├── doc ├── source │ ├── _static │ │ └── .gitkeep │ ├── index.rst │ └── conf.py ├── requirements.txt └── Makefile ├── releasenotes ├── notes │ ├── .placeholder │ ├── designate-1604-support-d397681dd302eda9.yaml │ ├── os_designate-centos-support-501276f049c2baff.yaml │ ├── remove_rpc_backend-a9832d7699ef1245.yaml │ ├── remove-v1-api-4fda1ee243203fe5.yaml │ ├── journal-log-ycba504642b47619.yaml │ ├── openstack-distribution-packages-9fa11225b7f06125.yaml │ ├── endpoint-change-to-internalurl-3da6bb4bd4972bea.yaml │ ├── os_designate-only-install-venv-b58477153de1b1de.yaml │ ├── nova-init-config-overrides-ffce7e419061c4da.yaml │ ├── designate-service-setup-host-78466665a752dadd.yaml │ ├── designate-pools-yaml-support-d693dc2471642167.yaml │ ├── package-state-b97c7b252aee4c20.yaml │ ├── oslo-messaging-separate-backends-87f2d1a15c202f73.yaml │ └── designate_init_time_settings-6efb66b0d17d4c04.yaml └── source │ ├── _static │ └── .placeholder │ ├── _templates │ └── .placeholder │ ├── unreleased.rst │ ├── zed.rst │ ├── train.rst │ ├── ussuri.rst │ ├── pike.rst │ ├── rocky.rst │ ├── stein.rst │ ├── queens.rst │ ├── ocata.rst │ ├── index.rst │ └── conf.py ├── .gitreview ├── templates ├── rndc.key.j2 ├── sudoers.j2 ├── rootwrap.conf.j2 ├── api-paste.ini.j2 └── designate.conf.j2 ├── files └── rootwrap.d │ ├── knot2.filters │ ├── djbdns.filters │ └── bind9.filters ├── examples └── playbook.yml ├── tests ├── group_vars │ ├── designate_all.yml │ └── all_containers.yml ├── host_vars │ ├── localhost.yml │ ├── infra1.yml │ └── openstack1.yml ├── inventory ├── test.yml ├── ansible-role-requirements.yml ├── os_designate-overrides.yml ├── templates │ └── named.conf.j2 └── test-install-designate.yml ├── CONTRIBUTING.rst ├── README.rst ├── meta ├── openstack-ansible.yml └── main.yml ├── tasks ├── designate_db_sync.yml ├── designate_pre_install.yml ├── designate_install.yml ├── designate_post_install.yml └── main.yml ├── zuul.d └── project.yaml ├── vars ├── debian.yml ├── distro_install.yml ├── source_install.yml ├── redhat.yml └── main.yml ├── .gitignore ├── tox.ini ├── handlers └── main.yml ├── bindep.txt ├── LICENSE └── defaults └── main.yml /doc/source/_static/.gitkeep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /releasenotes/notes/.placeholder: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /releasenotes/source/_static/.placeholder: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /releasenotes/source/_templates/.placeholder: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /.gitreview: -------------------------------------------------------------------------------- 1 | [gerrit] 2 | host=review.opendev.org 3 | port=29418 4 | project=openstack/openstack-ansible-os_designate.git 5 | -------------------------------------------------------------------------------- /templates/rndc.key.j2: -------------------------------------------------------------------------------- 1 | key "{{ item.name }}" { 2 | algorithm "{{ item.algorithm }}"; 3 | secret "{{ item.secret }}"; 4 | }; 5 | -------------------------------------------------------------------------------- /files/rootwrap.d/knot2.filters: -------------------------------------------------------------------------------- 1 | # cmd-name: filter-name, raw-command, user, args 2 | [Filters] 3 | knotc: CommandFilter, /usr/sbin/knotc, root 4 | -------------------------------------------------------------------------------- /releasenotes/notes/designate-1604-support-d397681dd302eda9.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - The ``os-designate`` role now supports Ubuntu 16.04 and SystemD. 4 | -------------------------------------------------------------------------------- /releasenotes/notes/os_designate-centos-support-501276f049c2baff.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - CentOS7/RHEL support has been added to the os_designate role. 4 | 5 | -------------------------------------------------------------------------------- /releasenotes/source/unreleased.rst: -------------------------------------------------------------------------------- 1 | ============================== 2 | Current Series Release Notes 3 | ============================== 4 | 5 | .. release-notes:: 6 | -------------------------------------------------------------------------------- /releasenotes/source/zed.rst: -------------------------------------------------------------------------------- 1 | ======================== 2 | Zed Series Release Notes 3 | ======================== 4 | 5 | .. release-notes:: 6 | :branch: unmaintained/zed 7 | -------------------------------------------------------------------------------- /releasenotes/source/train.rst: -------------------------------------------------------------------------------- 1 | ========================== 2 | Train Series Release Notes 3 | ========================== 4 | 5 | .. release-notes:: 6 | :branch: stable/train 7 | -------------------------------------------------------------------------------- /releasenotes/source/ussuri.rst: -------------------------------------------------------------------------------- 1 | =========================== 2 | Ussuri Series Release Notes 3 | =========================== 4 | 5 | .. release-notes:: 6 | :branch: stable/ussuri 7 | -------------------------------------------------------------------------------- /releasenotes/source/pike.rst: -------------------------------------------------------------------------------- 1 | =================================== 2 | Pike Series Release Notes 3 | =================================== 4 | 5 | .. release-notes:: 6 | :branch: stable/pike 7 | -------------------------------------------------------------------------------- /releasenotes/source/rocky.rst: -------------------------------------------------------------------------------- 1 | =================================== 2 | Rocky Series Release Notes 3 | =================================== 4 | 5 | .. release-notes:: 6 | :branch: stable/rocky 7 | -------------------------------------------------------------------------------- /releasenotes/source/stein.rst: -------------------------------------------------------------------------------- 1 | =================================== 2 | Stein Series Release Notes 3 | =================================== 4 | 5 | .. release-notes:: 6 | :branch: stable/stein 7 | -------------------------------------------------------------------------------- /releasenotes/source/queens.rst: -------------------------------------------------------------------------------- 1 | =================================== 2 | Queens Series Release Notes 3 | =================================== 4 | 5 | .. release-notes:: 6 | :branch: stable/queens 7 | -------------------------------------------------------------------------------- /releasenotes/source/ocata.rst: -------------------------------------------------------------------------------- 1 | =================================== 2 | Ocata Series Release Notes 3 | =================================== 4 | 5 | .. release-notes:: 6 | :branch: origin/stable/ocata 7 | -------------------------------------------------------------------------------- /releasenotes/notes/remove_rpc_backend-a9832d7699ef1245.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | deprecations: 3 | - | 4 | Remove ``designate_rpc_backend`` option due to deprecation of 5 | rpc_backend option in oslo.messaging. 6 | -------------------------------------------------------------------------------- /files/rootwrap.d/djbdns.filters: -------------------------------------------------------------------------------- 1 | [Filters] 2 | tcpclient: CommandFilter, /usr/bin/tcpclient, root 3 | axfr-get: CommandFilter, /usr/bin/axfr-get, root 4 | tinydns-data: CommandFilter, /usr/bin/tinydns-data, root 5 | -------------------------------------------------------------------------------- /releasenotes/notes/remove-v1-api-4fda1ee243203fe5.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | upgrade: 3 | - Any tooling using the Designate v1 API needs to be reworked to use the v2 API 4 | critical: 5 | - The Designate V1 API has been removed, and cannot be enabled. 6 | -------------------------------------------------------------------------------- /releasenotes/notes/journal-log-ycba504642b47619.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | deprecations: 3 | - The log path, ``/var/log/designate`` is no longer used to capture service 4 | logs. All logging for the designate service will now be sent directly to the 5 | systemd journal. 6 | -------------------------------------------------------------------------------- /releasenotes/source/index.rst: -------------------------------------------------------------------------------- 1 | ================================ 2 | OpenStack-Ansible Release Notes 3 | ================================ 4 | 5 | .. toctree:: 6 | :maxdepth: 1 7 | 8 | unreleased 9 | zed 10 | ussuri 11 | train 12 | stein 13 | rocky 14 | queens 15 | pike 16 | ocata 17 | -------------------------------------------------------------------------------- /releasenotes/notes/openstack-distribution-packages-9fa11225b7f06125.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - | 4 | The role now supports using the distribution packages for the OpenStack 5 | services instead of the pip ones. This feature is disabled by default 6 | and can be enabled by simply setting the ``designate_install_method`` 7 | variable to ``distro``. 8 | -------------------------------------------------------------------------------- /files/rootwrap.d/bind9.filters: -------------------------------------------------------------------------------- 1 | # designate-rootwrap command filters for nodes on which designate is 2 | # expected to control network 3 | # 4 | # This file should be owned by (and only-writable by) the root user 5 | 6 | # format seems to be 7 | # cmd-name: filter-name, raw-command, user, args 8 | 9 | [Filters] 10 | rndc: CommandFilter, /usr/sbin/rndc, root 11 | -------------------------------------------------------------------------------- /templates/sudoers.j2: -------------------------------------------------------------------------------- 1 | # {{ ansible_managed }} 2 | 3 | Defaults:{{ designate_system_user_name }} !requiretty 4 | Defaults:{{ designate_system_user_name }} secure_path="{{ designate_bin }}:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" 5 | 6 | {{ designate_system_user_name }} ALL = (root) NOPASSWD: {{ designate_bin }}/{{ designate_service_name }}-rootwrap 7 | -------------------------------------------------------------------------------- /releasenotes/notes/endpoint-change-to-internalurl-3da6bb4bd4972bea.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | upgrade: 3 | - The endpoint which designate uses to communicate with neutron 4 | has been set to the internalURL by default. This change has 5 | been done within the template ``designate.conf.j2`` and can be 6 | changed using the ``designate_designate_conf_overrides`` 7 | variable. 8 | -------------------------------------------------------------------------------- /releasenotes/notes/os_designate-only-install-venv-b58477153de1b1de.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | upgrade: 3 | - Installation of designate and its dependent pip packages will now only 4 | occur within a Python virtual environment. The ``designate_venv_enabled``, 5 | ``designate_venv_bin``, ``designate_venv_etc_dir`` and 6 | ``designate_non_venv_etc_dir`` variables have been removed. 7 | -------------------------------------------------------------------------------- /examples/playbook.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Install Designate Server 3 | hosts: designate_all 4 | user: root 5 | roles: 6 | - role: "os_designate" 7 | tags: 8 | - "os-designate" 9 | vars: 10 | external_lb_vip_address: 172.16.24.1 11 | internal_lb_vip_address: 192.168.0.1 12 | designate_galera_address: "{{ internal_lb_vip_address }}" 13 | designate_galera_password: "SuperSecretePassword1" 14 | designate_service_password: "SuperSecretePassword3" 15 | designate_oslomsg_rpc_password: "SuperSecretePassword4" 16 | -------------------------------------------------------------------------------- /releasenotes/notes/nova-init-config-overrides-ffce7e419061c4da.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - New variables have been added to allow a deployer to customize 4 | a designate systemd unit file to their liking. 5 | - The task dropping the designate systemd unit files now uses the 6 | ``config_template`` action plugin allowing deployers access to 7 | customize the unit files as they see fit without having to 8 | load extra options into the defaults and pollute the generic 9 | systemd unit file with jinja2 variables and conditionals. 