openstack/kolla-ansible
Code Issues Proposed changes

Merge "Ansible-ize OpenStack Designate"

Browse Source
This commit is contained in:
Jenkins 2017-01-06 13:23:26 +00:00 committed by Gerrit Code Review
commit 40e443da57
41 changed files with 1048 additions and 7 deletions

10
ansible/group_vars/all.yml

@ -124,6 +124,11 @@ congress_api_port: "1789"
cloudkitty_api_port: "8889" cloudkitty_api_port: "8889"
designate_api_port: "9001"
designate_bind_port: "53"
designate_mdns_port: "5354"
designate_rndc_port: "953"
iscsi_port: "3260" iscsi_port: "3260"
gnocchi_api_port: "8041" gnocchi_api_port: "8041"
@ -272,6 +277,7 @@ enable_cinder_backend_nfs: "no"
enable_cloudkitty: "no" enable_cloudkitty: "no"
enable_congress: "no" enable_congress: "no"
enable_etcd: "no" enable_etcd: "no"
enable_designate: "no"
enable_gnocchi: "no" enable_gnocchi: "no"
enable_grafana: "no" enable_grafana: "no"
enable_heat: "yes" enable_heat: "yes"
@ -403,6 +409,10 @@ cinder_backup_mount_options_nfs: ""
# Valid options are [ ceilometer, gnocchi ] # Valid options are [ ceilometer, gnocchi ]
cloudkitty_collector_backend: "ceilometer" cloudkitty_collector_backend: "ceilometer"
#######################
# Designate options
#######################
designate_ns_record: "sample.openstack.org"
####################### #######################
# Nova options # Nova options

22
ansible/inventory/all-in-one

@ -154,6 +154,9 @@ control
[octavia:children] [octavia:children]
control control
[designate:children]
control
# Additional control implemented here. These groups allow you to control which # Additional control implemented here. These groups allow you to control which
# services run on which hosts at a per-service level. # services run on which hosts at a per-service level.
# #
@ -450,3 +453,22 @@ octavia
[octavia-worker:children] [octavia-worker:children]
octavia octavia
# Designate
[designate-api:children]
designate
[designate-central:children]
designate
[designate-mdns:children]
designate
[designate-worker:children]
designate
[designate-sink:children]
designate
[designate-backend-bind9:children]
designate

22
ansible/inventory/multinode

@ -170,6 +170,9 @@ control
[octavia:children] [octavia:children]
control control
[designate:children]
control
# Additional control implemented here. These groups allow you to control which # Additional control implemented here. These groups allow you to control which
# services run on which hosts at a per-service level. # services run on which hosts at a per-service level.
# #
@ -466,3 +469,22 @@ octavia
[octavia-worker:children] [octavia-worker:children]
octavia octavia
# Designate
[designate-api:children]
designate
[designate-central:children]
designate
[designate-mdns:children]
designate
[designate-worker:children]
designate
[designate-sink:children]
designate
[designate-backend-bind9:children]
designate

1
ansible/roles/common/tasks/config.yml

@ -77,6 +77,7 @@
- { name: "ceilometer", enabled: "{{ enable_ceilometer }}" } - { name: "ceilometer", enabled: "{{ enable_ceilometer }}" }
- { name: "cinder", enabled: "{{ enable_cinder }}" } - { name: "cinder", enabled: "{{ enable_cinder }}" }
- { name: "cloudkitty", enabled: "{{ enable_cloudkitty }}" } - { name: "cloudkitty", enabled: "{{ enable_cloudkitty }}" }
- { name: "designate", enabled: "{{ enable_designate }}" }
- { name: "elasticsearch", enabled: "{{ enable_elasticsearch }}" } - { name: "elasticsearch", enabled: "{{ enable_elasticsearch }}" }
- { name: "glance", enabled: "{{ enable_glance }}" } - { name: "glance", enabled: "{{ enable_glance }}" }
- { name: "global", enabled: "yes" } - { name: "global", enabled: "yes" }

3
ansible/roles/common/templates/cron-logrotate-designate.conf.j2 Normal file

@ -0,0 +1,3 @@
"/var/log/kolla/designate/*.log"
{
}

1
ansible/roles/common/templates/cron.json.j2

@ -6,6 +6,7 @@
( 'ceilometer', enable_ceilometer ), ( 'ceilometer', enable_ceilometer ),
( 'cinder', enable_cinder ), ( 'cinder', enable_cinder ),
( 'cloudkitty', enable_cloudkitty ), ( 'cloudkitty', enable_cloudkitty ),
( 'designate', enable_designate ),
( 'elasticsearch', enable_elasticsearch ), ( 'elasticsearch', enable_elasticsearch ),
( 'glance', enable_glance ), ( 'glance', enable_glance ),
( 'gnocchi', enable_gnocchi ), ( 'gnocchi', enable_gnocchi ),

2
ansible/roles/common/templates/heka-openstack.toml.j2

@ -6,6 +6,6 @@ filename = "lua_decoders/os_openstack_log.lua"
type = "LogstreamerInput" type = "LogstreamerInput"
decoder = "openstack_log_decoder" decoder = "openstack_log_decoder"
log_directory = "/var/log/kolla" log_directory = "/var/log/kolla"
file_match = '(?P<Service>cloudkitty|nova|glance|keystone|neutron|ceph|cinder|heat|murano|magnum|mistral|manila|octavia|searchlight|senlin|sahara|tacker)/(?P<Program>.*)\.log\.?(?P<Seq>\d*)$' file_match = '(?P<Service>cloudkitty|designate|nova|glance|keystone|neutron|ceph|cinder|heat|murano|magnum|mistral|manila|octavia|searchlight|senlin|sahara|tacker)/(?P<Program>.*)\.log\.?(?P<Seq>\d*)$'
priority = ["^Seq"] priority = ["^Seq"]
differentiator = ["Service", "_", "Program"] differentiator = ["Service", "_", "Program"]

