Designate bind9 backend
Add bind9 backend for designate. It required worker and bind9 services for correct work. Change-Id: I79472fc80c1f48daaf64300f8a71ee50baa6ebd5
This commit is contained in:
parent
831a1b7f57
commit
822cb58246
|
@ -0,0 +1,13 @@
|
|||
FROM {{ image_spec("designate-base") }}
|
||||
MAINTAINER {{ maintainer }}
|
||||
|
||||
RUN apt-get update -y \
|
||||
&& apt-get install -y --no-install-recommends \
|
||||
--no-install-suggests \
|
||||
bind9
|
||||
|
||||
RUN mkdir -p /var/run/named /etc/bind \
|
||||
&& chmod 775 /var/run/named \
|
||||
&& chown root:bind /var/run/named
|
||||
|
||||
RUN apt-get clean
|
|
@ -12,5 +12,5 @@ RUN useradd --user-group -G microservices designate \
|
|||
&& sed -i 's|^exec_dirs.*|exec_dirs=/var/lib/microservices/venv/bin,/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin|g' /etc/designate/rootwrap.conf
|
||||
|
||||
COPY designate_sudoers /etc/sudoers.d/designate_sudoers
|
||||
RUN chmod 750 /etc/sudoers.d \
|
||||
RUN chmod 750 /etc/sudoers.d /etc/designate/rootwrap.d/ \
|
||||
&& chmod 440 /etc/sudoers.d/designate_sudoers
|
||||
|
|
|
@ -2,8 +2,11 @@ FROM {{ image_spec("designate-base") }}
|
|||
MAINTAINER {{ maintainer }}
|
||||
|
||||
#mysql-client only for provisioning need to be removed later
|
||||
RUN apt-get install -y --no-install-recommends \
|
||||
mysql-client \
|
||||
&& apt-get clean
|
||||
RUN apt-get update -y \
|
||||
&& apt-get install -y --no-install-recommends mysql-client bind9 \
|
||||
&& apt-get clean \
|
||||
&& mkdir -p /etc/bind \
|
||||
&& chown -R designate:designate /etc/bind
|
||||
|
||||
USER designate
|
||||
|
||||
|
|
|
@ -0,0 +1,8 @@
|
|||
FROM {{ image_spec("designate-base") }}
|
||||
MAINTAINER {{ maintainer }}
|
||||
|
||||
RUN apt-get update -y \
|
||||
&& apt-get install -y --no-install-recommends bind9 \
|
||||
&& apt-get clean \
|
||||
&& mkdir -p /etc/bind \
|
||||
&& chown -R designate:designate /etc/bind
|
|
@ -1,6 +1,11 @@
|
|||
dsl_version: 0.5.0
|
||||
service:
|
||||
name: designate-mdns
|
||||
ports:
|
||||
- {{ designate.bind_port }}
|
||||
- {{ designate.worker_port }}
|
||||
- {{ designate.mdns_port }}
|
||||
- {{ designate.rndc_port }}
|
||||
containers:
|
||||
- name: designate-mdns
|
||||
image: designate-mdns
|
||||
|
@ -10,8 +15,64 @@ service:
|
|||
files:
|
||||
- designate-conf
|
||||
command: designate-mdns --config-file /etc/designate/designate.conf
|
||||
|
||||
- name: designate-backend-bind9
|
||||
image: designate-backend-bind9
|
||||
daemon:
|
||||
files:
|
||||
- named-conf-options
|
||||
- rndc-conf
|
||||
- named-conf
|
||||
- rndc-key
|
||||
command: /usr/sbin/named -g -c /etc/bind/named.conf -u bind
|
||||
- name: designate-worker
|
||||
image: designate-worker
|
||||
pre:
|
||||
- name: designate-pool-update
|
||||
# {% if designate.backend == "bind9" %}
|
||||
dependencies:
|
||||
- designate-backend-bind9
|
||||
# {% endif %}
|
||||
files:
|
||||
# {% if designate.backend == "bind9" %}
|
||||
- bind9-pools
|
||||
# {% else %}
|
||||
- fake-pools
|
||||
# {% endif %}
|
||||
- designate-conf
|
||||
type: local
|
||||
command: designate-manage pool update --file /etc/designate/pools.yaml
|
||||
daemon:
|
||||
dependencies:
|
||||
- designate-api
|
||||
files:
|
||||
# {% if designate.backend == "bind9" %}
|
||||
- bind9-pools
|
||||
# {% else %}
|
||||
- fake-pools
|
||||
# {% endif %}
|
||||
- designate-conf
|
||||
- rndc-conf
|
||||
- rndc-key
|
||||
command: designate-worker --config-file /etc/designate/designate.conf
|
||||
files:
|
||||
rndc-conf:
|
||||
path: /etc/bind/rndc.conf
|
||||
content: rndc.conf.j2
|
||||
named-conf-options:
|
||||
path: /etc/bind/named.conf.options
|
||||
content: named.conf.options.j2
|
||||
named-conf:
|
||||
path: /etc/bind/named.conf
|
||||
content: named.conf.j2
|
||||
rndc-key:
|
||||
path: /etc/bind/rndc.key
|
||||
content: rndc.key.j2
|
||||
designate-conf:
|
||||
path: /etc/designate/designate.conf
|
||||
content: designate.conf.j2
|
||||
fake-pools:
|
||||
path: /etc/designate/pools.yaml
|
||||
content: pools.yaml.j2
|
||||
bind9-pools:
|
||||
path: /etc/designate/pools.yaml
|
||||
content: bind9-pools.yaml.j2
|
||||
|
|
|
@ -24,7 +24,7 @@ service:
|
|||
command: designate-manage pool update --file /etc/designate/pools.yaml
|
||||
- name: designate-pool-sync
|
||||
dependencies:
|
||||
- designate-pool-manager-db-create
|
||||
- designate-pool-update
|
||||
files:
|
||||
- designate-conf
|
||||
type: single
|
||||
|
@ -34,6 +34,8 @@ service:
|
|||
- designate-api
|
||||
files:
|
||||
- designate-conf
|
||||
- rndc-conf
|
||||
- rndc-key
|
||||
command: designate-pool-manager --config-file /etc/designate/designate.conf
|
||||
|
||||
files:
|
||||
|
@ -43,3 +45,12 @@ files:
|
|||
pools:
|
||||
path: /etc/designate/pools.yaml
|
||||
content: pools.yaml.j2
|
||||
named-conf:
|
||||
path: /etc/bind/named.conf.options
|
||||
content: named.conf.options.j2
|
||||
rndc-conf:
|
||||
path: /etc/bind/rndc.conf
|
||||
content: rndc.conf.j2
|
||||
rndc-key:
|
||||
path: /etc/bind/rndc.key
|
||||
content: rndc.key.j2
|
||||
|
|
|
@ -0,0 +1,27 @@
|
|||
---
|
||||
- name: default
|
||||
description: CCP BIND Pool
|
||||
attributes: {}
|
||||
|
||||
ns_records:
|
||||
- hostname: ns.ccp.org.
|
||||
priority: 1
|
||||
|
||||
nameservers:
|
||||
- host: {{ network_topology["private"]["address"] }}
|
||||
port: {{ designate.bind_port.cont }}
|
||||
|
||||
targets:
|
||||
- type: bind9
|
||||
description: BIND Instance
|
||||
|
||||
masters:
|
||||
- host: {{ network_topology["private"]["address"] }}
|
||||
port: {{ designate.mdns_port.cont }}
|
||||
|
||||
options:
|
||||
host: {{ network_topology["private"]["address"] }}
|
||||
port: {{ designate.bind_port.cont }}
|
||||
rndc_host: {{ network_topology["private"]["address"] }}
|
||||
rndc_port: {{ designate.rndc_port.cont }}
|
||||
rndc_key_file: /etc/bind/rndc.key
|
|
@ -3,13 +3,21 @@ configs:
|
|||
api_port:
|
||||
cont: 9001
|
||||
ingress: dns
|
||||
|
||||
debug: false
|
||||
mdns_port:
|
||||
cont: 5354
|
||||
rndc_port:
|
||||
cont: 953
|
||||
bind_port:
|
||||
cont: 53
|
||||
worker_port:
|
||||
cont: 5358
|
||||
debug: true
|
||||
notification:
|
||||
driver: noop
|
||||
topics:
|
||||
enabled: false
|
||||
names: changeme
|
||||
backend: bind9
|
||||
# options, allows to configure services particularly
|
||||
service:
|
||||
central:
|
||||
|
@ -36,6 +44,7 @@ configs:
|
|||
|
||||
secret_configs:
|
||||
designate:
|
||||
rndc_key_secret: fapwtRlIgYwYeQeyY3U1+Q==
|
||||
username: designate
|
||||
password: password
|
||||
db:
|
||||
|
|
|
@ -19,12 +19,12 @@ notification_topics = {{ designate.notification.topics.names }}
|
|||
|
||||
rabbit_userid = {{ rabbitmq.user }}
|
||||
rabbit_password = {{ rabbitmq.password }}
|
||||
rabbit_hosts = {{ address("rabbitmq", rabbitmq.port) }}
|
||||
rabbit_hosts = {{ address("rpc", rabbitmq.port) }}
|
||||
|
||||
[oslo_messaging_rabbit]
|
||||
rabbit_userid = {{ rabbitmq.user }}
|
||||
rabbit_password = {{ rabbitmq.password }}
|
||||
rabbit_hosts = {{ address("rabbitmq", rabbitmq.port) }}
|
||||
rabbit_hosts = {{ address("rpc", rabbitmq.port) }}
|
||||
|
||||
#--------------------
|
||||
# Keystone Middleware
|
||||
|
@ -55,6 +55,8 @@ enable_api_v1 = True
|
|||
