Initial commit
This commit is contained in:
commit
8d6686ef54
39
README.md
Normal file
39
README.md
Normal file
@ -0,0 +1,39 @@
|
|||||||
|
Role Name
|
||||||
|
=========
|
||||||
|
|
||||||
|
A brief description of the role goes here.
|
||||||
|
|
||||||
|
Requirements
|
||||||
|
------------
|
||||||
|
|
||||||
|
Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
|
||||||
|
|
||||||
|
Role Variables
|
||||||
|
--------------
|
||||||
|
|
||||||
|
A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
|
||||||
|
|
||||||
|
Dependencies
|
||||||
|
------------
|
||||||
|
|
||||||
|
A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
|
||||||
|
|
||||||
|
Example Playbook
|
||||||
|
----------------
|
||||||
|
|
||||||
|
Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
|
||||||
|
|
||||||
|
- hosts: servers
|
||||||
|
roles:
|
||||||
|
- { role: username.rolename, x: 42 }
|
||||||
|
|
||||||
|
License
|
||||||
|
-------
|
||||||
|
|
||||||
|
BSD
|
||||||
|
|
||||||
|
Author Information
|
||||||
|
------------------
|
||||||
|
|
||||||
|
An optional section for the role authors to include contact information, or a website (HTML is not allowed).
|
||||||
|
|
146
defaults/main.yml
Normal file
146
defaults/main.yml
Normal file
@ -0,0 +1,146 @@
|
|||||||
|
---
|
||||||
|
# Copyright 2016, Tata Consultancy Services
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
## Verbosity Options
|
||||||
|
debug: False
|
||||||
|
verbose: True
|
||||||
|
|
||||||
|
# Name of the virtual env to deploy into
|
||||||
|
designate_venv_tag: untagged
|
||||||
|
designate_venv_bin: "/openstack/venvs/designate-{{ designate_venv_tag }}/bin"
|
||||||
|
|
||||||
|
# Set this to enable or disable installing in a venv
|
||||||
|
designate_venv_enabled: true
|
||||||
|
|
||||||
|
# The bin path defaults to the venv path however if installation in a
|
||||||
|
# venv is disabled the bin path will be dynamically set based on the
|
||||||
|
# system path used when the installing.
|
||||||
|
designate_bin: "{{ designate_venv_bin }}"
|
||||||
|
|
||||||
|
# Set the etc dir path where designate is installed.
|
||||||
|
# This is used for role access to the db migrations.
|
||||||
|
# Example:
|
||||||
|
# designate_etc_dir: "/usr/local/etc/designate"
|
||||||
|
designate_venv_etc_dir: "{{ designate_bin | dirname }}/etc/designate"
|
||||||
|
designate_non_venv_etc_dir: "/usr/local/etc/designate"
|
||||||
|
designate_etc_dir: "{{ (designate_venv_enabled | bool) | ternary(designate_venv_etc_dir, designate_non_venv_etc_dir) }}"
|
||||||
|
|
||||||
|
designate_venv_download_url: http://127.0.0.1/venvs/untagged/ubuntu/designate.tgz
|
||||||
|
|
||||||
|
## System info
|
||||||
|
designate_system_user_name: designate
|
||||||
|
designate_system_group_name: designate
|
||||||
|
designate_system_shell: /bin/false
|
||||||
|
designate_system_comment: designate system user
|
||||||
|
designate_system_user_home: "/var/lib/{{ designate_system_user_name }}"
|
||||||
|
|
||||||
|
## DB info
|
||||||
|
designate_galera_user: designate
|
||||||
|
designate_galera_password: "{{ designate_container_mysql_password }}"
|
||||||
|
designate_galera_database: designate
|
||||||
|
|
||||||
|
## RabbitMQ info
|
||||||
|
designate_rabbitmq_userid: designate
|
||||||
|
designate_rabbitmq_vhost: /designate
|
||||||
|
|
||||||
|
|
||||||
|
# Enable/Disable Ceilometer
|
||||||
|
designate_ceilometer_enabled: False
|
||||||
|
|
||||||
|
# Designate API's enabled
|
||||||
|
designate_enable_v1_api: true
|
||||||
|
designate_enable_v2_api: true
|
||||||
|
|
||||||
|
#Designate services info
|
||||||
|
designate_role_name: admin
|
||||||
|
|
||||||
|
designate_central_program_name: designate-central
|
||||||
|
designate_pool_manager_program_name: designate-pool-manager
|
||||||
|
designate_mdns_program_name: designate-mdns
|
||||||
|
designate_sink_program_name: designate-sink
|
||||||
|
designate_api_program_name: designate-api
|
||||||
|
|
||||||
|
## Service Type and Data
|
||||||
|
designate_service_region: RegionOne
|
||||||
|
designate_service_endpoint_type: internalURL
|
||||||
|
designate_service_name: designate
|
||||||
|
designate_service_port: 9001
|
||||||
|
designate_service_proto: http
|
||||||
|
designate_service_type: dns
|
||||||
|
designate_service_description: "DNS as a service"
|
||||||
|
designate_service_project_domain_id: default
|
||||||
|
designate_service_user_domain_id: default
|
||||||
|
designate_service_user_name: designate
|
||||||
|
designate_keystone_auth_plugin: password
|
||||||
|
designate_service_tenant_name: service
|
||||||
|
designate_service_project_name: service
|
||||||
|
designate_service_publicuri: "{{ designate_service_proto }}://{{ external_lb_vip_address }}:{{ designate_service_port }}"
|
||||||
|
designate_service_publicurl: "{{ designate_service_publicuri }}/v1"
|
||||||
|
designate_service_internaluri: "{{ designate_service_proto }}://{{ internal_lb_vip_address }}:{{ designate_service_port }}"
|
||||||
|
designate_service_internalurl: "{{ designate_service_internaluri }}/v1"
|
||||||
|
designate_service_adminuri: "{{ designate_service_proto }}://{{ internal_lb_vip_address }}:{{ designate_service_port }}"
|
||||||
|
designate_service_adminurl: "{{ designate_service_adminuri }}/v1"
|
||||||
|
|
||||||
|
designate_service_v2_name: designatev2
|
||||||
|
designate_service_v2_port: 9001
|
||||||
|
designate_service_v2_proto: http
|
||||||
|
designate_service_v2_type: dnsv2
|
||||||
|
designate_service_v2_description: "DNS Service V2"
|
||||||
|
designate_service_v2_publicuri: "{{ cinder_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ cinder_service_port }}"
|
||||||
|
designate_service_v2_publicuri: "{{ designate_service_proto }}://{{ external_lb_vip_address }}:{{ designate_service_port }}"
|
||||||
|
designate_service_v2_publicurl: "{{ designate_service_publicuri }}/v2"
|
||||||
|
designate_service_v2_internaluri: "{{ designate_service_proto }}://{{ internal_lb_vip_address }}:{{ designate_service_port }}"
|
||||||
|
designate_service_v2_internalurl: "{{ designate_service_internaluri }}/v2"
|
||||||
|
designate_service_v2_adminuri: "{{ designate_service_proto }}://{{ internal_lb_vip_address }}:{{ designate_service_port }}"
|
||||||
|
designate_service_v2_adminurl: "{{ designate_service_adminuri }}/v2"
|
||||||
|
|
||||||
|
designate_service_in_ldap: false
|
||||||
|
|
||||||
|
# Common apt packages
|
||||||
|
designate_apt_packages:
|
||||||
|
- rpcbind
|
||||||
|
- bind9
|
||||||
|
- pdns-server
|
||||||
|
- pdns-backend-mysql
|
||||||
|
|
||||||
|
# designate packages that must be installed before anything else
|
||||||
|
designate_requires_pip_packages:
|
||||||
|
- virtualenv
|
||||||
|
- virtualenv-tools
|
||||||
|
- python-keystoneclient # Keystoneclient needed to OSA keystone lib
|
||||||
|
- httplib2
|
||||||
|
|
||||||
|
# Common pip packages
|
||||||
|
designate_pip_packages:
|
||||||
|
- designate
|
||||||
|
- python-designateclient
|
||||||
|
- MySQL-python
|
||||||
|
- python-memcached
|
||||||
|
- pycrypto
|
||||||
|
- warlock
|
||||||
|
|
||||||
|
## Service Names
|
||||||
|
designate_service_names:
|
||||||
|
- "designate-api"
|
||||||
|
- "designate-central"
|
||||||
|
- "designate-pool-manager"
|
||||||
|
- "designate-mdns"
|
||||||
|
- "designate-sink"
|
||||||
|
|
||||||
|
## Tunable overrides
|
||||||
|
designate_policy_overrides: {}
|
||||||
|
designate_designate_conf_overrides: {}
|
||||||
|
designate_api_paste_ini_overrides: {}
|
||||||
|
|
3
extras/conf.d/designate.yml.aio
Normal file
3
extras/conf.d/designate.yml.aio