55
ansible/roles/designate/defaults/main.yml Normal file

@ -0,0 +1,55 @@
---
project_name: "designate"
####################
# Database
####################
designate_database_name: "designate"
designate_database_user: "designate"
designate_database_address: "{{ kolla_internal_fqdn }}:{{ database_port }}"
designate_pool_manager_database_name: "designate_pool_manager"
designate_pool_manager_database_user: "designate_pool_manager"
designate_pool_manager_database_address: "{{ kolla_internal_fqdn }}:{{ database_port }}"
####################
# Docker
####################
designate_central_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-designate-central"
designate_central_tag: "{{ openstack_release }}"
designate_central_image_full: "{{ designate_central_image }}:{{ designate_central_tag }}"
designate_api_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-designate-api"
designate_api_tag: "{{ openstack_release }}"
designate_api_image_full: "{{ designate_api_image }}:{{ designate_api_tag }}"
designate_backend_bind9_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-designate-backend-bind9"
designate_backend_bind9_tag: "{{ openstack_release }}"
designate_backend_bind9_image_full: "{{ designate_backend_bind9_image }}:{{ designate_backend_bind9_tag }}"
designate_mdns_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-designate-mdns"
designate_mdns_tag: "{{ openstack_release }}"
designate_mdns_image_full: "{{ designate_mdns_image }}:{{ designate_mdns_tag }}"
designate_sink_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-designate-sink"
designate_sink_tag: "{{ openstack_release }}"
designate_sink_image_full: "{{ designate_sink_image }}:{{ designate_sink_tag }}"
designate_worker_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-designate-worker"
designate_worker_tag: "{{ openstack_release }}"
designate_worker_image_full: "{{ designate_worker_image }}:{{ designate_worker_tag }}"
####################
# OpenStack
####################
designate_admin_endpoint: "{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ designate_api_port }}"
designate_internal_endpoint: "{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ designate_api_port }}"
designate_public_endpoint: "{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ designate_api_port }}"
designate_logging_debug: "{{ openstack_logging_debug }}"
designate_keystone_user: "designate"
openstack_designate_auth: "{'auth_url':'{{ openstack_auth.auth_url }}','username':'{{ openstack_auth.username }}','password':'{{ openstack_auth.password }}','project_name':'{{ openstack_auth.project_name }}'}"

3
ansible/roles/designate/meta/main.yml Normal file

@ -0,0 +1,3 @@
---
dependencies:
- { role: common }

79
ansible/roles/designate/tasks/bootstrap.yml Normal file

@ -0,0 +1,79 @@
---
- name: Creating Designate database
command: docker exec -t kolla_toolbox /usr/bin/ansible localhost
-m mysql_db
-a "login_host='{{ database_address }}'
login_port='{{ database_port }}'
login_user='{{ database_user }}'
login_password='{{ database_password }}'
name='{{ designate_database_name }}'"
register: database
changed_when: "{{ database.stdout.find('localhost | SUCCESS => ') != -1 and
(database.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
failed_when: database.stdout.split()[2] != 'SUCCESS'
run_once: True
delegate_to: "{{ groups['designate-central'][0] }}"
- name: Reading json from variable
set_fact:
database_created: "{{ (database.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
- name: Creating Designate Pool Manager database
command: docker exec -t kolla_toolbox /usr/bin/ansible localhost
-m mysql_db
-a "login_host='{{ database_address }}'
login_port='{{ database_port }}'
login_user='{{ database_user }}'
login_password='{{ database_password }}'
name='{{ designate_pool_manager_database_name }}'"
register: database_pool_manager
changed_when: "{{ database.stdout.find('localhost | SUCCESS => ') != -1 and
(database.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
failed_when: database.stdout.split()[2] != 'SUCCESS'
run_once: True
delegate_to: "{{ groups['designate-central'][0] }}"
- name: Reading json from variable
set_fact:
database_pool_manager_created: "{{ (database_pool_manager.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
- name: Creating Designate database user and setting permissions
command: docker exec -t kolla_toolbox /usr/bin/ansible localhost
-m mysql_user
-a "login_host='{{ database_address }}'
login_port='{{ database_port }}'
login_user='{{ database_user }}'
login_password='{{ database_password }}'
name='{{ designate_database_name }}'
password='{{ designate_database_password }}'
host='%'
priv='{{ designate_database_name }}.*:ALL'
append_privs='yes'"
register: database_user_create
changed_when: "{{ database_user_create.stdout.find('localhost | SUCCESS => ') != -1 and
(database_user_create.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
failed_when: database_user_create.stdout.split()[2] != 'SUCCESS'
run_once: True
delegate_to: "{{ groups['designate-central'][0] }}"
- name: Creating Designate Pool Manager database user and setting permissions
command: docker exec -t kolla_toolbox /usr/bin/ansible localhost
-m mysql_user
-a "login_host='{{ database_address }}'
login_port='{{ database_port }}'
login_user='{{ database_user }}'
login_password='{{ database_password }}'
name='{{ designate_pool_manager_database_name }}'
password='{{ designate_pool_manager_database_password }}'
host='%'
priv='{{ designate_pool_manager_database_name }}.*:ALL'
append_privs='yes'"
register: database_pool_manager_user_create
changed_when: "{{ database_pool_manager_user_create.stdout.find('localhost | SUCCESS => ') != -1 and
(database_pool_manager_user_create.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
failed_when: database_pool_manager_user_create.stdout.split()[2] != 'SUCCESS'
run_once: True
delegate_to: "{{ groups['designate-central'][0] }}"
- include: bootstrap_service.yml
when: database_created

