openstack/openstack-ansible-os_designate
Code Issues Proposed changes

Initial commit

Browse Source
This commit is contained in:
sharmaswati6 2015-12-09 17:30:54 +05:30 committed by Jesse Pretorius
commit 8d6686ef54
26 changed files with 1633 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
README.md Normal file
View File

@ -0,0 +1,39 @@
Role Name
=========
A brief description of the role goes here.
Requirements
------------
Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
Role Variables
--------------
A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
Dependencies
------------
A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
Example Playbook
----------------
Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
- hosts: servers
roles:
- { role: username.rolename, x: 42 }
License
-------
BSD
Author Information
------------------
An optional section for the role authors to include contact information, or a website (HTML is not allowed).

146
defaults/main.yml Normal file
View File

@ -0,0 +1,146 @@
---
# Copyright 2016, Tata Consultancy Services
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
## Verbosity Options
debug: False
verbose: True
# Name of the virtual env to deploy into
designate_venv_tag: untagged
designate_venv_bin: "/openstack/venvs/designate-{{ designate_venv_tag }}/bin"
# Set this to enable or disable installing in a venv
designate_venv_enabled: true
# The bin path defaults to the venv path however if installation in a
# venv is disabled the bin path will be dynamically set based on the
# system path used when the installing.
designate_bin: "{{ designate_venv_bin }}"
# Set the etc dir path where designate is installed.
# This is used for role access to the db migrations.
# Example:
# designate_etc_dir: "/usr/local/etc/designate"
designate_venv_etc_dir: "{{ designate_bin | dirname }}/etc/designate"
designate_non_venv_etc_dir: "/usr/local/etc/designate"
designate_etc_dir: "{{ (designate_venv_enabled | bool) | ternary(designate_venv_etc_dir, designate_non_venv_etc_dir) }}"
designate_venv_download_url: http://127.0.0.1/venvs/untagged/ubuntu/designate.tgz
## System info
designate_system_user_name: designate
designate_system_group_name: designate
designate_system_shell: /bin/false
designate_system_comment: designate system user
designate_system_user_home: "/var/lib/{{ designate_system_user_name }}"
## DB info
designate_galera_user: designate
designate_galera_password: "{{ designate_container_mysql_password }}"
designate_galera_database: designate
## RabbitMQ info
designate_rabbitmq_userid: designate
designate_rabbitmq_vhost: /designate
# Enable/Disable Ceilometer
designate_ceilometer_enabled: False
# Designate API's enabled
designate_enable_v1_api: true
designate_enable_v2_api: true
#Designate services info
designate_role_name: admin
designate_central_program_name: designate-central
designate_pool_manager_program_name: designate-pool-manager
designate_mdns_program_name: designate-mdns
designate_sink_program_name: designate-sink
designate_api_program_name: designate-api
## Service Type and Data
designate_service_region: RegionOne
designate_service_endpoint_type: internalURL
designate_service_name: designate
designate_service_port: 9001
designate_service_proto: http
designate_service_type: dns
designate_service_description: "DNS as a service"
designate_service_project_domain_id: default
designate_service_user_domain_id: default
designate_service_user_name: designate
designate_keystone_auth_plugin: password
designate_service_tenant_name: service
designate_service_project_name: service
designate_service_publicuri: "{{ designate_service_proto }}://{{ external_lb_vip_address }}:{{ designate_service_port }}"
designate_service_publicurl: "{{ designate_service_publicuri }}/v1"
designate_service_internaluri: "{{ designate_service_proto }}://{{ internal_lb_vip_address }}:{{ designate_service_port }}"
designate_service_internalurl: "{{ designate_service_internaluri }}/v1"
designate_service_adminuri: "{{ designate_service_proto }}://{{ internal_lb_vip_address }}:{{ designate_service_port }}"
designate_service_adminurl: "{{ designate_service_adminuri }}/v1"
designate_service_v2_name: designatev2
designate_service_v2_port: 9001
designate_service_v2_proto: http
designate_service_v2_type: dnsv2
designate_service_v2_description: "DNS Service V2"
designate_service_v2_publicuri: "{{ cinder_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ cinder_service_port }}"
designate_service_v2_publicuri: "{{ designate_service_proto }}://{{ external_lb_vip_address }}:{{ designate_service_port }}"
designate_service_v2_publicurl: "{{ designate_service_publicuri }}/v2"
designate_service_v2_internaluri: "{{ designate_service_proto }}://{{ internal_lb_vip_address }}:{{ designate_service_port }}"
designate_service_v2_internalurl: "{{ designate_service_internaluri }}/v2"
designate_service_v2_adminuri: "{{ designate_service_proto }}://{{ internal_lb_vip_address }}:{{ designate_service_port }}"
designate_service_v2_adminurl: "{{ designate_service_adminuri }}/v2"
designate_service_in_ldap: false
# Common apt packages
designate_apt_packages:
- rpcbind
- bind9
- pdns-server
- pdns-backend-mysql
# designate packages that must be installed before anything else
designate_requires_pip_packages:
- virtualenv
- virtualenv-tools
- python-keystoneclient # Keystoneclient needed to OSA keystone lib
- httplib2
# Common pip packages
designate_pip_packages:
- designate
- python-designateclient
- MySQL-python
- python-memcached
- pycrypto
- warlock
## Service Names
designate_service_names:
- "designate-api"
- "designate-central"
- "designate-pool-manager"
- "designate-mdns"
- "designate-sink"
## Tunable overrides
designate_policy_overrides: {}
designate_designate_conf_overrides: {}
designate_api_paste_ini_overrides: {}