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
dnsaas_hosts:
|
||||||
|
aio1:
|
||||||
|
ip: 172.29.236.100
|
53
extras/env.d/designate.yml
Normal file
53
extras/env.d/designate.yml
Normal file
@ -0,0 +1,53 @@
|
|||||||
|
---
|
||||||
|
# Copyright 2016, Tata Consultancy Services
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
component_skel:
|
||||||
|
designate_api:
|
||||||
|
belongs_to:
|
||||||
|
- designate_all
|
||||||
|
designate_central:
|
||||||
|
belongs_to:
|
||||||
|
- designate_all
|
||||||
|
designate_mdns:
|
||||||
|
belongs_to:
|
||||||
|
- designate_all
|
||||||
|
designate_pool_manager:
|
||||||
|
belongs_to:
|
||||||
|
- designate_all
|
||||||
|
designate_sink:
|
||||||
|
belongs_to:
|
||||||
|
- designate_all
|
||||||
|
|
||||||
|
container_skel:
|
||||||
|
designate_container:
|
||||||
|
belongs_to:
|
||||||
|
- dnsaas_containers
|
||||||
|
contains:
|
||||||
|
- designate_api
|
||||||
|
- designate_central
|
||||||
|
- designate_mdns
|
||||||
|
- designate_pool_manager
|
||||||
|
- designate_sink
|
||||||
|
properties:
|
||||||
|
service_name: designate
|
||||||
|
container_release: trusty
|
||||||
|
|
||||||
|
physical_skel:
|
||||||
|
dnsaas_containers:
|
||||||
|
belongs_to:
|
||||||
|
- all_containers
|
||||||
|
dnsaas_hosts:
|
||||||
|
belongs_to:
|
||||||
|
- hosts
|
13
extras/group_vars_designate.yml
Normal file
13
extras/group_vars_designate.yml
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
## Designate
|
||||||
|
designate_service_port: 9001
|
||||||
|
designate_service_proto: http
|
||||||
|
designate_service_adminuri_proto: "{{ openstack_service_adminuri_proto | default(designate_service_proto) }}"
|
||||||
|
designate_service_user_name: designate
|
||||||
|
designate_service_project_name: service
|
||||||
|
designate_service_project_domain_id: default
|
||||||
|
designate_service_user_domain_id: default
|
||||||
|
designate_service_adminuri: "{{ designate_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ designate_service_port }}"
|
||||||
|
designate_service_adminurl: "{{ designate_service_adminuri }}"
|
||||||
|
designate_service_region: "{{ service_region }}"
|
||||||
|
designate_rabbitmq_userid: designate
|
||||||
|
designate_rabbitmq_vhost: /designate
|
10
extras/haproxy_designate.yml
Normal file
10
extras/haproxy_designate.yml
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
haproxy_service_configs:
|
||||||
|
- service:
|
||||||
|
haproxy_service_name: designate_api
|
||||||
|
haproxy_backend_nodes: "{{ groups['designate_api'] | default([]) }}"
|
||||||
|
haproxy_port: 9191
|
||||||
|
haproxy_balance_type: http
|
||||||
|
haproxy_backend_options:
|
||||||
|
- "forwardfor"
|
||||||
|
- "httpchk /versions"
|
||||||
|
- "httplog"
|
99
extras/os-designate-install.yml
Normal file
99
extras/os-designate-install.yml
Normal file
@ -0,0 +1,99 @@
|
|||||||
|
---
|
||||||
|
# Copyright 2016, Tata Consultancy Services
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
- name: Install the designate components
|
||||||
|
hosts: designate_all
|
||||||
|
max_fail_percentage: 20
|
||||||
|
user: root
|
||||||
|
pre_tasks:
|
||||||
|
- name: Use the lxc-openstack aa profile
|
||||||
|
lxc_container:
|
||||||
|
name: "{{ container_name }}"
|
||||||
|
container_config:
|
||||||
|
- "lxc.aa_profile=lxc-openstack"
|
||||||
|
delegate_to: "{{ physical_host }}"
|
||||||
|
when: not is_metal | bool
|
||||||
|
register: container_config
|
||||||
|
tags:
|
||||||
|
- lxc-aa-profile
|
||||||
|
- name: Wait for container ssh
|
||||||
|
wait_for:
|
||||||
|
port: "22"
|
||||||
|
delay: "{{ ssh_delay }}"
|
||||||
|
search_regex: "OpenSSH"
|
||||||
|
host: "{{ ansible_ssh_host }}"
|
||||||
|
delegate_to: "{{ physical_host }}"
|
||||||
|
when: container_config is defined and container_config | changed
|
||||||
|
register: ssh_wait_check
|
||||||
|
until: ssh_wait_check | success
|
||||||
|
retries: 3
|
||||||
|
tags:
|
||||||
|
- ssh-wait
|
||||||
|
- name: Sort the rabbitmq servers
|
||||||
|
dist_sort:
|
||||||
|
value_to_lookup: "{{ container_name }}"
|
||||||
|
ref_list: "{{ groups['designate_all'] }}"
|
||||||
|
src_list: "{{ rabbitmq_servers }}"
|
||||||
|
register: servers
|
||||||
|
- name: Set rabbitmq servers
|
||||||
|
set_fact:
|
||||||
|
rabbitmq_servers: "{{ servers.sorted_list }}"
|
||||||
|
- name: Create log dir
|
||||||
|
file:
|
||||||
|
path: "{{ item.path }}"
|
||||||
|
state: directory
|
||||||
|
with_items:
|
||||||
|
- { path: "/openstack/log/{{ inventory_hostname }}-designate" }
|
||||||
|
when: is_metal | bool
|
||||||
|
tags:
|
||||||
|
- designate-logs
|
||||||
|
- designate-log-dirs
|
||||||
|
- name: Create log aggregation links
|
||||||
|
file:
|
||||||
|
src: "{{ item.src }}"
|
||||||
|
dest: "{{ item.dest }}"
|
||||||
|
state: "{{ item.state }}"
|
||||||
|
force: "yes"
|
||||||
|
with_items:
|
||||||
|
- { src: "/openstack/log/{{ inventory_hostname }}-designate", dest: "/var/log/designate", state: "link" }
|
||||||
|
when: is_metal | bool
|
||||||
|
tags:
|
||||||
|
- designate-logs
|
||||||
|
roles:
|
||||||
|
- role: "os_designate"
|
||||||
|
designate_galera_address: "{{ galera_address }}"
|
||||||
|
designate_venv_tag: "{{ openstack_release }}"
|
||||||
|
designate_venv_download_url: "{{ openstack_repo_url }}/venvs/{{ openstack_release }}/{{ ansible_distribution | lower }}/designate-{{ openstack_release }}.tgz"
|
||||||
|
tags:
|
||||||
|
- "os-designate"
|
||||||
|
- { role: "openstack_openrc", tags: [ "openstack-openrc" ] }
|
||||||
|
- role: "rsyslog_client"
|
||||||
|
rsyslog_client_log_rotate_file: designate_log_rotate
|
||||||
|
rsyslog_client_log_dir: "/var/log/designate"
|
||||||
|
rsyslog_client_config_name: "99-designate-rsyslog-client.conf"
|
||||||
|
tags:
|
||||||
|
- "designate-rsyslog-client"
|
||||||
|
- "rsyslog-client"
|
||||||
|
- role: "system_crontab_coordination"
|
||||||
|
tags:
|
||||||
|
- "system-crontab-coordination"
|
||||||
|
vars_files:
|
||||||
|
- defaults/repo_packages/openstack_services.yml
|
||||||
|
vars:
|
||||||
|
galera_address: "{{ internal_lb_vip_address }}"
|
||||||
|
designate_galera_address: "{{ internal_lb_vip_address }}"
|
||||||
|
ansible_hostname: "{{ container_name }}"
|
||||||
|
is_metal: "{{ properties.is_metal|default(false) }}"
|
||||||
|
|
4
extras/repo_designate.yml
Normal file
4
extras/repo_designate.yml
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
## Designate service
|
||||||
|
designate_git_repo: https://git.openstack.org/openstack/designate
|
||||||
|
designate_git_install_branch: 6622e9493668f5bf3178bfc0a7c6fe53d1e2d89e # HEAD of "stable/liberty" as of 07.03.2016
|
||||||
|
designate_git_dest: "/opt/designate_{{ designate_git_install_branch | replace('/', '_') }}"
|
2
extras/user_secrets_designate.yml
Normal file
2
extras/user_secrets_designate.yml
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
designate_container_mysql_password:
|
||||||
|
designate_service_password:
|
52
handlers/main.yml
Normal file
52
handlers/main.yml
Normal file
@ -0,0 +1,52 @@
|
|||||||
|
# Copyright 2016, Tata Consultancy Services
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
- name: Restart designate api
|
||||||
|
service:
|
||||||
|
name: "{{ designate_api_program_name }}"
|
||||||
|
state: "restarted"
|
||||||
|
pattern: "{{ designate_api_program_name }}"
|
||||||
|
|
||||||
|
- name: Restart designate central
|
||||||
|
service:
|
||||||
|
name: "{{ designate_central_program_name }}"
|
||||||
|
state: "restarted"
|
||||||
|
pattern: "{{ designate_central_program_name }}"
|
||||||
|
|
||||||
|
- name: Restart designate pool-manager
