diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml
index f20bcef4c9..ab5a6e9c97 100644
--- a/ansible/group_vars/all.yml
+++ b/ansible/group_vars/all.yml
@@ -124,6 +124,11 @@ congress_api_port: "1789"
cloudkitty_api_port: "8889"
+designate_api_port: "9001"
+designate_bind_port: "53"
+designate_mdns_port: "5354"
+designate_rndc_port: "953"
+
iscsi_port: "3260"
gnocchi_api_port: "8041"
@@ -272,6 +277,7 @@ enable_cinder_backend_nfs: "no"
enable_cloudkitty: "no"
enable_congress: "no"
enable_etcd: "no"
+enable_designate: "no"
enable_gnocchi: "no"
enable_grafana: "no"
enable_heat: "yes"
@@ -403,6 +409,10 @@ cinder_backup_mount_options_nfs: ""
# Valid options are [ ceilometer, gnocchi ]
cloudkitty_collector_backend: "ceilometer"
+#######################
+# Designate options
+#######################
+designate_ns_record: "sample.openstack.org"
#######################
# Nova options
diff --git a/ansible/inventory/all-in-one b/ansible/inventory/all-in-one
index a90fb922b3..ce756118c2 100644
--- a/ansible/inventory/all-in-one
+++ b/ansible/inventory/all-in-one
@@ -154,6 +154,9 @@ control
[octavia:children]
control
+[designate:children]
+control
+
# Additional control implemented here. These groups allow you to control which
# services run on which hosts at a per-service level.
#
@@ -450,3 +453,22 @@ octavia
[octavia-worker:children]
octavia
+
+# Designate
+[designate-api:children]
+designate
+
+[designate-central:children]
+designate
+
+[designate-mdns:children]
+designate
+
+[designate-worker:children]
+designate
+
+[designate-sink:children]
+designate
+
+[designate-backend-bind9:children]
+designate
diff --git a/ansible/inventory/multinode b/ansible/inventory/multinode
index 90835054d2..a716505bd6 100644
--- a/ansible/inventory/multinode
+++ b/ansible/inventory/multinode
@@ -170,6 +170,9 @@ control
[octavia:children]
control
+[designate:children]
+control
+
# Additional control implemented here. These groups allow you to control which
# services run on which hosts at a per-service level.
#
@@ -466,3 +469,22 @@ octavia
[octavia-worker:children]
octavia
+
+# Designate
+[designate-api:children]
+designate
+
+[designate-central:children]
+designate
+
+[designate-mdns:children]
+designate
+
+[designate-worker:children]
+designate
+
+[designate-sink:children]
+designate
+
+[designate-backend-bind9:children]
+designate
diff --git a/ansible/roles/common/tasks/config.yml b/ansible/roles/common/tasks/config.yml
index f2dd09d5d4..225f72d8a0 100644
--- a/ansible/roles/common/tasks/config.yml
+++ b/ansible/roles/common/tasks/config.yml
@@ -77,6 +77,7 @@
- { name: "ceilometer", enabled: "{{ enable_ceilometer }}" }
- { name: "cinder", enabled: "{{ enable_cinder }}" }
- { name: "cloudkitty", enabled: "{{ enable_cloudkitty }}" }
+ - { name: "designate", enabled: "{{ enable_designate }}" }
- { name: "elasticsearch", enabled: "{{ enable_elasticsearch }}" }
- { name: "glance", enabled: "{{ enable_glance }}" }
- { name: "global", enabled: "yes" }
diff --git a/ansible/roles/common/templates/cron-logrotate-designate.conf.j2 b/ansible/roles/common/templates/cron-logrotate-designate.conf.j2
new file mode 100644
index 0000000000..c3c4751251
--- /dev/null
+++ b/ansible/roles/common/templates/cron-logrotate-designate.conf.j2
@@ -0,0 +1,3 @@
+"/var/log/kolla/designate/*.log"
+{
+}
diff --git a/ansible/roles/common/templates/cron.json.j2 b/ansible/roles/common/templates/cron.json.j2
index adc437a489..399fee2042 100644
--- a/ansible/roles/common/templates/cron.json.j2
+++ b/ansible/roles/common/templates/cron.json.j2
@@ -6,6 +6,7 @@
( 'ceilometer', enable_ceilometer ),
( 'cinder', enable_cinder ),
( 'cloudkitty', enable_cloudkitty ),
+ ( 'designate', enable_designate ),
( 'elasticsearch', enable_elasticsearch ),
( 'glance', enable_glance ),
( 'gnocchi', enable_gnocchi ),
diff --git a/ansible/roles/common/templates/heka-openstack.toml.j2 b/ansible/roles/common/templates/heka-openstack.toml.j2
index 3bbe25a52b..2715965089 100644
--- a/ansible/roles/common/templates/heka-openstack.toml.j2
+++ b/ansible/roles/common/templates/heka-openstack.toml.j2
@@ -6,6 +6,6 @@ filename = "lua_decoders/os_openstack_log.lua"
type = "LogstreamerInput"
decoder = "openstack_log_decoder"
log_directory = "/var/log/kolla"
-file_match = '(?P<Service>cloudkitty|nova|glance|keystone|neutron|ceph|cinder|heat|murano|magnum|mistral|manila|octavia|searchlight|senlin|sahara|tacker)/(?P<Program>.*)\.log\.?(?P<Seq>\d*)$'
+file_match = '(?P<Service>cloudkitty|designate|nova|glance|keystone|neutron|ceph|cinder|heat|murano|magnum|mistral|manila|octavia|searchlight|senlin|sahara|tacker)/(?P<Program>.*)\.log\.?(?P<Seq>\d*)$'
priority = ["^Seq"]
differentiator = ["Service", "_", "Program"]
diff --git a/ansible/roles/designate/defaults/main.yml b/ansible/roles/designate/defaults/main.yml
new file mode 100644
index 0000000000..49d27a9d6d
--- /dev/null
+++ b/ansible/roles/designate/defaults/main.yml
@@ -0,0 +1,55 @@
+---
+project_name: "designate"
+
+####################
+# Database
+####################
+designate_database_name: "designate"
+designate_database_user: "designate"
+designate_database_address: "{{ kolla_internal_fqdn }}:{{ database_port }}"
+
+designate_pool_manager_database_name: "designate_pool_manager"
+designate_pool_manager_database_user: "designate_pool_manager"
+designate_pool_manager_database_address: "{{ kolla_internal_fqdn }}:{{ database_port }}"
+
+
+####################
+# Docker
+####################
+
+designate_central_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-designate-central"
+designate_central_tag: "{{ openstack_release }}"
+designate_central_image_full: "{{ designate_central_image }}:{{ designate_central_tag }}"
+
+designate_api_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-designate-api"
+designate_api_tag: "{{ openstack_release }}"
+designate_api_image_full: "{{ designate_api_image }}:{{ designate_api_tag }}"
+
+designate_backend_bind9_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-designate-backend-bind9"
+designate_backend_bind9_tag: "{{ openstack_release }}"