3
extras/conf.d/designate.yml.aio Normal file
View File

@ -0,0 +1,3 @@
dnsaas_hosts:
aio1:
ip: 172.29.236.100

53
extras/env.d/designate.yml Normal file
View File

@ -0,0 +1,53 @@
---
# Copyright 2016, Tata Consultancy Services
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
component_skel:
designate_api:
belongs_to:
- designate_all
designate_central:
belongs_to:
- designate_all
designate_mdns:
belongs_to:
- designate_all
designate_pool_manager:
belongs_to:
- designate_all
designate_sink:
belongs_to:
- designate_all
container_skel:
designate_container:
belongs_to:
- dnsaas_containers
contains:
- designate_api
- designate_central
- designate_mdns
- designate_pool_manager
- designate_sink
properties:
service_name: designate
container_release: trusty
physical_skel:
dnsaas_containers:
belongs_to:
- all_containers
dnsaas_hosts:
belongs_to:
- hosts

13
extras/group_vars_designate.yml Normal file
View File

@ -0,0 +1,13 @@
## Designate
designate_service_port: 9001
designate_service_proto: http
designate_service_adminuri_proto: "{{ openstack_service_adminuri_proto | default(designate_service_proto) }}"
designate_service_user_name: designate
designate_service_project_name: service
designate_service_project_domain_id: default
designate_service_user_domain_id: default
designate_service_adminuri: "{{ designate_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ designate_service_port }}"
designate_service_adminurl: "{{ designate_service_adminuri }}"
designate_service_region: "{{ service_region }}"
designate_rabbitmq_userid: designate
designate_rabbitmq_vhost: /designate

10
extras/haproxy_designate.yml Normal file
View File

@ -0,0 +1,10 @@
haproxy_service_configs:
- service:
haproxy_service_name: designate_api
haproxy_backend_nodes: "{{ groups['designate_api'] | default([]) }}"
haproxy_port: 9191
haproxy_balance_type: http
haproxy_backend_options:
- "forwardfor"
- "httpchk /versions"
- "httplog"

99
extras/os-designate-install.yml Normal file
View File

@ -0,0 +1,99 @@
---
# Copyright 2016, Tata Consultancy Services
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Install the designate components
hosts: designate_all
max_fail_percentage: 20
user: root
pre_tasks:
- name: Use the lxc-openstack aa profile
lxc_container:
name: "{{ container_name }}"
container_config:
- "lxc.aa_profile=lxc-openstack"
delegate_to: "{{ physical_host }}"
when: not is_metal | bool
register: container_config
tags:
- lxc-aa-profile
- name: Wait for container ssh
wait_for:
port: "22"
delay: "{{ ssh_delay }}"
search_regex: "OpenSSH"
host: "{{ ansible_ssh_host }}"
delegate_to: "{{ physical_host }}"
when: container_config is defined and container_config | changed
register: ssh_wait_check
until: ssh_wait_check | success
retries: 3
tags:
- ssh-wait
- name: Sort the rabbitmq servers
dist_sort:
value_to_lookup: "{{ container_name }}"
ref_list: "{{ groups['designate_all'] }}"
src_list: "{{ rabbitmq_servers }}"
register: servers
- name: Set rabbitmq servers
set_fact:
rabbitmq_servers: "{{ servers.sorted_list }}"
- name: Create log dir
file:
path: "{{ item.path }}"
state: directory
with_items:
- { path: "/openstack/log/{{ inventory_hostname }}-designate" }
when: is_metal | bool
tags:
- designate-logs
- designate-log-dirs
- name: Create log aggregation links
file:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
state: "{{ item.state }}"
force: "yes"
with_items:
- { src: "/openstack/log/{{ inventory_hostname }}-designate", dest: "/var/log/designate", state: "link" }
when: is_metal | bool
tags:
- designate-logs
roles:
- role: "os_designate"
designate_galera_address: "{{ galera_address }}"
designate_venv_tag: "{{ openstack_release }}"
designate_venv_download_url: "{{ openstack_repo_url }}/venvs/{{ openstack_release }}/{{ ansible_distribution | lower }}/designate-{{ openstack_release }}.tgz"
tags:
- "os-designate"
- { role: "openstack_openrc", tags: [ "openstack-openrc" ] }
- role: "rsyslog_client"
rsyslog_client_log_rotate_file: designate_log_rotate
rsyslog_client_log_dir: "/var/log/designate"
rsyslog_client_config_name: "99-designate-rsyslog-client.conf"
tags:
- "designate-rsyslog-client"
- "rsyslog-client"
- role: "system_crontab_coordination"
tags:
- "system-crontab-coordination"
vars_files:
- defaults/repo_packages/openstack_services.yml
vars:
galera_address: "{{ internal_lb_vip_address }}"
designate_galera_address: "{{ internal_lb_vip_address }}"
ansible_hostname: "{{ container_name }}"
is_metal: "{{ properties.is_metal|default(false) }}"

4
extras/repo_designate.yml Normal file
View File

@ -0,0 +1,4 @@
## Designate service
designate_git_repo: https://git.openstack.org/openstack/designate
designate_git_install_branch: 6622e9493668f5bf3178bfc0a7c6fe53d1e2d89e # HEAD of "stable/liberty" as of 07.03.2016
designate_git_dest: "/opt/designate_{{ designate_git_install_branch | replace('/', '_') }}"

2
extras/user_secrets_designate.yml Normal file
View File

@ -0,0 +1,2 @@
designate_container_mysql_password:
designate_service_password:

52
handlers/main.yml Normal file
View File

@ -0,0 +1,52 @@
# Copyright 2016, Tata Consultancy Services
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Restart designate api
service:
name: "{{ designate_api_program_name }}"
state: "restarted"
pattern: "{{ designate_api_program_name }}"
- name: Restart designate central
service:
name: "{{ designate_central_program_name }}"
state: "restarted"
pattern: "{{ designate_central_program_name }}"
- name: Restart designate pool-manager
service:
name: "{{ designate_pool_manager_program_name }}"
state: "restarted"
pattern: "{{ designate_pool_manager_program_name }}"
- name: Restart designate mdns
service:
name: "{{ designate_mdns_program_name }}"
state: "restarted"
pattern: "{{ designate_mdns_program_name }}"
- name: Restart designate sink
service:
name: "{{ designate_sink_program_name }}"
state: "restarted"
pattern: "{{ designate_sink_program_name }}"
- name: Restart designate services
service:
name: "{{ item }}"
state: "restarted"
pattern: "{{ item }}"
with_items: designate_service_names
failed_when: false

37
meta/main.yml Normal file
View File

@ -0,0 +1,37 @@
---
# Copyright 2016, Tata Consultancy Services
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
galaxy_info:
author: rcbops
description: Installation and setup of designate
company: Rackspace
license: Apache2
min_ansible_version: 1.6.6
platforms:
- name: Ubuntu
versions:
- trusty
categories:
- cloud
- python
- designate
- development
- openstack
dependencies:
- apt_package_pinning
- galera_client
- openstack_openrc
- pip_lock_down

49
tasks/designate_db_setup.yml Normal file
View File

@ -0,0 +1,49 @@
---
# Copyright 2016, Tata Consultancy Services
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Create DB for service
mysql_db:
login_user: "{{ galera_root_user }}"
login_password: "{{ galera_root_password }}"
login_host: "{{ designate_galera_address }}"
name: "{{ designate_galera_database }}"
state: "present"
tags:
- designate-db-setup
- name: Grant access to the DB for the service
mysql_user:
login_user: "{{ galera_root_user }}"
login_password: "{{ galera_root_password }}"
login_host: "{{ designate_galera_address }}"
name: "{{ designate_galera_user }}"
password: "{{ designate_container_mysql_password }}"
host: "{{ item }}"
state: "present"
priv: "{{ designate_galera_database }}.*:ALL"
with_items:
- "localhost"
- "%"
tags:
- designate-db-setup
- name: Perform a Designate DB sync
command: designate-manage database sync
sudo: yes
sudo_user: "{{ designate_system_user_name }}"
tags:
- designate-db-sync
- designate-setup

198
tasks/designate_install.yml Normal file
View File

@ -0,0 +1,198 @@
---
# Copyright 2016, Tata Consultancy Services
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Update apt sources
apt:
update_cache: yes
cache_valid_time: 600
register: apt_update
until: apt_update|success
retries: 5
delay: 2
tags:
- designate-apt-packages
- name: Install apt packages
apt:
pkg: "{{ item }}"
state: latest
register: install_packages
until: install_packages|success
retries: 5
delay: 2
with_items: designate_apt_packages
tags:
- designate-install
- designate-apt-packages
- name: Install pip packages
pip:
name: "{{ item }}"
state: present
extra_args: "{{ pip_install_options|default('') }}"
register: install_packages
until: install_packages|success
retries: 5
delay: 2
with_items:
- "{{ designate_pip_packages }}"
tags:
- designate-install
- designate-pip-packages
- name: Install requires pip packages
pip:
name: "{{ item }}"
state: present
extra_args: "{{ pip_install_options|default('') }}"
register: install_packages
until: install_packages|success
retries: 5
delay: 2
with_items:
- "{{ designate_requires_pip_packages }}"
tags:
- designate-install
- designate-pip-packages
- name: Get local venv checksum
stat:
path: "/var/cache/{{ designate_venv_download_url | basename }}"
get_md5: False
when: designate_venv_enabled | bool
register: local_venv_stat
tags:
- designate-install
- designate-pip-packages
- name: Get remote venv checksum
uri:
url: "{{ designate_venv_download_url | replace('tgz', 'checksum') }}"
return_content: True
when: designate_venv_enabled | bool
register: remote_venv_checksum
tags:
- designate-install
- designate-pip-packages
- name: Attempt venv download
get_url:
url: "{{ designate_venv_download_url }}"
dest: "/var/cache/{{ designate_venv_download_url | basename }}"
force: yes
ignore_errors: true
register: get_venv
when:
- designate_venv_enabled | bool
- (local_venv_stat.stat.exists == False or
{{ local_venv_stat.stat.checksum is defined and local_venv_stat.stat.checksum != remote_venv_checksum.content | trim }})
tags:
- designate-install
- designate-pip-packages
- name: Set designate get_venv fact
set_fact:
designate_get_venv: "{{ get_venv }}"
when: designate_venv_enabled | bool
tags:
- designate-install
- designate-pip-packages
- name: Remove existing venv
file:
path: "{{ designate_venv_bin | dirname }}"
state: absent
when:
- designate_venv_enabled | bool
- designate_get_venv | changed
tags:
- designate-install
- designate-pip-packages
- name: Create designate venv dir
file:
path: "{{ designate_venv_bin | dirname }}"
state: directory
when:
- designate_venv_enabled | bool
- designate_get_venv | changed
tags:
- designate-install
- designate-pip-packages
- name: Unarchive pre-built venv
unarchive:
src: "/var/cache/{{ designate_venv_download_url | basename }}"
dest: "{{ designate_venv_bin | dirname }}"
copy: "no"
when:
- designate_venv_enabled | bool
- designate_get_venv | changed
notify:
- Restart designate services
tags:
- designate-install
- designate-pip-packages
- name: Update virtualenv path
command: >
virtualenv-tools --update-path=auto {{ designate_venv_bin | dirname }}
when:
- designate_venv_enabled | bool
- designate_get_venv | success
tags:
- designate-install
- designate-pip-packages
- name: Install pip packages (venv)
pip:
name: "{{ item }}"
state: present
virtualenv: "{{ designate_venv_bin | dirname }}"
virtualenv_site_packages: "no"
extra_args: "{{ pip_install_options|default('') }}"
register: install_packages
until: install_packages|success
retries: 5
delay: 2
with_items:
- "{{ designate_pip_packages }}"
when:
- designate_venv_enabled | bool
- designate_get_venv | failed
notify:
- Restart designate services
tags:
- designate-install
- designate-pip-packages
- name: Install pip packages (no venv)
pip:
name: "{{ item }}"
state: present
extra_args: "{{ pip_install_options|default('') }}"
register: install_packages
until: install_packages|success
retries: 5
delay: 2
with_items:
- "{{ designate_pip_packages }}"
when: not designate_venv_enabled | bool
notify:
- Restart designate services
tags:
- designate-install
- designate-pip-packages