10 | 11 | -------------------------------------------------------------------------------- /releasenotes/notes/designate-service-setup-host-78466665a752dadd.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - | 4 | The service setup in keystone for designate will now be executed 5 | through delegation to the ``designate_service_setup_host`` which, 6 | by default, is ``localhost`` (the deploy host). Deployers can 7 | opt to rather change this to the utility container by implementing 8 | the following override in ``user_variables.yml``. 9 | 10 | .. code-block:: yaml 11 | 12 | designate_service_setup_host: "{{ groups['utility_all'][0] }}" 13 | 14 | deprecations: 15 | - | 16 | The variable ``designate_requires_pip_packages`` is no longer required 17 | and has therefore been removed. 18 | -------------------------------------------------------------------------------- /releasenotes/notes/designate-pools-yaml-support-d693dc2471642167.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - The Designate pools.yaml file can now be generated via the 4 | designate_pools_yaml attribute, if desired. This allows users to populate 5 | the Designate DNS server configuration using attributes from other plays 6 | and obviates the need to manage the file outside of the Designate role. 7 | upgrade: 8 | - The Designate pools.yaml file can now be generated via the 9 | designate_pools_yaml attribute, if desired. This ability is toggled by 10 | the designate_use_pools_yaml_attr attribute. In the future this behavior 11 | may become default and designate_pools_yaml may become a required variable. 12 | -------------------------------------------------------------------------------- /tests/group_vars/designate_all.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2016, Rackspace US, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | properties: 17 | service_name: designate 18 | -------------------------------------------------------------------------------- /tests/host_vars/localhost.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2016, Rackspace US, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | bridges: 17 | - name: "br-mgmt" 18 | ip_addr: "10.1.1.1" 19 | -------------------------------------------------------------------------------- /CONTRIBUTING.rst: -------------------------------------------------------------------------------- 1 | The source repository for this project can be found at: 2 | 3 | https://opendev.org/openstack/openstack-ansible-os_designate 4 | 5 | Pull requests submitted through GitHub are not monitored. 6 | 7 | To start contributing to OpenStack, follow the steps in the contribution guide 8 | to set up and use Gerrit: 9 | 10 | https://docs.openstack.org/contributors/code-and-documentation/quick-start.html 11 | 12 | Bugs should be filed on Launchpad: 13 | 14 | https://bugs.launchpad.net/openstack-ansible 15 | 16 | For more specific information about contributing to this repository, see the 17 | OpenStack-Ansible contributors guide: 18 | 19 | https://docs.openstack.org/openstack-ansible/latest/contributors/contributing.html 20 | -------------------------------------------------------------------------------- /README.rst: -------------------------------------------------------------------------------- 1 | ==================================== 2 | Designate role for OpenStack-Ansible 3 | ==================================== 4 | 5 | Ansible role to install OpenStack Designate. 6 | 7 | Documentation for the project can be found at: 8 | https://docs.openstack.org/openstack-ansible-os_designate/latest 9 | 10 | Release notes for the project can be found at: 11 | https://docs.openstack.org/releasenotes/openstack-ansible-os_designate/ 12 | 13 | The project source code repository is located at: 14 | https://opendev.org/openstack/openstack-ansible-os_designate/ 15 | 16 | The project home is at: 17 | https://launchpad.net/openstack-ansible 18 | 19 | The project bug tracker is located at: 20 | https://bugs.launchpad.net/openstack-ansible 21 | -------------------------------------------------------------------------------- /releasenotes/notes/package-state-b97c7b252aee4c20.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - The os_designate role now supports the ability to configure whether 4 | apt/yum tasks install the latest available package, or just ensure 5 | that the package is present. The default action is to ensure that 6 | the latest package is present. The action taken may be changed to 7 | only ensure that the package is present by setting 8 | ``designate_package_state`` to ``present``. 9 | upgrade: 10 | - The os_designate role always checks whether the latest package is 11 | installed when executed. If a deployer wishes to change the check to 12 | only validate the presence of the package, the option 13 | ``designate_package_state`` should be set to ``present``. 14 | -------------------------------------------------------------------------------- /tests/host_vars/infra1.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2017, Rackspace US, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | ansible_host: 10.1.1.101 17 | ansible_become: True 18 | ansible_user: root 19 | container_name: infra1 20 | -------------------------------------------------------------------------------- /tests/host_vars/openstack1.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2017, Rackspace US, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | ansible_host: 10.1.1.102 17 | ansible_become: True 18 | ansible_user: root 19 | container_name: openstack1 20 | -------------------------------------------------------------------------------- /meta/openstack-ansible.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2017, Rackspace US, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | # (c) 2017, Jean-Philippe Evrard 17 | 18 | maturity_info: 19 | status: complete 20 | created_during: mitaka 21 | -------------------------------------------------------------------------------- /doc/requirements.txt: -------------------------------------------------------------------------------- 1 | # The order of packages is significant, because pip processes them in the order 2 | # of appearance. Changing the order has an impact on the overall integration 3 | # process, which may cause wedges in the gate later. 4 | 5 | # WARNING: 6 | # This file is maintained in the openstack-ansible-tests repository. 7 | # https://opendev.org/openstack/openstack-ansible-tests/src/branch/master/sync/doc/requirements.txt 8 | # If you need to modify this file, update the one in the 9 | # openstack-ansible-tests repository. Once it merges there, the changes will 10 | # automatically be proposed to all the repositories which use it. 11 | 12 | sphinx>=2.0.0,!=2.1.0 # BSD 13 | sphinxcontrib-svg2pdfconverter>=0.1.0 # BSD 14 | openstackdocstheme>=2.2.1 # Apache-2.0 15 | reno>=3.1.0 # Apache-2.0 16 | doc8>=0.6.0 # Apache-2.0 17 | -------------------------------------------------------------------------------- /tasks/designate_db_sync.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2016, Tata Consultancy Services 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | - name: Perform a Designate DB sync 17 | ansible.builtin.command: "{{ designate_bin }}/designate-manage database sync" 18 | become: true 19 | become_user: "{{ designate_system_user_name }}" 20 | changed_when: false 21 | -------------------------------------------------------------------------------- /tests/inventory: -------------------------------------------------------------------------------- 1 | [all] 2 | localhost 3 | infra1 4 | openstack1 5 | 6 | [hosts] 7 | localhost 8 | 9 | [all_containers] 10 | infra1 11 | openstack1 12 | 13 | [designate_all:children] 14 | designate_api 15 | designate_central 16 | designate_mdns 17 | designate_worker 18 | designate_producer 19 | designate_sink 20 | 21 | [designate_api] 22 | openstack1 23 | 24 | [designate_central] 25 | openstack1 26 | 27 | [designate_mdns] 28 | openstack1 29 | 30 | [designate_worker] 31 | openstack1 32 | 33 | [designate_producer] 34 | openstack1 35 | 36 | [designate_sink] 37 | openstack1 38 | 39 | [keystone_all] 40 | openstack1 41 | 42 | [utility_all] 43 | openstack1 44 | 45 | [service_all:children] 46 | rabbitmq_all 47 | galera_all 48 | memcached_all 49 | 50 | [oslomsg_rpc_all] 51 | infra1 52 | 53 | [oslomsg_notify_all] 54 | infra1 55 | 56 | [rabbitmq_all] 57 | infra1 58 | 59 | [galera_all] 60 | infra1 61 | 62 | [memcached_all] 63 | infra1 64 | -------------------------------------------------------------------------------- /tests/group_vars/all_containers.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2016, Rackspace US, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | container_networks: 17 | management_address: 18 | address: "{{ ansible_host }}" 19 | bridge: "br-mgmt" 20 | interface: "eth1" 21 | netmask: "255.255.255.0" 22 | type: "veth" 23 | physical_host: localhost 24 | properties: 25 | service_name: "{{ inventory_hostname }}" 26 | -------------------------------------------------------------------------------- /zuul.d/project.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2017, Rackspace US, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | - project: 17 | templates: 18 | - check-requirements 19 | - openstack-ansible-linters-jobs 20 | - openstack-ansible-deploy-aio_distro_metal-jobs 21 | - openstack-ansible-deploy-aio_metal-jobs 22 | - publish-openstack-docs-pti 23 | - build-release-notes-jobs-python3 24 | -------------------------------------------------------------------------------- /vars/debian.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2016, Intel Corporation. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | ## APT Cache options 17 | cache_timeout: 600 18 | 19 | # Common apt packages 20 | designate_distro_packages: [] 21 | 22 | designate_service_distro_packages: 23 | - python3-designate 24 | - python3-systemd 25 | 26 | designate_rndc_packages: 27 | - bind9utils 28 | 29 | designate_devel_distro_packages: 30 | - libsystemd-dev 31 | -------------------------------------------------------------------------------- /vars/distro_install.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2018, SUSE LINUX GmbH. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | 17 | designate_package_list: |- 18 | {% set packages = designate_distro_packages %} 19 | {% set _ = packages.extend(designate_service_distro_packages) %} 20 | {% if designate_rndc_keys is defined %} 21 | {% set _ = packages.extend(designate_rndc_packages) %} 22 | {% endif %} 23 | {{ packages }} 24 | 25 | _designate_bin: "/usr/bin" 26 | _designate_etc: "/etc" 27 | -------------------------------------------------------------------------------- /vars/source_install.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2018, SUSE LINUX GmbH. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | 17 | designate_package_list: |- 18 | {% set packages = designate_distro_packages %} 19 | {% if designate_rndc_keys is defined %} 20 | {% set _ = packages.extend(designate_rndc_packages) %} 21 | {% endif %} 22 | {{ packages }} 23 | 24 | _designate_bin: "/openstack/venvs/designate-{{ designate_venv_tag }}/bin" 25 | _designate_etc: "{{ _designate_bin | dirname + '/etc' }}" 26 | -------------------------------------------------------------------------------- /templates/rootwrap.conf.j2: -------------------------------------------------------------------------------- 1 | # Configuration for designate-rootwrap 2 | # This file should be owned by (and only-writeable by) the root user 3 | 4 | [DEFAULT] 5 | # List of directories to load filter definitions from (separated by ','). 6 | # These directories MUST all be only writeable by root ! 7 | filters_path=/etc/designate/rootwrap.d,/usr/share/designate/rootwrap 8 | 9 | # List of directories to search executables in, in case filters do not 10 | # explicitely specify a full path (separated by ',') 11 | # If not specified, defaults to system PATH environment variable. 12 | # These directories MUST all be only writeable by root ! 13 | exec_dirs={{ designate_bin }},/sbin,/usr/sbin,/bin,/usr/bin 14 | 15 | # Enable logging to syslog 16 | # Default value is False 17 | use_syslog=False 18 | 19 | # Which syslog facility to use. 20 | # Valid values include auth, authpriv, syslog, user0, user1... 21 | # Default value is 'syslog' 22 | syslog_log_facility=syslog 23 | 24 | # Which messages to log. 25 | # INFO means log all usage 26 | # ERROR means only log unsuccessful attempts 27 | syslog_log_level=ERROR 28 | -------------------------------------------------------------------------------- /vars/redhat.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2016, Intel Corporation. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | # Common yum packages 17 | designate_distro_packages: 18 | - which 19 | 20 | designate_service_distro_packages: 21 | - openstack-designate-agent 22 | - openstack-designate-api 23 | - openstack-designate-central 24 | - openstack-designate-mdns 25 | - openstack-designate-producer 26 | - openstack-designate-sink 27 | - openstack-designate-worker 28 | - python3-systemd 29 | 30 | designate_rndc_packages: 31 | - bind 32 | 33 | designate_devel_distro_packages: 34 | - systemd-devel 35 | -------------------------------------------------------------------------------- /tests/test.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2016, Rackspace US, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | # Setup the host 17 | - import_playbook: common/test-setup-host.yml 18 | 19 | # Prepare the containers 20 | - import_playbook: common/test-prepare-containers.yml 21 | 22 | # Install RabbitMQ/MariaDB 23 | - import_playbook: common/test-install-infra.yml 24 | 25 | # Install Keystone 26 | - import_playbook: common/test-install-keystone.yml 27 | 28 | # Install Designate 29 | - import_playbook: test-install-designate.yml 30 | 31 | # Install and execute Tempest 32 | - import_playbook: common/test-install-tempest.yml 33 | -------------------------------------------------------------------------------- /meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2016, Tata Consultancy Services 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | galaxy_info: 17 | author: rcbops 18 | description: Installation and setup of Designate 19 | company: OpenStack 20 | license: Apache2 21 | role_name: os_designate 22 | namespace: openstack 23 | min_ansible_version: "2.10" 24 | platforms: 25 | - name: Debian 26 | versions: 27 | - bullseye 28 | - name: Ubuntu 29 | versions: 30 | - focal 31 | - jammy 32 | - name: EL 33 | versions: 34 | - "9" 35 | galaxy_tags: 36 | - cloud 37 | - python 38 | - designate 39 | - development 40 | - openstack 41 | dependencies: 42 | - role: apt_package_pinning 43 | when: 44 | - ansible_facts['pkg_mgr'] == 'apt' 45 | -------------------------------------------------------------------------------- /releasenotes/notes/oslo-messaging-separate-backends-87f2d1a15c202f73.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - Support separate oslo.messaging services for RPC and Notifications 4 | to enable operation of separate and different messaging backend 5 | servers in designate. 6 | deprecations: 7 | - | 8 | The rabbitmq server parameters have been replaced by corresponding 9 | oslo.messaging RPC and Notify parameters in order to abstract the 10 | messaging service from the actual backend server deployment. 11 | - designate_oslomsg_rpc_servers replaces designate_rabbitmq_servers 12 | - designate_oslomsg_rpc_port replaces designate_rabbitmq_port 13 | - designate_oslomsg_rpc_use_ssl replaces designate_rabbitmq_use_ssl 14 | - designate_oslomsg_rpc_userid replaces designate_rabbitmq_userid 15 | - designate_oslomsg_rpc_vhost replaces designate_rabbitmq_vhost 16 | - designate_oslomsg_notify_servers replaces designate_rabbitmq_telemetry_servers 17 | - designate_oslomsg_notify_port replaces designate_rabbitmq_telemetry_port 18 | - designate_oslomsg_notify_use_ssl replaces designate_rabbitmq_telemetry_use_ssl 19 | - designate_oslomsg_notify_userid replaces designate_rabbitmq_telemetry_userid 20 | - designate_oslomsg_notify_vhost replaces designate_rabbitmq_telemetry_vhost 21 | - designate_oslomsg_notify_password replaces designate_rabbitmq_telemetry_password 22 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Add patterns in here to exclude files created by tools integrated with this 2 | # repository, such as test frameworks from the project's recommended workflow, 3 | # rendered documentation and package builds. 4 | # 5 | # Don't add patterns to exclude files created by preferred personal tools 6 | # (editors, IDEs, your operating system itself even). These should instead be 7 | # maintained outside the repository, for example in a ~/.gitignore file added 8 | # with: 9 | # 10 | # git config --global core.excludesfile '~/.gitignore' 11 | 12 | # Compiled source # 13 | ################### 14 | *.com 15 | *.class 16 | *.dll 17 | *.exe 18 | *.o 19 | *.so 20 | *.pyc 21 | build/ 22 | dist/ 23 | doc/build/ 24 | 25 | # Packages # 26 | ############ 27 | # it's better to unpack these files and commit the raw source 28 | # git has its own built in compression methods 29 | *.7z 30 | *.dmg 31 | *.gz 32 | *.iso 33 | *.jar 34 | *.rar 35 | *.tar 36 | *.zip 37 | 38 | # Logs and databases # 39 | ###################### 40 | *.log 41 | *.sql 42 | *.sqlite 43 | logs/* 44 | 45 | # OS generated files # 46 | ###################### 47 | ._* 48 | .tox 49 | *.egg-info 50 | .eggs 51 | .ansible 52 | 53 | # Generated by pbr while building docs 54 | ###################################### 55 | AUTHORS 56 | ChangeLog 57 | 58 | # Files created by releasenotes build 59 | releasenotes/build 60 | 61 | # Test temp files 62 | tests/common 63 | tests/*.retry 64 | 65 | # Vagrant artifacts 66 | .vagrant 67 | 68 | # Git clones 69 | openstack-ansible-ops 70 | previous 71 | -------------------------------------------------------------------------------- /releasenotes/notes/designate_init_time_settings-6efb66b0d17d4c04.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - For the ``os_designate`` role, the systemd unit ``TimeoutSec`` value which 4 | controls the time between sending a SIGTERM signal and a SIGKILL signal 5 | when stopping or restarting the service has been reduced from 300 seconds 6 | to 120 seconds. This provides 2 minutes for long-lived sessions to drain 7 | while preventing new ones from starting before a restart or a stop. The 8 | ``RestartSec`` value which controls the time between the service stop and 9 | start when restarting has been reduced from 150 seconds to 2 seconds to 10 | make the restart happen faster. These values can be adjusted by using the 11 | ``designate_*_init_config_overrides`` variables which use the 12 | ``config_template`` task to change template defaults. 13 | upgrade: 14 | - For the ``os_designate`` role, the systemd unit ``TimeoutSec`` value which 15 | controls the time between sending a SIGTERM signal and a SIGKILL signal 16 | when stopping or restarting the service has been reduced from 300 seconds 17 | to 120 seconds. This provides 2 minutes for long-lived sessions to drain 18 | while preventing new ones from starting before a restart or a stop. The 19 | ``RestartSec`` value which controls the time between the service stop and 20 | start when restarting has been reduced from 150 seconds to 2 seconds to 21 | make the restart happen faster. These values can be adjusted by using the 22 | ``designate_*_init_config_overrides`` variables which use the 23 | ``config_template`` task to change template defaults. 24 | -------------------------------------------------------------------------------- /tox.ini: -------------------------------------------------------------------------------- 1 | [tox] 2 | minversion = 4.6.0 3 | skipsdist = True 4 | envlist = docs 5 | 6 | [testenv] 7 | usedevelop = False 8 | install_command = 9 | pip install -c{env:TOX_CONSTRAINTS_FILE:https://releases.openstack.org/constraints/upper/master} {opts} {packages} 10 | commands = 11 | /usr/bin/find . -type f -name "*.pyc" -delete 12 | passenv = 13 | COMMON_TESTS_PATH 14 | HOME 15 | http_proxy 16 | HTTP_PROXY 17 | https_proxy 18 | HTTPS_PROXY 19 | no_proxy 20 | NO_PROXY 21 | TESTING_BRANCH 22 | TESTING_HOME 23 | USER 24 | allowlist_externals = 25 | bash 26 | setenv = 27 | PYTHONUNBUFFERED=1 28 | ROLE_NAME=os_designate 29 | TEST_IDEMPOTENCE=false 30 | VIRTUAL_ENV={envdir} 31 | WORKING_DIR={toxinidir} 32 | 33 | [testenv:docs] 34 | deps = 35 | -c{env:TOX_CONSTRAINTS_FILE:https://releases.openstack.org/constraints/upper/master} 36 | -r{toxinidir}/doc/requirements.txt 37 | commands = 38 | bash -c "rm -rf doc/build" 39 | doc8 doc 40 | sphinx-build -W --keep-going -b html doc/source doc/build/html 41 | 42 | [testenv:pdf-docs] 43 | deps = {[testenv:docs]deps} 44 | allowlist_externals = 45 | make 46 | commands = 47 | sphinx-build -W --keep-going -b latex doc/source doc/build/pdf 48 | make -C doc/build/pdf 49 | 50 | [doc8] 51 | # Settings for doc8: 52 | extensions = .rst 53 | 54 | [testenv:releasenotes] 55 | deps = {[testenv:docs]deps} 56 | commands = 57 | sphinx-build -a -E -W -d releasenotes/build/doctrees --keep-going -b html releasenotes/source releasenotes/build/html 58 | 59 | # environment used by the -infra templated docs job 60 | [testenv:venv] 61 | commands = 62 | {posargs} 63 | -------------------------------------------------------------------------------- /handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2016, Tata Consultancy Services 3 | # Copyright 2015, Rackspace US, Inc. 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | - name: Stop services 18 | ansible.builtin.systemd: 19 | name: "{{ item.service_name }}" 20 | state: "stopped" 21 | with_items: "{{ filtered_designate_services }}" 22 | register: _stop 23 | until: _stop is success 24 | retries: 5 25 | delay: 2 26 | listen: 27 | - "Restart designate services" 28 | - "venv changed" 29 | - "systemd service changed" 30 | - "cert installed" 31 | 32 | - name: Perform Designate pools update 33 | ansible.builtin.command: "{{ designate_bin }}/designate-manage pool update --file /etc/designate/pools.yaml" 34 | become: true 35 | become_user: "{{ designate_system_user_name }}" 36 | changed_when: false 37 | when: designate_pools_yaml is defined 38 | 39 | - name: Start services 40 | ansible.builtin.systemd: 41 | name: "{{ item.service_name }}" 42 | state: "started" 43 | with_items: "{{ filtered_designate_services }}" 44 | register: _start 45 | until: _start is success 46 | retries: 5 47 | delay: 2 48 | listen: 49 | - "Restart designate services" 50 | - "venv changed" 51 | - "systemd service changed" 52 | - "cert installed" 53 | -------------------------------------------------------------------------------- /tests/ansible-role-requirements.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: apt_package_pinning 3 | src: https://opendev.org/openstack/openstack-ansible-apt_package_pinning 4 | scm: git 5 | version: master 6 | - name: memcached_server 7 | src: https://opendev.org/openstack/openstack-ansible-memcached_server 8 | scm: git 9 | version: master 10 | - name: openstack_hosts 11 | src: https://opendev.org/openstack/openstack-ansible-openstack_hosts 12 | scm: git 13 | version: master 14 | - name: lxc_hosts 15 | src: https://opendev.org/openstack/openstack-ansible-lxc_hosts 16 | scm: git 17 | version: master 18 | - name: lxc_container_create 19 | src: https://opendev.org/openstack/openstack-ansible-lxc_container_create 20 | scm: git 21 | version: master 22 | - name: galera_client 23 | src: https://opendev.org/openstack/openstack-ansible-galera_client 24 | scm: git 25 | version: master 26 | - name: galera_server 27 | src: https://opendev.org/openstack/openstack-ansible-galera_server 28 | scm: git 29 | version: master 30 | - name: rabbitmq_server 31 | src: https://opendev.org/openstack/openstack-ansible-rabbitmq_server 32 | scm: git 33 | version: master 34 | - name: os_keystone 35 | src: https://opendev.org/openstack/openstack-ansible-os_keystone 36 | scm: git 37 | version: master 38 | - name: openstack_openrc 39 | src: https://opendev.org/openstack/openstack-ansible-openstack_openrc 40 | scm: git 41 | version: master 42 | - name: os_tempest 43 | src: https://opendev.org/openstack/openstack-ansible-os_tempest 44 | scm: git 45 | version: master 46 | - name: systemd_service 47 | src: https://opendev.org/openstack/ansible-role-systemd_service 48 | scm: git 49 | version: master 50 | - name: python_venv_build 51 | src: https://opendev.org/openstack/ansible-role-python_venv_build 52 | scm: git 53 | version: master 54 | -------------------------------------------------------------------------------- /bindep.txt: -------------------------------------------------------------------------------- 1 | # This file facilitates OpenStack-CI package installation 2 | # before the execution of any tests. 3 | # 4 | # See the following for details: 5 | # - https://docs.openstack.org/infra/bindep/ 6 | # - https://opendev.org/openstack-infra/bindep 7 | # 8 | # Even if the role does not make use of this facility, it 9 | # is better to have this file empty, otherwise OpenStack-CI 10 | # will fall back to installing its default packages which 11 | # will potentially be detrimental to the tests executed. 12 | # 13 | # Note: 14 | # This file is maintained in the openstack-ansible-tests repository. 