+designate_backend_bind9_image_full: "{{ designate_backend_bind9_image }}:{{ designate_backend_bind9_tag }}"
+
+designate_mdns_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-designate-mdns"
+designate_mdns_tag: "{{ openstack_release }}"
+designate_mdns_image_full: "{{ designate_mdns_image }}:{{ designate_mdns_tag }}"
+
+designate_sink_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-designate-sink"
+designate_sink_tag: "{{ openstack_release }}"
+designate_sink_image_full: "{{ designate_sink_image }}:{{ designate_sink_tag }}"
+
+designate_worker_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-designate-worker"
+designate_worker_tag: "{{ openstack_release }}"
+designate_worker_image_full: "{{ designate_worker_image }}:{{ designate_worker_tag }}"
+
+####################
+# OpenStack
+####################
+designate_admin_endpoint: "{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ designate_api_port }}"
+designate_internal_endpoint: "{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ designate_api_port }}"
+designate_public_endpoint: "{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ designate_api_port }}"
+
+designate_logging_debug: "{{ openstack_logging_debug }}"
+
+designate_keystone_user: "designate"
+
+openstack_designate_auth: "{'auth_url':'{{ openstack_auth.auth_url }}','username':'{{ openstack_auth.username }}','password':'{{ openstack_auth.password }}','project_name':'{{ openstack_auth.project_name }}'}"
diff --git a/ansible/roles/designate/meta/main.yml b/ansible/roles/designate/meta/main.yml
new file mode 100644
index 0000000000..6b4fff8fef
--- /dev/null
+++ b/ansible/roles/designate/meta/main.yml
@@ -0,0 +1,3 @@
+---
+dependencies:
+ - { role: common }
diff --git a/ansible/roles/designate/tasks/bootstrap.yml b/ansible/roles/designate/tasks/bootstrap.yml
new file mode 100644
index 0000000000..09bc6ceafb
--- /dev/null
+++ b/ansible/roles/designate/tasks/bootstrap.yml
@@ -0,0 +1,79 @@
+---
+- name: Creating Designate database
+ command: docker exec -t kolla_toolbox /usr/bin/ansible localhost
+ -m mysql_db
+ -a "login_host='{{ database_address }}'
+ login_port='{{ database_port }}'
+ login_user='{{ database_user }}'
+ login_password='{{ database_password }}'
+ name='{{ designate_database_name }}'"
+ register: database
+ changed_when: "{{ database.stdout.find('localhost | SUCCESS => ') != -1 and
+ (database.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
+ failed_when: database.stdout.split()[2] != 'SUCCESS'
+ run_once: True
+ delegate_to: "{{ groups['designate-central'][0] }}"
+
+- name: Reading json from variable
+ set_fact:
+ database_created: "{{ (database.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
+
+- name: Creating Designate Pool Manager database
+ command: docker exec -t kolla_toolbox /usr/bin/ansible localhost
+ -m mysql_db
+ -a "login_host='{{ database_address }}'
+ login_port='{{ database_port }}'
+ login_user='{{ database_user }}'
+ login_password='{{ database_password }}'
+ name='{{ designate_pool_manager_database_name }}'"
+ register: database_pool_manager
+ changed_when: "{{ database.stdout.find('localhost | SUCCESS => ') != -1 and
+ (database.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
+ failed_when: database.stdout.split()[2] != 'SUCCESS'
+ run_once: True
+ delegate_to: "{{ groups['designate-central'][0] }}"
+
+- name: Reading json from variable
+ set_fact:
+ database_pool_manager_created: "{{ (database_pool_manager.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
+
+- name: Creating Designate database user and setting permissions
+ command: docker exec -t kolla_toolbox /usr/bin/ansible localhost
+ -m mysql_user
+ -a "login_host='{{ database_address }}'
+ login_port='{{ database_port }}'
+ login_user='{{ database_user }}'
+ login_password='{{ database_password }}'
+ name='{{ designate_database_name }}'
+ password='{{ designate_database_password }}'
+ host='%'
+ priv='{{ designate_database_name }}.*:ALL'
+ append_privs='yes'"
+ register: database_user_create
+ changed_when: "{{ database_user_create.stdout.find('localhost | SUCCESS => ') != -1 and
+ (database_user_create.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
+ failed_when: database_user_create.stdout.split()[2] != 'SUCCESS'
+ run_once: True
+ delegate_to: "{{ groups['designate-central'][0] }}"
+
+- name: Creating Designate Pool Manager database user and setting permissions
+ command: docker exec -t kolla_toolbox /usr/bin/ansible localhost
+ -m mysql_user
+ -a "login_host='{{ database_address }}'
+ login_port='{{ database_port }}'
+ login_user='{{ database_user }}'
+ login_password='{{ database_password }}'
+ name='{{ designate_pool_manager_database_name }}'
+ password='{{ designate_pool_manager_database_password }}'
+ host='%'
+ priv='{{ designate_pool_manager_database_name }}.*:ALL'
+ append_privs='yes'"
+ register: database_pool_manager_user_create
+ changed_when: "{{ database_pool_manager_user_create.stdout.find('localhost | SUCCESS => ') != -1 and
+ (database_pool_manager_user_create.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
+ failed_when: database_pool_manager_user_create.stdout.split()[2] != 'SUCCESS'
+ run_once: True
+ delegate_to: "{{ groups['designate-central'][0] }}"
+
+- include: bootstrap_service.yml
+ when: database_created
diff --git a/ansible/roles/designate/tasks/bootstrap_service.yml b/ansible/roles/designate/tasks/bootstrap_service.yml
new file mode 100644
index 0000000000..ab530e8b73
--- /dev/null
+++ b/ansible/roles/designate/tasks/bootstrap_service.yml
@@ -0,0 +1,20 @@
+---
+- name: Running Designate bootstrap container
+ kolla_docker:
+ action: "start_container"
+ common_options: "{{ docker_common_options }}"
+ detach: False
+ environment:
+ KOLLA_BOOTSTRAP:
+ KOLLA_CONFIG_STRATEGY: "{{ config_strategy }}"
+ image: "{{ designate_central_image_full }}"
+ labels:
+ BOOTSTRAP:
+ name: "bootstrap_designate"
+ restart_policy: "never"
+ volumes:
+ - "{{ node_config_directory }}/designate-central/:{{ container_config_directory }}/:ro"
+ - "/etc/localtime:/etc/localtime:ro"
+ - "kolla_logs:/var/log/kolla/"
+ run_once: True
+ delegate_to: "{{ groups['designate-central'][0] }}"