37
tasks/designate_messaging_setup.yml Normal file
View File

@ -0,0 +1,37 @@
---
# Copyright 2016, Tata Consultancy Services
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Ensure Rabbitmq vhost
rabbitmq_vhost:
name: "{{ designate_rabbitmq_vhost }}"
state: "present"
delegate_to: "{{ groups['rabbitmq_all'][0] }}"
tags:
- designate-rabbitmq
- designate-rabbitmq-vhost
- name: Ensure rabbitmq user
rabbitmq_user:
user: "{{ designate_rabbitmq_userid }}"
password: "{{ designate_rabbitmq_password }}"
vhost: "{{ designate_rabbitmq_vhost }}"
configure_priv: ".*"
read_priv: ".*"
write_priv: ".*"
state: "present"
delegate_to: "{{ groups['rabbitmq_all'][0] }}"
tags:
- designate-rabbitmq
- designate-rabbitmq-user

58
tasks/designate_post_install.yml Normal file
View File

@ -0,0 +1,58 @@
---
# Copyright 2016, Tata Consultancy Services
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Copy designate config
config_template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: "{{ designate_system_user_name }}"
group: "{{ designate_system_group_name }}"
mode: "0644"
config_overrides: "{{ item.config_overrides }}"
config_type: "{{ item.config_type }}"
with_items:
- src: "designate.conf.j2"
dest: "/etc/designate/designate.conf"
config_overrides: "{{ designate_designate_conf_overrides }}"
config_type: "ini"
- src: "api_paste.ini.j2"
dest: "/etc/designate/api_paste.ini"
config_overrides: "{{ designate_api_paste_ini_overrides }}"
config_type: "ini"
- src: "policy.json"
dest: "/etc/designate/policy.json"
config_overrides: "{{ designate_policy_overrides }}"
config_type: "json"
notify: Restart designate services
tags:
- designate-config
- designate-post-install
- name: Get designate command path
command: which designate
register: designate_command_path
when:
- not designate_venv_enabled | bool
tags:
- designate-command-bin
- name: Set designate command path
set_fact:
designate_bin: "{{ designate_command_path.stdout | dirname }}"
when:
- not designate_venv_enabled | bool
tags:
- designate-command-bin

93
tasks/designate_pre_install.yml Normal file
View File

@ -0,0 +1,93 @@
---
# Copyright 2016, Tata Consultancy Services
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Create the system group
group:
name: "{{ designate_system_group_name }}"
state: "present"
system: "yes"
tags:
- designate-group
- name: Create the designate system user
user:
name: "{{ designate_system_user_name }}"
group: "{{ designate_system_group_name }}"
comment: "{{ designate_system_comment }}"
shell: "{{ designate_system_shell }}"
system: "yes"
createhome: "yes"
home: "{{ designate_system_user_home }}"
tags:
- designate-user
- name: Create designate dir
file:
path: "{{ item.path }}"
state: directory
owner: "{{ item.owner|default(designate_system_user_name) }}"
group: "{{ item.group|default(designate_system_group_name) }}"
mode: "{{ item.mode|default('0755') }}"
with_items:
- { path: "/etc/designate" }
- { path: "{{ designate_system_user_home }}" }
- { path: "{{ designate_system_user_home }}/.ssh", mode: "0700" }
- { path: "/var/cache/designate", mode: "0700" }
tags:
- designate-dirs
- name: Create designate venv dir
file:
path: "{{ item.path }}"
state: directory
with_items:
- { path: "/openstack/venvs" }
- { path: "{{ designate_venv_bin }}" }
when: designate_venv_enabled | bool
tags:
- designate-dirs
- name: Test for log directory or link
shell: |
if [ -h "/var/log/designate" ]; then
chown -h {{ designate_system_user_name }}:{{ designate_system_group_name }} "/var/log/designate"
chown -R {{ designate_system_user_name }}:{{ designate_system_group_name }} "$(readlink /var/log/designate)"
else
exit 1
fi
register: log_dir
failed_when: false
changed_when: log_dir.rc != 0
tags:
- designate-dirs
- designate-logs
- name: Create designate log dir
file:
path: "{{ item.path }}"
state: directory
owner: "{{ item.owner|default(designate_system_user_name) }}"
group: "{{ item.group|default(designate_system_group_name) }}"
mode: "{{ item.mode|default('0755') }}"
with_items:
- { path: "/var/log/designate" }
when: log_dir.rc != 0
tags:
- designate-dirs
- designate-logs
- include: designate_messaging_setup.yml
when: >
inventory_hostname == groups['designate_all'][0]

