6 Commits

Author SHA1 Message Date
Ben Nemec
3abb38ae14 Split designate envs
Because the designate parameters will always need to be edited for
a deployment, a copy of the environment must be made.  However,
because there were resource_registry entries in the previous
enable-designate environments those relative paths would become
invalid if the file was moved.  Splitting the resource_registry
entries from the user-configured parameters should eliminate this
problem.

Change-Id: I8817a36e20e7a75b340a0d6cb0abf09e57b1fd63
2018-10-11 15:15:16 +00:00
Ben Nemec
9a69426508 Don't configure BIND to listen on localhost
It isn't useful for much of anything in a production deployment
and it conflicts with the local DNS server in CI.

Change-Id: Ied3ecdc71bfdf9bb6439e2c9464aa01346e69226
Closes-Bug: 1795043
2018-09-28 14:24:52 -05:00
Ben Nemec
e025ebc0c4 Enable configuration of Designate's pools.yaml
This is necessary as the settings in this file are deployment
specific, so the defaults will never be correct.  For simplicity,
the enablement environment includes the sample pools.yaml content
from the Designate docs.  It can then be easily modified to match
the actual intended deployment environment.

Depends-On: https://review.openstack.org/580524
Change-Id: I84cc3b06ac77c723994be0f49960a93e0dbba0ad
2018-07-09 20:02:49 +00:00
Ben Nemec
c5dc8ef19a Disable recursion in Designate-managed BIND
For security, it is best to split authoritative and recursive
nameservers.  This way a security vulnerability that only affects
one type of server won't provide an exploit for the other too.

For Designate, the managed BIND server is the authoritative one.
We can use Neutron's internal DNS server as the recursive server, or
users can point at their DNS server of choice.  To make sure our
defaults work out of the box, this change enables the Neutron
internal DNS by default and users can change that if they choose.

Since that means we no longer need recursion in BIND, we should shut
it off, which this also does.

Change-Id: I4193436fdfd05bfd641fc32b58cc9bff24310a80
2018-07-09 20:01:58 +00:00
Ben Nemec
30e18b4239 Mark Designate as experimental
This service isn't ready for production in TripleO yet, so we
should make sure that's clear in the enablement environment.

Change-Id: I4a5a5f347dcb4f43f7f802648624165c80023e0d
2018-04-11 15:28:27 +00:00
Ben Nemec
d7e672b6bd Add environment to enable Designate
bp designate-support

Change-Id: I6cc713492cdb672a87e8f55dc39dd887726a68e5
2018-03-27 15:45:39 +00:00