15 | # https://opendev.org/openstack/openstack-ansible-tests/src/bindep.txt 16 | # If you need to remove or add extra dependencies, you should modify 17 | # the central file instead and once your change is accepted then update 18 | # this file as well. The purpose of this file is to ensure that Python and 19 | # Ansible have all their necessary binary requirements on the test host before 20 | # tox executes. Any binary requirements needed by services/roles should be 21 | # installed by those roles in their applicable package install tasks, not through 22 | # using this file. 23 | # 24 | 25 | # The gcc compiler 26 | gcc 27 | 28 | # Base requirements for Ubuntu 29 | git-core [platform:dpkg] 30 | libssl-dev [platform:dpkg] 31 | libffi-dev [platform:dpkg] 32 | python3 [platform:dpkg] 33 | python3-apt [platform:dpkg] 34 | python3-dev [platform:dpkg] 35 | 36 | # Base requirements for RPM distros 37 | gcc-c++ [platform:rpm] 38 | git [platform:rpm] 39 | libffi-devel [platform:rpm] 40 | openssl-devel [platform:rpm] 41 | python3-dnf [platform:fedora] 42 | python3-devel [platform:rpm] 43 | 44 | # For SELinux 45 | libselinux-python3 [platform:redhat] 46 | libsemanage-python3 [platform:redhat] 47 | iptables [platform:redhat] 48 | -------------------------------------------------------------------------------- /tests/os_designate-overrides.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2016, Rackspace US, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | 17 | designate_developer_mode: true 18 | designate_service_password: "secrete" 19 | designate_galera_password: "SuperSecrete" 20 | designate_oslomsg_rpc_password: "secrete" 21 | designate_pools_yaml: 22 | - name: "default" 23 | description: Default BIND9 Pool 24 | attributes: {} 25 | ns_records: 26 | - hostname: ns1.example.org. 27 | priority: 1 28 | nameservers: 29 | - host: 127.0.0.1 30 | port: 53 31 | targets: 32 | - type: bind9 33 | description: BIND9 Server 34 | masters: 35 | - host: 127.0.0.1 36 | port: 5354 37 | options: 38 | host: 127.0.0.1 39 | port: 53 40 | rndc_host: 127.0.0.1 41 | rndc_port: 953 42 | rndc_key_file: /etc/rndc.key 43 | designate_rndc_keys: 44 | - name: "rndc-key" 45 | file: /etc/rndc.key 46 | algorithm: "hmac-md5" 47 | secret: 'DTngw5O8I5Axx631GjQ9pA==' 48 | mode: "0644" 49 | 50 | tempest_run: yes 51 | 52 | tempest_plugins: 53 | - name: designate-tempest-plugin 54 | repo: https://opendev.org/openstack/designate-tempest-plugin 55 | branch: master 56 | 57 | tempest_test_whitelist: 58 | - designate_tempest_plugin.tests.scenario.v2.test_zones 59 | -------------------------------------------------------------------------------- /tests/templates/named.conf.j2: -------------------------------------------------------------------------------- 1 | # 2 | # {{ ansible_managed }} 3 | # 4 | options { 5 | {% if ansible_pkg_mgr == 'apt' %} 6 | directory "/var/cache/bind"; 7 | {% elif ansible_pkg_mgr == 'dnf' %} 8 | directory "/var/named"; 9 | {% endif %} 10 | 11 | // If there is a firewall between you and nameservers you want 12 | // to talk to, you may need to fix the firewall to allow multiple 13 | // ports to talk. See http://www.kb.cert.org/vuls/id/800113 14 | 15 | // If your ISP provided one or more IP addresses for stable 16 | // nameservers, you probably want to use them as forwarders. 17 | // Uncomment the following block, and insert the addresses replacing 18 | // the all-0's placeholder. 19 | 20 | // forwarders { 21 | // 0.0.0.0; 22 | // }; 23 | 24 | //======================================================================== 25 | // If BIND logs error messages about the root key being expired, 26 | // you will need to update your keys. See https://www.isc.org/bind-keys 27 | //======================================================================== 28 | dnssec-validation auto; 29 | 30 | auth-nxdomain no; # conform to RFC1035 31 | listen-on-v6 { any; }; 32 | allow-new-zones yes; 33 | request-ixfr no; 34 | recursion no; 35 | }; 36 | 37 | {% if designate_rndc_keys is defined %} 38 | include "/etc/rndc.key"; 39 | 40 | controls { 41 | inet 127.0.0.1 allow { localhost; } keys { "rndc-key"; }; 42 | }; 43 | {% endif %} 44 | 45 | {% if ansible_pkg_mgr == 'dnf' %} 46 | logging { 47 | channel default_debug { 48 | file "data/named.run"; 49 | severity dynamic; 50 | }; 51 | }; 52 | 53 | zone "." IN { 54 | type hint; 55 | file "named.ca"; 56 | }; 57 | 58 | include "/etc/named.rfc1912.zones"; 59 | include "/etc/named.root.key"; 60 | {% endif %} 61 | -------------------------------------------------------------------------------- /tasks/designate_pre_install.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2016, Tata Consultancy Services 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | - name: Create the system group 17 | ansible.builtin.group: 18 | name: "{{ designate_system_group_name }}" 19 | state: "present" 20 | system: "yes" 21 | 22 | - name: Create the designate system user 23 | ansible.builtin.user: 24 | name: "{{ designate_system_user_name }}" 25 | group: "{{ designate_system_group_name }}" 26 | comment: "{{ designate_system_comment }}" 27 | shell: "{{ designate_system_shell }}" 28 | system: "yes" 29 | createhome: "yes" 30 | home: "{{ designate_system_user_home }}" 31 | 32 | - name: Create designate dir 33 | ansible.builtin.file: 34 | path: "{{ item.path }}" 35 | state: directory 36 | owner: "{{ item.owner | default(designate_system_user_name) }}" 37 | group: "{{ item.group | default(designate_system_group_name) }}" 38 | mode: "{{ item.mode | default('0755') }}" 39 | with_items: 40 | - { path: "/openstack/venvs", mode: "0755", owner: "root", group: "root" } 41 | - { path: "/etc/designate" } 42 | - { path: "/etc/designate/rootwrap.d", owner: "root", group: "root" } 43 | - { path: "/etc/sudoers.d", mode: "0750", owner: "root", group: "root" } 44 | - { path: "{{ designate_system_user_home }}" } 45 | - { path: "{{ designate_system_user_home }}/.ssh", mode: "0700" } 46 | - { path: "/var/cache/designate", mode: "0700" } 47 | 48 | - name: Drop sudoers file 49 | ansible.builtin.template: 50 | src: "sudoers.j2" 51 | dest: "/etc/sudoers.d/{{ designate_system_user_name }}_sudoers" 52 | mode: "0440" 53 | owner: "root" 54 | group: "root" 55 | -------------------------------------------------------------------------------- /tests/test-install-designate.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2016, Rackspace US, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | - name: Playbook for deploying designate 17 | hosts: designate_all 18 | remote_user: root 19 | gather_facts: true 20 | vars: 21 | named_config_file: "{{ (ansible_facts['pkg_mgr'] == 'apt') | ternary('/etc/bind/named.conf.options','/etc/named.conf') }}" 22 | bind_package_name: "{{ (ansible_facts['pkg_mgr'] == 'apt') | ternary('bind9','bind') }}" 23 | bind_service_name: "{{ (ansible_facts['pkg_mgr'] == 'apt') | ternary('bind9','named') }}" 24 | bind_service_state: "{{ (ansible_facts['pkg_mgr'] == 'apt') | ternary('restarted','started') }}" 25 | vars_files: 26 | - common/test-vars.yml 27 | pre_tasks: 28 | - name: Install bind9 29 | package: 30 | name: "{{ bind_package_name }}" 31 | state: present 32 | 33 | - name: Drop bind configuration 34 | template: 35 | src: "named.conf.j2" 36 | dest: "{{ named_config_file }}" 37 | 38 | - name: fix perms for named directory (centos) 39 | file: 40 | mode: '0770' 41 | state: directory 42 | path: '/var/named/' 43 | owner: 'root' 44 | group: 'named' 45 | when: 46 | - ansible_facts['pkg_mgr'] == 'dnf' 47 | 48 | - name: Restart bind9 49 | service: 50 | name: "{{ bind_service_name }}" 51 | state: "{{ bind_service_state }}" 52 | roles: 53 | - role: "os_designate" 54 | post_tasks: 55 | - name: Restart bind9, for test purposes the designate role drops a common rndc key to both bind and designate 56 | service: 57 | name: "{{ bind_service_name }}" 58 | state: restarted 59 | -------------------------------------------------------------------------------- /tasks/designate_install.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2016, Tata Consultancy Services 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | - name: Record the installation method 17 | community.general.ini_file: 18 | dest: "/etc/ansible/facts.d/openstack_ansible.fact" 19 | section: "designate" 20 | option: "install_method" 21 | value: "{{ designate_install_method }}" 22 | mode: "0644" 23 | 24 | - name: Refresh local facts to ensure the designate section is present 25 | ansible.builtin.setup: 26 | filter: ansible_local 27 | gather_subset: "!all" 28 | 29 | - name: Install designate distro packages 30 | ansible.builtin.package: 31 | name: "{{ designate_package_list }}" 32 | state: "{{ designate_package_state }}" 33 | update_cache: "{{ (ansible_facts['pkg_mgr'] == 'apt') | ternary('yes', omit) }}" 34 | cache_valid_time: "{{ (ansible_facts['pkg_mgr'] == 'apt') | ternary(cache_timeout, omit) }}" 35 | register: install_packages 36 | until: install_packages is success 37 | retries: 5 38 | delay: 2 39 | 40 | - name: Install the python venv 41 | ansible.builtin.include_role: 42 | name: "python_venv_build" 43 | vars: 44 | venv_python_executable: "{{ designate_venv_python_executable }}" 45 | venv_build_constraints: "{{ designate_git_constraints }}" 46 | venv_build_distro_package_list: "{{ designate_devel_distro_packages }}" 47 | venv_install_destination_path: "{{ designate_bin | dirname }}" 48 | venv_pip_install_args: "{{ designate_pip_install_args }}" 49 | venv_pip_packages: "{{ designate_pip_packages | union(designate_user_pip_packages) }}" 50 | venv_facts_when_changed: 51 | - section: "designate" 52 | option: "venv_tag" 53 | value: "{{ designate_venv_tag }}" 54 | when: designate_install_method == 'source' 55 | -------------------------------------------------------------------------------- /templates/api-paste.ini.j2: -------------------------------------------------------------------------------- 1 | [composite:osapi_dns] 2 | use = egg:Paste#urlmap 3 | /: osapi_dns_versions 4 | /v2: osapi_dns_v2 5 | /admin: osapi_dns_admin 6 | 7 | [composite:osapi_dns_versions] 8 | use = call:designate.api.middleware:auth_pipeline_factory 9 | noauth = http_proxy_to_wsgi cors maintenance faultwrapper osapi_dns_app_versions 10 | keystone = http_proxy_to_wsgi cors maintenance faultwrapper osapi_dns_app_versions 11 | 12 | [app:osapi_dns_app_versions] 13 | paste.app_factory = designate.api.versions:factory 14 | 15 | 16 | [composite:osapi_dns_v2] 17 | use = call:designate.api.middleware:auth_pipeline_factory 18 | noauth = http_proxy_to_wsgi cors request_id faultwrapper validation_API_v2 noauthcontext maintenance normalizeuri osapi_dns_app_v2 19 | keystone = http_proxy_to_wsgi cors request_id faultwrapper validation_API_v2 authtoken keystonecontext maintenance normalizeuri osapi_dns_app_v2 20 | 21 | [app:osapi_dns_app_v2] 22 | paste.app_factory = designate.api.v2:factory 23 | 24 | [composite:osapi_dns_admin] 25 | use = call:designate.api.middleware:auth_pipeline_factory 26 | noauth = http_proxy_to_wsgi cors request_id faultwrapper noauthcontext maintenance normalizeuri osapi_dns_app_admin 27 | keystone = http_proxy_to_wsgi cors request_id faultwrapper authtoken keystonecontext maintenance normalizeuri osapi_dns_app_admin 28 | 29 | [app:osapi_dns_app_admin] 30 | paste.app_factory = designate.api.admin:factory 31 | 32 | [filter:cors] 33 | paste.filter_factory = oslo_middleware.cors:filter_factory 34 | oslo_config_project = designate 35 | 36 | [filter:request_id] 37 | paste.filter_factory = oslo_middleware:RequestId.factory 38 | 39 | [filter:http_proxy_to_wsgi] 40 | paste.filter_factory = oslo_middleware:HTTPProxyToWSGI.factory 41 | 42 | [filter:noauthcontext] 43 | paste.filter_factory = designate.api.middleware:NoAuthContextMiddleware.factory 44 | 45 | [filter:authtoken] 46 | paste.filter_factory = keystonemiddleware.auth_token:filter_factory 47 | 48 | [filter:keystonecontext] 49 | paste.filter_factory = designate.api.middleware:KeystoneContextMiddleware.factory 50 | 51 | [filter:maintenance] 52 | paste.filter_factory = designate.api.middleware:MaintenanceMiddleware.factory 53 | 54 | [filter:normalizeuri] 55 | paste.filter_factory = designate.api.middleware:NormalizeURIMiddleware.factory 56 | 57 | [filter:faultwrapper] 58 | paste.filter_factory = designate.api.middleware:FaultWrapperMiddleware.factory 59 | 60 | [filter:validation_API_v2] 61 | paste.filter_factory = designate.api.middleware:APIv2ValidationErrorMiddleware.factory 62 | -------------------------------------------------------------------------------- /doc/source/index.rst: -------------------------------------------------------------------------------- 1 | ==================================== 2 | Designate role for OpenStack-Ansible 3 | ==================================== 4 | 5 | This Ansible role installs and configures OpenStack Designate. 