20
ansible/roles/designate/tasks/bootstrap_service.yml Normal file

@ -0,0 +1,20 @@
---
- name: Running Designate bootstrap container
kolla_docker:
action: "start_container"
common_options: "{{ docker_common_options }}"
detach: False
environment:
KOLLA_BOOTSTRAP:
KOLLA_CONFIG_STRATEGY: "{{ config_strategy }}"
image: "{{ designate_central_image_full }}"
labels:
BOOTSTRAP:
name: "bootstrap_designate"
restart_policy: "never"
volumes:
- "{{ node_config_directory }}/designate-central/:{{ container_config_directory }}/:ro"
- "/etc/localtime:/etc/localtime:ro"
- "kolla_logs:/var/log/kolla/"
run_once: True
delegate_to: "{{ groups['designate-central'][0] }}"

96
ansible/roles/designate/tasks/config.yml Normal file

@ -0,0 +1,96 @@
---
- name: Ensuring config directories exist
file:
path: "{{ node_config_directory }}/{{ item }}"
state: "directory"
recurse: yes
with_items:
- "designate-api"
- "designate-central"
- "designate-mdns"
- "designate-sink"
- "designate-backend-bind9"
- "designate-worker"
- name: Copying over config.json files for services
template:
src: "{{ item }}.json.j2"
dest: "{{ node_config_directory }}/{{ item }}/config.json"
with_items:
- "designate-api"
- "designate-central"
- "designate-mdns"
- "designate-sink"
- "designate-backend-bind9"
- "designate-worker"
- name: Copying over designate.conf
merge_configs:
vars:
service_name: "{{ item }}"
sources:
- "{{ role_path }}/templates/designate.conf.j2"
- "{{ node_custom_config }}/global.conf"
- "{{ node_custom_config }}/database.conf"
- "{{ node_custom_config }}/messaging.conf"
- "{{ node_custom_config }}/designate.conf"
- "{{ node_custom_config }}/designate/{{ item }}.conf"
- "{{ node_custom_config }}/designate/{{ inventory_hostname }}/designate.conf"
dest: "{{ node_config_directory }}/{{ item }}/designate.conf"
with_items:
- "designate-api"
- "designate-central"
- "designate-mdns"
- "designate-sink"
- "designate-worker"
- name: Copying over pools.yaml
template:
src: "{{ item }}"
dest: "{{ node_config_directory }}/designate-worker/pools.yaml"
with_first_found:
- "{{ node_custom_config }}/designate/pools.yaml"
- "{{ role_path }}/templates/pools.yaml.j2"
- name: Copying over named.conf
template:
src: "{{ item }}"
dest: "{{ node_config_directory }}/designate-backend-bind9/named.conf"
with_first_found:
- "{{ node_custom_config }}/designate/designate-backend-bind9/{{ inventory_hostname }}/named.conf"
- "{{ node_custom_config }}/designate/designate-backend-bind9/named.conf"
- "{{ node_custom_config }}/designate/named.conf"
- "{{ role_path }}/templates/named.conf.j2"
- name: Copying over rndc.conf
template:
src: "rndc.conf.j2"
dest: "{{ node_config_directory }}/{{ item }}/rndc.conf"
with_items:
- "designate-backend-bind9"
- "designate-worker"
- name: Copying over rndc.key
template:
src: "rndc.key.j2"
dest: "{{ node_config_directory }}/{{ item }}/rndc.key"
with_items:
- "designate-backend-bind9"
- "designate-worker"
- name: Check if policies shall be overwritten
local_action: stat path="{{ node_custom_config }}/designate/policy.json"
register: designate_policy
- name: Copying over existing policy.json
template:
src: "{{ node_custom_config }}/designate/policy.json"
dest: "{{ node_config_directory }}/{{ item }}/policy.json"
with_items:
- "designate-api"
- "designate-central"
- "designate-mdns"
- "designate-sink"
- "designate-worker"
when:
designate_policy.stat.exists

25
ansible/roles/designate/tasks/deploy.yml Normal file

@ -0,0 +1,25 @@
---
- include: register.yml
when: inventory_hostname in groups['designate-api']
- include: config.yml
when: inventory_hostname in groups['designate-api'] or
inventory_hostname in groups['designate-central'] or
inventory_hostname in groups['designate-mdns'] or
inventory_hostname in groups['designate-worker'] or
inventory_hostname in groups['designate-sink'] or
inventory_hostname in groups['designate-backend-bind9']
- include: bootstrap.yml
when: inventory_hostname in groups['designate-central']
- include: start.yml
when: inventory_hostname in groups['designate-api'] or
inventory_hostname in groups['designate-central'] or
inventory_hostname in groups['designate-mdns'] or
inventory_hostname in groups['designate-worker'] or
inventory_hostname in groups['designate-sink'] or
inventory_hostname in groups['designate-backend-bind9']
- include: update_pools.yml
when: inventory_hostname in groups['designate-worker'][0]

2
ansible/roles/designate/tasks/main.yml Normal file

@ -0,0 +1,2 @@
---
- include: "{{ action }}.yml"

48
ansible/roles/designate/tasks/precheck.yml Normal file

@ -0,0 +1,48 @@
- name: Get container facts
kolla_container_facts:
name:
- "{{ item }}"
register: container_facts
with_items:
- designate_api
- designate_backend_bind9
- name: Checking free port for designate API
wait_for:
host: "{{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}"
port: "{{ designate_api_port }}"
connect_timeout: 1
state: stopped
when:
- container_facts['designate_api'] is not defined
- inventory_hostname in groups['designate-api']
- name: Checking free port for designate mdns
wait_for:
host: "{{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}"
port: "{{ designate_mdns_port }}"
connect_timeout: 1
state: stopped
when:
- container_facts['designate_mdns'] is not defined
- inventory_hostname in groups['designate-mdns']
- name: Checking free port for designate backend bind9 port
wait_for:
host: "{{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}"
port: "{{ designate_bind_port }}"
connect_timeout: 1
state: stopped
when:
- container_facts['designate_backend_bind9'] is not defined
- inventory_hostname in groups['designate-backend-bind9']
- name: Checking free port for designate backend rndc port
wait_for:
host: "{{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}"
port: "{{ designate_rndc_port }}"
connect_timeout: 1
state: stopped
when:
- container_facts['designate_backend_bind9'] is not defined
- inventory_hostname in groups['designate-backend-bind9']