|
||||||
|
service:
|
||||||
|
name: "{{ designate_pool_manager_program_name }}"
|
||||||
|
state: "restarted"
|
||||||
|
pattern: "{{ designate_pool_manager_program_name }}"
|
||||||
|
|
||||||
|
- name: Restart designate mdns
|
||||||
|
service:
|
||||||
|
name: "{{ designate_mdns_program_name }}"
|
||||||
|
state: "restarted"
|
||||||
|
pattern: "{{ designate_mdns_program_name }}"
|
||||||
|
|
||||||
|
- name: Restart designate sink
|
||||||
|
service:
|
||||||
|
name: "{{ designate_sink_program_name }}"
|
||||||
|
state: "restarted"
|
||||||
|
pattern: "{{ designate_sink_program_name }}"
|
||||||
|
|
||||||
|
- name: Restart designate services
|
||||||
|
service:
|
||||||
|
name: "{{ item }}"
|
||||||
|
state: "restarted"
|
||||||
|
pattern: "{{ item }}"
|
||||||
|
with_items: designate_service_names
|
||||||
|
failed_when: false
|
||||||
|
|
37
meta/main.yml
Normal file
37
meta/main.yml
Normal file
@ -0,0 +1,37 @@
|
|||||||
|
---
|
||||||
|
# Copyright 2016, Tata Consultancy Services
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
galaxy_info:
|
||||||
|
author: rcbops
|
||||||
|
description: Installation and setup of designate
|
||||||
|
company: Rackspace
|
||||||
|
license: Apache2
|
||||||
|
min_ansible_version: 1.6.6
|
||||||
|
platforms:
|
||||||
|
- name: Ubuntu
|
||||||
|
versions:
|
||||||
|
- trusty
|
||||||
|
categories:
|
||||||
|
- cloud
|
||||||
|
- python
|
||||||
|
- designate
|
||||||
|
- development
|
||||||
|
- openstack
|
||||||
|
dependencies:
|
||||||
|
- apt_package_pinning
|
||||||
|
- galera_client
|
||||||
|
- openstack_openrc
|
||||||
|
- pip_lock_down
|
||||||
|
|
49
tasks/designate_db_setup.yml
Normal file
49
tasks/designate_db_setup.yml
Normal file
@ -0,0 +1,49 @@
|
|||||||
|
---
|
||||||
|
# Copyright 2016, Tata Consultancy Services
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
- name: Create DB for service
|
||||||
|
mysql_db:
|
||||||
|
login_user: "{{ galera_root_user }}"
|
||||||
|
login_password: "{{ galera_root_password }}"
|
||||||
|
login_host: "{{ designate_galera_address }}"
|
||||||
|
name: "{{ designate_galera_database }}"
|
||||||
|
state: "present"
|
||||||
|
tags:
|
||||||
|
- designate-db-setup
|
||||||
|
|
||||||
|
- name: Grant access to the DB for the service
|
||||||
|
mysql_user:
|
||||||
|
login_user: "{{ galera_root_user }}"
|
||||||
|
login_password: "{{ galera_root_password }}"
|
||||||
|
login_host: "{{ designate_galera_address }}"
|
||||||
|
name: "{{ designate_galera_user }}"
|
||||||
|
password: "{{ designate_container_mysql_password }}"
|
||||||
|
host: "{{ item }}"
|
||||||
|
state: "present"
|
||||||
|
priv: "{{ designate_galera_database }}.*:ALL"
|
||||||
|
with_items:
|
||||||
|
- "localhost"
|
||||||
|
- "%"
|
||||||
|
tags:
|
||||||
|
- designate-db-setup
|
||||||
|
|
||||||
|
- name: Perform a Designate DB sync
|
||||||
|
command: designate-manage database sync
|
||||||
|
sudo: yes
|
||||||
|
sudo_user: "{{ designate_system_user_name }}"
|
||||||
|
tags:
|
||||||
|
- designate-db-sync
|
||||||
|
- designate-setup
|
||||||
|
|
198
tasks/designate_install.yml
Normal file
198
tasks/designate_install.yml
Normal file
@ -0,0 +1,198 @@
|
|||||||
|
---
|
||||||
|
# Copyright 2016, Tata Consultancy Services
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
- name: Update apt sources
|
||||||
|
apt:
|
||||||
|
update_cache: yes
|
||||||
|
cache_valid_time: 600
|
||||||
|
register: apt_update
|
||||||
|
until: apt_update|success
|
||||||
|
retries: 5
|
||||||
|
delay: 2
|
||||||
|
tags:
|
||||||
|
- designate-apt-packages
|
||||||
|
|
||||||
|
- name: Install apt packages
|
||||||
|
apt:
|
||||||
|
pkg: "{{ item }}"
|
||||||
|
state: latest
|
||||||
|
register: install_packages
|
||||||
|
until: install_packages|success
|
||||||
|
retries: 5
|
||||||
|
delay: 2
|
||||||
|
with_items: designate_apt_packages
|
||||||
|
tags:
|
||||||
|
- designate-install
|
||||||
|
- designate-apt-packages
|
||||||
|
|
||||||
|
- name: Install pip packages
|
||||||
|
pip:
|
||||||
|
name: "{{ item }}"
|
||||||
|
state: present
|
||||||
|
extra_args: "{{ pip_install_options|default('') }}"
|
||||||
|
register: install_packages
|
||||||
|
until: install_packages|success
|
||||||
|
retries: 5
|
||||||
|
delay: 2
|
||||||
|
with_items:
|
||||||
|
- "{{ designate_pip_packages }}"
|
||||||
|
tags:
|
||||||
|
- designate-install
|
||||||
|
- designate-pip-packages
|
||||||
|
|
||||||
|
- name: Install requires pip packages
|
||||||
|
pip:
|
||||||
|
name: "{{ item }}"
|
||||||
|
state: present
|
||||||
|
extra_args: "{{ pip_install_options|default('') }}"
|
||||||
|
register: install_packages
|
||||||
|
until: install_packages|success
|
||||||
|
retries: 5
|
||||||
|
delay: 2
|
||||||
|
with_items:
|
||||||
|
- "{{ designate_requires_pip_packages }}"
|
||||||
|
tags:
|
||||||
|
- designate-install
|
||||||
|
- designate-pip-packages
|
||||||
|
|
||||||
|
- name: Get local venv checksum
|
||||||
|
stat:
|
||||||
|
path: "/var/cache/{{ designate_venv_download_url | basename }}"
|
||||||
|
get_md5: False
|
||||||
|
when: designate_venv_enabled | bool
|
||||||
|
register: local_venv_stat
|
||||||
|
tags:
|
||||||
|
- designate-install
|
||||||
|
- designate-pip-packages
|
||||||
|
|
||||||
|
- name: Get remote venv checksum
|
||||||
|
uri:
|
||||||
|
url: "{{ designate_venv_download_url | replace('tgz', 'checksum') }}"
|
||||||
|
return_content: True
|
||||||
|
when: designate_venv_enabled | bool
|
||||||
|
register: remote_venv_checksum
|
||||||
|
tags:
|
||||||
|
- designate-install
|
||||||
|
- designate-pip-packages
|
||||||
|
|
||||||
|
- name: Attempt venv download
|
||||||
|
get_url:
|
||||||
|
url: "{{ designate_venv_download_url }}"
|
||||||
|
dest: "/var/cache/{{ designate_venv_download_url | basename }}"
|
||||||
|
force: yes
|
||||||
|
ignore_errors: true
|
||||||
|
register: get_venv
|
||||||
|
when:
|
||||||
|
- designate_venv_enabled | bool
|
||||||
|
- (local_venv_stat.stat.exists == False or
|
||||||
|
{{ local_venv_stat.stat.checksum is defined and local_venv_stat.stat.checksum != remote_venv_checksum.content | trim }})
|
||||||
|
tags:
|
||||||
|
- designate-install
|
||||||
|
- designate-pip-packages
|
||||||
|
|
||||||
|
- name: Set designate get_venv fact
|
||||||
|
set_fact:
|
||||||
|
designate_get_venv: "{{ get_venv }}"
|
||||||
|
when: designate_venv_enabled | bool
|
||||||
|
tags:
|
||||||
|
- designate-install
|
||||||
|
- designate-pip-packages
|
||||||
|
|
||||||
|
- name: Remove existing venv
|
||||||
|
file:
|
||||||
|
path: "{{ designate_venv_bin | dirname }}"
|
||||||
|
state: absent
|
||||||
|
when:
|
||||||
|
- designate_venv_enabled | bool
|
||||||
|
- designate_get_venv | changed
|
||||||
|
tags:
|
||||||
|
- designate-install
|
||||||
|
- designate-pip-packages
|
||||||
|
|
||||||
|
- name: Create designate venv dir
|
||||||
|
file:
|
||||||
|
path: "{{ designate_venv_bin | dirname }}"
|
||||||
|
state: directory
|
||||||
|
when:
|
||||||
|
- designate_venv_enabled | bool
|
||||||
|
- designate_get_venv | changed
|
||||||
|
tags:
|
||||||
|
- designate-install
|
||||||
|
- designate-pip-packages
|
||||||
|
|
||||||
|
- name: Unarchive pre-built venv
|
||||||
|
unarchive:
|
||||||
|
src: "/var/cache/{{ designate_venv_download_url | basename }}"
|
||||||
|
dest: "{{ designate_venv_bin | dirname }}"
|
||||||
|
copy: "no"
|
||||||
|
when:
|
||||||
|
- designate_venv_enabled | bool
|
||||||
|
- designate_get_venv | changed
|
||||||
|
notify:
|
||||||
|
- Restart designate services
|
||||||
|
tags:
|
||||||
|
- designate-install
|
||||||
|
- designate-pip-packages
|
||||||