96
tasks/designate_service_add.yml Normal file
View File

@ -0,0 +1,96 @@
---
# Copyright 2016, Tata Consultancy Services
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Ensure designate service
keystone:
command: "ensure_service"
token: "{{ keystone_auth_admin_token }}"
endpoint: "{{ keystone_service_adminurl }}"
service_name: "{{ designate_service_name }}"
service_type: "{{ designate_service_type }}"
description: "{{ designate_service_description }}"
insecure: "{{ keystone_service_adminuri_insecure }}"
register: add_service
until: add_service|success
retries: 5
delay: 2
tags:
- designate-setup
- designate-service-add
- name: Ensure designate user
keystone:
command: "ensure_user"
token: "{{ keystone_auth_admin_token }}"
endpoint: "{{ keystone_service_adminurl }}"
user_name: "{{ designate_service_user_name }}"
tenant_name: "{{ designate_service_project_name }}"
password: "{{ designate_service_password }}"
insecure: "{{ keystone_service_adminuri_insecure }}"
register: add_service
when: not designate_service_in_ldap | bool
until: add_service|success
retries: 5
delay: 10
tags:
- designate-setup
- designate-service-add
- name: Ensure designate user to admin role
keystone:
command: "ensure_user_role"
token: "{{ keystone_auth_admin_token }}"
endpoint: "{{ keystone_service_adminurl }}"
user_name: "{{ designate_service_user_name }}"
tenant_name: "{{ designate_service_project_name }}"
role_name: "{{ designate_role_name }}"
insecure: "{{ keystone_service_adminuri_insecure }}"
register: add_service
when: not designate_service_in_ldap | bool
until: add_service|success
retries: 5
delay: 10
tags:
- designate-api-setup
- designate-service-add
- designate-setup
# Create an endpoint
- name: Ensure designate endpoint
keystone:
command: "ensure_endpoint"
token: "{{ keystone_auth_admin_token }}"
endpoint: "{{ keystone_service_adminurl }}"
region_name: "{{ designate_service_region }}"
service_name: "{{ designate_service_name }}"
service_type: "{{ designate_service_type }}"
insecure: "{{ keystone_service_adminuri_insecure }}"
endpoint_list:
- url: "{{ designate_service_publicurl }}"
interface: "public"
- url: "{{ designate_service_adminurl }}"
interface: "admin"
- url: "{{ designate_service_internalurl }}"
interface: "internal"
register: add_service
until: add_service|success
retries: 5
delay: 10
tags:
- designate-setup
- designate-service-add

47
tasks/designate_service_setup.yml Normal file
View File

@ -0,0 +1,47 @@
---
# Copyright 2016, Tata Consultancy Services
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- include: designate_service_add.yml
vars:
service_user_name: "{{ designate_service_user_name }}"
service_tenant_name: "{{ designate_service_tenant_name }}"
service_name: "{{ designate_service_name }}"
service_type: "{{ designate_service_type }}"
service_region: "{{designate_service_region }}"
service_description: "{{ designate_service_description }}"
service_password: "{{ designate_service_password }}"
service_internalurl: "{{ designate_service_internalurl }}"
service_publicurl: "{{ designate_service_publicurl }}"
service_adminurl: "{{ designate_service_adminurl }}"
role_name: "{{ designate_role_name }}"
tags:
- designate-add-service
- include: designate_service_add.yml
vars:
service_user_name: "{{ designate_service_user_name }}"
service_tenant_name: "{{ designate_service_project_name }}"
service_name: "{{ designate_service_v2_name }}"
service_type: "{{ designate_service_v2_type }}"
service_region: "{{ designate_service_region }}"
service_description: "{{ designate_service_v2_description }}"
service_password: "{{ designate_service_password }}"
service_publicurl: "{{ designate_service_v2_publicurl }}"
service_internalurl: "{{ designate_service_v2_internalurl }}"
service_adminurl: "{{ designate_service_v2_adminurl }}"
role_name: "{{ designate_role_name }}"
tags:
- designate-add-service

48
tasks/designate_upstart_common_init.yml Normal file
View File

@ -0,0 +1,48 @@
---
# Copyright 2016, Tata Consultancy Services
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Place the init script
template:
src: "designate-upstart-init.j2"
dest: "/etc/init/{{ program_name }}.conf"
mode: "0644"
owner: "root"
group: "root"
notify:
- Restart designate services
tags:
- upstart-init
- designate-init
- name: Reload init scripts
shell: |
initctl reload-configuration
notify:
- Restart designate services
tags:
- upstart-init
- designate-init
- name: Load service
service:
name: "{{ program_name }}"
enabled: "yes"
notify:
- Restart designate services
tags:
- upstart-init
- designate-init

