commit 2ee603dabe632273d0e68b9ce0ca1720a3b6143c Author: Jens Harbott Date: Mon Aug 28 09:40:32 2017 +0000 Initial commit diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..d7ee44a --- /dev/null +++ b/.gitignore @@ -0,0 +1,9 @@ +.bundle/ +berks-cookbooks/ +.kitchen +.vagrant +.coverage/ +*.swp +Berksfile.lock +Vagrantfile +Gemfile.lock diff --git a/.rubocop.yml b/.rubocop.yml new file mode 100644 index 0000000..5e0be9f --- /dev/null +++ b/.rubocop.yml @@ -0,0 +1,30 @@ +inherit_from: .rubocop_todo.yml + +AllCops: + Include: + - metadata.rb + - Gemfile + - attributes/** + - libraries/** + - providers/** + - recipes/** + - resources/** + - spec/** + Exclude: + - .cookbooks/**/* + - berks-cookbooks/**/* + - .bundle/**/* + +Encoding: + Exclude: + - metadata.rb + - Gemfile + +NumericLiterals: + Enabled: false + +LineLength: + Enabled: false + +WordArray: + MinSize: 3 diff --git a/.rubocop_todo.yml b/.rubocop_todo.yml new file mode 100644 index 0000000..0941ce7 --- /dev/null +++ b/.rubocop_todo.yml @@ -0,0 +1,11 @@ +# This configuration was generated by `rubocop --auto-gen-config` +# on 2015-05-29 12:11:07 -0500 using RuboCop version 0.29.1. +# The point is for the user to remove these configuration records +# one by one as the offenses are removed from the code base. +# Note that changes in the inspected code, or installation of new +# versions of RuboCop, may require this file to be generated again. + +# Offense count: 3 +# Configuration parameters: EnforcedStyle, SupportedStyles. +Style/ClassAndModuleChildren: + Enabled: false diff --git a/Berksfile b/Berksfile new file mode 100644 index 0000000..df0fd44 --- /dev/null +++ b/Berksfile @@ -0,0 +1,11 @@ +source "https://supermarket.chef.io" + +metadata + +cookbook "openstack-identity", + github: "openstack/cookbook-openstack-identity" +cookbook "openstack-common", + github: "openstack/cookbook-openstack-common" +cookbook "openstackclient", + github: "cloudbau/cookbook-openstackclient" + diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 0000000..7658369 --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1,36 @@ +Contributing +============ + +How To Get Started +------------------ + +If you would like to contribute to the development of OpenStack Chef Cookbooks, +you must follow the steps in this page: + + https://docs.openstack.org/infra/manual/developers.html + +Gerrit Workflow +--------------- + +Once those steps have been completed, changes to OpenStack +should be submitted for review via the Gerrit tool, following +the workflow documented at: + + https://docs.openstack.org/infra/manual/developers.html#development-workflow + +Pull requests submitted through GitHub will be ignored. + +Bugs +---- + +Bugs should be filed on Launchpad, not GitHub: + + https://bugs.launchpad.net/openstack-chef + +Contacts +-------- + +Mailing list: openstack-dev@lists.openstack.org +IRC: #openstack-chef is our channel on irc.freenode.net +Wiki: https://wiki.openstack.org/wiki/Chef/GettingStarted and https://docs.getchef.com/openstack.html +Twitter: @chefopenstack diff --git a/README.md b/README.md new file mode 100644 index 0000000..69a6fa5 --- /dev/null +++ b/README.md @@ -0,0 +1,79 @@ +![Chef OpenStack Logo](https://www.openstack.org/themes/openstack/images/project-mascots/Chef%20OpenStack/OpenStack_Project_Chef_horizontal.png) + +Description +=========== + +This cookbook installs the OpenStack DNS service **Designate** as part of an +OpenStack reference deployment Chef for OpenStack. + +https://docs.openstack.org/designate + +Requirements +============ + +- Chef 12 or higher +- chefdk 0.9.0 or higher for testing (also includes berkshelf for cookbook + dependency resolution) + +Platform +======== + +- ubuntu +- redhat +- centos + +Cookbooks +========= + +The following cookbooks are dependencies: + +- 'openstack-common', '>= 16.0.0' +- 'openstack-identity', '>= 16.0.0' +- 'openstackclient', '>= 0.1.0' + +Attributes +========== + +Please see the extensive inline documentation in `attributes/*.rb` for +descriptions of all the settable attributes for this cookbook. + +Note that all attributes are in the `default['openstack']` "namespace" + +The usage of attributes to generate the designate.conf is described in the +openstack-common cookbook. + +Recipes +======= + +## openstack-dns::api +- Configure and start designate-api service + +## openstack-dns::client +- Install the designate client package + +## openstack-dns::common +- Installs the designate packages and setup configuration for Designate. + +## openstack-dns::identity_registration +- Registers the Designate API endpoint, designate service and user + +License and Author +================== + +| | | +|:---------------------|:---------------------------------------------------| +| **Author** | Dr. Jens Harbott () | +| | | +| **Copyright** | Copyright (c) 2017, x-ion GmbH. | + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + https://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/Rakefile b/Rakefile new file mode 100644 index 0000000..676e7d4 --- /dev/null +++ b/Rakefile @@ -0,0 +1,40 @@ +task default: ["test"] + +task :test => [:lint, :style, :unit] + +desc "Vendor the cookbooks in the Berksfile" +task :berks_prep do + sh %{chef exec berks vendor} +end + +desc "Run FoodCritic (lint) tests" +task :lint do + sh %{chef exec foodcritic --epic-fail any --tags ~FC003 --tags ~FC023 .} +end + +desc "Run RuboCop (style) tests" +task :style do + sh %{chef exec rubocop} +end + +desc "Run RSpec (unit) tests" +task :unit => :berks_prep do + sh %{chef exec rspec --format documentation} +end + +desc "Remove the berks-cookbooks directory and the Berksfile.lock" +task :clean do + rm_rf [ + 'berks-cookbooks', + 'Berksfile.lock' + ] +end + +desc "All-in-One Neutron build Infra using Common task" +task :integration do + # Use the common integration task + sh %(wget -nv -t 3 -O Rakefile-Common https://raw.githubusercontent.com/openstack/cookbook-openstack-common/master/Rakefile) + load './Rakefile-Common' + Rake::Task["common_integration"].invoke +end + diff --git a/TESTING.md b/TESTING.md new file mode 100644 index 0000000..328cc4b --- /dev/null +++ b/TESTING.md @@ -0,0 +1,31 @@ +# Testing the Cookbook # + +This cookbook uses [chefdk](https://downloads.chef.io/chef-dk/) and [berkshelf](https://berkshelf.com/) to isolate dependencies. Make sure you have chefdk and the header files for `gecode` installed before continuing. Make sure that you're using gecode version 3. More info [here](https://github.com/opscode/dep-selector-libgecode/tree/0bad63fea305ede624c58506423ced697dd2545e#using-a-system-gecode-instead). For more detailed information on what needs to be installed, you can have a quick look into the bootstrap.sh file in this repository, which does install all the needed things to get going on ubuntu trusty. The tests defined in the Rakefile include lint, style and unit. For integration testing please refere to the [openstack-chef-repo](https://github.com/openstack/openstack-chef-repo). + +We have three test suites which you can run either, individually (there are three rake tasks): + + $ chef exec rake lint + $ chef exec rake style + $ chef exec rake unit + +or altogether: + + $ chef exec rake + +The `rake` tasks will take care of installing the needed cookbooks with `berkshelf`. + +## Rubocop ## + +[Rubocop](https://github.com/bbatsov/rubocop) is a static Ruby code analyzer, based on the community [Ruby style guide](https://github.com/bbatsov/ruby-style-guide). We are attempting to adhere to this where applicable, slowly cleaning up the cookbooks until we can turn on Rubocop for gating the commits. + +## Foodcritic ## + +[Foodcritic](https://acrmp.github.io/foodcritic/) is a lint tool for Chef cookbooks. We ignore the following rules: + +* [FC003](https://acrmp.github.io/foodcritic/#FC003) These cookbooks are