|
|
||||||
|
- name: Update virtualenv path
|
||||||
|
command: >
|
||||||
|
virtualenv-tools --update-path=auto {{ designate_venv_bin | dirname }}
|
||||||
|
when:
|
||||||
|
- designate_venv_enabled | bool
|
||||||
|
- designate_get_venv | success
|
||||||
|
tags:
|
||||||
|
- designate-install
|
||||||
|
- designate-pip-packages
|
||||||
|
|
||||||
|
- name: Install pip packages (venv)
|
||||||
|
pip:
|
||||||
|
name: "{{ item }}"
|
||||||
|
state: present
|
||||||
|
virtualenv: "{{ designate_venv_bin | dirname }}"
|
||||||
|
virtualenv_site_packages: "no"
|
||||||
|
extra_args: "{{ pip_install_options|default('') }}"
|
||||||
|
register: install_packages
|
||||||
|
until: install_packages|success
|
||||||
|
retries: 5
|
||||||
|
delay: 2
|
||||||
|
with_items:
|
||||||
|
- "{{ designate_pip_packages }}"
|
||||||
|
when:
|
||||||
|
- designate_venv_enabled | bool
|
||||||
|
- designate_get_venv | failed
|
||||||
|
notify:
|
||||||
|
- Restart designate services
|
||||||
|
tags:
|
||||||
|
- designate-install
|
||||||
|
- designate-pip-packages
|
||||||
|
|
||||||
|
|
||||||
|
- name: Install pip packages (no venv)
|
||||||
|
pip:
|
||||||
|
name: "{{ item }}"
|
||||||
|
state: present
|
||||||
|
extra_args: "{{ pip_install_options|default('') }}"
|
||||||
|
register: install_packages
|
||||||
|
until: install_packages|success
|
||||||
|
retries: 5
|
||||||
|
delay: 2
|
||||||
|
with_items:
|
||||||
|
- "{{ designate_pip_packages }}"
|
||||||
|
when: not designate_venv_enabled | bool
|
||||||
|
notify:
|
||||||
|
- Restart designate services
|
||||||
|
tags:
|
||||||
|
- designate-install
|
||||||
|
- designate-pip-packages
|
37
tasks/designate_messaging_setup.yml
Normal file
37
tasks/designate_messaging_setup.yml
Normal file
@ -0,0 +1,37 @@
|
|||||||
|
---
|
||||||
|
# Copyright 2016, Tata Consultancy Services
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
- name: Ensure Rabbitmq vhost
|
||||||
|
rabbitmq_vhost:
|
||||||
|
name: "{{ designate_rabbitmq_vhost }}"
|
||||||
|
state: "present"
|
||||||
|
delegate_to: "{{ groups['rabbitmq_all'][0] }}"
|
||||||
|
tags:
|
||||||
|
- designate-rabbitmq
|
||||||
|
- designate-rabbitmq-vhost
|
||||||
|
|
||||||
|
- name: Ensure rabbitmq user
|
||||||
|
rabbitmq_user:
|
||||||
|
user: "{{ designate_rabbitmq_userid }}"
|
||||||
|
password: "{{ designate_rabbitmq_password }}"
|
||||||
|
vhost: "{{ designate_rabbitmq_vhost }}"
|
||||||
|
configure_priv: ".*"
|
||||||
|
read_priv: ".*"
|
||||||
|
write_priv: ".*"
|
||||||
|
state: "present"
|
||||||
|
delegate_to: "{{ groups['rabbitmq_all'][0] }}"
|
||||||
|
tags:
|
||||||
|
- designate-rabbitmq
|
||||||
|
- designate-rabbitmq-user
|
58
tasks/designate_post_install.yml
Normal file
58
tasks/designate_post_install.yml
Normal file
@ -0,0 +1,58 @@
|
|||||||
|
---
|
||||||
|
# Copyright 2016, Tata Consultancy Services
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
- name: Copy designate config
|
||||||
|
config_template:
|
||||||
|
src: "{{ item.src }}"
|
||||||
|
dest: "{{ item.dest }}"
|
||||||
|
owner: "{{ designate_system_user_name }}"
|
||||||
|
group: "{{ designate_system_group_name }}"
|
||||||
|
mode: "0644"
|
||||||
|
config_overrides: "{{ item.config_overrides }}"
|
||||||
|
config_type: "{{ item.config_type }}"
|
||||||
|
with_items:
|
||||||
|
- src: "designate.conf.j2"
|
||||||
|
dest: "/etc/designate/designate.conf"
|
||||||
|
config_overrides: "{{ designate_designate_conf_overrides }}"
|
||||||
|
config_type: "ini"
|
||||||
|
- src: "api_paste.ini.j2"
|
||||||
|
dest: "/etc/designate/api_paste.ini"
|
||||||
|
config_overrides: "{{ designate_api_paste_ini_overrides }}"
|
||||||
|
config_type: "ini"
|
||||||
|
- src: "policy.json"
|
||||||
|
dest: "/etc/designate/policy.json"
|
||||||
|
config_overrides: "{{ designate_policy_overrides }}"
|
||||||
|
config_type: "json"
|
||||||
|
notify: Restart designate services
|
||||||
|
tags:
|
||||||
|
- designate-config
|
||||||
|
- designate-post-install
|
||||||
|
|
||||||
|
- name: Get designate command path
|
||||||
|
command: which designate
|
||||||
|
register: designate_command_path
|
||||||
|
when:
|
||||||
|
- not designate_venv_enabled | bool
|
||||||
|
tags:
|
||||||
|
- designate-command-bin
|
||||||
|
|
||||||
|
- name: Set designate command path
|
||||||
|
set_fact:
|
||||||
|
designate_bin: "{{ designate_command_path.stdout | dirname }}"
|
||||||
|
when:
|
||||||
|
- not designate_venv_enabled | bool
|
||||||
|
tags:
|
||||||
|
- designate-command-bin
|
||||||
|
|
93
tasks/designate_pre_install.yml
Normal file
93
tasks/designate_pre_install.yml
Normal file
@ -0,0 +1,93 @@
|
|||||||
|
---
|
||||||
|
# Copyright 2016, Tata Consultancy Services
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
- name: Create the system group
|
||||||
|
group:
|
||||||
|
name: "{{ designate_system_group_name }}"
|
||||||
|
state: "present"
|
||||||
|
system: "yes"
|
||||||
|
tags:
|
||||||
|
- designate-group
|
||||||
|
|
||||||
|
- name: Create the designate system user
|
||||||
|
user:
|
||||||
|
name: "{{ designate_system_user_name }}"
|
||||||
|
group: "{{ designate_system_group_name }}"
|
||||||
|
comment: "{{ designate_system_comment }}"
|
||||||
|
shell: "{{ designate_system_shell }}"
|
||||||
|
system: "yes"
|
||||||
|
createhome: "yes"
|
||||||
|
home: "{{ designate_system_user_home }}"
|
||||||
|
tags:
|
||||||
|
- designate-user
|
||||||
|
|
||||||
|
- name: Create designate dir
|
||||||
|
file:
|
||||||
|
path: "{{ item.path }}"
|
||||||
|
state: directory
|
||||||
|
owner: "{{ item.owner|default(designate_system_user_name) }}"
|
||||||
|
group: "{{ item.group|default(designate_system_group_name) }}"
|
||||||
|
mode: "{{ item.mode|default('0755') }}"
|
||||||
|
with_items:
|
||||||
|
- { path: "/etc/designate" }
|
||||||
|
- { path: "{{ designate_system_user_home }}" }
|
||||||
|
- { path: "{{ designate_system_user_home }}/.ssh", mode: "0700" }
|
||||||
|
- { path: "/var/cache/designate", mode: "0700" }
|
||||||
|
tags:
|
||||||
|
- designate-dirs
|
||||||
|
|
||||||
|
- name: Create designate venv dir
|
||||||
|
file:
|
||||||
|
path: "{{ item.path }}"
|
||||||
|
state: directory
|
||||||
|
with_items:
|
||||||
|
- { path: "/openstack/venvs" }
|
||||||
|
- { path: "{{ designate_venv_bin }}" }
|
||||||
|
when: designate_venv_enabled | bool
|
||||||
|
tags:
|
||||||
|
- designate-dirs
|
||||||
|
|
||||||
|
- name: Test for log directory or link
|
||||||
|
shell: |
|
||||||
|
if [ -h "/var/log/designate" ]; then
|
||||||
|
chown -h {{ designate_system_user_name }}:{{ designate_system_group_name }} "/var/log/designate"
|
||||||
|
chown -R {{ designate_system_user_name }}:{{ designate_system_group_name }} "$(readlink /var/log/designate)"
|
||||||
|
else
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
register: log_dir
|
||||||
|
failed_when: false
|
||||||
|
changed_when: log_dir.rc != 0
|
||||||
|
tags:
|
||||||
|
- designate-dirs
|
||||||
|
- designate-logs
|
||||||
|
|
||||||
|
- name: Create designate log dir
|
||||||
|
file:
|
||||||
|
path: "{{ item.path }}"
|
||||||
|
state: directory
|
||||||
|
owner: "{{ item.owner|default(designate_system_user_name) }}"
|
||||||
|
group: "{{ item.group|default(designate_system_group_name) }}"
|
||||||
|
mode: "{{ item.mode|default('0755') }}"
|
||||||
|
with_items:
|
||||||
|
- { path: "/var/log/designate" }
|
||||||
|
when: log_dir.rc != 0
|
||||||
|
tags:
|
||||||
|
- designate-dirs
|
||||||
|
- designate-logs
|
||||||
|
|
||||||
|
- include: designate_messaging_setup.yml
|
||||||
|
when: >
|
||||||
|
inventory_hostname == groups['designate_all'][0]
|
96
tasks/designate_service_add.yml
Normal file
96
tasks/designate_service_add.yml
Normal file
@ -0,0 +1,96 @@
|
|||||||
|
---
|
||||||
|
# Copyright 2016, Tata Consultancy Services
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
- name: Ensure designate service
|
||||||
|
keystone:
|
||||||
|
command: "ensure_service"
|
||||||
|
token: "{{ keystone_auth_admin_token }}"
|
||||||
|
endpoint: "{{ keystone_service_adminurl }}"
|
||||||
|
service_name: "{{ designate_service_name }}"
|
||||||
|
service_type: "{{ designate_service_type }}"
|
||||||
|
description: "{{ designate_service_description }}"
|
||||||
|
insecure: "{{ keystone_service_adminuri_insecure }}"
|
||||||
|
register: add_service
|
||||||
|
until: add_service|success
|
||||||
|
retries: 5
|
||||||
|
delay: 2
|
||||||
|
tags:
|
||||||
|
- designate-setup
|
||||||
|
- designate-service-add
|
||||||
|
|
||||||
|
- name: Ensure designate user
|
||||||
|
keystone:
|
||||||
|
command: "ensure_user"
|
||||||
|
token: "{{ keystone_auth_admin_token }}"
|
||||||
|
endpoint: "{{ keystone_service_adminurl }}"
|
||||||
|
user_name: "{{ designate_service_user_name }}"
|
||||||
|
tenant_name: "{{ designate_service_project_name }}"
|
||||||
|
password: "{{ designate_service_password }}"
|
||||||
|
insecure: "{{ keystone_service_adminuri_insecure }}"
|
||||||
|
register: add_service
|
||||||
|
when: not designate_service_in_ldap | bool
|
||||||
|
until: add_service|success
|
||||||
|
retries: 5
|
||||||
|
delay: 10
|
||||||
|
tags:
|
||||||
|
- designate-setup
|
||||||
|
- designate-service-add
|
||||||
|
|
||||||
|
- name: Ensure designate user to admin role
|
||||||
|
keystone:
|
||||||
|
command: "ensure_user_role"
|
||||||
|
token: "{{ keystone_auth_admin_token }}"
|
||||||
|
endpoint: "{{ keystone_service_adminurl }}"
|
||||||
|
user_name: "{{ designate_service_user_name }}"
|
||||||
|
tenant_name: "{{ designate_service_project_name }}"
|
||||||
|
role_name: "{{ designate_role_name }}"
|
||||||
|
insecure: "{{ keystone_service_adminuri_insecure }}"
|
||||||
|
register: add_service
|
||||||
|
when: not designate_service_in_ldap | bool
|
||||||
|
until: add_service|success
|
||||||
|
retries: 5
|
||||||
|
delay: 10
|
||||||
|
tags:
|
||||||
|
- designate-api-setup
|
||||||
|
- designate-service-add
|
||||||
|
- designate-setup
|
||||||
|
|
||||||
|
|
||||||
|
# Create an endpoint
|
||||||
|
- name: Ensure designate endpoint
|
||||||
|
keystone:
|
||||||
|
command: "ensure_endpoint"
|
||||||
|
token: "{{ keystone_auth_admin_token }}"
|
||||||
|
endpoint: "{{ keystone_service_adminurl }}"
|
||||||
|
region_name: "{{ designate_service_region }}"
|
||||||
|
service_name: "{{ designate_service_name }}"
|
||||||
|
service_type: "{{ designate_service_type }}"
|
||||||
|
insecure: "{{ keystone_service_adminuri_insecure }}"
|
||||||
|
endpoint_list:
|
||||||
|
- url: "{{ designate_service_publicurl }}"
|
||||||
|
interface: "public"
|
||||||
|
- url: "{{ designate_service_adminurl }}"
|
||||||
|
interface: "admin"
|
||||||
|
- url: "{{ designate_service_internalurl }}"
|
||||||
|
interface: "internal"
|
||||||
|
register: add_service
|
||||||
|
until: add_service|success
|
||||||
|
retries: 5
|
||||||
|
delay: 10
|
||||||
|
tags:
|
||||||
|
- designate-setup
|
||||||
|
- designate-service-add
|
||||||
|
|
||||||
|
|
47
tasks/designate_service_setup.yml
Normal file
47
tasks/designate_service_setup.yml
Normal file
@ -0,0 +1,47 @@
|
|||||||
|
---
|
||||||
|
# Copyright 2016, Tata Consultancy Services
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
- include: designate_service_add.yml
|
||||||
|
vars:
|
||||||
|
service_user_name: "{{ designate_service_user_name }}"
|
||||||
|
service_tenant_name: "{{ designate_service_tenant_name }}"
|
||||||
|
service_name: "{{ designate_service_name }}"
|
||||||
|
service_type: "{{ designate_service_type }}"
|
||||||
|
service_region: "{{designate_service_region }}"
|
||||||
|
service_description: "{{ designate_service_description }}"
|
||||||
|
service_password: "{{ designate_service_password }}"
|
||||||
|
service_internalurl: "{{ designate_service_internalurl }}"
|
||||||
|
service_publicurl: "{{ designate_service_publicurl }}"
|
||||||
|
service_adminurl: "{{ designate_service_adminurl }}"
|
||||||
|
role_name: "{{ designate_role_name }}"
|
||||||
|
tags:
|
||||||
|
- designate-add-service
|
||||||
|
|
||||||
|
- include: designate_service_add.yml
|
||||||
|
vars:
|
||||||
|
service_user_name: "{{ designate_service_user_name }}"
|
||||||
|
service_tenant_name: "{{ designate_service_project_name }}"
|
||||||
|
service_name: "{{ designate_service_v2_name }}"
|
||||||
|
service_type: "{{ designate_service_v2_type }}"
|
||||||
|
service_region: "{{ designate_service_region }}"
|
||||||
|
service_description: "{{ designate_service_v2_description }}"
|
||||||
|
service_password: "{{ designate_service_password }}"
|
||||||
|
service_publicurl: "{{ designate_service_v2_publicurl }}"
|
||||||
|
service_internalurl: "{{ designate_service_v2_internalurl }}"
|
||||||
|
service_adminurl: "{{ designate_service_v2_adminurl }}"
|
||||||
|
role_name: "{{ designate_role_name }}"
|
||||||
|
tags:
|
||||||
|
- designate-add-service
|
||||||
|
|
48
tasks/designate_upstart_common_init.yml
Normal file
48
tasks/designate_upstart_common_init.yml
Normal file
@ -0,0 +1,48 @@
|
|||||||
|
---
|
||||||
|
# Copyright 2016, Tata Consultancy Services
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
- name: Place the init script
|
||||||
|
template:
|
||||||
|
src: "designate-upstart-init.j2"
|
||||||
|
dest: "/etc/init/{{ program_name }}.conf"
|
||||||
|
mode: "0644"
|
||||||
|
owner: "root"
|
||||||
|
group: "root"
|
||||||
|
notify:
|
||||||
|
- Restart designate services
|
||||||
|
tags:
|
||||||
|
- upstart-init
|
||||||
|
- designate-init
|
||||||
|
|
||||||
|
- name: Reload init scripts
|
||||||
|
shell: |
|
||||||
|
initctl reload-configuration
|
||||||
|
notify:
|
||||||
|
- Restart designate services
|
||||||
|
tags:
|
||||||
|
- upstart-init
|
||||||
|
- designate-init
|
||||||
|
|
||||||
|
- name: Load service
|
||||||
|
service:
|
||||||
|
name: "{{ program_name }}"
|
||||||
|
enabled: "yes"
|
||||||
|
notify:
|
||||||
|
- Restart designate services
|
||||||
|
tags:
|
||||||
|
- upstart-init
|
||||||
|
- designate-init
|
||||||
|
|
||||||
|
|
71
tasks/designate_upstart_init.yml
Normal file
71
tasks/designate_upstart_init.yml
Normal file
@ -0,0 +1,71 @@
|
|||||||
|
---
|
||||||
|
# Copyright 2016, Tata Consultancy Services
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
- include: designate_upstart_common_init.yml
|
||||||
|
vars:
|
||||||
|
program_name: "{{ designate_api_program_name }}"
|
||||||
|
service_name: "{{ designate_service_name }}"
|
||||||
|
system_user: "{{ designate_system_user_name }}"
|
||||||
|
system_group: "{{ designate_system_group_name }}"
|
||||||
|
service_home: "{{ designate_system_user_home }}"
|
||||||
|
when: inventory_hostname in groups['designate_api']
|
||||||
|
tags:
|
||||||
|
- designate-api-init
|
||||||
|
|
||||||
|
- include: designate_upstart_common_init.yml
|
||||||
|
vars:
|
||||||
|
program_name: "{{ designate_central_program_name }}"
|
||||||
|
service_name: "{{ designate_service_name }}"
|
||||||
|
system_user: "{{ designate_system_user_name }}"
|
||||||
|
system_group: "{{ designate_system_group_name }}"
|
||||||
|
service_home: "{{ designate_system_user_home }}"
|
||||||
|
when: inventory_hostname in groups['designate_central']
|
||||||
|
tags:
|
||||||
|
- designate-central-init
|
||||||
|
|
||||||
|
- include: designate_upstart_common_init.yml