diff --git a/ansible/roles/designate/tasks/config.yml b/ansible/roles/designate/tasks/config.yml
new file mode 100644
index 0000000000..0cd4066508
--- /dev/null
+++ b/ansible/roles/designate/tasks/config.yml
@@ -0,0 +1,96 @@
+---
+- name: Ensuring config directories exist
+ file:
+ path: "{{ node_config_directory }}/{{ item }}"
+ state: "directory"
+ recurse: yes
+ with_items:
+ - "designate-api"
+ - "designate-central"
+ - "designate-mdns"
+ - "designate-sink"
+ - "designate-backend-bind9"
+ - "designate-worker"
+
+- name: Copying over config.json files for services
+ template:
+ src: "{{ item }}.json.j2"
+ dest: "{{ node_config_directory }}/{{ item }}/config.json"
+ with_items:
+ - "designate-api"
+ - "designate-central"
+ - "designate-mdns"
+ - "designate-sink"
+ - "designate-backend-bind9"
+ - "designate-worker"
+
+- name: Copying over designate.conf
+ merge_configs:
+ vars:
+ service_name: "{{ item }}"
+ sources:
+ - "{{ role_path }}/templates/designate.conf.j2"
+ - "{{ node_custom_config }}/global.conf"
+ - "{{ node_custom_config }}/database.conf"
+ - "{{ node_custom_config }}/messaging.conf"
+ - "{{ node_custom_config }}/designate.conf"
+ - "{{ node_custom_config }}/designate/{{ item }}.conf"
+ - "{{ node_custom_config }}/designate/{{ inventory_hostname }}/designate.conf"
+ dest: "{{ node_config_directory }}/{{ item }}/designate.conf"
+ with_items:
+ - "designate-api"
+ - "designate-central"
+ - "designate-mdns"
+ - "designate-sink"
+ - "designate-worker"
+
+- name: Copying over pools.yaml
+ template:
+ src: "{{ item }}"
+ dest: "{{ node_config_directory }}/designate-worker/pools.yaml"
+ with_first_found:
+ - "{{ node_custom_config }}/designate/pools.yaml"
+ - "{{ role_path }}/templates/pools.yaml.j2"
+
+- name: Copying over named.conf
+ template:
+ src: "{{ item }}"
+ dest: "{{ node_config_directory }}/designate-backend-bind9/named.conf"
+ with_first_found:
+ - "{{ node_custom_config }}/designate/designate-backend-bind9/{{ inventory_hostname }}/named.conf"
+ - "{{ node_custom_config }}/designate/designate-backend-bind9/named.conf"
+ - "{{ node_custom_config }}/designate/named.conf"
+ - "{{ role_path }}/templates/named.conf.j2"
+
+- name: Copying over rndc.conf
+ template:
+ src: "rndc.conf.j2"
+ dest: "{{ node_config_directory }}/{{ item }}/rndc.conf"
+ with_items:
+ - "designate-backend-bind9"
+ - "designate-worker"
+
+- name: Copying over rndc.key
+ template:
+ src: "rndc.key.j2"
+ dest: "{{ node_config_directory }}/{{ item }}/rndc.key"
+ with_items:
+ - "designate-backend-bind9"
+ - "designate-worker"
+
+- name: Check if policies shall be overwritten
+ local_action: stat path="{{ node_custom_config }}/designate/policy.json"
+ register: designate_policy
+
+- name: Copying over existing policy.json
+ template:
+ src: "{{ node_custom_config }}/designate/policy.json"
+ dest: "{{ node_config_directory }}/{{ item }}/policy.json"
+ with_items:
+ - "designate-api"
+ - "designate-central"
+ - "designate-mdns"
+ - "designate-sink"
+ - "designate-worker"
+ when:
+ designate_policy.stat.exists
diff --git a/ansible/roles/designate/tasks/deploy.yml b/ansible/roles/designate/tasks/deploy.yml
new file mode 100644
index 0000000000..8c5a6c9224
--- /dev/null
+++ b/ansible/roles/designate/tasks/deploy.yml
@@ -0,0 +1,25 @@
+---
+- include: register.yml
+ when: inventory_hostname in groups['designate-api']
+
+- include: config.yml
+ when: inventory_hostname in groups['designate-api'] or
+ inventory_hostname in groups['designate-central'] or
+ inventory_hostname in groups['designate-mdns'] or
+ inventory_hostname in groups['designate-worker'] or
+ inventory_hostname in groups['designate-sink'] or
+ inventory_hostname in groups['designate-backend-bind9']
+
+- include: bootstrap.yml
+ when: inventory_hostname in groups['designate-central']
+
+- include: start.yml
+ when: inventory_hostname in groups['designate-api'] or
+ inventory_hostname in groups['designate-central'] or
+ inventory_hostname in groups['designate-mdns'] or
+ inventory_hostname in groups['designate-worker'] or
+ inventory_hostname in groups['designate-sink'] or
+ inventory_hostname in groups['designate-backend-bind9']
+
+- include: update_pools.yml
+ when: inventory_hostname in groups['designate-worker'][0]
diff --git a/ansible/roles/designate/tasks/main.yml b/ansible/roles/designate/tasks/main.yml
new file mode 100644
index 0000000000..b017e8b4ad
--- /dev/null
+++ b/ansible/roles/designate/tasks/main.yml
@@ -0,0 +1,2 @@
+---
+- include: "{{ action }}.yml"
diff --git a/ansible/roles/designate/tasks/precheck.yml b/ansible/roles/designate/tasks/precheck.yml
new file mode 100644
index 0000000000..e88acfdf69
--- /dev/null
+++ b/ansible/roles/designate/tasks/precheck.yml
@@ -0,0 +1,48 @@
+- name: Get container facts
+ kolla_container_facts:
+ name:
+ - "{{ item }}"
+ register: container_facts
+ with_items:
+ - designate_api
+ - designate_backend_bind9
+
+- name: Checking free port for designate API
+ wait_for:
+ host: "{{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}"
+ port: "{{ designate_api_port }}"
+ connect_timeout: 1
+ state: stopped
+ when:
+ - container_facts['designate_api'] is not defined
+ - inventory_hostname in groups['designate-api']
+
+- name: Checking free port for designate mdns
+ wait_for:
+ host: "{{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}"
+ port: "{{ designate_mdns_port }}"
+ connect_timeout: 1
+ state: stopped
+ when:
+ - container_facts['designate_mdns'] is not defined
+ - inventory_hostname in groups['designate-mdns']
+
+- name: Checking free port for designate backend bind9 port
+ wait_for:
+ host: "{{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}"
+ port: "{{ designate_bind_port }}"
+ connect_timeout: 1
+ state: stopped
+ when:
+ - container_facts['designate_backend_bind9'] is not defined
+ - inventory_hostname in groups['designate-backend-bind9']
+
+- name: Checking free port for designate backend rndc port
+ wait_for:
+ host: "{{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}"
+ port: "{{ designate_rndc_port }}"
+ connect_timeout: 1
+ state: stopped