enabled_extensions_v1 = diagnostics, quotas, reports, sync, touch
|
||||
enable_api_v2 = True
|
||||
enabled_extensions_v2 = quotas, reports
|
||||
enable_api_admin = True
|
||||
listen = {{ address("designate-api", designate.api_port) }}
|
||||
|
||||
#-------------
|
||||
# Sink Service
|
||||
|
@ -68,6 +70,7 @@ enabled_notification_handlers = nova_fixed, neutron_floatingip
|
|||
[service:mdns]
|
||||
workers = {{ designate.service.mdns.workers }}
|
||||
threads = {{ designate.service.mdns.threads }}
|
||||
all_tcp = True
|
||||
|
||||
#--------------
|
||||
# Agent Service
|
||||
|
@ -75,6 +78,10 @@ threads = {{ designate.service.mdns.threads }}
|
|||
[service:agent]
|
||||
workers = {{ designate.service.agent.workers }}
|
||||
|
||||
[service:worker]
|
||||
enabled = True
|
||||
notify = True
|
||||
|
||||
#---------------------
|
||||
# Zone Manager Service
|
||||
#---------------------
|
||||
|
@ -99,6 +106,9 @@ threads = {{ designate.service.pool_manager.threads }}
|
|||
{% if designate.pool is defined %}
|
||||
pool_id = {{ designate.pool.pool_id }}
|
||||
{%- endif %}
|
||||
periodic_sync_interval = 1800
|
||||
periodic_recovery_interval = 120
|
||||
|
||||
|
||||
###################################
|
||||
## Pool Manager Cache Configuration
|
||||
|
@ -139,4 +149,3 @@ notification_topics = notifications
|
|||
control_exchange = 'neutron'
|
||||
format = '%(hostname)s.%(domain)s'
|
||||
|
||||
|
||||
|
|
|
@ -0,0 +1,12 @@
|
|||
include "/etc/bind/named.conf.options";
|
||||
include "/etc/bind/named.conf.local";
|
||||
include "/etc/bind/named.conf.default-zones";
|
||||
include "/etc/bind/rndc.key";
|
||||
|
||||
controls {
|
||||
inet * port {{ designate.rndc_port.cont }}
|
||||
allow { any; } keys { "rndc-key"; };
|
||||
inet * port {{ designate.bind_port.cont }}
|
||||
allow { any; } keys { "rndc-key"; };
|
||||
};
|
||||
|
|
@ -0,0 +1,39 @@
|
|||
options {
|
||||
directory "/var/cache/bind";
|
||||
|
||||
// If there is a firewall between you and nameservers you want
|
||||
// to talk to, you may need to fix the firewall to allow multiple
|
||||
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
|
||||
|
||||
// If your ISP provided one or more IP addresses for stable
|
||||
// nameservers, you probably want to use them as forwarders.
|
||||
// Uncomment the following block, and insert the addresses replacing
|
||||
// the all-0's placeholder.
|
||||
|
||||
// forwarders {
|
||||
// 0.0.0.0;
|
||||
// };
|
||||
|
||||
//========================================================================
|
||||
// If BIND logs error messages about the root key being expired,
|
||||
// you will need to update your keys. See https://www.isc.org/bind-keys
|
||||
//========================================================================
|
||||
dnssec-validation yes;
|
||||
dnssec-enable yes;
|
||||
auth-nxdomain no; # conform to RFC1035
|
||||
allow-new-zones yes;
|
||||
request-ixfr no;
|
||||
recursion no;
|
||||
query-source address * port {{ designate.bind_port.cont }};
|
||||
listen-on { any; };
|
||||
listen-on-v6 { ipv-6-address; };
|
||||
allow-query {
|
||||
any;
|
||||
10.233.0.0/16;
|
||||
};
|
||||
allow-notify {
|
||||
any;
|
||||
10.233.0.0/16;
|
||||
};
|
||||
};
|
||||
|
|
@ -0,0 +1,8 @@
|
|||
include "/etc/bind/rndc.key";
|
||||
|
||||
options {
|
||||
default-key "rndc-key";
|
||||
default-server {{ network_topology["private"]["address"] }};
|
||||
default-port {{ designate.rndc_port.cont }};
|
||||
};
|
||||
|
|
@ -0,0 +1,4 @@
|
|||
key "rndc-key" {
|
||||
algorithm hmac-md5;
|
||||
secret "{{ designate.rndc_key_secret }}";
|
||||
};
|
Loading…
Reference in New Issue