not intended for Chef Solo. +* [FC023](https://acrmp.github.io/foodcritic/#FC023) Prefer conditional attributes. + +## Chefspec + +[ChefSpec](https://github.com/sethvargo/chefspec) is a unit testing framework for testing Chef cookbooks. ChefSpec makes it easy to write examples and get fast feedback on cookbook changes without the need for virtual machines or cloud servers. + diff --git a/attributes/default.rb b/attributes/default.rb new file mode 100644 index 0000000..52528ec --- /dev/null +++ b/attributes/default.rb @@ -0,0 +1,72 @@ +# encoding: UTF-8 +# +# Cookbook Name:: openstack-dns +# Attributes:: default +# +# Copyright 2017, x-ion GmbH +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +%w(public internal).each do |ep_type| + # openstack designate-api service endpoints (used by users and services) + default['openstack']['endpoints'][ep_type]['designate-api']['host'] = '127.0.0.1' + default['openstack']['endpoints'][ep_type]['designate-api']['scheme'] = 'http' + default['openstack']['endpoints'][ep_type]['designate-api']['path'] = '/v1/%(tenant_id)s' + default['openstack']['endpoints'][ep_type]['designate-api']['port'] = 9001 +end +default['openstack']['bind_service']['all']['designate-api']['host'] = '127.0.0.1' +default['openstack']['bind_service']['all']['designate-api']['port'] = 9001 + +# Set to some text value if you want templated config files +# to contain a custom banner at the top of the written file +default['openstack']['designate']['custom_template_banner'] = ' +# This file was autogenerated by Chef +# Do not edit, changes will be overwritten +' + +default['openstack']['dns']['syslog']['use'] + +# This is the name of the Chef role that will install the Keystone Service API +default['openstack']['dns']['identity_service_chef_role'] = 'os-identity' + +# The name of the Chef role that knows about the message queue server +# that Heat uses +default['openstack']['dns']['rabbit_server_chef_role'] = 'os-ops-messaging' + +default['openstack']['dns']['service_role'] = 'service' + +default['openstack']['dns']['ec2authtoken']['auth']['version'] = 'v2.0' +default['openstack']['dns']['api']['auth']['version'] = node['openstack']['api']['auth']['version'] + +# platform-specific settings +case platform_family +# Note(jh): TBC +when 'rhel' + default['openstack']['dns']['user'] = 'designate' + default['openstack']['dns']['group'] = 'designate' + default['openstack']['dns']['platform'] = { + 'designate_common_packages' => ['openstack-designate'], + 'designate_api_service' => 'openstack-designate-api', + 'designate_central_service' => 'openstack-designate-central', + 'package_overrides' => '' + } +when 'debian' + default['openstack']['dns']['user'] = 'designate' + default['openstack']['dns']['group'] = 'designate' + default['openstack']['dns']['platform'] = { + 'designate_packages' => ['designate'], + 'designate_api_service' => 'designate-api', + 'designate_central_service' => 'designate-central', + 'package_overrides' => "-o Dpkg::Options::='--force-confold' -o Dpkg::Options::='--force-confdef'" + } +end diff --git a/attributes/designate_conf.rb b/attributes/designate_conf.rb new file mode 100644 index 0000000..f696e9d --- /dev/null +++ b/attributes/designate_conf.rb @@ -0,0 +1,31 @@ +# encoding: UTF-8 +# +# Cookbook Name:: openstack-dns +# Attributes:: default +# +# Copyright 2017, x-ion GmbH +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +default['openstack']['dns']['conf']['DEFAULT']['log_dir'] = '/var/log/designate' +default['openstack']['dns']['conf']['service:api']['auth_strategy'] = 'keystone' +default['openstack']['dns']['conf']['service:api']['enable_api_v1'] = 'True' +default['openstack']['dns']['conf']['service:api']['enabled_extensions_v1'] = 'quotas, reports' +default['openstack']['dns']['conf']['service:api']['enable_api_v2'] = 'True' +default['openstack']['dns']['conf']['service:worker']['enabled'] = 