6 | 7 | This role will install the following services: 8 | * designate-api 9 | * designate-central 10 | * designate-worker 11 | * designate-producer 12 | * designate-mdns 13 | * designate-sink 14 | 15 | The DNS servers Designate will interface with can be defined in the 16 | ``designate_pools_yaml`` variable. This is eventually written to the Designate 17 | `pools.yaml `_ 18 | file. 19 | 20 | To clone or view the source code for this repository, visit the role repository 21 | for `os_designate `_. 22 | 23 | Default variables 24 | ~~~~~~~~~~~~~~~~~ 25 | 26 | .. literalinclude:: ../../defaults/main.yml 27 | :language: yaml 28 | :start-after: under the License. 29 | 30 | Adding The Service to Your OpenStack-Ansible Deployment 31 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 32 | 33 | To add a new service to your OpenStack-Ansible (OSA) deployment: 34 | 35 | * Define ``designate_pools_yaml`` variable as described above. 36 | 37 | * Define ``dnsaas_hosts`` in your ``conf.d`` or ``openstack_user_config.yml``. 38 | For example: 39 | 40 | .. code-block:: yaml 41 | 42 | dnsaas_hosts: 43 | infra1: 44 | ip: 172.20.236.111 45 | infra2: 46 | ip: 172.20.236.112 47 | infra3: 48 | ip: 172.20.236.113 49 | 50 | * Create respective LXC containers (skip this step for metal deployments): 51 | 52 | .. code-block:: console 53 | 54 | openstack-ansible openstack.osa.containers_lxc_create --limit designate_all,dnsaas_hosts 55 | 56 | * Run service deployment playbook: 57 | 58 | .. code-block:: console 59 | 60 | openstack-ansible openstack.osa.designate 61 | 62 | For more information, please refer to the `OpenStack-Ansible project documentation `_. 63 | 64 | Always verify that the integration is successful and that the service behaves 65 | correctly before using it in a production environment. 66 | 67 | Dependencies 68 | ~~~~~~~~~~~~ 69 | 70 | This role needs the following variables defined: 71 | 72 | .. code-block:: yaml 73 | 74 | designate_galera_address 75 | designate_galera_password 76 | designate_service_password 77 | designate_oslomsg_rpc_password 78 | designate_oslomsg_notify_password 79 | 80 | Example playbook 81 | ~~~~~~~~~~~~~~~~ 82 | 83 | .. literalinclude:: ../../examples/playbook.yml 84 | :language: yaml 85 | 86 | Tags 87 | ~~~~ 88 | 89 | This role supports two tags: ``designate-install`` and ``designate-config``. 90 | The ``designate-install`` tag can be used to install and upgrade. The 91 | ``designate-config`` tag can be used to maintain configuration of the service. 92 | -------------------------------------------------------------------------------- /vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2018, Rackspace US, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | _designate_is_first_play_host: >- 17 | {{ 18 | (designate_services['designate-api']['group'] in group_names and 19 | inventory_hostname == (groups[designate_services['designate-api']['group']] | select('in', ansible_play_hosts)) | first) | bool 20 | }} 21 | 22 | _designate_is_last_play_host: >- 23 | {{ 24 | (designate_services['designate-api']['group'] in group_names and 25 | inventory_hostname == (groups[designate_services['designate-api']['group']] | select('in', ansible_play_hosts)) | last) | bool 26 | }} 27 | 28 | _designate_oslomsg_rpc_vhost_conf: >- 29 | {{ 30 | (designate_oslomsg_rpc_vhost is string) | ternary( 31 | designate_oslomsg_rpc_vhost, designate_oslomsg_rpc_vhost | selectattr('state', 'eq', 'present') | map(attribute='name') | first) 32 | }} 33 | 34 | _designate_oslomsg_notify_vhost_conf: >- 35 | {{ 36 | (designate_oslomsg_notify_vhost is string) | ternary( 37 | designate_oslomsg_notify_vhost, designate_oslomsg_notify_vhost | selectattr('state', 'eq', 'present') | map(attribute='name') | first) 38 | }} 39 | 40 | # 41 | # Compile a list of the services on a host based on whether 42 | # the host is in the host group and the service is enabled. 43 | # The service list is provided in the defined start order. 44 | # 45 | filtered_designate_services: |- 46 | {% set services = [] %} 47 | {% for key, value in designate_services.items() %} 48 | {% if (value['group'] in group_names) and 49 | (('condition' not in value) or 50 | ('condition' in value and value['condition'])) %} 51 | {% set _ = value.update( 52 | { 53 | 'service_key': key, 54 | 'enabled': value['enabled'] | default(True), 55 | 'state': value['state'] | default('started'), 56 | 'config_overrides': value.init_config_overrides 57 | } 58 | ) 59 | %} 60 | {% set _ = value.pop('init_config_overrides') -%} 61 | {% set _ = services.append(value) %} 62 | {% endif %} 63 | {% endfor %} 64 | {{ services | sort(attribute='start_order') }} 65 | 66 | _designate_coordination_url: >- 67 | {{ designate_coordination_driver }}://{{ 68 | groups[designate_coordination_group] 69 | | map('extract', hostvars, 'ansible_host') 70 | | list | join(':' ~ designate_coordination_port ~ ',') 71 | }}:{{ designate_coordination_port }}?namespace={{ designate_coordination_namespace -}} 72 | {%- if designate_coordination_client_ssl | bool %}&use_ssl=True&verify_certs={{ designate_coordination_verify_cert | bool }}{% endif %} 73 | -------------------------------------------------------------------------------- /tasks/designate_post_install.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2016, Tata Consultancy Services 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | - name: Get project id for managed resources 17 | delegate_to: "{{ designate_service_setup_host }}" 18 | vars: 19 | ansible_python_interpreter: "{{ designate_service_setup_host_python_interpreter }}" 20 | openstack.cloud.project_info: 21 | cloud: default 22 | name: "{{ designate_managed_resource_project_name }}" 23 | interface: internal 24 | validate_certs: "{{ not (keystone_service_internaluri_insecure | bool) }}" 25 | register: _get_managed_resource_project 26 | until: _get_managed_resource_project is success 27 | retries: 5 28 | delay: 15 29 | 30 | - name: Store project id for managed resources 31 | ansible.builtin.set_fact: 32 | designate_managed_resource_tenant_id: "{{ _get_managed_resource_project.projects[0].id }}" 33 | 34 | - name: Copy designate config 35 | openstack.config_template.config_template: 36 | src: "{{ item.src }}" 37 | dest: "{{ item.dest }}" 38 | owner: "{{ item.owner | default(designate_system_user_name) }}" 39 | group: "{{ item.group | default(designate_system_group_name) }}" 40 | mode: "0644" 41 | config_overrides: "{{ item.config_overrides }}" 42 | config_type: "{{ item.config_type }}" 43 | with_items: 44 | - src: "designate.conf.j2" 45 | dest: "/etc/designate/designate.conf" 46 | config_overrides: "{{ designate_designate_conf_overrides }}" 47 | config_type: "ini" 48 | - src: "api-paste.ini.j2" 49 | dest: "/etc/designate/api-paste.ini" 50 | config_overrides: "{{ designate_api_paste_ini_overrides }}" 51 | config_type: "ini" 52 | - src: "rootwrap.conf.j2" 53 | dest: "/etc/designate/rootwrap.conf" 54 | owner: "root" 55 | group: "root" 56 | config_overrides: "{{ designate_rootwrap_conf_overrides }}" 57 | config_type: "ini" 58 | notify: Restart designate services 59 | 60 | - name: Implement policy.yaml if there are overrides configured 61 | openstack.config_template.config_template: 62 | content: "{{ designate_policy_overrides }}" 63 | dest: "/etc/designate/policy.yaml" 64 | owner: "{{ designate_system_user_name }}" 65 | group: "{{ designate_system_group_name }}" 66 | mode: "0644" 67 | config_type: yaml 68 | when: 69 | - designate_policy_overrides | length > 0 70 | tags: 71 | - designate-policy-override 72 | 73 | - name: Remove legacy policy.yaml file 74 | ansible.builtin.file: 75 | path: "/etc/designate/policy.yaml" 76 | state: absent 77 | when: 78 | - designate_policy_overrides | length == 0 79 | tags: 80 | - designate-policy-override 81 | 82 | - name: Create Designate rndc key file 83 | ansible.builtin.template: 84 | src: rndc.key.j2 85 | dest: "{{ item.file }}" 86 | owner: "{{ item.owner | default('root') }}" 87 | group: "{{ item.group | default('root') }}" 88 | mode: "{{ item.mode | default('0600') }}" 89 | with_items: "{{ designate_rndc_keys }}" 90 | when: designate_rndc_keys is defined 91 | 92 | - name: Copy rootwrap filters 93 | ansible.builtin.copy: 94 | src: "{{ item }}" 95 | dest: "/etc/designate/rootwrap.d/" 96 | owner: "root" 97 | group: "root" 98 | mode: "0644" 99 | with_fileglob: 100 | - rootwrap.d/* 101 | notify: Restart designate services 102 | -------------------------------------------------------------------------------- /doc/Makefile: -------------------------------------------------------------------------------- 1 | # Makefile for Sphinx documentation 2 | # 3 | 4 | # You can set these variables from the command line. 5 | SPHINXOPTS = 6 | SPHINXBUILD = sphinx-build 7 | PAPER = 8 | BUILDDIR = build 9 | 10 | # User-friendly check for sphinx-build 11 | ifeq ($(shell which $(SPHINXBUILD) >/dev/null 2>&1; echo $$?), 1) 12 | $(error The '$(SPHINXBUILD)' command was not found. Make sure you have Sphinx installed, then set the SPHINXBUILD environment variable to point to the full path of the '$(SPHINXBUILD)' executable. Alternatively you can add the directory with the executable to your PATH. If you don't have Sphinx installed, grab it from http://sphinx-doc.org/) 13 | endif 14 | 15 | # Internal variables. 16 | PAPEROPT_a4 = -D latex_paper_size=a4 17 | PAPEROPT_letter = -D latex_paper_size=letter 18 | ALLSPHINXOPTS = -d $(BUILDDIR)/doctrees $(PAPEROPT_$(PAPER)) $(SPHINXOPTS) source 19 | # the i18n builder cannot share the environment and doctrees with the others 20 | I18NSPHINXOPTS = $(PAPEROPT_$(PAPER)) $(SPHINXOPTS) source 21 | 22 | .PHONY: help clean html dirhtml singlehtml pickle json htmlhelp qthelp devhelp epub latex latexpdf text man changes linkcheck doctest coverage gettext 23 | 24 | help: 25 | @echo "Please use \`make ' where is one of" 26 | @echo " html to make standalone HTML files" 27 | @echo " dirhtml to make HTML files named index.html in directories" 28 | @echo " singlehtml to make a single large HTML file" 29 | @echo " pickle to make pickle files" 30 | @echo " json to make JSON files" 31 | @echo " htmlhelp to make HTML files and a HTML help project" 32 | @echo " qthelp to make HTML files and a qthelp project" 33 | @echo " applehelp to make an Apple Help Book" 34 | @echo " devhelp to make HTML files and a Devhelp project" 35 | @echo " epub to make an epub" 36 | @echo " latex to make LaTeX files, you can set PAPER=a4 or PAPER=letter" 37 | @echo " latexpdf to make LaTeX files and run them through pdflatex" 38 | @echo " latexpdfja to make LaTeX files and run them through platex/dvipdfmx" 39 | @echo " text to make text files" 40 | @echo " man to make manual pages" 41 | @echo " texinfo to make Texinfo files" 42 | @echo " info to make Texinfo files and run them through makeinfo" 43 | @echo " gettext to make PO message catalogs" 44 | @echo " changes to make an overview of all changed/added/deprecated items" 45 | @echo " xml to make Docutils-native XML files" 46 | @echo " pseudoxml to make pseudoxml-XML files for display purposes" 47 | @echo " linkcheck to check all external links for integrity" 48 | @echo " doctest to run all doctests embedded in the documentation (if enabled)" 49 | @echo " coverage to run coverage check of the documentation (if enabled)" 50 | 51 | clean: 52 | rm -rf $(BUILDDIR)/* 53 | 54 | html: 55 | $(SPHINXBUILD) -b html $(ALLSPHINXOPTS) $(BUILDDIR)/html 56 | @echo 57 | @echo "Build finished. The HTML pages are in $(BUILDDIR)/html." 58 | 59 | dirhtml: 60 | $(SPHINXBUILD) -b dirhtml $(ALLSPHINXOPTS) $(BUILDDIR)/dirhtml 61 | @echo 62 | @echo "Build finished. The HTML pages are in $(BUILDDIR)/dirhtml." 63 | 64 | singlehtml: 65 | $(SPHINXBUILD) -b singlehtml $(ALLSPHINXOPTS) $(BUILDDIR)/singlehtml 66 | @echo 67 | @echo "Build finished. The HTML page is in $(BUILDDIR)/singlehtml." 68 | 69 | pickle: 70 | $(SPHINXBUILD) -b pickle $(ALLSPHINXOPTS) $(BUILDDIR)/pickle 71 | @echo 72 | @echo "Build finished; now you can process the pickle files." 73 | 74 | json: 75 | $(SPHINXBUILD) -b json $(ALLSPHINXOPTS) $(BUILDDIR)/json 76 | @echo 77 | @echo "Build finished; now you can process the JSON files." 78 | 79 | htmlhelp: 80 | $(SPHINXBUILD) -b htmlhelp $(ALLSPHINXOPTS) $(BUILDDIR)/htmlhelp 81 | @echo 82 | @echo "Build finished; now you can run HTML Help Workshop with the" \ 83 | ".hhp project file in $(BUILDDIR)/htmlhelp." 84 | 85 | qthelp: 86 | $(SPHINXBUILD) -b qthelp $(ALLSPHINXOPTS) $(BUILDDIR)/qthelp 87 | @echo 88 | @echo "Build finished; now you can run "qcollectiongenerator" with the" \ 89 | ".qhcp project file in $(BUILDDIR)/qthelp, like this:" 90 | @echo "# qcollectiongenerator $(BUILDDIR)/qthelp/openstack-ansible-os_designate.qhcp" 91 | @echo "To view the help file:" 92 | @echo "# assistant -collectionFile $(BUILDDIR)/qthelp/openstack-ansible-os_designate.qhc" 93 | 94 | applehelp: 95 | $(SPHINXBUILD) -b applehelp $(ALLSPHINXOPTS) $(BUILDDIR)/applehelp 96 | @echo 97 | @echo "Build finished. The help book is in $(BUILDDIR)/applehelp." 