+ when:
+ - container_facts['designate_backend_bind9'] is not defined
+ - inventory_hostname in groups['designate-backend-bind9']
diff --git a/ansible/roles/designate/tasks/pull.yml b/ansible/roles/designate/tasks/pull.yml
new file mode 100644
index 0000000000..4a67bfe62f
--- /dev/null
+++ b/ansible/roles/designate/tasks/pull.yml
@@ -0,0 +1,42 @@
+---
+- name: Pulling designate-api image
+ kolla_docker:
+ action: "pull_image"
+ common_options: "{{ docker_common_options }}"
+ image: "{{ designate_api_image_full }}"
+ when: inventory_hostname in groups['designate-api']
+
+- name: Pulling designate-central image
+ kolla_docker:
+ action: "pull_image"
+ common_options: "{{ docker_common_options }}"
+ image: "{{ designate_central_image_full }}"
+ when: inventory_hostname in groups['designate-central']
+
+- name: Pulling designate-mdns image
+ kolla_docker:
+ action: "pull_image"
+ common_options: "{{ docker_common_options }}"
+ image: "{{ designate_mdns_image_full }}"
+ when: inventory_hostname in groups['designate-mdns']
+
+- name: Pulling designate-worker image
+ kolla_docker:
+ action: "pull_image"
+ common_options: "{{ docker_common_options }}"
+ image: "{{ designate_worker_image_full }}"
+ when: inventory_hostname in groups['designate-worker']
+
+- name: Pulling designate-sink image
+ kolla_docker:
+ action: "pull_image"
+ common_options: "{{ docker_common_options }}"
+ image: "{{ designate_sink_image_full }}"
+ when: inventory_hostname in groups['designate-sink']
+
+- name: Pulling designate-backend-bind9 image
+ kolla_docker:
+ action: "pull_image"
+ common_options: "{{ docker_common_options }}"
+ image: "{{ designate_backend_bind9_image_full }}"
+ when: inventory_hostname in groups['designate-backend-bind9']
diff --git a/ansible/roles/designate/tasks/reconfigure.yml b/ansible/roles/designate/tasks/reconfigure.yml
new file mode 100644
index 0000000000..9c8e4b7cff
--- /dev/null
+++ b/ansible/roles/designate/tasks/reconfigure.yml
@@ -0,0 +1,93 @@
+---
+- name: Ensuring the containers up
+ kolla_docker:
+ name: "{{ item.name }}"
+ action: "get_container_state"
+ register: container_state
+ failed_when: container_state.Running == false
+ when:
+ - "{{ item.enabled|default(True) }}"
+ - inventory_hostname in groups[item.group]
+ with_items:
+ - { name: designate_central, group: designate-central }
+ - { name: designate_api, group: designate-api }
+ - { name: designate_mdns, group: designate-mdns }
+ - { name: designate_worker, group: designate-worker }
+ - { name: designate_sink, group: designate-sink }
+ - { name: designate_backend_bind9, group: designate-backend-bind9 }
+
+- include: config.yml
+
+- name: Check the configs
+ command: docker exec {{ item.name }} /usr/local/bin/kolla_set_configs --check
+ changed_when: false
+ failed_when: false
+ register: check_results
+ when: inventory_hostname in groups[item.group]
+ with_items:
+ - { name: designate_central, group: designate-central }
+ - { name: designate_api, group: designate-api }
+ - { name: designate_mdns, group: designate-mdns }
+ - { name: designate_worker, group: designate-worker }
+ - { name: designate_sink, group: designate-sink }
+ - { name: designate_backend_bind9, group: designate-backend-bind9 }
+
+# NOTE(jeffrey4l): when config_strategy == 'COPY_ALWAYS'
+# and container env['KOLLA_CONFIG_STRATEGY'] == 'COPY_ONCE',
+# just remove the container and start again
+- name: Containers config strategy
+ kolla_docker:
+ name: "{{ item.name }}"
+ action: "get_container_env"
+ register: container_envs
+ when: inventory_hostname in groups[item.group]
+ with_items:
+ - { name: designate_central, group: designate-central }
+ - { name: designate_api, group: designate-api }
+ - { name: designate_mdns, group: designate-mdns }
+ - { name: designate_worker, group: designate-worker }
+ - { name: designate_sink, group: designate-sink }
+ - { name: designate_backend_bind9, group: designate-backend-bind9 }
+
+- name: Remove the containers
+ kolla_docker:
+ name: "{{ item[0]['name'] }}"
+ action: "remove_container"
+ register: remove_containers
+ when:
+ - inventory_hostname in groups[item[0]['group']]
+ - config_strategy == "COPY_ONCE" or item[1]['KOLLA_CONFIG_STRATEGY'] == 'COPY_ONCE'
+ - item[2]['rc'] == 1
+ with_together:
+ - [{ name: designate_central, group: designate-central },
+ { name: designate_api, group: designate-api },
+ { name: designate_mdns, group: designate-mdns },
+ { name: designate_worker, group: designate-worker },
+ { name: designate_sink, group: designate-sink },
+ { name: designate_backend_bind9, group: designate-backend-bind9 }]
+ - "{{ container_envs.results }}"
+ - "{{ check_results.results }}"
+
+- include: start.yml
+ when: remove_containers.changed
+
+- name: Restart containers
+ kolla_docker:
+ name: "{{ item[0]['name'] }}"
+ action: "restart_container"
+ when:
+ - inventory_hostname in groups[item[0]['group']]
+ - config_strategy == 'COPY_ALWAYS'
+ - item[1]['KOLLA_CONFIG_STRATEGY'] != 'COPY_ONCE'
+ - item[2]['rc'] == 1
+ with_together:
+ - [{ name: designate_central, group: designate-central },
+ { name: designate_api, group: designate-api },
+ { name: designate_mdns, group: designate-mdns },
+ { name: designate_worker, group: designate-worker },
+ { name: designate_sink, group: designate-sink },
+ { name: designate_backend_bind9, group: designate-backend-bind9 }]
+ - "{{ container_envs.results }}"
+ - "{{ check_results.results }}"
+
+- include: update_pools.yml
diff --git a/ansible/roles/designate/tasks/register.yml b/ansible/roles/designate/tasks/register.yml
new file mode 100644
index 0000000000..e17db9bc27
--- /dev/null
+++ b/ansible/roles/designate/tasks/register.yml
@@ -0,0 +1,40 @@
+---
+- name: Creating the Designate service and endpoint
+ command: docker exec -t kolla_toolbox /usr/bin/ansible localhost
+ -m kolla_keystone_service
+ -a "service_name=designate
+ service_type=dns
+ description='Designate DNS Service'
+ endpoint_region={{ openstack_region_name }}
+ url='{{ item.url }}'
+ interface='{{ item.interface }}'
+ region_name={{ openstack_region_name }}
+ auth={{ '{{ openstack_designate_auth }}' }}"