'True' +default['openstack']['dns']['conf']['service:worker']['notify'] = 'True' +default['openstack']['dns']['conf']['keystone_authtoken']['auth_type'] = 'v3password' +default['openstack']['dns']['conf']['keystone_authtoken']['username'] = 'designate' +default['openstack']['dns']['conf']['keystone_authtoken']['project_name'] = 'service' +default['openstack']['dns']['conf']['keystone_authtoken']['project_domain_name'] = 'Default' +default['openstack']['dns']['conf']['keystone_authtoken']['user_domain_name'] = 'Default' diff --git a/bootstrap.sh b/bootstrap.sh new file mode 100755 index 0000000..eab34d0 --- /dev/null +++ b/bootstrap.sh @@ -0,0 +1,9 @@ +#!/bin/bash -x +## This script is for installing all the needed packages on xenial to run the chef tests with 'chef exec rake'. +## It relies on the common bootstrap.sh from openstack/cookbook-openstack-common for installing common dependencies. + +curl https://raw.githubusercontent.com/openstack/cookbook-openstack-common/master/bootstrap.sh \ + --retry 3 \ + --silent \ + --show-error \ + | /bin/bash -x diff --git a/metadata.rb b/metadata.rb new file mode 100644 index 0000000..9cf98eb --- /dev/null +++ b/metadata.rb @@ -0,0 +1,18 @@ +# encoding: UTF-8 +name 'openstack-dns' +maintainer 'openstack-chef' +maintainer_email 'openstack-dev@lists.openstack.org' +issues_url 'https://launchpad.net/openstack-chef' if respond_to?(:issues_url) +source_url 'https://github.com/cloudbau/cookbook-openstack-dns' if respond_to?(:source_url) +license 'Apache 2.0' +description 'Installs and configures the Designate Service' +long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) +version '16.0.0' + +%w(ubuntu redhat centos).each do |os| + supports os +end + +depends 'openstack-common', '>= 16.0.0' +depends 'openstack-identity', '>= 16.0.0' +depends 'openstackclient' diff --git a/recipes/api.rb b/recipes/api.rb new file mode 100644 index 0000000..84e875f --- /dev/null +++ b/recipes/api.rb @@ -0,0 +1,31 @@ +# encoding: UTF-8 +# +# Cookbook Name:: openstack-dns +# Recipe:: api +# +# Copyright 2017, x-ion GmbH +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe 'openstack-dns::common' + +platform_options = node['openstack']['dns']['platform'] + +service 'designate-api' do + service_name platform_options['designate_api_service'] + supports status: true, restart: true + + action :enable + subscribes :restart, 'template[/etc/designate/designate.conf]' +end diff --git a/recipes/central.rb b/recipes/central.rb new file mode 100644 index 0000000..f4062c4 --- /dev/null +++ b/recipes/central.rb @@ -0,0 +1,30 @@ +# encoding: UTF-8 +# +# Cookbook Name:: openstack-dns +# Recipe:: central +# +# Copyright 2017, x-ion GmbH +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe 'openstack-dns::common' + +platform_options = node['openstack']['dns']['platform'] + +service 'designate_central' do + service_name platform_options['designate_central_service'] + supports status: true, restart: true + action :enable + subscribes :restart, 'template[/etc/designate/designate.conf]' +end diff --git a/recipes/common.rb b/recipes/common.rb new file mode 100644 index 0000000..3e7605c --- /dev/null +++ b/recipes/common.rb @@ -0,0 +1,134 @@ +# encoding: UTF-8 +# +# Cookbook Name:: openstack-dns +# Recipe:: common +# +# Copyright 2017, x-ion Gmbh +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +class ::Chef::Recipe # rubocop:disable Documentation + include ::Openstack +end + +if node['openstack']['dns']['syslog']['use'] + include_recipe 'openstack-common::logging' +end + +platform_options = node['openstack']['dns']['platform'] + +platform_options['designate_packages'].each do |pkg| + package pkg do + options platform_options['package_overrides'] + + action :upgrade + end +end + +db_type = node['openstack']['db']['dns']['service_type'] +node['openstack']['db']['python_packages'][db_type].each do |pkg| + package pkg do + action :upgrade + end +end + +if