98 | @echo "N.B. You won't be able to view it unless you put it in" \ 99 | "~/Library/Documentation/Help or install it in your application" \ 100 | "bundle." 101 | 102 | devhelp: 103 | $(SPHINXBUILD) -b devhelp $(ALLSPHINXOPTS) $(BUILDDIR)/devhelp 104 | @echo 105 | @echo "Build finished." 106 | @echo "To view the help file:" 107 | @echo "# mkdir -p $$HOME/.local/share/devhelp/openstack-ansible-os_designate" 108 | @echo "# ln -s $(BUILDDIR)/devhelp $$HOME/.local/share/devhelp/openstack-ansible-os_designate" 109 | @echo "# devhelp" 110 | 111 | epub: 112 | $(SPHINXBUILD) -b epub $(ALLSPHINXOPTS) $(BUILDDIR)/epub 113 | @echo 114 | @echo "Build finished. The epub file is in $(BUILDDIR)/epub." 115 | 116 | latex: 117 | $(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex 118 | @echo 119 | @echo "Build finished; the LaTeX files are in $(BUILDDIR)/latex." 120 | @echo "Run \`make' in that directory to run these through (pdf)latex" \ 121 | "(use \`make latexpdf' here to do that automatically)." 122 | 123 | latexpdf: 124 | $(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex 125 | @echo "Running LaTeX files through pdflatex..." 126 | $(MAKE) -C $(BUILDDIR)/latex all-pdf 127 | @echo "pdflatex finished; the PDF files are in $(BUILDDIR)/latex." 128 | 129 | latexpdfja: 130 | $(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex 131 | @echo "Running LaTeX files through platex and dvipdfmx..." 132 | $(MAKE) -C $(BUILDDIR)/latex all-pdf-ja 133 | @echo "pdflatex finished; the PDF files are in $(BUILDDIR)/latex." 134 | 135 | text: 136 | $(SPHINXBUILD) -b text $(ALLSPHINXOPTS) $(BUILDDIR)/text 137 | @echo 138 | @echo "Build finished. The text files are in $(BUILDDIR)/text." 139 | 140 | man: 141 | $(SPHINXBUILD) -b man $(ALLSPHINXOPTS) $(BUILDDIR)/man 142 | @echo 143 | @echo "Build finished. The manual pages are in $(BUILDDIR)/man." 144 | 145 | texinfo: 146 | $(SPHINXBUILD) -b texinfo $(ALLSPHINXOPTS) $(BUILDDIR)/texinfo 147 | @echo 148 | @echo "Build finished. The Texinfo files are in $(BUILDDIR)/texinfo." 149 | @echo "Run \`make' in that directory to run these through makeinfo" \ 150 | "(use \`make info' here to do that automatically)." 151 | 152 | info: 153 | $(SPHINXBUILD) -b texinfo $(ALLSPHINXOPTS) $(BUILDDIR)/texinfo 154 | @echo "Running Texinfo files through makeinfo..." 155 | make -C $(BUILDDIR)/texinfo info 156 | @echo "makeinfo finished; the Info files are in $(BUILDDIR)/texinfo." 157 | 158 | gettext: 159 | $(SPHINXBUILD) -b gettext $(I18NSPHINXOPTS) $(BUILDDIR)/locale 160 | @echo 161 | @echo "Build finished. The message catalogs are in $(BUILDDIR)/locale." 162 | 163 | changes: 164 | $(SPHINXBUILD) -b changes $(ALLSPHINXOPTS) $(BUILDDIR)/changes 165 | @echo 166 | @echo "The overview file is in $(BUILDDIR)/changes." 167 | 168 | linkcheck: 169 | $(SPHINXBUILD) -b linkcheck $(ALLSPHINXOPTS) $(BUILDDIR)/linkcheck 170 | @echo 171 | @echo "Link check complete; look for any errors in the above output " \ 172 | "or in $(BUILDDIR)/linkcheck/output.txt." 173 | 174 | doctest: 175 | $(SPHINXBUILD) -b doctest $(ALLSPHINXOPTS) $(BUILDDIR)/doctest 176 | @echo "Testing of doctests in the sources finished, look at the " \ 177 | "results in $(BUILDDIR)/doctest/output.txt." 178 | 179 | coverage: 180 | $(SPHINXBUILD) -b coverage $(ALLSPHINXOPTS) $(BUILDDIR)/coverage 181 | @echo "Testing of coverage in the sources finished, look at the " \ 182 | "results in $(BUILDDIR)/coverage/python.txt." 183 | 184 | xml: 185 | $(SPHINXBUILD) -b xml $(ALLSPHINXOPTS) $(BUILDDIR)/xml 186 | @echo 187 | @echo "Build finished. The XML files are in $(BUILDDIR)/xml." 188 | 189 | pseudoxml: 190 | $(SPHINXBUILD) -b pseudoxml $(ALLSPHINXOPTS) $(BUILDDIR)/pseudoxml 191 | @echo 192 | @echo "Build finished. The pseudo-XML files are in $(BUILDDIR)/pseudoxml." 193 | 194 | livehtml: html 195 | sphinx-autobuild -b html $(ALLSPHINXOPTS) $(BUILDDIR)/html 196 | -------------------------------------------------------------------------------- /tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2016, Tata Consultancy Services 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | - name: Fail if service was deployed using a different installation method 17 | ansible.builtin.fail: 18 | msg: "Switching installation methods for OpenStack services is not supported" 19 | when: 20 | - ansible_local is defined 21 | - ansible_local.openstack_ansible is defined 22 | - ansible_local.openstack_ansible.designate is defined 23 | - ansible_local.openstack_ansible.designate.install_method is defined 24 | - ansible_local.openstack_ansible.designate.install_method != designate_install_method 25 | 26 | - name: Gather variables for each operating system 27 | ansible.builtin.include_vars: "{{ lookup('first_found', params) }}" 28 | vars: 29 | params: 30 | files: 31 | - "{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_version'] | lower }}.yml" 32 | - "{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml" 33 | - "{{ ansible_facts['os_family'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml" 34 | - "{{ ansible_facts['distribution'] | lower }}.yml" 35 | - "{{ ansible_facts['os_family'] | lower }}.yml" 36 | paths: 37 | - "{{ role_path }}/vars" 38 | tags: 39 | - always 40 | 41 | - name: Gather variables for installation method 42 | ansible.builtin.include_vars: "{{ designate_install_method }}_install.yml" 43 | tags: 44 | - always 45 | 46 | - name: Including osa.db_setup role 47 | ansible.builtin.include_role: 48 | name: openstack.osa.db_setup 49 | apply: 50 | tags: 51 | - common-db 52 | - designate-config 53 | when: 54 | - "_designate_is_first_play_host" 55 | vars: 56 | _oslodb_setup_host: "{{ designate_db_setup_host }}" 57 | _oslodb_ansible_python_interpreter: "{{ designate_db_setup_python_interpreter }}" 58 | _oslodb_setup_endpoint: "{{ designate_galera_address }}" 59 | _oslodb_setup_port: "{{ designate_galera_port }}" 60 | _oslodb_databases: 61 | - name: "{{ designate_galera_database }}" 62 | users: 63 | - username: "{{ designate_galera_user }}" 64 | password: "{{ designate_galera_password }}" 65 | tags: 66 | - always 67 | 68 | - name: Including osa.mq_setup role 69 | ansible.builtin.include_role: 70 | name: openstack.osa.mq_setup 71 | apply: 72 | tags: 73 | - common-mq 74 | - designate-config 75 | when: 76 | - "_designate_is_first_play_host" 77 | vars: 78 | _oslomsg_rpc_setup_host: "{{ designate_oslomsg_rpc_setup_host }}" 79 | _oslomsg_rpc_userid: "{{ designate_oslomsg_rpc_userid }}" 80 | _oslomsg_rpc_password: "{{ designate_oslomsg_rpc_password }}" 81 | _oslomsg_rpc_vhost: "{{ designate_oslomsg_rpc_vhost }}" 82 | _oslomsg_rpc_transport: "{{ designate_oslomsg_rpc_transport }}" 83 | _oslomsg_rpc_policies: "{{ designate_oslomsg_rpc_policies }}" 84 | _oslomsg_notify_setup_host: "{{ designate_oslomsg_notify_setup_host }}" 85 | _oslomsg_notify_userid: "{{ designate_oslomsg_notify_userid }}" 86 | _oslomsg_notify_password: "{{ designate_oslomsg_notify_password }}" 87 | _oslomsg_notify_vhost: "{{ designate_oslomsg_notify_vhost }}" 88 | _oslomsg_notify_transport: "{{ designate_oslomsg_notify_transport }}" 89 | _oslomsg_configure_notify: "{{ designate_ceilometer_enabled | bool }}" 90 | _oslomsg_notify_policies: "{{ designate_oslomsg_notify_policies }}" 91 | _oslomsg_notify_configure: "{{ designate_oslomsg_notify_configure }}" 92 | tags: 93 | - always 94 | 95 | - name: Importing designate_pre_install tasks 96 | ansible.builtin.import_tasks: designate_pre_install.yml 97 | tags: 98 | - designate-install 99 | 100 | - name: Importing designate_install tasks 101 | ansible.builtin.import_tasks: designate_install.yml 102 | tags: 103 | - designate-install 104 | 105 | - name: Create and install SSL certificates 106 | ansible.builtin.include_role: 107 | name: pki 108 | tasks_from: main_certs.yml 109 | apply: 110 | tags: 111 | - designate-config 112 | - pki 113 | vars: 114 | pki_setup_host: "{{ designate_pki_setup_host }}" 115 | pki_dir: "{{ designate_pki_dir }}" 116 | pki_create_certificates: "{{ designate_user_ssl_cert is not defined and designate_user_ssl_key is not defined }}" 117 | pki_regen_cert: "{{ designate_pki_regen_cert }}" 118 | pki_certificates: "{{ designate_pki_certificates }}" 119 | pki_install_certificates: "{{ designate_pki_install_certificates }}" 120 | when: 121 | - designate_backend_ssl 122 | tags: 123 | - always 124 | 125 | - name: Importing designate_post_install tasks 126 | ansible.builtin.import_tasks: designate_post_install.yml 127 | tags: 128 | - designate-install 129 | - designate-config 130 | - post-install 131 | 132 | - name: Including osa.service_setup tasks 133 | ansible.builtin.include_role: 134 | name: openstack.osa.service_setup 135 | apply: 136 | tags: 137 | - common-service 138 | - designate-config 139 | vars: 140 | _service_adminuri_insecure: "{{ keystone_service_adminuri_insecure }}" 141 | _service_in_ldap: "{{ designate_service_in_ldap }}" 142 | _service_setup_host: "{{ designate_service_setup_host }}" 143 | _service_setup_host_python_interpreter: "{{ designate_service_setup_host_python_interpreter }}" 144 | _service_project_name: "{{ designate_service_project_name }}" 145 | _service_region: "{{ designate_service_region }}" 146 | _service_users: 147 | - name: "{{ designate_service_user_name }}" 148 | password: "{{ designate_service_password }}" 149 | role: "{{ designate_service_role_names }}" 150 | _service_endpoints: 151 | - service: "{{ designate_service_name }}" 152 | interface: "public" 153 | url: "{{ designate_service_publicuri }}" 154 | - service: "{{ designate_service_name }}" 155 | interface: "internal" 156 | url: "{{ designate_service_internaluri }}" 157 | - service: "{{ designate_service_name }}" 158 | interface: "admin" 159 | url: "{{ designate_service_adminuri }}" 160 | _service_catalog: 161 | - name: "{{ designate_service_name }}" 162 | type: "{{ designate_service_type }}" 163 | description: "{{ designate_service_description }}" 164 | when: _designate_is_first_play_host 165 | tags: 166 | - always 167 | 168 | - name: Run the systemd service role 169 | ansible.builtin.import_role: 170 | name: systemd_service 171 | vars: 172 | systemd_user_name: "{{ designate_system_user_name }}" 173 | systemd_group_name: "{{ designate_system_group_name }}" 174 | systemd_service_restart_changed: false 175 | systemd_tempd_prefix: openstack 176 | systemd_slice_name: designate 177 | systemd_lock_path: /var/lock/designate 178 | systemd_service_cpu_accounting: true 179 | systemd_service_block_io_accounting: true 180 | systemd_service_memory_accounting: true 181 | systemd_service_tasks_accounting: true 182 | systemd_services: "{{ filtered_designate_services }}" 183 | tags: 184 | - designate-config 185 | - systemd-service 186 | 187 | - name: Flush handlers 188 | ansible.builtin.meta: flush_handlers 189 | - name: Importing designate_db_sync tasks 190 | ansible.builtin.import_tasks: designate_db_sync.yml 191 | when: _designate_is_first_play_host 192 | tags: 193 | - designate-install 194 | 195 | - name: Place Designate pools.yaml file 196 | ansible.builtin.copy: 197 | content: "{{ designate_pools_yaml | to_nice_yaml }}" 198 | dest: "/etc/designate/pools.yaml" 199 | mode: "0640" 200 | owner: "{{ designate_system_user_name }}" 201 | group: "{{ designate_system_group_name }}" 202 | when: 203 | - designate_pools_yaml is defined 204 | - _designate_is_last_play_host 205 | notify: 206 | - Perform Designate pools update 207 | tags: 208 | - designate-config 209 | 210 | - name: Flush handlers 211 | ansible.builtin.meta: flush_handlers 212 | -------------------------------------------------------------------------------- /releasenotes/source/conf.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 12 | # implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | # This file is execfile()d with the current directory set to its 17 | # containing dir. 18 | # 19 | # Note that not all possible configuration values are present in this 20 | # autogenerated file. 21 | # 22 | # All configuration values have a default; values that are commented out 23 | # serve to show the default. 24 | 25 | # If extensions (or modules to document with autodoc) are in another directory, 26 | # add these directories to sys.path here. If the directory is relative to the 27 | # documentation root, use os.path.abspath to make it absolute, like shown here. 28 | # sys.path.insert(0, os.path.abspath('.')) 