|
||||||
|
vars:
|
||||||
|
program_name: "{{ designate_pool_manager_program_name }}"
|
||||||
|
service_name: "{{ designate_service_name }}"
|
||||||
|
system_user: "{{ designate_system_user_name }}"
|
||||||
|
system_group: "{{ designate_system_group_name }}"
|
||||||
|
service_home: "{{ designate_system_user_home }}"
|
||||||
|
when: inventory_hostname in groups['designate_pool_manager']
|
||||||
|
tags:
|
||||||
|
- designate-pool-manager-init
|
||||||
|
|
||||||
|
- include: designate_upstart_common_init.yml
|
||||||
|
vars:
|
||||||
|
program_name: "{{ designate_mdns_program_name }}"
|
||||||
|
service_name: "{{ designate_service_name }}"
|
||||||
|
system_user: "{{ designate_system_user_name }}"
|
||||||
|
system_group: "{{ designate_system_group_name }}"
|
||||||
|
service_home: "{{ designate_system_user_home }}"
|
||||||
|
when: inventory_hostname in groups['designate_mdns']
|
||||||
|
tags:
|
||||||
|
- designate-mdns-init
|
||||||
|
|
||||||
|
- include: designate_upstart_common_init.yml
|
||||||
|
vars:
|
||||||
|
program_name: "{{ designate_sink_program_name }}"
|
||||||
|
service_name: "{{ designate_service_name }}"
|
||||||
|
system_user: "{{ designate_system_user_name }}"
|
||||||
|
system_group: "{{ designate_system_group_name }}"
|
||||||
|
service_home: "{{ designate_system_user_home }}"
|
||||||
|
when: inventory_hostname in groups['designate_sink']
|
||||||
|
tags:
|
||||||
|
- designate-sink-init
|
||||||
|
|
||||||
|
|
32
tasks/main.yml
Normal file
32
tasks/main.yml
Normal file
@ -0,0 +1,32 @@
|
|||||||
|
---
|
||||||
|
# Copyright 2016, Tata Consultancy Services
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
- include: designate_pre_install.yml
|
||||||
|
- include: designate_install.yml
|
||||||
|
- include: designate_post_install.yml
|
||||||
|
- include: designate_upstart_init.yml
|
||||||
|
|
||||||
|
- include: designate_db_setup.yml
|
||||||
|
when: >
|
||||||
|
inventory_hostname == groups['designate_all'][0]
|
||||||
|
|
||||||
|
- include: designate_service_setup.yml
|
||||||
|
when: >
|
||||||
|
inventory_hostname == groups['designate_all'][0]
|
||||||
|
|
||||||
|
- name: Flush handlers
|
||||||
|
meta: flush_handlers
|
||||||
|
|
||||||
|
|
19
templates/api_paste.ini.j2
Normal file
19
templates/api_paste.ini.j2
Normal file
@ -0,0 +1,19 @@
|
|||||||
|
# designate API WSGI Pipeline
|
||||||
|
# Define the filters that make up the pipeline for processing WSGI requests
|
||||||
|
# Note: This pipeline is PasteDeploy's term rather than designate's pipeline
|
||||||
|
# used for processing samples
|
||||||
|
|
||||||
|
# Remove authtoken from the pipeline if you don't want to use keystone authentication
|
||||||
|
[pipeline:main]
|
||||||
|
pipeline = request_id authtoken api-server
|
||||||
|
|
||||||
|
[app:api-server]
|
||||||
|
paste.app_factory = designate.api.app:app_factory
|
||||||
|
|
||||||
|
[filter:authtoken]
|
||||||
|
paste.filter_factory = keystonemiddleware.auth_token:filter_factory
|
||||||
|
oslo_config_project = designate
|
||||||
|
|
||||||
|
[filter:request_id]
|
||||||
|
paste.filter_factory = oslo_middleware:RequestId.factory
|
||||||
|
|
48
templates/designate-upstart-init.j2
Normal file
48
templates/designate-upstart-init.j2
Normal file
@ -0,0 +1,48 @@
|
|||||||
|
# {{ ansible_managed }}
|
||||||
|
|
||||||
|
# vim:set ft=upstart ts=2 et:
|
||||||
|
|
||||||
|
description "{{ program_name }}"
|
||||||
|
author "Swati Sharma <sharma.swati6@tcs.com>"
|
||||||
|
|
||||||
|
start on runlevel [2345]
|
||||||
|
stop on runlelvel [016]
|
||||||
|
|
||||||
|
respawn
|
||||||
|
respawn limit 10 5
|
||||||
|
|
||||||
|
# Set the RUNBIN environment variable
|
||||||
|
env RUNBIN="/usr/local/bin/{{ program_name }}"
|
||||||
|
|
||||||
|
# Change directory to service users home
|
||||||
|
chdir "{{ service_home }}"
|
||||||
|
|
||||||
|
# Pre start actions
|
||||||
|
pre-start script
|
||||||
|
mkdir -p "/var/run/{{ program_name }}"
|
||||||
|
chown {{ system_user }}:{{ system_group }} "/var/run/{{ program_name }}"
|
||||||
|
|
||||||
|
mkdir -p "/var/lock/{{ program_name }}"
|
||||||
|
chown {{ system_user }}:{{ system_group }} "/var/lock/{{ program_name }}"
|
||||||
|
|
||||||
|
{% if designate_venv_enabled | bool -%}
|
||||||
|
. {{ designate_venv_bin }}/activate
|
||||||
|
{%- endif %}
|
||||||
|
|
||||||
|
end script
|
||||||
|
|
||||||
|
# Post stop actions
|
||||||
|
post-stop script
|
||||||
|
rm "/var/run/{{ program_name }}/{{ program_name }}.pid"
|
||||||
|
end script
|
||||||
|
|
||||||
|
# Run the start up job
|
||||||
|
exec start-stop-daemon --start \
|
||||||
|
--chuid {{ system_user }} \
|
||||||
|
--make-pidfile \
|
||||||
|
--pidfile /var/run/{{ program_name }}/{{ program_name }}.pid \
|
||||||
|
--exec "{{ program_override|default('$RUNBIN') }}" \
|
||||||
|
-- {{ program_config_options|default('') }} \
|
||||||
|
--log-file=/var/log/{{ service_name }}/{{ program_name }}.log
|
||||||
|
|
||||||
|
|
251
templates/designate.conf.j2
Normal file
251
templates/designate.conf.j2
Normal file
@ -0,0 +1,251 @@
|
|||||||
|
[DEFAULT]
|
||||||
|
auth_strategy = keystone
|
||||||
|
verbose = {{ verbose }}
|
||||||
|
debug = {{ debug }}
|
||||||
|
notification_driver = messaging
|
||||||
|
notification_topics = notifications
|
||||||
|
|
||||||
|
[oslo_messaging_rabbit]
|
||||||
|
rpc_backend = rabbit
|
||||||
|
rabbit_port = {{ rabbitmq_port }}
|
||||||
|
rabbit_userid = {{ designate_rabbitmq_userid }}
|
||||||
|
rabbit_password = {{ designate_rabbitmq_password }}
|
||||||
|
rabbit_virtual_host = {{ designate_rabbitmq_vhost }}
|
||||||
|
rabbit_hosts = {{ rabbitmq_servers }}
|
||||||
|
rabbit_use_ssl = {{ rabbitmq_use_ssl }}
|
||||||
|
rabbit_notification_exchange = designate
|
||||||
|
rabbit_notification_topic = notifications
|
||||||
|
|
||||||
|
|
||||||
|
#-----------------------
|
||||||
|
# Keystone Middleware
|
||||||
|
#-----------------------
|
||||||
|
[keystone_authtoken]
|
||||||
|
|
||||||
|
insecure = {{ keystone_service_internaluri_insecure | bool }}
|
||||||
|
auth_plugin = {{ designate_keystone_auth_plugin }}
|
||||||
|
signing_dir = {{ designate_system_user_home }}/cache/api
|
||||||
|
auth_url = {{ keystone_service_adminuri }}
|
||||||
|
auth_uri = {{ keystone_service_internaluri }}
|
||||||
|
project_domain_id = {{ designate_service_project_domain_id }}
|
||||||
|
user_domain_id = {{ designate_service_user_domain_id }}
|
||||||
|
project_name = {{ designate_service_project_name }}
|
||||||
|
username = {{ designate_service_user_name }}
|
||||||
|
password = {{ designate_service_password }}
|
||||||
|
|
||||||
|
memcached_servers = {{ memcached_servers }}
|
||||||
|
|
||||||
|
########################
|
||||||
|
#-----------------------
|
||||||
|
# Central Service
|
||||||
|
#-----------------------
|
||||||
|
[service:central]
|
||||||
|
# Number of central worker processes to spawn
|
||||||
|
#workers = 10
|
||||||
|
|
||||||
|
# Number of central greenthreads to spawn
|
||||||
|
threads = 1000
|
||||||
|
|
||||||
|
# Maximum domain name length
|
||||||
|
max_domain_name_len = 255
|
||||||
|
|
||||||
|
# Maximum recordset name length
|
||||||
|
max_recordset_name_len = 255
|
||||||
|
|
||||||
|
# Minimum TTL
|
||||||
|
#min_ttl = None
|
||||||
|
|
||||||
|
# The name of the default pool
|
||||||
|
default_pool_id = '794ccc2c-d751-44fe-b57f-8894c9f5c842'
|
||||||
|
|
||||||
|
## Managed resources settings
|
||||||
|
|
||||||
|
# Email to use for managed resources like domains created by the FloatingIP API
|
||||||
|
#managed_resource_email = hostmaster@example.com.