+ -e "{'openstack_designate_auth':{{ openstack_designate_auth }}}"
+ register: designate_endpoint
+ changed_when: "{{ designate_endpoint.stdout.find('localhost | SUCCESS => ') != -1 and (designate_endpoint.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
+ until: designate_endpoint.stdout.split()[2] == 'SUCCESS'
+ retries: 10
+ delay: 5
+ run_once: True
+ with_items:
+ - {'interface': 'admin', 'url': '{{ designate_admin_endpoint }}'}
+ - {'interface': 'internal', 'url': '{{ designate_internal_endpoint }}'}
+ - {'interface': 'public', 'url': '{{ designate_public_endpoint }}'}
+
+- name: Creating the Designate project, user, and role
+ command: docker exec -t kolla_toolbox /usr/bin/ansible localhost
+ -m kolla_keystone_user
+ -a "project=service
+ user=designate
+ password={{ designate_keystone_password }}
+ role=admin
+ region_name={{ openstack_region_name }}
+ auth={{ '{{ openstack_designate_auth }}' }}"
+ -e "{'openstack_designate_auth':{{ openstack_designate_auth }}}"
+ register: designate_user
+ changed_when: "{{ designate_user.stdout.find('localhost | SUCCESS => ') != -1 and (designate_user.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
+ until: designate_user.stdout.split()[2] == 'SUCCESS'
+ retries: 10
+ delay: 5
+ run_once: True
diff --git a/ansible/roles/designate/tasks/start.yml b/ansible/roles/designate/tasks/start.yml
new file mode 100644
index 0000000000..d1ff1ca998
--- /dev/null
+++ b/ansible/roles/designate/tasks/start.yml
@@ -0,0 +1,73 @@
+---
+- name: Starting designate-backend-bind9 container
+ kolla_docker:
+ action: "start_container"
+ common_options: "{{ docker_common_options }}"
+ image: "{{ designate_backend_bind9_image_full }}"
+ name: "designate_backend_bind9"
+ volumes:
+ - "{{ node_config_directory }}/designate-backend-bind9/:{{ container_config_directory }}/:ro"
+ - "/etc/localtime:/etc/localtime:ro"
+ - "kolla_logs:/var/log/kolla/"
+ - "designate_backend_bind9:/var/lib/named/"
+ when: inventory_hostname in groups['designate-backend-bind9']
+
+- name: Starting designate-central container
+ kolla_docker:
+ action: "start_container"
+ common_options: "{{ docker_common_options }}"
+ image: "{{ designate_central_image_full }}"
+ name: "designate_central"
+ volumes:
+ - "{{ node_config_directory }}/designate-central/:{{ container_config_directory }}/:ro"
+ - "/etc/localtime:/etc/localtime:ro"
+ - "kolla_logs:/var/log/kolla/"
+ when: inventory_hostname in groups['designate-central']
+
+- name: Starting designate-api container
+ kolla_docker:
+ action: "start_container"
+ common_options: "{{ docker_common_options }}"
+ image: "{{ designate_api_image_full }}"
+ name: "designate_api"
+ volumes:
+ - "{{ node_config_directory }}/designate-api/:{{ container_config_directory }}/:ro"
+ - "/etc/localtime:/etc/localtime:ro"
+ - "kolla_logs:/var/log/kolla/"
+ when: inventory_hostname in groups['designate-api']
+
+- name: Starting designate-mdns container
+ kolla_docker:
+ action: "start_container"
+ common_options: "{{ docker_common_options }}"
+ image: "{{ designate_mdns_image_full }}"
+ name: "designate_mdns"
+ volumes:
+ - "{{ node_config_directory }}/designate-mdns/:{{ container_config_directory }}/:ro"
+ - "/etc/localtime:/etc/localtime:ro"
+ - "kolla_logs:/var/log/kolla/"
+ when: inventory_hostname in groups['designate-mdns']
+
+- name: Starting designate-worker container
+ kolla_docker:
+ action: "start_container"
+ common_options: "{{ docker_common_options }}"
+ image: "{{ designate_worker_image_full }}"
+ name: "designate_worker"
+ volumes:
+ - "{{ node_config_directory }}/designate-worker/:{{ container_config_directory }}/:ro"
+ - "/etc/localtime:/etc/localtime:ro"
+ - "kolla_logs:/var/log/kolla/"
+ when: inventory_hostname in groups['designate-worker']
+
+- name: Starting designate-sink container
+ kolla_docker:
+ action: "start_container"
+ common_options: "{{ docker_common_options }}"
+ image: "{{ designate_sink_image_full }}"
+ name: "designate_sink"
+ volumes:
+ - "{{ node_config_directory }}/designate-sink/:{{ container_config_directory }}/:ro"
+ - "/etc/localtime:/etc/localtime:ro"
+ - "kolla_logs:/var/log/kolla/"
+ when: inventory_hostname in groups['designate-sink']
diff --git a/ansible/roles/designate/tasks/update_pools.yml b/ansible/roles/designate/tasks/update_pools.yml
new file mode 100644
index 0000000000..dc9692aa12
--- /dev/null
+++ b/ansible/roles/designate/tasks/update_pools.yml
@@ -0,0 +1,4 @@
+---
+- name: Update DNS pools
+ command: docker exec -t designate_worker designate-manage pool update --file /etc/designate/pools.yaml
+ when: inventory_hostname in groups['designate-worker'][0]
diff --git a/ansible/roles/designate/tasks/upgrade.yml b/ansible/roles/designate/tasks/upgrade.yml
new file mode 100644
index 0000000000..f784d0227f
--- /dev/null
+++ b/ansible/roles/designate/tasks/upgrade.yml
@@ -0,0 +1,8 @@
+---
+- include: config.yml
+
+- include: bootstrap_service.yml
+
+- include: start.yml
+
+- include: update_pools.yml
diff --git a/ansible/roles/designate/templates/designate-api.json.j2 b/ansible/roles/designate/templates/designate-api.json.j2
new file mode 100644
index 0000000000..31ad788480
--- /dev/null
+++ b/ansible/roles/designate/templates/designate-api.json.j2
@@ -0,0 +1,25 @@
+{
+ "command": "designate-api --config-file /etc/designate/designate.conf",
+ "config_files": [
+ {
+ "source": "{{ container_config_directory }}/designate.conf",
+ "dest": "/etc/designate/designate.conf",
+ "owner": "designate",
+ "perm": "0600"
+ },
+ {
+ "source": "{{ container_config_directory }}/policy.json",
+ "dest": "/etc/designate/policy.json",
+ "owner": "designate",
+ "perm": "0600",
+ "optional": true
+ }
+ ],
+ "permissions": [
+ {
+ "path": "/var/log/kolla/designate",
+ "owner": "designate:designate",
+ "recurse": true
+ }
+ ]
+}
diff --git a/ansible/roles/designate/templates/designate-backend-bind9.json.j2 b/ansible/roles/designate/templates/designate-backend-bind9.json.j2
new file mode 100644
index 0000000000..c1e0c0448c
--- /dev/null
+++ b/ansible/roles/designate/templates/designate-backend-bind9.json.j2
@@ -0,0 +1,35 @@
+{% set bind_cmd = 'named' if kolla_base_distro in ['ubuntu', 'debian'] else 'named' %}
+{% set bind_file = 'bind/named.conf' if kolla_base_distro in ['ubuntu', 'debian'] else 'named.conf' %}
+
+{
+ "command": "/usr/sbin/{{ bind_cmd }} -g",
+ "config_files": [
+ {
+ "source": "{{ container_config_directory }}/named.conf",
+ "dest": "/etc/{{ bind_file }}",
+ "owner": "root",
+ "perm": "0660"
+ },
+ {
+ "source": "{{ container_config_directory }}/rndc.conf",
+ "dest": "/etc/rndc.conf",
+ "owner": "root",
+ "perm": "0600",
+ "optional": true
+ },
+ {
+ "source": "{{ container_config_directory }}/rndc.key",
+ "dest": "/etc/rndc.key",
+ "owner": "root",
+ "perm": "0600",
+ "optional": true
+ }
+ ],
+ "permissions": [
+ {
+ "path": "/var/log/kolla/named",
+ "owner": "root:root",
+ "recurse": true
+ }
+ ]
+}
diff --git a/ansible/roles/designate/templates/designate-central.json.j2 b/ansible/roles/designate/templates/designate-central.json.j2
new file mode 100644
index 0000000000..ddde828cd3
--- /dev/null
+++ b/ansible/roles/designate/templates/designate-central.json.j2
@@ -0,0 +1,25 @@
+{
+ "command": "designate-central --config-file /etc/designate/designate.conf",
+ "config_files": [
+ {
+ "source": "{{ container_config_directory }}/designate.conf",
+ "dest": "/etc/designate/designate.conf",
+ "owner": "designate",
+ "perm": "0600"
+ },
+ {
+ "source": "{{ container_config_directory }}/policy.json",
+ "dest": "/etc/designate/policy.json",
+ "owner": "designate",
+ "perm": "0600",
+ "optional": true
+ }
+ ],
+ "permissions": [
+ {
+ "path": "/var/log/kolla/designate",
+ "owner": "designate:designate",
+ "recurse": true
+ }
+ ]
+}
diff --git a/ansible/roles/designate/templates/designate-mdns.json.j2 b/ansible/roles/designate/templates/designate-mdns.json.j2
new file mode 100644
index 0000000000..d7b2d58a65
--- /dev/null
+++ b/ansible/roles/designate/templates/designate-mdns.json.j2
@@ -0,0 +1,25 @@
+{
+ "command": "designate-mdns --config-file /etc/designate/designate.conf",
+ "config_files": [
+ {
+ "source": "{{ container_config_directory }}/designate.conf",
+ "dest": "/etc/designate/designate.conf",
+ "owner": "designate",
+ "perm": "0600"
+ },
+ {
+ "source": "{{ container_config_directory }}/policy.json",
+ "dest": "/etc/designate/policy.json",
+ "owner": "designate",
+ "perm": "0600",
+ "optional": true
+ }
+ ],
+ "permissions": [
+ {
+ "path": "/var/log/kolla/designate",
+ "owner": "designate:designate",
+ "recurse": true
+ }
+ ]
+}
diff --git a/ansible/roles/designate/templates/designate-sink.json.j2 b/ansible/roles/designate/templates/designate-sink.json.j2
new file mode 100644
index 0000000000..e2d8190010
--- /dev/null
+++ b/ansible/roles/designate/templates/designate-sink.json.j2
@@ -0,0 +1,25 @@
+{
+ "command": "designate-sink --config-file /etc/designate/designate.conf",
+ "config_files": [
+ {
+ "source": "{{ container_config_directory }}/designate.conf",
+ "dest": "/etc/designate/designate.conf",
+ "owner": "designate",
+ "perm": "0600"
+ },
+ {
+ "source": "{{ container_config_directory }}/policy.json",
+ "dest": "/etc/designate/policy.json",
+ "owner": "designate",
+ "perm": "0600",
+ "optional": true
+ }
+ ],
+ "permissions": [
+ {
+ "path": "/var/log/kolla/designate",
+ "owner": "designate:designate",
+ "recurse": true
+ }
+ ]
+}
diff --git a/ansible/roles/designate/templates/designate-worker.json.j2 b/ansible/roles/designate/templates/designate-worker.json.j2
new file mode 100644
index 0000000000..9c394bd57a
--- /dev/null
+++ b/ansible/roles/designate/templates/designate-worker.json.j2
@@ -0,0 +1,46 @@
+{
+ "command": "designate-worker --config-file /etc/designate/designate.conf",
+ "config_files": [
+ {
+ "source": "{{ container_config_directory }}/designate.conf",
+ "dest": "/etc/designate/designate.conf",
+ "owner": "designate",
+ "perm": "0600"
+ },
+ {
+ "source": "{{ container_config_directory }}/policy.json",
+ "dest": "/etc/designate/policy.json",
+ "owner": "designate",
+ "perm": "0600",
+ "optional": true
+ },
+ {
+ "source": "{{ container_config_directory }}/pools.yaml",
+ "dest": "/etc/designate/pools.yaml",
+ "owner": "designate",
+ "perm": "0600",
+ "optional": true
+ },
+ {
+ "source": "{{ container_config_directory }}/rndc.conf",
+ "dest": "/etc/designate/rndc.conf",
+ "owner": "designate",
+ "perm": "0600",
+ "optional": true
+ },
+ {
+ "source": "{{ container_config_directory }}/rndc.key",
+ "dest": "/etc/designate/rndc.key",
+ "owner": "designate",
+ "perm": "0600",
+ "optional": true
+ }
+ ],
+ "permissions": [
+ {
+ "path": "/var/log/kolla/designate",
+ "owner": "designate:designate",
+ "recurse": true
+ }
+ ]
+}
diff --git a/ansible/roles/designate/templates/designate.conf.j2 b/ansible/roles/designate/templates/designate.conf.j2
new file mode 100644
index 0000000000..d13f54a7c1
--- /dev/null
+++ b/ansible/roles/designate/templates/designate.conf.j2
@@ -0,0 +1,88 @@
+[DEFAULT]
+
+debug = {{ designate_logging_debug }}
+
+log_dir = /var/log/kolla/designate
+
+transport_url = rabbit://{% for host in groups['rabbitmq'] %}{{ rabbitmq_user }}:{{ rabbitmq_password }}@{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ rabbitmq_port }}{% if not loop.last %},{% endif %}{% endfor %}
+
+[service:central]
+default_pool_id = {{ designate_pool_id }}
+
+[service:api]
+api_base_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ designate_api_port }}
+api_host = {{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}
+api_port = {{ designate_api_port }}
+enable_api_v1 = True
+enabled_extensions_v1 = 'diagnostics, quotas, reports, sync, touch'
+enable_api_v2 = True
+enabled_extensions_v2 = 'quotas, reports'
+
+
+[keystone_authtoken]
+auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}
+auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
+auth_type = password
+project_domain_id = default
+user_domain_id = default
+project_name = service
+username = {{ designate_keystone_user }}
+password = {{ designate_keystone_password }}
+http_connect_timeout = 60
+
+memcache_security_strategy = ENCRYPT
+memcache_secret_key = {{ memcache_secret_key }}
+memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}
