diff --git a/attributes/default.rb b/attributes/default.rb index 39adc15..d9ec1d2 100644 --- a/attributes/default.rb +++ b/attributes/default.rb @@ -30,25 +30,22 @@ default['openstack']['bind_service']['all']['dns-api']['port'] = 9001 # Set to some text value if you want templated config files # to contain a custom banner at the top of the written file -default['openstack']['designate']['custom_template_banner'] = ' +default['openstack']['dns']['custom_template_banner'] = ' # This file was autogenerated by Chef # Do not edit, changes will be overwritten ' -default['openstack']['dns']['syslog']['use'] - -# This is the name of the Chef role that will install the Keystone Service API -default['openstack']['dns']['identity_service_chef_role'] = 'os-identity' - -# The name of the Chef role that knows about the message queue server -# that Heat uses -default['openstack']['dns']['rabbit_server_chef_role'] = 'os-ops-messaging' - default['openstack']['dns']['service_role'] = 'service' +default['openstack']['dns']['syslog']['use'] = false -default['openstack']['dns']['ec2authtoken']['auth']['version'] = 'v2.0' default['openstack']['dns']['api']['auth']['version'] = node['openstack']['api']['auth']['version'] +# Settings for the default pool +default['openstack']['dns']['pool']['ns_hostname'] = 'ns1.example.org.' +default['openstack']['dns']['pool']['ns_address'] = '127.0.0.1' +default['openstack']['dns']['pool']['masters'] = ['127.0.0.1'] +default['openstack']['dns']['pool']['bind_host'] = '127.0.0.1' + # platform-specific settings default['openstack']['dns']['user'] = 'designate' default['openstack']['dns']['group'] = 'designate' @@ -63,9 +60,12 @@ when 'rhel' } when 'debian' default['openstack']['dns']['platform'] = { - 'designate_packages' => ['designate'], + 'designate_packages' => ['designate-api','designate-central','designate-mdns','designate-producer','designate-worker'], 'designate_api_service' => 'designate-api', 'designate_central_service' => 'designate-central', + 'designate_mdns_service' => 'designate-mdns', + 'designate_producer_service' => 'designate-producer', + 'designate_worker_service' => 'designate-worker', 'package_overrides' => "-o Dpkg::Options::='--force-confold' -o Dpkg::Options::='--force-confdef'" } end diff --git a/attributes/designate_conf.rb b/attributes/designate_conf.rb index f696e9d..12e5c70 100644 --- a/attributes/designate_conf.rb +++ b/attributes/designate_conf.rb @@ -24,7 +24,7 @@ default['openstack']['dns']['conf']['service:api']['enabled_extensions_v1'] = 'q default['openstack']['dns']['conf']['service:api']['enable_api_v2'] = 'True' default['openstack']['dns']['conf']['service:worker']['enabled'] = 'True' default['openstack']['dns']['conf']['service:worker']['notify'] = 'True' -default['openstack']['dns']['conf']['keystone_authtoken']['auth_type'] = 'v3password' +default['openstack']['dns']['conf']['keystone_authtoken']['auth_type'] = 'password' default['openstack']['dns']['conf']['keystone_authtoken']['username'] = 'designate' default['openstack']['dns']['conf']['keystone_authtoken']['project_name'] = 'service' default['openstack']['dns']['conf']['keystone_authtoken']['project_domain_name'] = 'Default' diff --git a/recipes/common.rb b/recipes/common.rb index 7b859d1..bfca7c2 100644 --- a/recipes/common.rb +++ b/recipes/common.rb @@ -31,7 +31,6 @@ platform_options = node['openstack']['dns']['platform'] platform_options['designate_packages'].each do |pkg| package pkg do options platform_options['package_overrides'] - action :upgrade end end @@ -68,7 +67,7 @@ end db_user = node['openstack']['db']['dns']['username'] db_pass = get_password 'db', 'designate' -public_identity_endpoint = public_endpoint 'identity' +public_identity_endpoint = identity_uri_transform(public_endpoint 'identity') identity_endpoint = internal_endpoint 'identity' bind_services = node['openstack']['bind_service']['all'] @@ -113,11 +112,38 @@ template '/etc/designate/designate.conf' do ) end +# delete all secrets saved in the attribute +# node['openstack']['dns']['conf_secrets'] after creating the config file +ruby_block "delete all attributes in node['openstack']['dns']['conf_secrets']" do + block do + node.rm(:openstack, :dns, :conf_secrets) + end +end + +rndc_secret = get_password 'token', 'designate_rndc' +template '/etc/designate/rndc.key' do + source 'rndc.key.erb' + owner node['openstack']['dns']['user'] + group node['openstack']['dns']['group'] + mode 00440 + variables( + secret: rndc_secret + ) +end + +pool_config = node['openstack']['dns']['pool'] template '/etc/designate/pools.yaml' do source 'pools.yaml.erb' owner node['openstack']['dns']['user'] group node['openstack']['dns']['group'] mode 00644 + variables( + banner: node['openstack']['dns']['custom_template_banner'], + bind_host: pool_config['bind_host'], + masters: pool_config['masters'], + ns_address: pool_config['ns_address'], + ns_hostname: pool_config['ns_hostname'] + ) end execute 'designate-manage database sync' do diff --git a/recipes/mdns.rb b/recipes/mdns.rb new file mode 100644 index 0000000..dc3b378 --- /dev/null +++ b/recipes/mdns.rb @@ -0,0 +1,30 @@ +# encoding: UTF-8 +# +# Cookbook Name:: openstack-dns +# Recipe:: mdns +# +# Copyright 2017, x-ion GmbH +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe 'openstack-dns::common' + +platform_options = node['openstack']['dns']['platform'] + +service 'designate_mdns' do + service_name platform_options['designate_mdns_service'] + supports status: true, restart: true + action :enable + subscribes :restart, 'template[/etc/designate/designate.conf]' +end diff --git a/recipes/neutron_int.rb b/recipes/neutron_int.rb new file mode 100644 index 0000000..015417d --- /dev/null +++ b/recipes/neutron_int.rb @@ -0,0 +1,46 @@ +# encoding: UTF-8 +# +# Cookbook Name:: openstack-dns +# Recipe:: neutron_int +# +# Copyright 2017, x-ion GmbH +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +class ::Chef::Recipe + include ::Openstack +end + +dns_endpoint = internal_endpoint 'dns-api' +# TODO(jh): Make this more intelligent +dns_url = dns_endpoint.to_s + '/v2' + +identity_endpoint = internal_endpoint 'identity' +auth_url = auth_uri_transform identity_endpoint.to_s, node['openstack']['dns']['api']['auth']['version'] + +node.default['openstack']['network']['conf'].tap do |conf| + conf['DEFAULT']['external_dns_driver'] = 'designate' + conf['designate']['url'] = dns_url + conf['designate']['auth_type'] = 'password' + conf['designate']['auth_url'] = auth_url + conf['designate']['username'] = 'designate' + conf['designate']['project_name'] = 'service' + conf['designate']['project_domain_name'] = 'Default' + conf['designate']['user_domain_name'] = 'Default' +end + +node.default['openstack']['network']['conf_secrets'].tap do |conf_secrets| + conf_secrets['designate']['password'] = + get_password 'service', 'openstack-dns' +end diff --git a/recipes/producer.rb b/recipes/producer.rb new file mode 100644 index 0000000..b929dce --- /dev/null +++ b/recipes/producer.rb @@ -0,0 +1,30 @@ +# encoding: UTF-8 +# +# Cookbook Name:: openstack-dns +# Recipe:: producer +# +# Copyright 2017, x-ion GmbH +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe 'openstack-dns::common' + +platform_options = node['openstack']['dns']['platform'] + +service 'designate_producer' do + service_name platform_options['designate_producer_service'] + supports status: true, restart: true + action :enable + subscribes :restart, 'template[/etc/designate/designate.conf]' +end diff --git a/recipes/worker.rb b/recipes/worker.rb new file mode 100644 index 0000000..c0cefbd --- /dev/null +++ b/recipes/worker.rb @@ -0,0 +1,30 @@ +# encoding: UTF-8 +# +# Cookbook Name:: openstack-dns +# Recipe:: worker +# +# Copyright 2017, x-ion GmbH +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe 'openstack-dns::common' + +platform_options = node['openstack']['dns']['platform'] + +service 'designate_worker' do + service_name platform_options['designate_worker_service'] + supports status: true, restart: true + action :enable + subscribes :restart, 'template[/etc/designate/designate.conf]' +end diff --git a/templates/default/pools.yaml.erb b/templates/default/pools.yaml.erb index 212c4ff..f45c227 100644 --- a/templates/default/pools.yaml.erb +++ b/templates/default/pools.yaml.erb @@ -1,3 +1,4 @@ +<%= @banner %> - name: default # The name is immutable. There will be no option to change the name after # creation and the only way will to change it will be to delete it @@ -10,13 +11,13 @@ # This should be a record that is created outside of designate, that # points to the public IP of the controller node. ns_records: - - hostname: ns1-1.example.org. + - hostname: <%= @ns_hostname %> priority: 1 # List out the nameservers for this pool. These are the actual BIND servers. # We use these to verify changes have propagated to all nameservers. nameservers: - - host: 127.0.0.1 + - host: <%= @ns_address %> port: 53 # List out the targets for this pool. For BIND there will be one @@ -31,13 +32,15 @@ # If you have multiple controllers you can add multiple masters # by running designate-mdns on them, and adding them here. masters: - - host: 127.0.0.1 +<% @masters.each do |host| %> + - host: <%= host %> port: 5354 +<% end %> # BIND Configuration options options: - host: 127.0.0.1 + host: <%= @bind_host %> port: 53 - rndc_host: 127.0.0.1 + rndc_host: <%= @bind_host %> rndc_port: 953 rndc_key_file: /etc/designate/rndc.key diff --git a/templates/default/rndc.key.erb b/templates/default/rndc.key.erb new file mode 100644 index 0000000..2540f30 --- /dev/null +++ b/templates/default/rndc.key.erb @@ -0,0 +1,4 @@ +key "designate" { + algorithm hmac-md5; + secret "<%= @secret %>"; +};