|
||||||
|
|
||||||
|
# Tenant ID to own all managed resources - like auto-created records etc.
|
||||||
|
managed_resource_tenant_id = None
|
||||||
|
|
||||||
|
#-----------------------
|
||||||
|
# API Service
|
||||||
|
#-----------------------
|
||||||
|
[service:api]
|
||||||
|
|
||||||
|
threads=1000
|
||||||
|
|
||||||
|
# The base uri used in responses
|
||||||
|
api_base_uri = 'http://10.16.34.6:9001/v1'
|
||||||
|
|
||||||
|
# Address to bind the API server
|
||||||
|
api_host = 0.0.0.0
|
||||||
|
|
||||||
|
# Port to bind the API server
|
||||||
|
api_port = 9001
|
||||||
|
|
||||||
|
# Authentication strategy to use - can be either "noauth" or "keystone"
|
||||||
|
auth_strategy = keystone
|
||||||
|
|
||||||
|
# Enable API Version 1
|
||||||
|
enable_api_v1 = True
|
||||||
|
|
||||||
|
# Enable API Version 2
|
||||||
|
enable_api_v2 = True
|
||||||
|
|
||||||
|
# Enabled API Version 1 extensions
|
||||||
|
enabled_extensions_v1 = diagnostics, quotas, reports, sync, touch
|
||||||
|
|
||||||
|
# Enabled API Version 2 extensions
|
||||||
|
enabled_extensions_v2 = quotas, reports
|
||||||
|
|
||||||
|
# Enable Admin API (experimental)
|
||||||
|
enable_api_admin = False
|
||||||
|
|
||||||
|
# Enabled Admin API extensions
|
||||||
|
# Can be one or more of : reports, quotas, counts, tenants, zones
|
||||||
|
# zone export is in zones extension
|
||||||
|
enabled_extensions_admin = reports, quotas, counts, tenants, zones
|
||||||
|
|
||||||
|
# Default per-page limit for the Admin API, a value of None means show all results
|
||||||
|
# by default
|
||||||
|
default_limit_admin = 20
|
||||||
|
|
||||||
|
# Max page size in the Admin API
|
||||||
|
max_limit_admin = 1000
|
||||||
|
|
||||||
|
|
||||||
|
#-----------------------
|
||||||
|
# mDNS Service
|
||||||
|
#-----------------------
|
||||||
|
[service:mdns]
|
||||||
|
# Number of mdns worker processes to spawn
|
||||||
|
#workers = 10
|
||||||
|
|
||||||
|
# Number of mdns greenthreads to spawn
|
||||||
|
threads = 1000
|
||||||
|
|
||||||
|
# mDNS Bind Host
|
||||||
|
host = 0.0.0.0
|
||||||
|
|
||||||
|
# mDNS Port Number
|
||||||
|
port = 5354
|
||||||
|
|
||||||
|
# mDNS TCP Backlog
|
||||||
|
tcp_backlog = 100
|
||||||
|
|
||||||
|
# mDNS TCP Receive Timeout
|
||||||
|
tcp_recv_timeout = 0.5
|
||||||
|
|
||||||
|
# Enforce all incoming queries (including AXFR) are TSIG signed
|
||||||
|
query_enforce_tsig = False
|
||||||
|
|
||||||
|
# Send all traffic over TCP
|
||||||
|
all_tcp = False
|
||||||
|
|
||||||
|
# Maximum message size to emit
|
||||||
|
max_message_size = 65535
|
||||||
|
|
||||||
|
#-----------------------
|
||||||
|
# Pool Manager Service
|
||||||
|
#-----------------------
|
||||||
|
[service:pool_manager]
|
||||||
|
backends = bind9
|
||||||
|
threads = 1000
|
||||||
|
pool_id = 794ccc2c-d751-44fe-b57f-8894c9f5c842
|
||||||
|
threshold_percentage = 100
|
||||||
|
poll_timeout = 30
|
||||||
|
poll_retry_interval = 15
|
||||||
|
poll_max_retries = 3
|
||||||
|
poll_delay = 5
|
||||||
|
periodic_recovery_interval = 120
|
||||||
|
enable_sync_timer = True
|
||||||
|
periodic_sync_interval = 300
|
||||||
|
cache_driver = memcache
|
||||||
|
|
||||||
|
########################
|
||||||
|
## Storage Configuration
|
||||||
|
########################
|
||||||
|
#-----------------------
|
||||||
|
# SQLAlchemy Storage
|
||||||
|
#-----------------------
|
||||||
|
|
||||||
|
[storage:sqlalchemy]
|
||||||
|
# Database connection string - to configure options for a given implementation
|
||||||
|
# like sqlalchemy or other see below
|
||||||
|
connection = mysql://{{ designate_galera_user }}:{{ designate_container_mysql_password }}@{{ designate_galera_address }}/designate?charset=utf8
|
||||||
|
connection_debug = 100
|
||||||
|
connection_trace = True
|
||||||
|
sqlite_synchronous = True
|
||||||
|
idle_timeout = 3600
|
||||||
|
max_retries = 10
|
||||||
|
retry_interval = 10
|
||||||
|
|
||||||
|
|
||||||
|
[pool_manager_cache:sqlalchemy]
|
||||||
|
connection = mysql://{{ designate_galera_user }}:{{ designate_container_mysql_password }}@{{ designate_galera_address }}/designate_pool_manager?charset=utf8
|
||||||
|
connection_debug = 100
|
||||||
|
connection_trace = False
|
||||||
|
sqlite_synchronous = True
|
||||||
|
idle_timeout = 3600
|
||||||
|
max_retries = 10
|
||||||
|
retry_interval = 10
|
||||||
|
|
||||||
|
#-----------------------
|
||||||
|
# Memcache Pool Manager Cache
|
||||||
|
#-----------------------
|
||||||
|
[pool_manager_cache:memcache]
|
||||||
|
memcached_servers = None
|
||||||
|
expiration = 3600
|
||||||
|
|
||||||
|
#############################
|
||||||
|
## Pool Backend Configuration
|
||||||
|
#############################
|
||||||
|
#-----------------------
|
||||||
|
# Global Bind9 Pool Backend
|
||||||
|
#-----------------------
|
||||||
|
#[backend:bind9]
|
||||||
|
#server_ids = 6a5032b6-2d96-43ee-b25b-7d784e2bf3b2
|
||||||
|
#masters = 10.16.34.6:5354
|
||||||
|
#rndc_host = 10.16.34.6
|
||||||
|
#rndc_port = 953
|
||||||
|
#rndc_config_file = /etc/rndc.conf
|
||||||
|
#rndc_key_file = /etc/rndc.key
|
||||||
|
|
||||||
|
#-----------------------
|
||||||
|
# Server Specific Bind9 Pool Backend
|
||||||
|
#-----------------------
|
||||||
|
#[backend:bind9:6a5032b6-2d96-43ee-b25b-7d784e2bf3b2]