29 | 30 | # -- General configuration ------------------------------------------------ 31 | 32 | # If your documentation needs a minimal Sphinx version, state it here. 33 | # needs_sphinx = '1.0' 34 | 35 | # Add any Sphinx extension module names here, as strings. They can be 36 | # extensions coming with Sphinx (named 'sphinx.ext.*') or your custom 37 | # ones. 38 | extensions = [ 39 | 'openstackdocstheme', 40 | 'reno.sphinxext', 41 | ] 42 | 43 | # Add any paths that contain templates here, relative to this directory. 44 | templates_path = ['_templates'] 45 | 46 | # The suffix of source filenames. 47 | source_suffix = '.rst' 48 | 49 | # The encoding of source files. 50 | # source_encoding = 'utf-8-sig' 51 | 52 | # The master toctree document. 53 | master_doc = 'index' 54 | 55 | # General information about the project. 56 | author = 'OpenStack-Ansible Contributors' 57 | category = 'Miscellaneous' 58 | copyright = '2014-2016, OpenStack-Ansible Contributors' 59 | description = 'OpenStack-Ansible deploys OpenStack environments using Ansible.' 60 | project = 'OpenStack-Ansible' 61 | role_name = 'os_designate' 62 | target_name = 'openstack-ansible-' + role_name 63 | title = 'OpenStack-Ansible Release Notes: ' + role_name + 'role' 64 | 65 | # Release notes do not need a version number in the title, they 66 | # cover multiple releases. 67 | # The full version, including alpha/beta/rc tags. 68 | release = '' 69 | # The short X.Y version. 70 | version = '' 71 | 72 | # openstackdocstheme options 73 | openstackdocs_repo_name = 'openstack/' + target_name 74 | openstackdocs_bug_project = project.lower() 75 | openstackdocs_bug_tag = '' 76 | 77 | # The language for content autogenerated by Sphinx. Refer to documentation 78 | # for a list of supported languages. 79 | # language = None 80 | 81 | # There are two options for replacing |today|: either, you set today to some 82 | # non-false value, then it is used: 83 | # today = '' 84 | # Else, today_fmt is used as the format for a strftime call. 85 | # today_fmt = '%B %d, %Y' 86 | 87 | # List of patterns, relative to source directory, that match files and 88 | # directories to ignore when looking for source files. 89 | exclude_patterns = [] 90 | 91 | # The reST default role (used for this markup: `text`) to use for all 92 | # documents. 93 | # default_role = None 94 | 95 | # If true, '()' will be appended to :func: etc. cross-reference text. 96 | # add_function_parentheses = True 97 | 98 | # If true, the current module name will be prepended to all description 99 | # unit titles (such as .. function::). 100 | # add_module_names = True 101 | 102 | # If true, sectionauthor and moduleauthor directives will be shown in the 103 | # output. They are ignored by default. 104 | # show_authors = False 105 | 106 | # The name of the Pygments (syntax highlighting) style to use. 107 | pygments_style = 'native' 108 | 109 | # A list of ignored prefixes for module index sorting. 110 | # modindex_common_prefix = [] 111 | 112 | # If true, keep warnings as "system message" paragraphs in the built documents. 113 | # keep_warnings = False 114 | 115 | 116 | # -- Options for HTML output ---------------------------------------------- 117 | 118 | # The theme to use for HTML and HTML Help pages. See the documentation for 119 | # a list of builtin themes. 120 | html_theme = 'openstackdocs' 121 | 122 | # Theme options are theme-specific and customize the look and feel of a theme 123 | # further. For a list of options available for each theme, see the 124 | # documentation. 125 | # html_theme_options = {} 126 | 127 | # Add any paths that contain custom themes here, relative to this directory. 128 | # html_theme_path = [] 129 | 130 | # The name for this set of Sphinx documents. If None, it defaults to 131 | # " v documentation". 132 | # html_title = None 133 | 134 | # A shorter title for the navigation bar. Default is the same as html_title. 135 | # html_short_title = None 136 | 137 | # The name of an image file (relative to this directory) to place at the top 138 | # of the sidebar. 139 | # html_logo = None 140 | 141 | # The name of an image file (within the static path) to use as favicon of the 142 | # docs. This file should be a Windows icon file (.ico) being 16x16 or 32x32 143 | # pixels large. 144 | # html_favicon = None 145 | 146 | # Add any paths that contain custom static files (such as style sheets) here, 147 | # relative to this directory. They are copied after the builtin static files, 148 | # so a file named "default.css" will overwrite the builtin "default.css". 149 | html_static_path = ['_static'] 150 | 151 | # Add any extra paths that contain custom files (such as robots.txt or 152 | # .htaccess) here, relative to this directory. These files are copied 153 | # directly to the root of the documentation. 154 | # html_extra_path = [] 155 | 156 | # If true, SmartyPants will be used to convert quotes and dashes to 157 | # typographically correct entities. 158 | # html_use_smartypants = True 159 | 160 | # Custom sidebar templates, maps document names to template names. 161 | # html_sidebars = {} 162 | 163 | # Additional templates that should be rendered to pages, maps page names to 164 | # template names. 165 | # html_additional_pages = {} 166 | 167 | # If false, no module index is generated. 168 | # html_domain_indices = True 169 | 170 | # If false, no index is generated. 171 | # html_use_index = True 172 | 173 | # If true, the index is split into individual pages for each letter. 174 | # html_split_index = False 175 | 176 | # If true, links to the reST sources are added to the pages. 177 | # html_show_sourcelink = True 178 | 179 | # If true, "Created using Sphinx" is shown in the HTML footer. Default is True. 180 | # html_show_sphinx = True 181 | 182 | # If true, "(C) Copyright ..." is shown in the HTML footer. Default is True. 183 | # html_show_copyright = True 184 | 185 | # If true, an OpenSearch description file will be output, and all pages will 186 | # contain a tag referring to it. The value of this option must be the 187 | # base URL from which the finished HTML is served. 188 | # html_use_opensearch = '' 189 | 190 | # This is the file name suffix for HTML files (e.g. ".xhtml"). 191 | # html_file_suffix = None 192 | 193 | # Output file base name for HTML help builder. 194 | htmlhelp_basename = target_name + '-docs' 195 | 196 | 197 | # -- Options for LaTeX output --------------------------------------------- 198 | 199 | latex_elements = { 200 | # The paper size ('letterpaper' or 'a4paper'). 201 | # 'papersize': 'letterpaper', 202 | 203 | # The font size ('10pt', '11pt' or '12pt'). 204 | # 'pointsize': '10pt', 205 | 206 | # Additional stuff for the LaTeX preamble. 207 | # 'preamble': '', 208 | } 209 | 210 | # Grouping the document tree into LaTeX files. List of tuples 211 | # (source start file, target name, title, 212 | # author, documentclass [howto, manual, or own class]). 213 | latex_documents = [ 214 | (master_doc, target_name + '.tex', 215 | title, author, 'manual'), 216 | ] 217 | 218 | # The name of an image file (relative to this directory) to place at the top of 219 | # the title page. 220 | # latex_logo = None 221 | 222 | # For "manual" documents, if this is true, then toplevel headings are parts, 223 | # not chapters. 224 | # latex_use_parts = False 225 | 226 | # If true, show page references after internal links. 227 | # latex_show_pagerefs = False 228 | 229 | # If true, show URL addresses after external links. 230 | # latex_show_urls = False 231 | 232 | # Documents to append as an appendix to all manuals. 233 | # latex_appendices = [] 234 | 235 | # If false, no module index is generated. 236 | # latex_domain_indices = True 237 | 238 | 239 | # -- Options for manual page output --------------------------------------- 240 | 241 | # One entry per manual page. List of tuples 242 | # (source start file, name, description, authors, manual section). 243 | man_pages = [ 244 | (master_doc, target_name, 245 | title, [author], 1) 246 | ] 247 | 248 | # If true, show URL addresses after external links. 249 | # man_show_urls = False 250 | 251 | 252 | # -- Options for Texinfo output ------------------------------------------- 253 | 254 | # Grouping the document tree into Texinfo files. List of tuples 255 | # (source start file, target name, title, author, 256 | # dir menu entry, description, category) 257 | texinfo_documents = [ 258 | (master_doc, target_name, 259 | title, author, project, 260 | description, category), 261 | ] 262 | 263 | # Documents to append as an appendix to all manuals. 264 | # texinfo_appendices = [] 265 | 266 | # If false, no module index is generated. 267 | # texinfo_domain_indices = True 268 | 269 | # How to display URL addresses: 'footnote', 'no', or 'inline'. 270 | # texinfo_show_urls = 'footnote' 271 | 272 | # If true, do not generate a @detailmenu in the "Top" node's menu. 273 | # texinfo_no_detailmenu = False 274 | 275 | # -- Options for Internationalization output ------------------------------ 276 | locale_dirs = ['locale/'] 277 | -------------------------------------------------------------------------------- /doc/source/conf.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 12 | # implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | # This file is execfile()d with the current directory set to its 17 | # containing dir. 18 | # 19 | # Note that not all possible configuration values are present in this 20 | # autogenerated file. 21 | # 22 | # All configuration values have a default; values that are commented out 23 | # serve to show the default. 24 | 25 | # If extensions (or modules to document with autodoc) are in another directory, 26 | # add these directories to sys.path here. If the directory is relative to the 27 | # documentation root, use os.path.abspath to make it absolute, like shown here. 28 | # sys.path.insert(0, os.path.abspath('.')) 29 | 30 | # -- General configuration ------------------------------------------------ 31 | 32 | # If your documentation needs a minimal Sphinx version, state it here. 33 | # needs_sphinx = '1.0' 34 | 35 | # Add any Sphinx extension module names here, as strings. They can be 36 | # extensions coming with Sphinx (named 'sphinx.ext.*') or your custom 37 | # ones. 38 | extensions = [ 39 | 'openstackdocstheme', 40 | 'sphinx.ext.autodoc', 41 | 'sphinxcontrib.rsvgconverter', 42 | ] 43 | 44 | # Add any paths that contain templates here, relative to this directory. 45 | templates_path = ['_templates'] 46 | 47 | # The suffix(es) of source filenames. 48 | # You can specify multiple suffix as a list of string: 49 | # source_suffix = ['.rst', '.md'] 50 | source_suffix = '.rst' 51 | 52 | # The encoding of source files. 53 | # source_encoding = 'utf-8-sig' 54 | 55 | # The master toctree document. 56 | master_doc = 'index' 57 | 58 | # General information about the project. 59 | author = 'OpenStack-Ansible Contributors' 60 | category = 'Miscellaneous' 61 | copyright = '2014-2016, OpenStack-Ansible Contributors' 62 | description = 'OpenStack-Ansible deploys OpenStack environments using Ansible.' 63 | project = 'OpenStack-Ansible' 64 | role_name = 'os_designate' 65 | target_name = 'openstack-ansible-' + role_name 66 | title = 'OpenStack-Ansible Documentation: ' + role_name + ' role' 67 | 68 | # openstackdocstheme options 69 | openstackdocs_repo_name = 'openstack/' + target_name 70 | openstackdocs_pdf_link = True 71 | openstackdocs_bug_project = project.lower() 72 | openstackdocs_bug_tag = '' 73 | 74 | # The language for content autogenerated by Sphinx. Refer to documentation 75 | # for a list of supported languages. 76 | # 77 | # This is also used if you do content translation via gettext catalogs. 78 | # Usually you set "language" from the command line for these cases. 79 | language = 'en' 80 | 81 | # There are two options for replacing |today|: either, you set today to some 82 | # non-false value, then it is used: 83 | # today = '' 84 | # Else, today_fmt is used as the format for a strftime call. 85 | # today_fmt = '%B %d, %Y' 86 | 87 | # List of patterns, relative to source directory, that match files and 88 | # directories to ignore when looking for source files. 89 | exclude_patterns = [] 90 | 91 | # The reST default role (used for this markup: `text`) to use for all 92 | # documents. 93 | # default_role = None 94 | 95 | # If true, '()' will be appended to :func: etc. cross-reference text. 96 | # add_function_parentheses = True 97 | 98 | # If true, the current module name will be prepended to all description 99 | # unit titles (such as .. function::). 100 | # add_module_names = True 101 | 102 | # If true, sectionauthor and moduleauthor directives will be shown in the 103 | # output. They are ignored by default. 104 | # show_authors = False 105 | 106 | # The name of the Pygments (syntax highlighting) style to use. 107 | pygments_style = 'native' 108 | 109 | # A list of ignored prefixes for module index sorting. 