service.mdns.workers }} 71workers = {{ designate.service.mdns.workers }}
70threads = {{ designate.service.mdns.threads }} 72threads = {{ designate.service.mdns.threads }}
73all_tcp = True
71 74
72#-------------- 75#--------------
73# Agent Service 76# Agent Service
@@ -75,6 +78,10 @@ threads = {{ designate.service.mdns.threads }}
75[service:agent] 78[service:agent]
76workers = {{ designate.service.agent.workers }} 79workers = {{ designate.service.agent.workers }}
77 80
81[service:worker]
82enabled = True
83notify = True
84
78#--------------------- 85#---------------------
79# Zone Manager Service 86# Zone Manager Service
80#--------------------- 87#---------------------
@@ -99,6 +106,9 @@ threads = {{ designate.service.pool_manager.threads }}
99{% if designate.pool is defined %} 106{% if designate.pool is defined %}
100pool_id = {{ designate.pool.pool_id }} 107pool_id = {{ designate.pool.pool_id }}
101{%- endif %} 108{%- endif %}
109periodic_sync_interval = 1800
110periodic_recovery_interval = 120
111
102 112
103################################### 113###################################
104## Pool Manager Cache Configuration 114## Pool Manager Cache Configuration
@@ -139,4 +149,3 @@ notification_topics = notifications
139control_exchange = 'neutron' 149control_exchange = 'neutron'
140format = '%(hostname)s.%(domain)s' 150format = '%(hostname)s.%(domain)s'
141 151
142
diff --git a/service/files/named.conf.j2 b/service/files/named.conf.j2
new file mode 100644
index 0000000..e86169a
--- /dev/null
+++ b/service/files/named.conf.j2
@@ -0,0 +1,12 @@
1include "/etc/bind/named.conf.options";
2include "/etc/bind/named.conf.local";
3include "/etc/bind/named.conf.default-zones";
4include "/etc/bind/rndc.key";
5
6controls {
7 inet * port {{ designate.rndc_port.cont }}
8 allow { any; } keys { "rndc-key"; };
9 inet * port {{ designate.bind_port.cont }}
10 allow { any; } keys { "rndc-key"; };
11};
12
diff --git a/service/files/named.conf.options.j2 b/service/files/named.conf.options.j2
new file mode 100644
index 0000000..21c8995
--- /dev/null
+++ b/service/files/named.conf.options.j2
@@ -0,0 +1,39 @@
1options {
2 directory "/var/cache/bind";
3
4 // If there is a firewall between you and nameservers you want
5 // to talk to, you may need to fix the firewall to allow multiple
6 // ports to talk. See http://www.kb.cert.org/vuls/id/800113
7
8 // If your ISP provided one or more IP addresses for stable
9 // nameservers, you probably want to use them as forwarders.
10 // Uncomment the following block, and insert the addresses replacing
11 // the all-0's placeholder.
12
13 // forwarders {
14 // 0.0.0.0;
15 // };
16
17 //========================================================================
18 // If BIND logs error messages about the root key being expired,
19 // you will need to update your keys. See https://www.isc.org/bind-keys
20 //========================================================================
21 dnssec-validation yes;
22 dnssec-enable yes;
23 auth-nxdomain no; # conform to RFC1035
24 allow-new-zones yes;
25 request-ixfr no;
26 recursion no;
27 query-source address * port {{ designate.bind_port.cont }};
28 listen-on { any; };
29 listen-on-v6 { ipv-6-address; };
30 allow-query {
31 any;
32 10.233.0.0/16;
33 };
34 allow-notify {
35 any;
36 10.233.0.0/16;
37 };
38};
39
diff --git a/service/files/rndc.conf.j2 b/service/files/rndc.conf.j2
new file mode 100644
index 0000000..da3fd01
--- /dev/null
+++ b/service/files/rndc.conf.j2
@@ -0,0 +1,8 @@
1include "/etc/bind/rndc.key";
2
3options {
4 default-key "rndc-key";
5 default-server {{ network_topology["private"]["address"] }};
6 default-port {{ designate.rndc_port.cont }};
7};
8
diff --git a/service/files/rndc.key.j2 b/service/files/rndc.key.j2
new file mode 100644
index 0000000..a598ae1
--- /dev/null
+++ b/service/files/rndc.key.j2
@@ -0,0 +1,4 @@
1key "rndc-key" {
2 algorithm hmac-md5;
3 secret "{{ designate.rndc_key_secret }}";
4};