71
tasks/designate_upstart_init.yml Normal file
View File

@ -0,0 +1,71 @@
---
# Copyright 2016, Tata Consultancy Services
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- include: designate_upstart_common_init.yml
vars:
program_name: "{{ designate_api_program_name }}"
service_name: "{{ designate_service_name }}"
system_user: "{{ designate_system_user_name }}"
system_group: "{{ designate_system_group_name }}"
service_home: "{{ designate_system_user_home }}"
when: inventory_hostname in groups['designate_api']
tags:
- designate-api-init
- include: designate_upstart_common_init.yml
vars:
program_name: "{{ designate_central_program_name }}"
service_name: "{{ designate_service_name }}"
system_user: "{{ designate_system_user_name }}"
system_group: "{{ designate_system_group_name }}"
service_home: "{{ designate_system_user_home }}"
when: inventory_hostname in groups['designate_central']
tags:
- designate-central-init
- include: designate_upstart_common_init.yml
vars:
program_name: "{{ designate_pool_manager_program_name }}"
service_name: "{{ designate_service_name }}"
system_user: "{{ designate_system_user_name }}"
system_group: "{{ designate_system_group_name }}"
service_home: "{{ designate_system_user_home }}"
when: inventory_hostname in groups['designate_pool_manager']
tags:
- designate-pool-manager-init
- include: designate_upstart_common_init.yml
vars:
program_name: "{{ designate_mdns_program_name }}"
service_name: "{{ designate_service_name }}"
system_user: "{{ designate_system_user_name }}"
system_group: "{{ designate_system_group_name }}"
service_home: "{{ designate_system_user_home }}"
when: inventory_hostname in groups['designate_mdns']
tags:
- designate-mdns-init
- include: designate_upstart_common_init.yml
vars:
program_name: "{{ designate_sink_program_name }}"
service_name: "{{ designate_service_name }}"
system_user: "{{ designate_system_user_name }}"
system_group: "{{ designate_system_group_name }}"
service_home: "{{ designate_system_user_home }}"
when: inventory_hostname in groups['designate_sink']
tags:
- designate-sink-init

32
tasks/main.yml Normal file
View File

@ -0,0 +1,32 @@
---
# Copyright 2016, Tata Consultancy Services
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- include: designate_pre_install.yml
- include: designate_install.yml
- include: designate_post_install.yml
- include: designate_upstart_init.yml
- include: designate_db_setup.yml
when: >
inventory_hostname == groups['designate_all'][0]
- include: designate_service_setup.yml
when: >
inventory_hostname == groups['designate_all'][0]
- name: Flush handlers
meta: flush_handlers

19
templates/api_paste.ini.j2 Normal file
View File

@ -0,0 +1,19 @@
# designate API WSGI Pipeline
# Define the filters that make up the pipeline for processing WSGI requests
# Note: This pipeline is PasteDeploy's term rather than designate's pipeline
# used for processing samples
# Remove authtoken from the pipeline if you don't want to use keystone authentication
[pipeline:main]
pipeline = request_id authtoken api-server
[app:api-server]
paste.app_factory = designate.api.app:app_factory
[filter:authtoken]
paste.filter_factory = keystonemiddleware.auth_token:filter_factory
oslo_config_project = designate
[filter:request_id]
paste.filter_factory = oslo_middleware:RequestId.factory

48
templates/designate-upstart-init.j2 Normal file
View File

@ -0,0 +1,48 @@
# {{ ansible_managed }}
# vim:set ft=upstart ts=2 et:
description "{{ program_name }}"
author "Swati Sharma <sharma.swati6@tcs.com>"
start on runlevel [2345]
stop on runlelvel [016]
respawn
respawn limit 10 5
# Set the RUNBIN environment variable
env RUNBIN="/usr/local/bin/{{ program_name }}"
# Change directory to service users home
chdir "{{ service_home }}"
# Pre start actions
pre-start script
mkdir -p "/var/run/{{ program_name }}"
chown {{ system_user }}:{{ system_group }} "/var/run/{{ program_name }}"
mkdir -p "/var/lock/{{ program_name }}"
chown {{ system_user }}:{{ system_group }} "/var/lock/{{ program_name }}"
{% if designate_venv_enabled | bool -%}
. {{ designate_venv_bin }}/activate
{%- endif %}
end script
# Post stop actions
post-stop script
rm "/var/run/{{ program_name }}/{{ program_name }}.pid"
end script
# Run the start up job
exec start-stop-daemon --start \
--chuid {{ system_user }} \
--make-pidfile \
--pidfile /var/run/{{ program_name }}/{{ program_name }}.pid \
--exec "{{ program_override|default('$RUNBIN') }}" \
-- {{ program_config_options|default('') }} \
--log-file=/var/log/{{ service_name }}/{{ program_name }}.log