42
ansible/roles/designate/tasks/pull.yml Normal file

@ -0,0 +1,42 @@
---
- name: Pulling designate-api image
kolla_docker:
action: "pull_image"
common_options: "{{ docker_common_options }}"
image: "{{ designate_api_image_full }}"
when: inventory_hostname in groups['designate-api']
- name: Pulling designate-central image
kolla_docker:
action: "pull_image"
common_options: "{{ docker_common_options }}"
image: "{{ designate_central_image_full }}"
when: inventory_hostname in groups['designate-central']
- name: Pulling designate-mdns image
kolla_docker:
action: "pull_image"
common_options: "{{ docker_common_options }}"
image: "{{ designate_mdns_image_full }}"
when: inventory_hostname in groups['designate-mdns']
- name: Pulling designate-worker image
kolla_docker:
action: "pull_image"
common_options: "{{ docker_common_options }}"
image: "{{ designate_worker_image_full }}"
when: inventory_hostname in groups['designate-worker']
- name: Pulling designate-sink image
kolla_docker:
action: "pull_image"
common_options: "{{ docker_common_options }}"
image: "{{ designate_sink_image_full }}"
when: inventory_hostname in groups['designate-sink']
- name: Pulling designate-backend-bind9 image
kolla_docker:
action: "pull_image"
common_options: "{{ docker_common_options }}"
image: "{{ designate_backend_bind9_image_full }}"
when: inventory_hostname in groups['designate-backend-bind9']

93
ansible/roles/designate/tasks/reconfigure.yml Normal file

@ -0,0 +1,93 @@
---
- name: Ensuring the containers up
kolla_docker:
name: "{{ item.name }}"
action: "get_container_state"
register: container_state
failed_when: container_state.Running == false
when:
- "{{ item.enabled|default(True) }}"
- inventory_hostname in groups[item.group]
with_items:
- { name: designate_central, group: designate-central }
- { name: designate_api, group: designate-api }
- { name: designate_mdns, group: designate-mdns }
- { name: designate_worker, group: designate-worker }
- { name: designate_sink, group: designate-sink }
- { name: designate_backend_bind9, group: designate-backend-bind9 }
- include: config.yml
- name: Check the configs
command: docker exec {{ item.name }} /usr/local/bin/kolla_set_configs --check
changed_when: false
failed_when: false
register: check_results
when: inventory_hostname in groups[item.group]
with_items:
- { name: designate_central, group: designate-central }
- { name: designate_api, group: designate-api }
- { name: designate_mdns, group: designate-mdns }
- { name: designate_worker, group: designate-worker }
- { name: designate_sink, group: designate-sink }
- { name: designate_backend_bind9, group: designate-backend-bind9 }
# NOTE(jeffrey4l): when config_strategy == 'COPY_ALWAYS'
# and container env['KOLLA_CONFIG_STRATEGY'] == 'COPY_ONCE',
# just remove the container and start again
- name: Containers config strategy
kolla_docker:
name: "{{ item.name }}"
action: "get_container_env"
register: container_envs
when: inventory_hostname in groups[item.group]
with_items:
- { name: designate_central, group: designate-central }
- { name: designate_api, group: designate-api }
- { name: designate_mdns, group: designate-mdns }
- { name: designate_worker, group: designate-worker }
- { name: designate_sink, group: designate-sink }
- { name: designate_backend_bind9, group: designate-backend-bind9 }
- name: Remove the containers
kolla_docker:
name: "{{ item[0]['name'] }}"
action: "remove_container"
register: remove_containers
when:
- inventory_hostname in groups[item[0]['group']]
- config_strategy == "COPY_ONCE" or item[1]['KOLLA_CONFIG_STRATEGY'] == 'COPY_ONCE'
- item[2]['rc'] == 1
with_together:
- [{ name: designate_central, group: designate-central },
{ name: designate_api, group: designate-api },
{ name: designate_mdns, group: designate-mdns },
{ name: designate_worker, group: designate-worker },
{ name: designate_sink, group: designate-sink },
{ name: designate_backend_bind9, group: designate-backend-bind9 }]
- "{{ container_envs.results }}"
- "{{ check_results.results }}"
- include: start.yml
when: remove_containers.changed
- name: Restart containers
kolla_docker:
name: "{{ item[0]['name'] }}"
action: "restart_container"
when:
- inventory_hostname in groups[item[0]['group']]
- config_strategy == 'COPY_ALWAYS'
- item[1]['KOLLA_CONFIG_STRATEGY'] != 'COPY_ONCE'
- item[2]['rc'] == 1
with_together:
- [{ name: designate_central, group: designate-central },
{ name: designate_api, group: designate-api },
{ name: designate_mdns, group: designate-mdns },
{ name: designate_worker, group: designate-worker },
{ name: designate_sink, group: designate-sink },
{ name: designate_backend_bind9, group: designate-backend-bind9 }]
- "{{ container_envs.results }}"
- "{{ check_results.results }}"
- include: update_pools.yml

