Desigante: add DNS listen IPs to allow-notify list

The designate worker sends notify DNS messages to all of the bind instances and under some circumstances, these messages will appear to originate on the extra DNS bind address. This patch adds the extra IP to the allow-notify list in all of the deployed bind configurations. Related-bug: #2027608 Change-Id: I0cc4c91e4708221fc429a8f760f08830fe6db220
2023-07-18 14:30:16 -02:30 · 2023-07-18 14:30:16 -02:30 · 95535598b9
commit 95535598b9
parent b8a8402c31
1 changed files with 6 additions and 0 deletions
--- a/deployment/designate/designate-bind-container.yaml
+++ b/deployment/designate/designate-bind-container.yaml
@ -223,6 +223,12 @@ outputs:
              with_together:
                - "{{ dns_listen_ips }}"
                - "{{ groups['designate_bind'] | difference(groups['excluded_overcloud']) }}"
+            - name: distribute listen IPs for configuring allow-notify list
+              set_fact:
+                tripleo_other_allow_notify: "{{ dns_listen_ips }}"
+              delegate_facts: true
+              delegate_to: "{{ item }}"
+              loop: "{{ groups['designate_bind'] | difference(groups['excluded_overcloud']) }}"

        - name: Configure ports to allow bind to collocate with other services listening on DNS ports
          when: