From d4f8b413a86d711a9b973571272e754340dbfcd7 Mon Sep 17 00:00:00 2001 From: James McCarthy Date: Thu, 7 Sep 2017 15:01:30 +0100 Subject: [PATCH] Update designate to allow use of external bind9 dns servers. kolla designate DNSaaS makes use of containerised bind9 servers as it's default designate_backend. These can be disabled by setting designate_backend to "no". default: "bind9" This commit adds two new properties: 1) designate_backend_external which can be enabled by setting it to 'bind9'. default: "no" and 2) designate_backend_external_bind9_nameservers, which can accept a csv list of all the external server addresses. (default: "") The following attributes should either be set: 'internal' (the default) designate_backend: "bind9" designate_backend_external: "no" (designate_backend_external_bind9_nameservers is ignored) or 'external' designate_backend: "no" designate_backend_external: "bind9" (designate_backend_external_bind9_nameservers must be populated) Configuration override files to align with external bind9 dns servers must be supplied manually, /etc/kolla/config/designate/rndc.key /etc/kolla/config/designate/rndc.conf Change-Id: I8dbe6fd4fe7820b9143604d89e8399b07e07c3fd --- ansible/group_vars/all.yml | 3 +- .../designate/tasks/backend_external.yml | 28 +++++++++++++++++++ ansible/roles/designate/tasks/config.yml | 7 +++-- .../roles/designate/templates/pools.yaml.j2 | 27 +++++++++++++++++- ...ternal-bind9-servers-c2c5dc31b0475cb7.yaml | 20 +++++++++++++ 5 files changed, 81 insertions(+), 4 deletions(-) create mode 100644 ansible/roles/designate/tasks/backend_external.yml create mode 100644 releasenotes/notes/designate-allow-external-bind9-servers-c2c5dc31b0475cb7.yaml diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml index a07819b53a..f22fefdf60 100644 --- a/ansible/group_vars/all.yml +++ b/ansible/group_vars/all.yml @@ -539,7 +539,8 @@ cloudkitty_collector_backend: "ceilometer" # Valid options are [ bind9 ] designate_backend: "bind9" designate_ns_record: "sample.openstack.org" - +designate_backend_external: "no" +designate_backend_external_bind9_nameservers: "" ####################### # Neutron options diff --git a/ansible/roles/designate/tasks/backend_external.yml b/ansible/roles/designate/tasks/backend_external.yml new file mode 100644 index 0000000000..b37d164968 --- /dev/null +++ b/ansible/roles/designate/tasks/backend_external.yml @@ -0,0 +1,28 @@ +--- +- name: Copying over rndc.conf (designate_backend_external) + template: + src: "{{ node_custom_config }}/designate/rndc.conf" + dest: "{{ node_config_directory }}/{{ item.key }}/rndc.conf" + register: designate_rndc_conf + when: + - designate_backend_external == 'bind9' + - item.key in [ "designate-worker" ] + - inventory_hostname in groups[item.value.group] + - item.value.enabled | bool + with_dict: "{{ designate_services }}" + notify: + - Restart designate-worker container + +- name: Copying over rndc.key (designate_backend_external) + template: + src: "{{ node_custom_config }}/designate/rndc.key" + dest: "{{ node_config_directory }}/{{ item.key }}/rndc.key" + register: designate_rndc_key_file + when: + - designate_backend_external == 'bind9' + - item.key in [ "designate-worker" ] + - inventory_hostname in groups[item.value.group] + - item.value.enabled | bool + with_dict: "{{ designate_services }}" + notify: + - Restart designate-worker container diff --git a/ansible/roles/designate/tasks/config.yml b/ansible/roles/designate/tasks/config.yml index cbe226f223..3e9f9779d6 100644 --- a/ansible/roles/designate/tasks/config.yml +++ b/ansible/roles/designate/tasks/config.yml @@ -92,7 +92,7 @@ dest: "{{ node_config_directory }}/{{ item.key }}/rndc.conf" register: designate_rndc_conf when: - - designate_backend == 