40
ansible/roles/designate/tasks/register.yml Normal file

@ -0,0 +1,40 @@
---
- name: Creating the Designate service and endpoint
command: docker exec -t kolla_toolbox /usr/bin/ansible localhost
-m kolla_keystone_service
-a "service_name=designate
service_type=dns
description='Designate DNS Service'
endpoint_region={{ openstack_region_name }}
url='{{ item.url }}'
interface='{{ item.interface }}'
region_name={{ openstack_region_name }}
auth={{ '{{ openstack_designate_auth }}' }}"
-e "{'openstack_designate_auth':{{ openstack_designate_auth }}}"
register: designate_endpoint
changed_when: "{{ designate_endpoint.stdout.find('localhost | SUCCESS => ') != -1 and (designate_endpoint.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
until: designate_endpoint.stdout.split()[2] == 'SUCCESS'
retries: 10
delay: 5
run_once: True
with_items:
- {'interface': 'admin', 'url': '{{ designate_admin_endpoint }}'}
- {'interface': 'internal', 'url': '{{ designate_internal_endpoint }}'}
- {'interface': 'public', 'url': '{{ designate_public_endpoint }}'}
- name: Creating the Designate project, user, and role
command: docker exec -t kolla_toolbox /usr/bin/ansible localhost
-m kolla_keystone_user
-a "project=service
user=designate
password={{ designate_keystone_password }}
role=admin
region_name={{ openstack_region_name }}
auth={{ '{{ openstack_designate_auth }}' }}"
-e "{'openstack_designate_auth':{{ openstack_designate_auth }}}"
register: designate_user
changed_when: "{{ designate_user.stdout.find('localhost | SUCCESS => ') != -1 and (designate_user.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
until: designate_user.stdout.split()[2] == 'SUCCESS'
retries: 10
delay: 5
run_once: True

73
ansible/roles/designate/tasks/start.yml Normal file

@ -0,0 +1,73 @@
---
- name: Starting designate-backend-bind9 container
kolla_docker:
action: "start_container"
common_options: "{{ docker_common_options }}"
image: "{{ designate_backend_bind9_image_full }}"
name: "designate_backend_bind9"
volumes:
- "{{ node_config_directory }}/designate-backend-bind9/:{{ container_config_directory }}/:ro"
- "/etc/localtime:/etc/localtime:ro"
- "kolla_logs:/var/log/kolla/"
- "designate_backend_bind9:/var/lib/named/"
when: inventory_hostname in groups['designate-backend-bind9']
- name: Starting designate-central container
kolla_docker:
action: "start_container"
common_options: "{{ docker_common_options }}"
image: "{{ designate_central_image_full }}"
name: "designate_central"
volumes:
- "{{ node_config_directory }}/designate-central/:{{ container_config_directory }}/:ro"
- "/etc/localtime:/etc/localtime:ro"
- "kolla_logs:/var/log/kolla/"
when: inventory_hostname in groups['designate-central']
- name: Starting designate-api container
kolla_docker:
action: "start_container"
common_options: "{{ docker_common_options }}"
image: "{{ designate_api_image_full }}"
name: "designate_api"
volumes:
- "{{ node_config_directory }}/designate-api/:{{ container_config_directory }}/:ro"
- "/etc/localtime:/etc/localtime:ro"
- "kolla_logs:/var/log/kolla/"
when: inventory_hostname in groups['designate-api']
- name: Starting designate-mdns container
kolla_docker:
action: "start_container"
common_options: "{{ docker_common_options }}"
image: "{{ designate_mdns_image_full }}"
name: "designate_mdns"
volumes:
- "{{ node_config_directory }}/designate-mdns/:{{ container_config_directory }}/:ro"
- "/etc/localtime:/etc/localtime:ro"
- "kolla_logs:/var/log/kolla/"
when: inventory_hostname in groups['designate-mdns']
- name: Starting designate-worker container
kolla_docker:
action: "start_container"
common_options: "{{ docker_common_options }}"
image: "{{ designate_worker_image_full }}"
name: "designate_worker"
volumes:
- "{{ node_config_directory }}/designate-worker/:{{ container_config_directory }}/:ro"
- "/etc/localtime:/etc/localtime:ro"
- "kolla_logs:/var/log/kolla/"
when: inventory_hostname in groups['designate-worker']
- name: Starting designate-sink container
kolla_docker:
action: "start_container"
common_options: "{{ docker_common_options }}"
image: "{{ designate_sink_image_full }}"
name: "designate_sink"
volumes:
- "{{ node_config_directory }}/designate-sink/:{{ container_config_directory }}/:ro"
- "/etc/localtime:/etc/localtime:ro"
- "kolla_logs:/var/log/kolla/"
when: inventory_hostname in groups['designate-sink']

4
ansible/roles/designate/tasks/update_pools.yml Normal file

@ -0,0 +1,4 @@
---
- name: Update DNS pools
command: docker exec -t designate_worker designate-manage pool update --file /etc/designate/pools.yaml
when: inventory_hostname in groups['designate-worker'][0]

8
ansible/roles/designate/tasks/upgrade.yml Normal file

@ -0,0 +1,8 @@
---
- include: config.yml
- include: bootstrap_service.yml
- include: start.yml
- include: update_pools.yml

25
ansible/roles/designate/templates/designate-api.json.j2 Normal file

@ -0,0 +1,25 @@
{
"command": "designate-api --config-file /etc/designate/designate.conf",
"config_files": [
{
"source": "{{ container_config_directory }}/designate.conf",
"dest": "/etc/designate/designate.conf",
"owner": "designate",
"perm": "0600"
},
{
"source": "{{ container_config_directory }}/policy.json",
"dest": "/etc/designate/policy.json",
"owner": "designate",
"perm": "0600",
"optional": true
}
],
"permissions": [
{
"path": "/var/log/kolla/designate",
"owner": "designate:designate",
"recurse": true
}
]
}

35
ansible/roles/designate/templates/designate-backend-bind9.json.j2 Normal file

@ -0,0 +1,35 @@
{% set bind_cmd = 'named' if kolla_base_distro in ['ubuntu', 'debian'] else 'named' %}
{% set bind_file = 'bind/named.conf' if kolla_base_distro in ['ubuntu', 'debian'] else 'named.conf' %}
{
"command": "/usr/sbin/{{ bind_cmd }} -g",
"config_files": [
{
"source": "{{ container_config_directory }}/named.conf",
"dest": "/etc/{{ bind_file }}",
"owner": "root",
"perm": "0660"
},
{
"source": "{{ container_config_directory }}/rndc.conf",
"dest": "/etc/rndc.conf",
"owner": "root",
"perm": "0600",
"optional": true
},
{
"source": "{{ container_config_directory }}/rndc.key",
"dest": "/etc/rndc.key",
"owner": "root",
"perm": "0600",
"optional": true
}
],
"permissions": [
{
"path": "/var/log/kolla/named",
"owner": "root:root",
"recurse": true
}
]
}