251
templates/designate.conf.j2 Normal file
View File

@ -0,0 +1,251 @@
[DEFAULT]
auth_strategy = keystone
verbose = {{ verbose }}
debug = {{ debug }}
notification_driver = messaging
notification_topics = notifications
[oslo_messaging_rabbit]
rpc_backend = rabbit
rabbit_port = {{ rabbitmq_port }}
rabbit_userid = {{ designate_rabbitmq_userid }}
rabbit_password = {{ designate_rabbitmq_password }}
rabbit_virtual_host = {{ designate_rabbitmq_vhost }}
rabbit_hosts = {{ rabbitmq_servers }}
rabbit_use_ssl = {{ rabbitmq_use_ssl }}
rabbit_notification_exchange = designate
rabbit_notification_topic = notifications
#-----------------------
# Keystone Middleware
#-----------------------
[keystone_authtoken]
insecure = {{ keystone_service_internaluri_insecure | bool }}
auth_plugin = {{ designate_keystone_auth_plugin }}
signing_dir = {{ designate_system_user_home }}/cache/api
auth_url = {{ keystone_service_adminuri }}
auth_uri = {{ keystone_service_internaluri }}
project_domain_id = {{ designate_service_project_domain_id }}
user_domain_id = {{ designate_service_user_domain_id }}
project_name = {{ designate_service_project_name }}
username = {{ designate_service_user_name }}
password = {{ designate_service_password }}
memcached_servers = {{ memcached_servers }}
########################
#-----------------------
# Central Service
#-----------------------
[service:central]
# Number of central worker processes to spawn
#workers = 10
# Number of central greenthreads to spawn
threads = 1000
# Maximum domain name length
max_domain_name_len = 255
# Maximum recordset name length
max_recordset_name_len = 255
# Minimum TTL
#min_ttl = None
# The name of the default pool
default_pool_id = '794ccc2c-d751-44fe-b57f-8894c9f5c842'
## Managed resources settings
# Email to use for managed resources like domains created by the FloatingIP API
#managed_resource_email = hostmaster@example.com.
# Tenant ID to own all managed resources - like auto-created records etc.
managed_resource_tenant_id = None
#-----------------------
# API Service
#-----------------------
[service:api]
threads=1000
# The base uri used in responses
api_base_uri = 'http://10.16.34.6:9001/v1'
# Address to bind the API server
api_host = 0.0.0.0
# Port to bind the API server
api_port = 9001
# Authentication strategy to use - can be either "noauth" or "keystone"
auth_strategy = keystone
# Enable API Version 1
enable_api_v1 = True
# Enable API Version 2
enable_api_v2 = True
# Enabled API Version 1 extensions
enabled_extensions_v1 = diagnostics, quotas, reports, sync, touch
# Enabled API Version 2 extensions
enabled_extensions_v2 = quotas, reports
# Enable Admin API (experimental)
enable_api_admin = False
# Enabled Admin API extensions
# Can be one or more of : reports, quotas, counts, tenants, zones
# zone export is in zones extension
enabled_extensions_admin = reports, quotas, counts, tenants, zones
# Default per-page limit for the Admin API, a value of None means show all results
# by default
default_limit_admin = 20
# Max page size in the Admin API
max_limit_admin = 1000
#-----------------------
# mDNS Service
#-----------------------
[service:mdns]
# Number of mdns worker processes to spawn
#workers = 10
# Number of mdns greenthreads to spawn
threads = 1000
# mDNS Bind Host
host = 0.0.0.0
# mDNS Port Number
port = 5354
# mDNS TCP Backlog
tcp_backlog = 100
# mDNS TCP Receive Timeout
tcp_recv_timeout = 0.5
# Enforce all incoming queries (including AXFR) are TSIG signed
query_enforce_tsig = False
# Send all traffic over TCP
all_tcp = False
# Maximum message size to emit
max_message_size = 65535
#-----------------------
# Pool Manager Service
#-----------------------
[service:pool_manager]
backends = bind9
threads = 1000
pool_id = 794ccc2c-d751-44fe-b57f-8894c9f5c842
threshold_percentage = 100
poll_timeout = 30
poll_retry_interval = 15
poll_max_retries = 3
poll_delay = 5
periodic_recovery_interval = 120
enable_sync_timer = True
periodic_sync_interval = 300
cache_driver = memcache
########################
## Storage Configuration
########################
#-----------------------
# SQLAlchemy Storage
#-----------------------
[storage:sqlalchemy]
# Database connection string - to configure options for a given implementation
# like sqlalchemy or other see below
connection = mysql://{{ designate_galera_user }}:{{ designate_container_mysql_password }}@{{ designate_galera_address }}/designate?charset=utf8
connection_debug = 100
connection_trace = True
sqlite_synchronous = True
idle_timeout = 3600
max_retries = 10
retry_interval = 10
[pool_manager_cache:sqlalchemy]
connection = mysql://{{ designate_galera_user }}:{{ designate_container_mysql_password }}@{{ designate_galera_address }}/designate_pool_manager?charset=utf8
connection_debug = 100
connection_trace = False
sqlite_synchronous = True
idle_timeout = 3600
max_retries = 10
retry_interval = 10
#-----------------------
# Memcache Pool Manager Cache
#-----------------------
[pool_manager_cache:memcache]
memcached_servers = None
expiration = 3600
#############################
## Pool Backend Configuration
#############################
#-----------------------
# Global Bind9 Pool Backend
#-----------------------
#[backend:bind9]
#server_ids = 6a5032b6-2d96-43ee-b25b-7d784e2bf3b2
#masters = 10.16.34.6:5354
#rndc_host = 10.16.34.6
#rndc_port = 953
#rndc_config_file = /etc/rndc.conf
#rndc_key_file = /etc/rndc.key
#-----------------------
# Server Specific Bind9 Pool Backend
#-----------------------
#[backend:bind9:6a5032b6-2d96-43ee-b25b-7d784e2bf3b2]
#host = 10.16.34.6
#port = 53
#####################
## Pool Configuration
#####################
# This section does not have the defaults filled in but demonstrates an
# example pool / server set up. Different backends will have different options.
[pool:794ccc2c-d751-44fe-b57f-8894c9f5c842]
nameservers = 0f66b842-96c2-4189-93fc-1dc95a08b012
targets = f26e0b32-736f-4f0a-831b-039a415c481e
#also_notifies = 192.0.2.1:53, 192.0.2.2:53
[pool_nameserver:0f66b842-96c2-4189-93fc-1dc95a08b012]
port = 53
host = 10.16.34.6
[pool_target:f26e0b32-736f-4f0a-831b-039a415c481e]
options = rndc_host: 10.16.34.6, rndc_port: 953, rndc_config_file: /etc/bind/rndc.conf, rndc_key_file: /etc/bind/rndc.key, port: 53, host: 10.16.34.6, clean_zonefile: false
masters = 10.16.34.6:5354
type = bind9
[service:sink]
enabled_notification_handlers = nova_fixed
[handler:nova_fixed]
# Domain ID of domain to create records in. Should be pre-created
notification_topics = notifications
control_exchange = 'nova'
zone_id = e7192aa3-294b-491c-a2e7-3624e87f0af1
format = '%(instance_id)s.%(zone)s'