'bind9' + - designate_backend == 'bind9' and designate_backend_external == 'no' - item.key in [ "designate-backend-bind9", "designate-worker" ] - inventory_hostname in groups[item.value.group] - item.value.enabled | bool @@ -107,7 +107,7 @@ dest: "{{ node_config_directory }}/{{ item.key }}/rndc.key" register: designate_rndc_key_file when: - - designate_backend == 'bind9' + - designate_backend == 'bind9' and designate_backend_external == 'no' - item.key in [ "designate-backend-bind9", "designate-worker" ] - inventory_hostname in groups[item.value.group] - item.value.enabled | bool @@ -116,6 +116,9 @@ - Restart designate-backend-bind9 container - Restart designate-worker container +- include: backend_external.yml + when: designate_backend_external == 'bind9' + - name: Check if policies shall be overwritten local_action: stat path="{{ node_custom_config }}/designate/policy.json" run_once: True diff --git a/ansible/roles/designate/templates/pools.yaml.j2 b/ansible/roles/designate/templates/pools.yaml.j2 index f3b0aca03f..f35ef5a9f5 100644 --- a/ansible/roles/designate/templates/pools.yaml.j2 +++ b/ansible/roles/designate/templates/pools.yaml.j2 @@ -1,4 +1,4 @@ -{% if designate_backend == 'bind9' %} +{% if designate_backend == 'bind9' or designate_backend_external == 'bind9' %} - name: default-bind id: {{ designate_pool_id }} description: Default BIND9 Pool @@ -7,11 +7,19 @@ - hostname: {{ designate_ns_record }}. priority: 1 nameservers: +{% if designate_backend == 'bind9' %} {% for host in groups['designate-backend-bind9'] %} - host: {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }} port: {{ designate_bind_port }} {% endfor %} +{% elif designate_backend_external == 'bind9' %} +{% for host in designate_backend_external_bind9_nameservers.replace(" ", "").split(',') %} + - host: {{ host }} + port: {{ designate_bind_port }} +{% endfor %} +{% endif %} targets: +{% if designate_backend == 'bind9' %} {% for bind_host in groups['designate-backend-bind9'] %} - type: bind9 description: BIND9 Server {{ hostvars[bind_host]['ansible_' + hostvars[bind_host]['api_interface']]['ipv4']['address'] }} @@ -27,4 +35,21 @@ rndc_port: {{ designate_rndc_port }} rndc_key_file: /etc/designate/rndc.key {% endfor %} +{% elif designate_backend_external == 'bind9' %} +{% for bind_host in designate_backend_external_bind9_nameservers.replace(" ", "").split(',') %} + - type: bind9 + description: BIND9 Server {{ bind_host }} + masters: +{% for mdns_host in groups['designate-mdns'] %} + - host: {{ hostvars[mdns_host]['ansible_' + hostvars[mdns_host]['api_interface']]['ipv4']['address'] }} + port: 5354 +{% endfor %} + options: + host: {{ bind_host }} + port: {{ designate_bind_port }} + rndc_host: {{ bind_host }} + rndc_port: {{ designate_rndc_port }} + rndc_key_file: /etc/designate/rndc.key +{% endfor %} +{% endif %} {% endif %} diff --git a/releasenotes/notes/designate-allow-external-bind9-servers-c2c5dc31b0475cb7.yaml b/releasenotes/notes/designate-allow-external-bind9-servers-c2c5dc31b0475cb7.yaml new file mode 100644 index 0000000000..cb55c84a7b --- /dev/null +++ b/releasenotes/notes/designate-allow-external-bind9-servers-c2c5dc31b0475cb7.yaml @@ -0,0 +1,20 @@ +--- +features: | + Update designate to allow use of external bind9 dns servers. + Added two new properties: + + - designate_backend_external + + This defaults to 'no', and can be enabled by setting + it to 'bind9' + + - designate_backend_external_bind9_nameservers + + This defaults to an empty string, and should be populated + with a csv list of external bind9 dns server addresses. + + - Configuration override files to align with external bind9 + dns servers must be supplied manually, + + - /etc/kolla/config/designate/rndc.key + - /etc/kolla/config/designate/rndc.conf