25
ansible/roles/designate/templates/designate-central.json.j2 Normal file

@ -0,0 +1,25 @@
{
"command": "designate-central --config-file /etc/designate/designate.conf",
"config_files": [
{
"source": "{{ container_config_directory }}/designate.conf",
"dest": "/etc/designate/designate.conf",
"owner": "designate",
"perm": "0600"
},
{
"source": "{{ container_config_directory }}/policy.json",
"dest": "/etc/designate/policy.json",
"owner": "designate",
"perm": "0600",
"optional": true
}
],
"permissions": [
{
"path": "/var/log/kolla/designate",
"owner": "designate:designate",
"recurse": true
}
]
}

25
ansible/roles/designate/templates/designate-mdns.json.j2 Normal file

@ -0,0 +1,25 @@
{
"command": "designate-mdns --config-file /etc/designate/designate.conf",
"config_files": [
{
"source": "{{ container_config_directory }}/designate.conf",
"dest": "/etc/designate/designate.conf",
"owner": "designate",
"perm": "0600"
},
{
"source": "{{ container_config_directory }}/policy.json",
"dest": "/etc/designate/policy.json",
"owner": "designate",
"perm": "0600",
"optional": true
}
],
"permissions": [
{
"path": "/var/log/kolla/designate",
"owner": "designate:designate",
"recurse": true
}
]
}

25
ansible/roles/designate/templates/designate-sink.json.j2 Normal file

@ -0,0 +1,25 @@
{
"command": "designate-sink --config-file /etc/designate/designate.conf",
"config_files": [
{
"source": "{{ container_config_directory }}/designate.conf",
"dest": "/etc/designate/designate.conf",
"owner": "designate",
"perm": "0600"
},
{
"source": "{{ container_config_directory }}/policy.json",
"dest": "/etc/designate/policy.json",
"owner": "designate",
"perm": "0600",
"optional": true
}
],
"permissions": [
{
"path": "/var/log/kolla/designate",
"owner": "designate:designate",
"recurse": true
}
]
}

46
ansible/roles/designate/templates/designate-worker.json.j2 Normal file

@ -0,0 +1,46 @@
{
"command": "designate-worker --config-file /etc/designate/designate.conf",
"config_files": [
{
"source": "{{ container_config_directory }}/designate.conf",
"dest": "/etc/designate/designate.conf",
"owner": "designate",
"perm": "0600"
},
{
"source": "{{ container_config_directory }}/policy.json",
"dest": "/etc/designate/policy.json",
"owner": "designate",
"perm": "0600",
"optional": true
},
{
"source": "{{ container_config_directory }}/pools.yaml",
"dest": "/etc/designate/pools.yaml",
"owner": "designate",
"perm": "0600",
"optional": true
},
{
"source": "{{ container_config_directory }}/rndc.conf",
"dest": "/etc/designate/rndc.conf",
"owner": "designate",
"perm": "0600",
"optional": true
},
{
"source": "{{ container_config_directory }}/rndc.key",
"dest": "/etc/designate/rndc.key",
"owner": "designate",
"perm": "0600",
"optional": true
}
],
"permissions": [
{
"path": "/var/log/kolla/designate",
"owner": "designate:designate",
"recurse": true
}
]
}

88
ansible/roles/designate/templates/designate.conf.j2 Normal file

@ -0,0 +1,88 @@
[DEFAULT]
debug = {{ designate_logging_debug }}
log_dir = /var/log/kolla/designate
transport_url = rabbit://{% for host in groups['rabbitmq'] %}{{ rabbitmq_user }}:{{ rabbitmq_password }}@{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ rabbitmq_port }}{% if not loop.last %},{% endif %}{% endfor %}
[service:central]
default_pool_id = {{ designate_pool_id }}
[service:api]
api_base_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ designate_api_port }}
api_host = {{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}
api_port = {{ designate_api_port }}
enable_api_v1 = True
enabled_extensions_v1 = 'diagnostics, quotas, reports, sync, touch'
enable_api_v2 = True
enabled_extensions_v2 = 'quotas, reports'
[keystone_authtoken]
auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}
auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
auth_type = password
project_domain_id = default
user_domain_id = default
project_name = service
username = {{ designate_keystone_user }}
password = {{ designate_keystone_password }}
http_connect_timeout = 60
memcache_security_strategy = ENCRYPT
memcache_secret_key = {{ memcache_secret_key }}
memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}
[service:sink]
enabled_notification_handlers = nova_fixed, neutron_floatingip
workers = {{ openstack_service_workers }}
[service:mdns]
listen = {{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}:{{ designate_mdns_port }}
workers = {{ openstack_service_workers }}
[service:worker]
enabled = True
notify = True
workers = {{ openstack_service_workers }}
[service:pool_manager]
cache_driver = sqlalchemy
pool_id = {{ designate_pool_id }}
workers = {{ openstack_service_workers }}
[pool_manager_cache:sqlalchemy]
connection = mysql+pymysql://{{ designate_pool_manager_database_user }}:{{ designate_pool_manager_database_password }}@{{ designate_pool_manager_database_address }}/{{ designate_pool_manager_database_name }}
max_retries = 10
idle_timeout = 3600
[pool_manager_cache:memcache]
memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}
[storage:sqlalchemy]
connection = mysql+pymysql://{{ designate_database_user }}:{{ designate_database_password }}@{{ designate_database_address }}/{{ designate_database_name }}
max_retries = 10
idle_timeout = 3600
[handler:nova_fixed]
notification_topics = notifications_designate
control_exchange = nova
format = '(display_name)s.%(domain)s'
[handler:neutron_floatingip]
notification_topics = notifications_designate
control_exchange = neutron
format = '%(octet0)s-%(octet1)s-%(octet2)s-%(octet3)s.%(domain)s'
[oslo_messaging_notifications]
topics = notifications_designate
driver = messaging
[oslo_messaging_rabbit]
rabbit_userid = {{ rabbitmq_user }}
rabbit_password = {{ rabbitmq_password }}
rabbit_hosts = {% for host in groups['rabbitmq'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ rabbitmq_port }}{% if not loop.last %},{% endif %}{% endfor %}
[oslo_concurrency]
lock_path = /var/lib/designate/tmp