125
templates/policy.json Normal file
View File

@ -0,0 +1,125 @@
{
"admin": "role:admin or is_admin:True",
"primary_zone": "target.zone_type:SECONDARY",
"owner": "tenant:%(tenant_id)s",
"admin_or_owner": "rule:admin or rule:owner",
"target": "tenant:%(target_tenant_id)s",
"owner_or_target":"rule:target or rule:owner",
"admin_or_owner_or_target":"rule:owner_or_target or rule:admin",
"admin_or_target":"rule:admin or rule:target",
"zone_primary_or_admin": "('PRIMARY':%(zone_type)s and rule:admin_or_owner) OR ('SECONDARY':%(zone_type)s AND is_admin:True)",
"default": "rule:admin_or_owner",
"all_tenants": "rule:admin",
"edit_managed_records" : "rule:admin",
"use_low_ttl": "rule:admin",
"get_quotas": "rule:admin_or_owner",
"get_quota": "rule:admin_or_owner",
"set_quota": "rule:admin",
"reset_quotas": "rule:admin",
"create_tld": "rule:admin",
"find_tlds": "rule:admin",
"get_tld": "rule:admin",
"update_tld": "rule:admin",
"delete_tld": "rule:admin",
"create_tsigkey": "rule:admin",
"find_tsigkeys": "rule:admin",
"get_tsigkey": "rule:admin",
"update_tsigkey": "rule:admin",
"delete_tsigkey": "rule:admin",
"find_tenants": "rule:admin",
"get_tenant": "rule:admin",
"count_tenants": "rule:admin",
"create_zone": "rule:admin_or_owner",
"get_zones": "rule:admin_or_owner",
"get_zone": "rule:admin_or_owner",
"get_zone_servers": "rule:admin_or_owner",
"find_zones": "rule:admin_or_owner",
"find_zone": "rule:admin_or_owner",
"update_zone": "rule:admin_or_owner",
"delete_zone": "rule:admin_or_owner",
"xfr_zone": "rule:admin_or_owner",
"abandon_zone": "rule:admin",
"count_zones": "rule:admin_or_owner",
"purge_zones": "rule:admin",
"touch_zone": "rule:admin_or_owner",
"create_recordset": "rule:zone_primary_or_admin",
"get_recordsets": "rule:admin_or_owner",
"get_recordset": "rule:admin_or_owner",
"find_recordsets": "rule:admin_or_owner",
"find_recordset": "rule:admin_or_owner",
"update_recordset": "rule:zone_primary_or_admin",
"delete_recordset": "rule:zone_primary_or_admin",
"count_recordset": "rule:admin_or_owner",
"create_record": "rule:admin_or_owner",
"get_records": "rule:admin_or_owner",
"get_record": "rule:admin_or_owner",
"find_records": "rule:admin_or_owner",
"find_record": "rule:admin_or_owner",
"update_record": "rule:admin_or_owner",
"delete_record": "rule:admin_or_owner",
"count_records": "rule:admin_or_owner",
"use_sudo": "rule:admin",
"create_blacklist": "rule:admin",
"find_blacklist": "rule:admin",
"find_blacklists": "rule:admin",
"get_blacklist": "rule:admin",
"update_blacklist": "rule:admin",
"delete_blacklist": "rule:admin",
"use_blacklisted_domain": "rule:admin",
"create_pool": "rule:admin",
"find_pools": "rule:admin",
"find_pool": "rule:admin",
"get_pool": "rule:admin",
"update_pool": "rule:admin",
"delete_pool": "rule:admin",
"diagnostics_ping": "rule:admin",
"diagnostics_sync_domains": "rule:admin",
"diagnostics_sync_domain": "rule:admin",
"diagnostics_sync_record": "rule:admin",
"create_zone_transfer_request": "rule:admin_or_owner",
"get_zone_transfer_request": "rule:admin_or_owner or tenant:%(target_tenant_id)s or None:%(target_tenant_id)s",
"get_zone_transfer_request_detailed": "rule:admin_or_owner",
"find_zone_transfer_requests": "@",
"find_zone_transfer_request": "@",
"update_zone_transfer_request": "rule:admin_or_owner",
"delete_zone_transfer_request": "rule:admin_or_owner",
"create_zone_transfer_accept": "rule:admin_or_owner or tenant:%(target_tenant_id)s or None:%(target_tenant_id)s",
"get_zone_transfer_accept": "rule:admin_or_owner",
"find_zone_transfer_accepts": "rule:admin",
"find_zone_transfer_accept": "rule:admin",
"update_zone_transfer_accept": "rule:admin",
"delete_zone_transfer_accept": "rule:admin",
"create_zone_import": "rule:admin_or_owner",
"find_zone_imports": "rule:admin_or_owner",
"get_zone_import": "rule:admin_or_owner",
"update_zone_import": "rule:admin_or_owner",
"delete_zone_import": "rule:admin_or_owner",
"zone_export": "rule:admin_or_owner",
"create_zone_export": "rule:admin_or_owner",
"find_zone_exports": "rule:admin_or_owner",
"get_zone_export": "rule:admin_or_owner",
"update_zone_export": "rule:admin_or_owner",
"delete_zone_export": "rule:admin_or_owner"
}

3
vars/main.yml Normal file
View File

@ -0,0 +1,3 @@
---
# vars file for os_designate/