+
+[service:sink]
+enabled_notification_handlers = nova_fixed, neutron_floatingip
+workers = {{ openstack_service_workers }}
+
+[service:mdns]
+listen = {{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}:{{ designate_mdns_port }}
+workers = {{ openstack_service_workers }}
+
+[service:worker]
+enabled = True
+notify = True
+workers = {{ openstack_service_workers }}
+
+[service:pool_manager]
+cache_driver = sqlalchemy
+pool_id = {{ designate_pool_id }}
+workers = {{ openstack_service_workers }}
+
+[pool_manager_cache:sqlalchemy]
+connection = mysql+pymysql://{{ designate_pool_manager_database_user }}:{{ designate_pool_manager_database_password }}@{{ designate_pool_manager_database_address }}/{{ designate_pool_manager_database_name }}
+max_retries = 10
+idle_timeout = 3600
+
+[pool_manager_cache:memcache]
+memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}
+
+[storage:sqlalchemy]
+connection = mysql+pymysql://{{ designate_database_user }}:{{ designate_database_password }}@{{ designate_database_address }}/{{ designate_database_name }}
+max_retries = 10
+idle_timeout = 3600
+
+[handler:nova_fixed]
+notification_topics = notifications_designate
+control_exchange = nova
+format = '(display_name)s.%(domain)s'
+
+[handler:neutron_floatingip]
+notification_topics = notifications_designate
+control_exchange = neutron
+format = '%(octet0)s-%(octet1)s-%(octet2)s-%(octet3)s.%(domain)s'
+
+[oslo_messaging_notifications]
+topics = notifications_designate
+driver = messaging
+
+[oslo_messaging_rabbit]
+rabbit_userid = {{ rabbitmq_user }}
+rabbit_password = {{ rabbitmq_password }}
+rabbit_hosts = {% for host in groups['rabbitmq'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ rabbitmq_port }}{% if not loop.last %},{% endif %}{% endfor %}
+
+[oslo_concurrency]
+lock_path = /var/lib/designate/tmp
diff --git a/ansible/roles/designate/templates/named.conf.j2 b/ansible/roles/designate/templates/named.conf.j2
new file mode 100644
index 0000000000..f037534eda
--- /dev/null
+++ b/ansible/roles/designate/templates/named.conf.j2
@@ -0,0 +1,15 @@
+include "/etc/rndc.key";
+options {
+ listen-on port {{ designate_bind_port }} { {{ hostvars[inventory_hostname]['ansible_' + hostvars[inventory_hostname]['api_interface']]['ipv4']['address'] }}; };
+ directory "/var/lib/named";
+ allow-new-zones yes;
+ dnssec-validation auto;
+ auth-nxdomain no;
+ request-ixfr no;
+ recursion no;
+ minimal-responses yes;
+};
+
+controls {
+ inet {{ hostvars[inventory_hostname]['ansible_' + hostvars[inventory_hostname]['api_interface']]['ipv4']['address'] }} port {{ designate_rndc_port }} allow { {% for host in groups['designate-worker'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}; {% endfor %} } keys { "rndc-key"; };
+};
diff --git a/ansible/roles/designate/templates/pools.yaml.j2 b/ansible/roles/designate/templates/pools.yaml.j2
new file mode 100644
index 0000000000..14b8078733
--- /dev/null
+++ b/ansible/roles/designate/templates/pools.yaml.j2
@@ -0,0 +1,28 @@
+- name: default-bind
+ id: {{ designate_pool_id }}
+ description: Default BIND9 Pool
+ attributes: {}
+ ns_records:
+ - hostname: {{ designate_ns_record }}.
+ priority: 1
+ nameservers:
+{% for host in groups['designate-backend-bind9'] %}
+ - host: {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}
+ port: {{ designate_bind_port }}
+{% endfor %}
+ targets:
+{% for bind_host in groups['designate-backend-bind9'] %}
+ - type: bind9
+ description: BIND9 Server {{ hostvars[bind_host]['ansible_' + hostvars[bind_host]['api_interface']]['ipv4']['address'] }}
+ masters:
+{% for mdns_host in groups['designate-mdns'] %}
+ - host: {{ hostvars[mdns_host]['ansible_' + hostvars[mdns_host]['api_interface']]['ipv4']['address'] }}
+ port: 5354
+{% endfor %}
+ options:
+ host: {{ hostvars[bind_host]['ansible_' + hostvars[bind_host]['api_interface']]['ipv4']['address'] }}
+ port: {{ designate_bind_port }}
+ rndc_host: {{ hostvars[bind_host]['ansible_' + hostvars[bind_host]['api_interface']]['ipv4']['address'] }}
+ rndc_port: {{ designate_rndc_port }}
+ rndc_key_file: /etc/designate/rndc.key
+{% endfor %}
diff --git a/ansible/roles/designate/templates/rndc.conf.j2 b/ansible/roles/designate/templates/rndc.conf.j2
new file mode 100644
index 0000000000..69ec742987
--- /dev/null
+++ b/ansible/roles/designate/templates/rndc.conf.j2
@@ -0,0 +1,6 @@
+#include "/etc/rndc.key";
+options {
+ default-key "rndc-key";
+ default-server {{ hostvars[inventory_hostname]['ansible_' + hostvars[inventory_hostname]['api_interface']]['ipv4']['address'] }};
+ default-port {{ designate_rndc_port }};
+};
diff --git a/ansible/roles/designate/templates/rndc.key.j2 b/ansible/roles/designate/templates/rndc.key.j2
new file mode 100644
index 0000000000..c4a798689c
--- /dev/null
+++ b/ansible/roles/designate/templates/rndc.key.j2
@@ -0,0 +1,4 @@
+key "rndc-key" {
+ algorithm hmac-md5;
+ secret "{{ designate_rndc_key }}";
+};
diff --git a/ansible/roles/haproxy/tasks/precheck.yml b/ansible/roles/haproxy/tasks/precheck.yml
index 5367d9a9d2..b32301557e 100644
--- a/ansible/roles/haproxy/tasks/precheck.yml
+++ b/ansible/roles/haproxy/tasks/precheck.yml
@@ -36,6 +36,17 @@
- "{{ 'cloudkitty_api' not in haproxy_stat }}"
- inventory_hostname in groups['haproxy']
+- name: Checking free port for Designate API HAProxy
+ wait_for:
+ host: "{{ kolla_internal_vip_address }}"
+ port: "{{ designate_api_port }}"
+ connect_timeout: 1
+ state: stopped
+ when:
+ - enable_designate | bool
+ - inventory_hostname in groups['haproxy']
+ - "{{ 'designate_api' not in haproxy_stat }}"
+
- name: Checking free port for Glance API HAProxy
wait_for:
host: "{{ kolla_internal_vip_address }}"
diff --git a/ansible/roles/haproxy/templates/haproxy.cfg.j2 b/ansible/roles/haproxy/templates/haproxy.cfg.j2
index 2d5b17eb48..49983a6f03 100644
--- a/ansible/roles/haproxy/templates/haproxy.cfg.j2
+++ b/ansible/roles/haproxy/templates/haproxy.cfg.j2
@@ -650,6 +650,22 @@ listen congress_api_external
{% endif %}
{% endif %}
+{% if enable_designate | bool %}
+listen designate_api
+ bind {{ kolla_internal_vip_address }}:{{ designate_api_port }}