node['openstack']['mq']['service_type'] == 'rabbit' + node.default['openstack']['dns']['conf_secrets']['DEFAULT']['transport_url'] = rabbit_transport_url 'dns' + # Note(jh): Workaround for https://bugs.launchpad.net/designate/+bug/1673403 + # Stolen from rabbit_transport_url() in openstack-common/libraries/endpoints.rb + mq_user = node['openstack']['mq']['dns']['rabbit']['userid'] + node.default['openstack']['dns']['conf_secrets']['oslo_messaging_rabbit']['rabbit_userid'] = mq_user + node.default['openstack']['dns']['conf_secrets']['oslo_messaging_rabbit']['rabbit_password'] = get_password 'user', mq_user + node.default['openstack']['dns']['conf_secrets']['oslo_messaging_rabbit']['rabbit_virtual_host'] = node['openstack']['mq']['vhost'] + mq_port = node['openstack']['endpoints']['mq']['port'] + url = '' + if node['openstack']['mq']['cluster'] + node['openstack']['mq']['servers'].each do |server| + url += "#{server}:#{mq_port}" + url += ',' unless node['openstack']['mq']['servers'].last == server + end + else + bind_mq_address = bind_address node['openstack']['bind_service']['mq'] + url += "#{bind_mq_address}:#{mq_port}" + end + node.default['openstack']['dns']['conf_secrets']['oslo_messaging_rabbit']['rabbit_hosts'] = url +end + +db_user = node['openstack']['db']['dns']['username'] +db_pass = get_password 'db', 'designate' + +identity_endpoint = internal_endpoint 'identity' + +bind_services = node['openstack']['bind_service']['all'] +api_bind = bind_services['dns-api'] + +auth_uri = auth_uri_transform identity_endpoint.to_s, node['openstack']['dns']['api']['auth']['version'] + +# define attributes that are needed in designate.conf +node.default['openstack']['dns']['conf'].tap do |conf| + conf['service:api']['api_host'] = bind_address api_bind + conf['service:api']['api_port'] = api_bind.port + conf['keystone_authtoken']['auth_url'] = auth_uri +end + +# define secrets that are needed in designate.conf +node.default['openstack']['dns']['conf_secrets'].tap do |conf_secrets| + conf_secrets['storage:sqlalchemy']['connection'] = + db_uri('dns', db_user, db_pass) + conf_secrets['keystone_authtoken']['password'] = + get_password 'service', 'openstack-dns' +end + +# merge all config options and secrets to be used in designate.conf +designate_conf_options = merge_config_options 'dns' + +directory '/etc/designate' do + owner node['openstack']['dns']['user'] + group node['openstack']['dns']['group'] + mode 00750 + action :create +end + +template '/etc/designate/designate.conf' do + source 'openstack-service.conf.erb' + cookbook 'openstack-common' + owner node['openstack']['dns']['user'] + group node['openstack']['dns']['group'] + mode 00640 + variables( + service_config: designate_conf_options + ) +end + +template '/etc/designate/pools.yaml' do + source 'pools.yaml.erb' + owner node['openstack']['dns']['user'] + group node['openstack']['dns']['group'] + mode 00644 +end + +execute 'designate-manage database sync' do + user node['openstack']['dns']['user'] + group node['openstack']['dns']['group'] + command 'designate-manage database sync' + action :run +end + +execute 'designate-manage pool update' do + user node['openstack']['dns']['user'] + group node['openstack']['dns']['group'] + command 'designate-manage pool update' + action :nothing + subscribes :run, 'template[/etc/designate/pools.yaml]' +end diff --git a/recipes/identity_registration.rb b/recipes/identity_registration.rb new file mode 100644 index 0000000..eef028c --- /dev/null +++ b/recipes/identity_registration.rb @@ -0,0 +1,105 @@ +# encoding: UTF-8 +# +# Cookbook Name:: openstack-dns +# Recipe:: identity_registration +# +# Copyright 2017, x-ion GmbH +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require 'uri' + +class ::Chef::Recipe # rubocop:disable Documentation + include ::Openstack +end + +identity_admin_endpoint = admin_endpoint 'identity' + +auth_url = ::URI.decode identity_admin_endpoint.to_s + +internal_designate_endpoint = internal_endpoint 'dns-api' +public_designate_endpoint = public_endpoint 'dns-api' + +service_pass = get_password 'service', 'openstack-dns' +service_project_name = node['openstack']['dns']['conf']['keystone_authtoken']['project_name'] +service_user = node['openstack']['dns']['conf']['keystone_authtoken']['username'] +service_role = node['openstack']['dns']['service_role'] +service_type = 'dns' +service_name = 'designate' +service_domain_name = node['openstack']['dns']['conf']['keystone_authtoken']['user_domain_name'] +admin_user = node['openstack']['identity']['admin_user'] +admin_pass = get_password 'user', node['openstack']['identity']['admin_user'] +admin_project = node['openstack']['identity']['admin_project'] +admin_domain = node['openstack']['identity']['admin_domain_name'] +region = node['openstack']['region'] + +connection_params = { + openstack_auth_url: "#{auth_url}/auth/tokens", + openstack_username: admin_user, + openstack_api_key: admin_pass, + openstack_project_name: admin_project, + openstack_domain_name: admin_domain +} + +# Register DNS Service +openstack_service service_name do + type service_type + connection_params connection_params +end + +# Register DNS Public-Endpoint +openstack_endpoint service_type do + service_name service_name + interface 'public' + url public_designate_endpoint.to_s + region region + connection_params connection_params +end + +# Register DNS Internal-Endpoint +openstack_endpoint service_type do + service_name service_name + url internal_designate_endpoint.to_s + region region + connection_params connection_params +end + +# Register Service Project +openstack_project service_project_name do + connection_params connection_params +end + +# Register Service User +openstack_user service_user do + project_name service_project_name + role_name service_role + password service_pass + connection_params connection_params +end + +## Grant Service role to Service User for Service Project ## +openstack_user service_user do + role_name service_role + project_name service_project_name + connection_params connection_params + action :grant_role +end + +openstack_user service_user do + domain_name service_domain_name + role_name service_role + user_name service_user + connection_params connection_params + action :grant_domain +end diff --git a/templates/default/pools.yaml.erb b/templates/default/pools.yaml.erb new file mode 100644 index 0000000..212c4ff --- /dev/null +++ b/templates/default/pools.yaml.erb @@ -0,0 +1,43 @@ +- name: default + # The name is immutable. There will be no option to change the name after + # creation and the only way will to change it will be to delete it + # (and all zones associated with it) and recreate it. + description: Default Pool + + attributes: {} + + # List out the NS records for zones hosted within this pool + # This should be a record that is created outside of designate, that + # points to the public IP of the controller node. + ns_records: + - hostname: ns1-1.example.org. + priority: 1 + + # List out the nameservers for this pool. These are the actual BIND servers. + # We use these to verify changes have propagated to all nameservers. + nameservers: + - host: 127.0.0.1 + port: 53 + + # List out the targets for this pool. For BIND there will be one + # entry for each BIND server, as we have to run rndc command on each server + targets: + - type: bind9 + description: BIND9 Server 1 + + # List out the designate-mdns servers from which BIND servers should + # request zone transfers (AXFRs) from. + # This should be the IP of the controller node. + # If you have multiple controllers you can add multiple masters + # by running designate-mdns on them, and adding them here. + masters: + - host: 127.0.0.1 + port: 5354 + + # BIND Configuration options + options: + host: 127.0.0.1 + port: 53 + rndc_host: 127.0.0.1 + rndc_port: 953 + rndc_key_file: /etc/designate/rndc.key