|
||||||
|
#host = 10.16.34.6
|
||||||
|
#port = 53
|
||||||
|
|
||||||
|
#####################
|
||||||
|
## Pool Configuration
|
||||||
|
#####################
|
||||||
|
|
||||||
|
# This section does not have the defaults filled in but demonstrates an
|
||||||
|
# example pool / server set up. Different backends will have different options.
|
||||||
|
|
||||||
|
[pool:794ccc2c-d751-44fe-b57f-8894c9f5c842]
|
||||||
|
nameservers = 0f66b842-96c2-4189-93fc-1dc95a08b012
|
||||||
|
targets = f26e0b32-736f-4f0a-831b-039a415c481e
|
||||||
|
#also_notifies = 192.0.2.1:53, 192.0.2.2:53
|
||||||
|
|
||||||
|
[pool_nameserver:0f66b842-96c2-4189-93fc-1dc95a08b012]
|
||||||
|
port = 53
|
||||||
|
host = 10.16.34.6
|
||||||
|
|
||||||
|
[pool_target:f26e0b32-736f-4f0a-831b-039a415c481e]
|
||||||
|
options = rndc_host: 10.16.34.6, rndc_port: 953, rndc_config_file: /etc/bind/rndc.conf, rndc_key_file: /etc/bind/rndc.key, port: 53, host: 10.16.34.6, clean_zonefile: false
|
||||||
|
masters = 10.16.34.6:5354
|
||||||
|
type = bind9
|
||||||
|
|
||||||
|
|
||||||
|
[service:sink]
|
||||||
|
|
||||||
|
enabled_notification_handlers = nova_fixed
|
||||||
|
|
||||||
|
[handler:nova_fixed]
|
||||||
|
# Domain ID of domain to create records in. Should be pre-created
|
||||||
|
notification_topics = notifications
|
||||||
|
control_exchange = 'nova'
|
||||||
|
zone_id = e7192aa3-294b-491c-a2e7-3624e87f0af1
|
||||||
|
format = '%(instance_id)s.%(zone)s'
|
125
templates/policy.json
Normal file
125
templates/policy.json
Normal file
@ -0,0 +1,125 @@
|
|||||||
|
{
|
||||||
|
"admin": "role:admin or is_admin:True",
|
||||||
|
"primary_zone": "target.zone_type:SECONDARY",
|
||||||
|
|
||||||
|
"owner": "tenant:%(tenant_id)s",
|
||||||
|
"admin_or_owner": "rule:admin or rule:owner",
|
||||||
|
"target": "tenant:%(target_tenant_id)s",
|
||||||
|
"owner_or_target":"rule:target or rule:owner",
|
||||||
|
"admin_or_owner_or_target":"rule:owner_or_target or rule:admin",
|
||||||
|
"admin_or_target":"rule:admin or rule:target",
|
||||||
|
|
||||||
|
"zone_primary_or_admin": "('PRIMARY':%(zone_type)s and rule:admin_or_owner) OR ('SECONDARY':%(zone_type)s AND is_admin:True)",
|
||||||
|
|
||||||
|
"default": "rule:admin_or_owner",
|
||||||
|
|
||||||
|
"all_tenants": "rule:admin",
|
||||||
|
|
||||||
|
"edit_managed_records" : "rule:admin",
|
||||||
|
|
||||||
|
"use_low_ttl": "rule:admin",
|
||||||
|
|
||||||
|
"get_quotas": "rule:admin_or_owner",
|
||||||
|
"get_quota": "rule:admin_or_owner",
|
||||||
|
"set_quota": "rule:admin",
|
||||||
|
"reset_quotas": "rule:admin",
|
||||||
|
|
||||||
|
"create_tld": "rule:admin",
|
||||||
|
"find_tlds": "rule:admin",
|
||||||
|
"get_tld": "rule:admin",
|
||||||
|
"update_tld": "rule:admin",
|
||||||
|
"delete_tld": "rule:admin",
|
||||||
|
|
||||||
|
"create_tsigkey": "rule:admin",
|
||||||
|
"find_tsigkeys": "rule:admin",
|
||||||
|
"get_tsigkey": "rule:admin",
|
||||||
|
"update_tsigkey": "rule:admin",
|
||||||
|
"delete_tsigkey": "rule:admin",
|
||||||
|
|
||||||
|
"find_tenants": "rule:admin",
|
||||||
|
"get_tenant": "rule:admin",
|
||||||
|
"count_tenants": "rule:admin",
|
||||||
|
|
||||||
|
"create_zone": "rule:admin_or_owner",
|
||||||
|
"get_zones": "rule:admin_or_owner",
|
||||||
|
"get_zone": "rule:admin_or_owner",
|
||||||
|
"get_zone_servers": "rule:admin_or_owner",
|
||||||
|
"find_zones": "rule:admin_or_owner",
|
||||||
|
"find_zone": "rule:admin_or_owner",
|
||||||
|
"update_zone": "rule:admin_or_owner",
|
||||||
|
"delete_zone": "rule:admin_or_owner",
|
||||||
|
"xfr_zone": "rule:admin_or_owner",
|
||||||
|
"abandon_zone": "rule:admin",
|
||||||
|
"count_zones": "rule:admin_or_owner",
|
||||||
|
"purge_zones": "rule:admin",
|
||||||
|
"touch_zone": "rule:admin_or_owner",
|
||||||
|
|
||||||
|
"create_recordset": "rule:zone_primary_or_admin",
|
||||||
|
"get_recordsets": "rule:admin_or_owner",
|
||||||
|
"get_recordset": "rule:admin_or_owner",
|
||||||
|
"find_recordsets": "rule:admin_or_owner",
|
||||||
|
"find_recordset": "rule:admin_or_owner",
|
||||||
|
"update_recordset": "rule:zone_primary_or_admin",
|
||||||
|
"delete_recordset": "rule:zone_primary_or_admin",
|
||||||
|
"count_recordset": "rule:admin_or_owner",
|
||||||
|
|
||||||
|
"create_record": "rule:admin_or_owner",
|
||||||
|
"get_records": "rule:admin_or_owner",
|
||||||
|
"get_record": "rule:admin_or_owner",
|
||||||
|
"find_records": "rule:admin_or_owner",
|
||||||
|
"find_record": "rule:admin_or_owner",
|
||||||
|
"update_record": "rule:admin_or_owner",
|
||||||
|
"delete_record": "rule:admin_or_owner",
|
||||||
|
"count_records": "rule:admin_or_owner",
|
||||||
|
|
||||||
|
"use_sudo": "rule:admin",
|
||||||
|
|
||||||
|
"create_blacklist": "rule:admin",
|
||||||
|
"find_blacklist": "rule:admin",
|
||||||
|
"find_blacklists": "rule:admin",
|
||||||
|
"get_blacklist": "rule:admin",
|
||||||
|
"update_blacklist": "rule:admin",
|
||||||
|
"delete_blacklist": "rule:admin",
|
||||||
|
"use_blacklisted_domain": "rule:admin",
|
||||||
|
|
||||||
|
"create_pool": "rule:admin",
|
||||||
|
"find_pools": "rule:admin",
|
||||||
|
"find_pool": "rule:admin",
|
||||||
|
"get_pool": "rule:admin",
|
||||||
|
"update_pool": "rule:admin",
|
||||||
|
"delete_pool": "rule:admin",
|
||||||
|
|
||||||
|
"diagnostics_ping": "rule:admin",
|
||||||
|
"diagnostics_sync_domains": "rule:admin",
|
||||||
|
"diagnostics_sync_domain": "rule:admin",
|
||||||
|
"diagnostics_sync_record": "rule:admin",
|
||||||
|
|
||||||
|
"create_zone_transfer_request": "rule:admin_or_owner",
|
||||||
|
"get_zone_transfer_request": "rule:admin_or_owner or tenant:%(target_tenant_id)s or None:%(target_tenant_id)s",
|
||||||
|
"get_zone_transfer_request_detailed": "rule:admin_or_owner",
|
||||||
|
"find_zone_transfer_requests": "@",
|
||||||
|
"find_zone_transfer_request": "@",
|
||||||
|
"update_zone_transfer_request": "rule:admin_or_owner",
|
||||||
|
"delete_zone_transfer_request": "rule:admin_or_owner",
|
||||||
|
|
||||||
|
"create_zone_transfer_accept": "rule:admin_or_owner or tenant:%(target_tenant_id)s or None:%(target_tenant_id)s",
|
||||||
|
"get_zone_transfer_accept": "rule:admin_or_owner",
|
||||||
|
"find_zone_transfer_accepts": "rule:admin",
|
||||||
|
"find_zone_transfer_accept": "rule:admin",
|
||||||
|
"update_zone_transfer_accept": "rule:admin",
|
||||||
|
"delete_zone_transfer_accept": "rule:admin",
|
||||||
|
|
||||||
|
"create_zone_import": "rule:admin_or_owner",
|
||||||
|
"find_zone_imports": "rule:admin_or_owner",
|
||||||
|
"get_zone_import": "rule:admin_or_owner",
|
||||||
|
"update_zone_import": "rule:admin_or_owner",
|
||||||
|
"delete_zone_import": "rule:admin_or_owner",
|
||||||
|
|
||||||
|
"zone_export": "rule:admin_or_owner",
|
||||||
|
"create_zone_export": "rule:admin_or_owner",
|
||||||
|
"find_zone_exports": "rule:admin_or_owner",
|
||||||
|
"get_zone_export": "rule:admin_or_owner",
|
||||||
|
"update_zone_export": "rule:admin_or_owner",
|
||||||
|
"delete_zone_export": "rule:admin_or_owner"
|
||||||
|
}
|
||||||
|
|
3
vars/main.yml
Normal file
3
vars/main.yml
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
---
|
||||||
|
# vars file for os_designate/
|
||||||
|
|
Loading…
x
Reference in New Issue
Block a user