+{% for host in groups['designate-api'] %}
+ server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ designate_api_port }} check inter 2000 rise 2 fall 5
+{% endfor %}
+{% if haproxy_enable_external_vip | bool %}
+
+listen designate_api_external
+ bind {{ kolla_external_vip_address }}:{{ designate_api_port }} {{ tls_bind_info }}
+{% for host in groups['designate-api'] %}
+ server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ designate_api_port }} check inter 2000 rise 2 fall 5
+{% endfor %}
+{% endif %}
+{% endif %}
+
{% if enable_mistral | bool %}
listen mistral_api
bind {{ kolla_internal_vip_address }}:{{ mistral_api_port }}
diff --git a/ansible/roles/neutron/templates/neutron.conf.j2 b/ansible/roles/neutron/templates/neutron.conf.j2
index 7f679d6724..c3bd75e15c 100644
--- a/ansible/roles/neutron/templates/neutron.conf.j2
+++ b/ansible/roles/neutron/templates/neutron.conf.j2
@@ -91,9 +91,10 @@ memcached_servers = {% for host in groups['memcached'] %}{% if orchestration_eng
{% endif %}
[oslo_messaging_notifications]
-{% if enable_ceilometer | bool or enable_searchlight | bool %}
+{% if enable_ceilometer | bool or enable_searchlight | bool or enable_designate | bool %}
driver = messagingv2
-topics = notifications
+{% set topics=["notifications" if enable_ceilometer | bool else "", "notifications_designate" if enable_designate | bool else ""] %}
+topics = {{ topics|reject("equalto", "")|list|join(",") }}
{% else %}
driver = noop
{% endif %}
diff --git a/ansible/roles/nova/templates/nova.conf.j2 b/ansible/roles/nova/templates/nova.conf.j2
index db274b9f5d..50a7767e4e 100644
--- a/ansible/roles/nova/templates/nova.conf.j2
+++ b/ansible/roles/nova/templates/nova.conf.j2
@@ -50,7 +50,7 @@ compute_driver = libvirt.LibvirtDriver
# Though my_ip is not used directly, lots of other variables use $my_ip
my_ip = {{ api_interface_address }}
-{% if enable_ceilometer | bool or enable_searchlight | bool %}
+{% if enable_ceilometer | bool or enable_searchlight | bool or enable_designate | bool %}
instance_usage_audit = True
instance_usage_audit_period = hour
notify_on_state_change = vm_and_task_state
@@ -185,9 +185,10 @@ rbd_secret_uuid = {{ rbd_secret_uuid }}
compute = auto
[oslo_messaging_notifications]
-{% if enable_ceilometer | bool or enable_searchlight | bool %}
+{% if enable_ceilometer | bool or enable_searchlight | bool or enable_designate | bool %}
driver = messagingv2
-topics = notifications
+{% set topics=["notifications" if enable_ceilometer | bool else "", "notifications_designate" if enable_designate | bool else ""] %}
+topics = {{ topics|reject("equalto", "")|list|join(",") }}
{% else %}
driver = noop
{% endif %}
diff --git a/ansible/site.yml b/ansible/site.yml
index 14e8a28e25..d00075d2b3 100644
--- a/ansible/site.yml
+++ b/ansible/site.yml
@@ -401,6 +401,19 @@
tags: tempest,
when: enable_tempest | bool }
+- name: Apply role designate
+ hosts:
+ - designate-api
+ - designate-central
+ - designate-mdns
+ - designate-worker
+ - designate-sink
+ serial: '{{ serial|default("0") }}'
+ roles:
+ - { role: designate,
+ tags: designate,
+ when: enable_designate | bool }
+
- name: Apply role rally
hosts: rally
serial: '{{ serial|default("0") }}'
diff --git a/etc/kolla/globals.yml b/etc/kolla/globals.yml
index b0c27f1f0f..fabdaba4ae 100644
--- a/etc/kolla/globals.yml
+++ b/etc/kolla/globals.yml
@@ -129,6 +129,7 @@ kolla_internal_vip_address: "10.10.10.254"
#enable_cinder_backend_nfs: "no"
#enable_cloudkitty: "no"
#enable_congress: "no"
+#enable_designate: "no"
#enable_destroy_images: "no"
#enable_etcd: "no"
#enable_gnocchi: "no"
@@ -228,6 +229,12 @@ kolla_internal_vip_address: "10.10.10.254"
#cinder_backup_mount_options_nfs: ""
+#######################
+# Designate options
+#######################
+designate_ns_record: "sample.openstack.org"
+
+
#########################
# Nova - Compute Options
#########################
diff --git a/etc/kolla/passwords.yml b/etc/kolla/passwords.yml
index 7aea8a1830..18e1e965c9 100644
--- a/etc/kolla/passwords.yml
+++ b/etc/kolla/passwords.yml
@@ -58,6 +58,14 @@ cloudkitty_keystone_password:
sahara_database_password:
sahara_keystone_password:
+designate_database_password:
+designate_pool_manager_database_password:
+designate_keystone_password:
+# This option must be UUID4 value in string format
+designate_pool_id:
+# This option must be HMAC-MD5 value in string format
+designate_rndc_key:
+
swift_keystone_password:
swift_hash_path_suffix:
swift_hash_path_prefix:
diff --git a/kolla/cmd/genpwd.py b/kolla/cmd/genpwd.py
index 5ed46410c2..ed716b58e0 100755
--- a/kolla/cmd/genpwd.py
+++ b/kolla/cmd/genpwd.py
@@ -13,12 +13,14 @@
# limitations under the License.
import argparse
+import hmac
import os
import random
import string
import sys
from Crypto.PublicKey import RSA
+from hashlib import md5
from oslo_utils import uuidutils
import yaml
@@ -51,7 +53,7 @@ def main():
# These keys should be random uuids
uuid_keys = ['ceph_cluster_fsid', 'rbd_secret_uuid',
'gnocchi_project_id', 'gnocchi_resource_id',
- 'gnocchi_user_id']
+ 'gnocchi_user_id', 'designate_pool_id']
# SSH key pair
ssh_keys = ['kolla_ssh_key', 'nova_ssh_key',
@@ -60,6 +62,9 @@ def main():
# If these keys are None, leave them as None
blank_keys = ['docker_registry_password']
+ # HMAC-MD5 keys
+ hmac_md5_keys = ['designate_rndc_key']
+
# length of password
length = 40
@@ -82,6 +87,10 @@ def main():
continue
if k in uuid_keys:
passwords[k] = uuidutils.generate_uuid()
+ elif k in hmac_md5_keys:
+ passwords[k] = (hmac.new(
+ uuidutils.generate_uuid(), '', md5)
+ .digest().encode('base64')[:-1])
else:
passwords[k] = ''.join([
random.SystemRandom().choice(
diff --git a/releasenotes/notes/ansible-designate-948c56a8e14d5029.yaml b/releasenotes/notes/ansible-designate-948c56a8e14d5029.yaml
new file mode 100644
index 0000000000..b4abd35299
--- /dev/null
+++ b/releasenotes/notes/ansible-designate-948c56a8e14d5029.yaml
@@ -0,0 +1,6 @@
+---
+prelude: >
+ Designate is an OpenStack project, providing DNSaaS.
+features:
+ - Designate deployment through Ansible with Bind9
+ as backend for DNS.