15
ansible/roles/designate/templates/named.conf.j2 Normal file

@ -0,0 +1,15 @@
include "/etc/rndc.key";
options {
listen-on port {{ designate_bind_port }} { {{ hostvars[inventory_hostname]['ansible_' + hostvars[inventory_hostname]['api_interface']]['ipv4']['address'] }}; };
directory "/var/lib/named";
allow-new-zones yes;
dnssec-validation auto;
auth-nxdomain no;
request-ixfr no;
recursion no;
minimal-responses yes;
};
controls {
inet {{ hostvars[inventory_hostname]['ansible_' + hostvars[inventory_hostname]['api_interface']]['ipv4']['address'] }} port {{ designate_rndc_port }} allow { {% for host in groups['designate-worker'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}; {% endfor %} } keys { "rndc-key"; };
};

28
ansible/roles/designate/templates/pools.yaml.j2 Normal file

@ -0,0 +1,28 @@
- name: default-bind
id: {{ designate_pool_id }}
description: Default BIND9 Pool
attributes: {}
ns_records:
- hostname: {{ designate_ns_record }}.
priority: 1
nameservers:
{% for host in groups['designate-backend-bind9'] %}
- host: {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}
port: {{ designate_bind_port }}
{% endfor %}
targets:
{% for bind_host in groups['designate-backend-bind9'] %}
- type: bind9
description: BIND9 Server {{ hostvars[bind_host]['ansible_' + hostvars[bind_host]['api_interface']]['ipv4']['address'] }}
masters:
{% for mdns_host in groups['designate-mdns'] %}
- host: {{ hostvars[mdns_host]['ansible_' + hostvars[mdns_host]['api_interface']]['ipv4']['address'] }}
port: 5354
{% endfor %}
options:
host: {{ hostvars[bind_host]['ansible_' + hostvars[bind_host]['api_interface']]['ipv4']['address'] }}
port: {{ designate_bind_port }}
rndc_host: {{ hostvars[bind_host]['ansible_' + hostvars[bind_host]['api_interface']]['ipv4']['address'] }}
rndc_port: {{ designate_rndc_port }}
rndc_key_file: /etc/designate/rndc.key
{% endfor %}

6
ansible/roles/designate/templates/rndc.conf.j2 Normal file

@ -0,0 +1,6 @@
#include "/etc/rndc.key";
options {
default-key "rndc-key";
default-server {{ hostvars[inventory_hostname]['ansible_' + hostvars[inventory_hostname]['api_interface']]['ipv4']['address'] }};
default-port {{ designate_rndc_port }};
};

4
ansible/roles/designate/templates/rndc.key.j2 Normal file

@ -0,0 +1,4 @@
key "rndc-key" {
algorithm hmac-md5;
secret "{{ designate_rndc_key }}";
};

11
ansible/roles/haproxy/tasks/precheck.yml

@ -36,6 +36,17 @@
- "{{ 'cloudkitty_api' not in haproxy_stat }}" - "{{ 'cloudkitty_api' not in haproxy_stat }}"
- inventory_hostname in groups['haproxy'] - inventory_hostname in groups['haproxy']
- name: Checking free port for Designate API HAProxy
wait_for:
host: "{{ kolla_internal_vip_address }}"
port: "{{ designate_api_port }}"
connect_timeout: 1
state: stopped
when:
- enable_designate | bool
- inventory_hostname in groups['haproxy']
- "{{ 'designate_api' not in haproxy_stat }}"
- name: Checking free port for Glance API HAProxy - name: Checking free port for Glance API HAProxy
wait_for: wait_for:
host: "{{ kolla_internal_vip_address }}" host: "{{ kolla_internal_vip_address }}"

16
ansible/roles/haproxy/templates/haproxy.cfg.j2

@ -650,6 +650,22 @@ listen congress_api_external
{% endif %} {% endif %}
{% endif %} {% endif %}
{% if enable_designate | bool %}
listen designate_api
bind {{ kolla_internal_vip_address }}:{{ designate_api_port }}
{% for host in groups['designate-api'] %}
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ designate_api_port }} check inter 2000 rise 2 fall 5
{% endfor %}
{% if haproxy_enable_external_vip | bool %}
listen designate_api_external
bind {{ kolla_external_vip_address }}:{{ designate_api_port }} {{ tls_bind_info }}
{% for host in groups['designate-api'] %}
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ designate_api_port }} check inter 2000 rise 2 fall 5
{% endfor %}
{% endif %}
{% endif %}
{% if enable_mistral | bool %} {% if enable_mistral | bool %}
listen mistral_api listen mistral_api
bind {{ kolla_internal_vip_address }}:{{ mistral_api_port }} bind {{ kolla_internal_vip_address }}:{{ mistral_api_port }}

5
ansible/roles/neutron/templates/neutron.conf.j2

@ -91,9 +91,10 @@ memcached_servers = {% for host in groups['memcached'] %}{% if orchestration_eng
{% endif %} {% endif %}
[oslo_messaging_notifications] [oslo_messaging_notifications]
{% if enable_ceilometer | bool or enable_searchlight | bool %} {% if enable_ceilometer | bool or enable_searchlight | bool or enable_designate | bool %}
driver = messagingv2 driver = messagingv2
topics = notifications {% set topics=["notifications" if enable_ceilometer | bool else "", "notifications_designate" if enable_designate | bool else ""] %}
topics = {{ topics|reject("equalto", "")|list|join(",") }}
{% else %} {% else %}
driver = noop driver = noop
{% endif %} {% endif %}

