heat_template_version: wallaby description: > OpenStack containerized bind9 for designate parameters: ContainerDesignateBackendBIND9Image: description: image type: string tags: - role_specific ContainerDesignateConfigImage: description: The container image to use for the designate config_volume type: string tags: - role_specific EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json ServiceData: default: {} description: Dictionary packing service data type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set via parameter_defaults in the resource registry. Use parameter_merge_strategies to merge it with the defaults. type: json RoleName: default: '' description: Role name on which the service is applied type: string RoleParameters: default: {} description: Parameters specific to the role type: json MonitoringSubscriptionDesignateBind: default: 'overcloud-designate-bind' type: string DesignateRndcKey: description: The rndc key secret for communication with BIND. type: string hidden: true DesignateBindQueryLogging: description: Set to true to enable logging of queries on BIND. type: boolean default: false DesignateBackendListenIPs: default: [] description: A list of IPs to add to the externally accessible interface (e.g. interface on the external network or the VIP interface in standalone). If provided, the number of IPs must match the number of deployed Bind instances. If left empty, the deployment will create additonal IPs using the external network. type: comma_delimited_list conditions: public_net_is_ctlplane: equals: - {get_param: [ServiceData, net_vip_map, {get_param: [ServiceNetMap, DesignateBindNetwork]}]} - {get_param: [ServiceData, net_vip_map, ctlplane]} resources: ContainersCommon: type: ../containers-common.yaml DesignateBase: type: ./designate-base.yaml properties: EndpointMap: {get_param: EndpointMap} ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} RoleName: {get_param: RoleName} RoleParameters: {get_param: RoleParameters} RoleParametersValue: type: OS::Heat::Value properties: type: json value: map_replace: - map_replace: - ContainerDesignateBackendBIND9Image: ContainerDesignateBackendBIND9Image ContainerDesignateConfigImage: ContainerDesignateConfigImage - values: {get_param: [RoleParameters]} - values: ContainerDesignateBackendBIND9Image: {get_param: ContainerDesignateBackendBIND9Image} ContainerDesignateConfigImage: {get_param: ContainerDesignateConfigImage} outputs: role_data: description: Role data for the Designate Bind instance. value: service_name: designate_bind firewall_rules: '140 designate_worker udp': proto: 'udp' dport: - 53 - 953 '141 designate_worker tcp': proto: 'tcp' dport: - 53 - 953 monitoring_subscription: {get_param: MonitoringSubscriptionDesignateBind} config_settings: map_merge: - get_attr: [DesignateBase, role_data, config_settings] - designate::backend::bind9::configure_bind: false puppet_config: config_volume: designate puppet_tags: designate_config step_config: {get_attr: [DesignateBase, role_data, step_config]} config_image: {get_attr: [RoleParametersValue, value, ContainerDesignateConfigImage]} kolla_config: /var/lib/kolla/config_files/designate_backend_bind9.json: command: /usr/sbin/named -u named -c /etc/named.conf -f config_files: - source: "/var/lib/kolla/config_files/src/*" dest: "/" merge: true preserve_properties: true - source: "/var/named/*" dest: "/var/named-persistent/" merge: true preserve_properties: true permissions: - path: /var/log/designate owner: designate:designate recurse: true - path: /var/log/bind owner: root:named recurse: true perm: '0775' - path: /var/named-persistent owner: root:named perm: '0770' - path: /etc/rndc.key owner: root:named perm: '0640' - path: /etc/named/rndc.conf owner: root:named perm: '0640' deploy_steps_tasks: - name: Configure extra IP on the network interfaces when: - step|int == 1 include_role: name: designate_bind_config tasks_from: configure_interfaces vars: tripleo_designate_bind_network: {get_param: [ServiceNetMap, DesignateBindNetwork]} - name: generate rndc key configuration files when: step|int == 1 import_role: name: designate_rndc_config vars: designate_rndc_key: {get_param: DesignateRndcKey} designate_rndc_key_file_path: /var/lib/config-data/ansible-generated/designate/etc/ - name: generate bind configuration when: step|int == 1 import_role: name: designate_bind_config vars: designate_bind_enable_query_logging: {get_param: DesignateBindQueryLogging} rndc_allowed_addresses: get_param: - ServiceData - net_cidr_map - {get_param: [ServiceNetMap, DesignateBindNetwork]} docker_config: step_4: designate_backend_bind9: image: {get_attr: [RoleParametersValue, value, ContainerDesignateBackendBIND9Image]} net: host privileged: true stop_grace_period: 300 restart: always volumes: list_concat: - {get_attr: [ContainersCommon, volumes]} - - /run:/run - /var/lib/kolla/config_files/designate_backend_bind9.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/ansible-generated/designate:/var/lib/kolla/config_files/src:ro - /var/log/containers/designate:/var/log/designate:z - /var/log/containers/designate-bind:/var/log/bind:z - /var/lib/designate/named-persistent:/var/named-persistent:z environment: KOLLA_CONFIG_STRATEGY: COPY_ALWAYS host_prep_tasks: - name: create persistent named directories file: path: "{{ item.path }}" state: directory setype: "{{ item.setype }}" mode: "{{ item.mode }}" with_items: - { 'path': /var/lib/designate/named-persistent, 'setype': container_file_t, 'mode': '0750' } - { 'path': /var/log/containers/designate-bind, 'setype': container_file_t, 'mode': '0750' } external_deploy_tasks: - name: Get list of provided listen ips when: - step|int == 1 set_fact: dns_listen_ips: { get_param: DesignateBackendListenIPs } - name: Distribute configured unbound listen IPs across nodes when: - step|int == 1 - dns_listen_ips|length > 0 block: - name: Set the host ip fact set_fact: tripleo_dns_listen_interfaces: "[ '{{ item.0 }}' ]" delegate_to: "{{ item.1 }}" delegate_facts: true with_together: - "{{ dns_listen_ips }}" - "{{ groups['designate_bind'] | difference(groups['excluded_overcloud']) }}" - name: distribute listen IPs for configuring allow-notify list set_fact: tripleo_other_allow_notify: "{{ dns_listen_ips }}" delegate_facts: true delegate_to: "{{ item }}" loop: "{{ groups['designate_bind'] | difference(groups['excluded_overcloud']) }}" - name: Configure ports to allow bind to collocate with other services listening on DNS ports when: - step|int == 1 - dns_listen_ips|length == 0 block: - name: Get the subnet id for the proper network openstack.cloud.subnets_info: name: if: - public_net_is_ctlplane - ctlplane-subnet - str_replace: template: "$NETWORK_subnet" params: $NETWORK: {get_param: [ServiceNetMap, DesignateBindNetwork]} register: subnet_info - name: Create the extra IPs include_role: name: designate_bind_config tasks_from: create_collocated_ips vars: hosts_for_ports: "{{ groups.designate_bind }}" network_name: {get_param: [ServiceNetMap, DesignateBindNetwork]} subnet_id: "{{ subnet_info.openstack_subnets[0].id }}"