7
ansible/roles/nova/templates/nova.conf.j2

@ -50,7 +50,7 @@ compute_driver = libvirt.LibvirtDriver
# Though my_ip is not used directly, lots of other variables use $my_ip # Though my_ip is not used directly, lots of other variables use $my_ip
my_ip = {{ api_interface_address }} my_ip = {{ api_interface_address }}
{% if enable_ceilometer | bool or enable_searchlight | bool %} {% if enable_ceilometer | bool or enable_searchlight | bool or enable_designate | bool %}
instance_usage_audit = True instance_usage_audit = True
instance_usage_audit_period = hour instance_usage_audit_period = hour
notify_on_state_change = vm_and_task_state notify_on_state_change = vm_and_task_state
@ -185,9 +185,10 @@ rbd_secret_uuid = {{ rbd_secret_uuid }}
compute = auto compute = auto
[oslo_messaging_notifications] [oslo_messaging_notifications]
{% if enable_ceilometer | bool or enable_searchlight | bool %} {% if enable_ceilometer | bool or enable_searchlight | bool or enable_designate | bool %}
driver = messagingv2 driver = messagingv2
topics = notifications {% set topics=["notifications" if enable_ceilometer | bool else "", "notifications_designate" if enable_designate | bool else ""] %}
topics = {{ topics|reject("equalto", "")|list|join(",") }}
{% else %} {% else %}
driver = noop driver = noop
{% endif %} {% endif %}

13
ansible/site.yml

@ -401,6 +401,19 @@
tags: tempest, tags: tempest,
when: enable_tempest | bool } when: enable_tempest | bool }
- name: Apply role designate
hosts:
- designate-api
- designate-central
- designate-mdns
- designate-worker
- designate-sink
serial: '{{ serial|default("0") }}'
roles:
- { role: designate,
tags: designate,
when: enable_designate | bool }
- name: Apply role rally - name: Apply role rally
hosts: rally hosts: rally
serial: '{{ serial|default("0") }}' serial: '{{ serial|default("0") }}'

7
etc/kolla/globals.yml

@ -129,6 +129,7 @@ kolla_internal_vip_address: "10.10.10.254"
#enable_cinder_backend_nfs: "no" #enable_cinder_backend_nfs: "no"
#enable_cloudkitty: "no" #enable_cloudkitty: "no"
#enable_congress: "no" #enable_congress: "no"
#enable_designate: "no"
#enable_destroy_images: "no" #enable_destroy_images: "no"
#enable_etcd: "no" #enable_etcd: "no"
#enable_gnocchi: "no" #enable_gnocchi: "no"
@ -228,6 +229,12 @@ kolla_internal_vip_address: "10.10.10.254"
#cinder_backup_mount_options_nfs: "" #cinder_backup_mount_options_nfs: ""
#######################
# Designate options
#######################
designate_ns_record: "sample.openstack.org"
######################### #########################
# Nova - Compute Options # Nova - Compute Options
######################### #########################

8
etc/kolla/passwords.yml

@ -58,6 +58,14 @@ cloudkitty_keystone_password:
sahara_database_password: sahara_database_password:
sahara_keystone_password: sahara_keystone_password:
designate_database_password:
designate_pool_manager_database_password:
designate_keystone_password:
# This option must be UUID4 value in string format
designate_pool_id:
# This option must be HMAC-MD5 value in string format
designate_rndc_key:
swift_keystone_password: swift_keystone_password:
swift_hash_path_suffix: swift_hash_path_suffix:
swift_hash_path_prefix: swift_hash_path_prefix:

11
kolla/cmd/genpwd.py

@ -13,12 +13,14 @@
# limitations under the License. # limitations under the License.
import argparse import argparse
import hmac
import os import os
import random import random
import string import string
import sys import sys
from Crypto.PublicKey import RSA from Crypto.PublicKey import RSA
from hashlib import md5
from oslo_utils import uuidutils from oslo_utils import uuidutils
import yaml import yaml
@ -51,7 +53,7 @@ def main():
# These keys should be random uuids # These keys should be random uuids
uuid_keys = ['ceph_cluster_fsid', 'rbd_secret_uuid', uuid_keys = ['ceph_cluster_fsid', 'rbd_secret_uuid',
'gnocchi_project_id', 'gnocchi_resource_id', 'gnocchi_project_id', 'gnocchi_resource_id',
'gnocchi_user_id'] 'gnocchi_user_id', 'designate_pool_id']
# SSH key pair # SSH key pair
ssh_keys = ['kolla_ssh_key', 'nova_ssh_key', ssh_keys = ['kolla_ssh_key', 'nova_ssh_key',
@ -60,6 +62,9 @@ def main():
# If these keys are None, leave them as None # If these keys are None, leave them as None
blank_keys = ['docker_registry_password'] blank_keys = ['docker_registry_password']
# HMAC-MD5 keys
hmac_md5_keys = ['designate_rndc_key']
# length of password # length of password
length = 40 length = 40
@ -82,6 +87,10 @@ def main():
continue continue
if k in uuid_keys: if k in uuid_keys:
passwords[k] = uuidutils.generate_uuid() passwords[k] = uuidutils.generate_uuid()
elif k in hmac_md5_keys:
passwords[k] = (hmac.new(
uuidutils.generate_uuid(), '', md5)
.digest().encode('base64')[:-1])
else: else:
passwords[k] = ''.join([ passwords[k] = ''.join([
random.SystemRandom().choice( random.SystemRandom().choice(

6
releasenotes/notes/ansible-designate-948c56a8e14d5029.yaml Normal file

@ -0,0 +1,6 @@
---
prelude: >
Designate is an OpenStack project, providing DNSaaS.
features:
- Designate deployment through Ansible with Bind9
as backend for DNS.