110 | # modindex_common_prefix = [] 111 | 112 | # If true, keep warnings as "system message" paragraphs in the built documents. 113 | # keep_warnings = False 114 | 115 | # If true, `todo` and `todoList` produce output, else they produce nothing. 116 | todo_include_todos = False 117 | 118 | 119 | # -- Options for HTML output ---------------------------------------------- 120 | 121 | # The theme to use for HTML and HTML Help pages. See the documentation for 122 | # a list of builtin themes. 123 | html_theme = 'openstackdocs' 124 | 125 | # Theme options are theme-specific and customize the look and feel of a theme 126 | # further. For a list of options available for each theme, see the 127 | # documentation. 128 | # html_theme_options = {} 129 | 130 | # Add any paths that contain custom themes here, relative to this directory. 131 | # html_theme_path = [] 132 | 133 | # The name for this set of Sphinx documents. If None, it defaults to 134 | # " v documentation". 135 | # html_title = None 136 | 137 | # A shorter title for the navigation bar. Default is the same as html_title. 138 | # html_short_title = None 139 | 140 | # The name of an image file (relative to this directory) to place at the top 141 | # of the sidebar. 142 | # html_logo = None 143 | 144 | # The name of an image file (within the static path) to use as favicon of the 145 | # docs. This file should be a Windows icon file (.ico) being 16x16 or 32x32 146 | # pixels large. 147 | # html_favicon = None 148 | 149 | # Add any paths that contain custom static files (such as style sheets) here, 150 | # relative to this directory. They are copied after the builtin static files, 151 | # so a file named "default.css" will overwrite the builtin "default.css". 152 | html_static_path = ['_static'] 153 | 154 | # Add any extra paths that contain custom files (such as robots.txt or 155 | # .htaccess) here, relative to this directory. These files are copied 156 | # directly to the root of the documentation. 157 | # html_extra_path = [] 158 | 159 | # If true, SmartyPants will be used to convert quotes and dashes to 160 | # typographically correct entities. 161 | # html_use_smartypants = True 162 | 163 | # Custom sidebar templates, maps document names to template names. 164 | # html_sidebars = {} 165 | 166 | # Additional templates that should be rendered to pages, maps page names to 167 | # template names. 168 | # html_additional_pages = {} 169 | 170 | # If false, no module index is generated. 171 | # html_domain_indices = True 172 | 173 | # If false, no index is generated. 174 | # html_use_index = True 175 | 176 | # If true, the index is split into individual pages for each letter. 177 | # html_split_index = False 178 | 179 | # If true, links to the reST sources are added to the pages. 180 | # html_show_sourcelink = True 181 | 182 | # If true, "Created using Sphinx" is shown in the HTML footer. Default is True. 183 | # html_show_sphinx = True 184 | 185 | # If true, "(C) Copyright ..." is shown in the HTML footer. Default is True. 186 | # html_show_copyright = True 187 | 188 | # If true, an OpenSearch description file will be output, and all pages will 189 | # contain a tag referring to it. The value of this option must be the 190 | # base URL from which the finished HTML is served. 191 | # html_use_opensearch = '' 192 | 193 | # This is the file name suffix for HTML files (e.g. ".xhtml"). 194 | # html_file_suffix = None 195 | 196 | # Language to be used for generating the HTML full-text search index. 197 | # Sphinx supports the following languages: 198 | # 'da', 'de', 'en', 'es', 'fi', 'fr', 'h', 'it', 'ja' 199 | # 'nl', 'no', 'pt', 'ro', 'r', 'sv', 'tr' 200 | # html_search_language = 'en' 201 | 202 | # A dictionary with options for the search language support, empty by default. 203 | # Now only 'ja' uses this config value 204 | # html_search_options = {'type': 'default'} 205 | 206 | # The name of a javascript file (relative to the configuration directory) that 207 | # implements a search results scorer. If empty, the default will be used. 208 | # html_search_scorer = 'scorer.js' 209 | 210 | # Output file base name for HTML help builder. 211 | htmlhelp_basename = target_name + '-docs' 212 | 213 | # -- Options for LaTeX output --------------------------------------------- 214 | 215 | latex_elements = { 216 | # The paper size ('letterpaper' or 'a4paper'). 217 | # 'papersize': 'letterpaper', 218 | 219 | # The font size ('10pt', '11pt' or '12pt'). 220 | # 'pointsize': '10pt', 221 | 222 | # Additional stuff for the LaTeX preamble. 223 | # 'preamble': '', 224 | 225 | # Latex figure (float) alignment 226 | # 'figure_align': 'htbp', 227 | } 228 | 229 | # Grouping the document tree into LaTeX files. List of tuples 230 | # (source start file, target name, title, 231 | # author, documentclass [howto, manual, or own class]). 232 | latex_documents = [ 233 | (master_doc, 'doc-' + target_name + '.tex', 234 | title.replace("_", r"\_"), author, 'manual'), 235 | ] 236 | 237 | latex_use_xindy = False 238 | 239 | # The name of an image file (relative to this directory) to place at the top of 240 | # the title page. 241 | # latex_logo = None 242 | 243 | # For "manual" documents, if this is true, then toplevel headings are parts, 244 | # not chapters. 245 | # latex_use_parts = False 246 | 247 | # If true, show page references after internal links. 248 | # latex_show_pagerefs = False 249 | 250 | # If true, show URL addresses after external links. 251 | # latex_show_urls = False 252 | 253 | # Documents to append as an appendix to all manuals. 254 | # latex_appendices = [] 255 | 256 | # If false, no module index is generated. 257 | # latex_domain_indices = True 258 | 259 | 260 | # -- Options for manual page output --------------------------------------- 261 | 262 | # One entry per manual page. List of tuples 263 | # (source start file, name, description, authors, manual section). 264 | man_pages = [ 265 | (master_doc, target_name, 266 | title, [author], 1) 267 | ] 268 | 269 | # If true, show URL addresses after external links. 270 | # man_show_urls = False 271 | 272 | 273 | # -- Options for Texinfo output ------------------------------------------- 274 | 275 | # Grouping the document tree into Texinfo files. List of tuples 276 | # (source start file, target name, title, author, 277 | # dir menu entry, description, category) 278 | texinfo_documents = [ 279 | (master_doc, target_name, 280 | title, author, project, 281 | description, category), 282 | ] 283 | 284 | # Documents to append as an appendix to all manuals. 285 | # texinfo_appendices = [] 286 | 287 | # If false, no module index is generated. 288 | # texinfo_domain_indices = True 289 | 290 | # How to display URL addresses: 'footnote', 'no', or 'inline'. 291 | # texinfo_show_urls = 'footnote' 292 | 293 | # If true, do not generate a @detailmenu in the "Top" node's menu. 294 | # texinfo_no_detailmenu = False 295 | # -- Options for PDF output -------------------------------------------------- 296 | 297 | pdf_documents = [ 298 | (master_doc, target_name, 299 | title, author) 300 | ] 301 | 302 | locale_dirs = ['locale/'] 303 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "{}" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright {yyyy} {name of copyright owner} 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. 202 | 203 | -------------------------------------------------------------------------------- /defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2016, Tata Consultancy Services 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | ## Verbosity Options 17 | debug: false 18 | 19 | # Enable/Disable Ceilometer 20 | designate_ceilometer_enabled: "{{ (groups['ceilometer_all'] is defined) and (groups['ceilometer_all'] | length > 0) }}" 21 | 22 | # Set the host which will execute the shade modules 23 | # for the service setup. The host must already have 24 | # clouds.yaml properly configured. 25 | designate_service_setup_host: "{{ openstack_service_setup_host | default('localhost') }}" 26 | designate_service_setup_host_python_interpreter: >- 27 | {{ 28 | openstack_service_setup_host_python_interpreter | default( 29 | (designate_service_setup_host == 'localhost') | ternary(ansible_playbook_python, ansible_facts['python']['executable'])) 30 | }} 31 | 32 | # Set the package install state for distribution packages 33 | # Options are 'present' and 'latest' 34 | designate_package_state: "{{ package_state | default('latest') }}" 35 | 36 | # Set installation method. 37 | designate_install_method: "{{ service_install_method | default('source') }}" 38 | designate_venv_python_executable: "{{ openstack_venv_python_executable | default('python3') }}" 39 | 40 | ## The git source/branch 41 | designate_git_repo: https://opendev.org/openstack/designate 42 | designate_git_install_branch: master 43 | designate_upper_constraints_url: >- 44 | {{ requirements_git_url | default('https://releases.openstack.org/constraints/upper/' ~ requirements_git_install_branch | default('master')) }} 45 | designate_git_constraints: 46 | - "--constraint {{ designate_upper_constraints_url }}" 47 | 48 | designate_pip_install_args: "{{ pip_install_options | default('') }}" 49 | 50 | # Name of the virtual env to deploy into 51 | designate_venv_tag: "{{ venv_tag | default('untagged') }}" 52 | designate_bin: "{{ _designate_bin }}" 53 | 54 | # Set the etc dir path where designate is installed. 55 | # This is used for role access to the db migrations. 56 | # Example: 57 | # designate_etc_dir: "/usr/local/etc/designate" 58 | designate_etc_dir: "{{ _designate_etc }}/designate" 59 | 60 | ## System info 61 | designate_system_user_name: designate 62 | designate_system_group_name: designate 63 | designate_system_shell: /bin/false 64 | designate_system_comment: designate system user 65 | designate_system_user_home: "/var/lib/{{ designate_system_user_name }}" 66 | 67 | ## Coordination info 68 | designate_coordination_driver: "{{ coordination_driver | default('zookeeper') }}" 69 | designate_coordination_group: "{{ coordination_host_group | default('zookeeper_all') }}" 70 | designate_coordination_enable: "{{ designate_coordination_group in groups and groups[designate_coordination_group] | length > 0 }}" 71 | designate_coordination_namespace: designate 72 | designate_coordination_client_ssl: "{{ coordination_client_ssl | default(False) }}" 73 | designate_coordination_verify_cert: "{{ coordination_verify_cert | default(True) }}" 74 | designate_coordination_port: "{{ coordination_port | default(designate_coordination_client_ssl | ternary('2281', '2181')) }}" 75 | designate_coordination_url: "{{ _designate_coordination_url | default() }}" 76 | 77 | ## Database info 78 | designate_db_setup_host: "{{ openstack_db_setup_host | default('localhost') }}" 79 | designate_db_setup_python_interpreter: >- 80 | {{ 81 | openstack_db_setup_python_interpreter | default( 82 | (designate_db_setup_host == 'localhost') | ternary(ansible_playbook_python, ansible_facts['python']['executable'])) 83 | }} 84 | designate_galera_address: "{{ galera_address | default('127.0.0.1') }}" 85 | designate_galera_user: designate 86 | designate_galera_database: designate 87 | designate_galera_use_ssl: "{{ galera_use_ssl | default(False) }}" 88 | designate_galera_ssl_ca_cert: "{{ galera_ssl_ca_cert | default('') }}" 89 | designate_galera_port: "{{ galera_port | default('3306') }}" 90 | designate_db_max_overflow: "{{ openstack_db_max_overflow | default('50') }}" 91 | designate_db_max_pool_size: "{{ openstack_db_max_pool_size | default('5') }}" 92 | designate_db_pool_timeout: "{{ openstack_db_pool_timeout | default('30') }}" 93 | designate_db_connection_recycle_time: "{{ openstack_db_connection_recycle_time | default('600') }}" 94 | 95 | ## Oslo Messaging 96 | # RPC 97 | designate_oslomsg_rpc_host_group: "{{ oslomsg_rpc_host_group | default('rabbitmq_all') }}" 98 | designate_oslomsg_rpc_setup_host: "{{ (designate_oslomsg_rpc_host_group in groups) | ternary(groups[designate_oslomsg_rpc_host_group][0], 'localhost') }}" 99 | designate_oslomsg_rpc_transport: "{{ oslomsg_rpc_transport | default('rabbit') }}" 100 | designate_oslomsg_rpc_servers: "{{ oslomsg_rpc_servers | default('127.0.0.1') }}" 101 | designate_oslomsg_rpc_port: "{{ oslomsg_rpc_port | default('5672') }}" 102 | designate_oslomsg_rpc_use_ssl: "{{ oslomsg_rpc_use_ssl | default(False) }}" 103 | designate_oslomsg_rpc_userid: designate-rpc 104 | # vhost name depends on value of oslomsg_rabbit_quorum_queues. In case quorum queues 105 | # are not used - vhost name will be prefixed with leading `/`. 106 | designate_oslomsg_rpc_vhost: 107 | - name: /designate 108 | state: "{{ designate_oslomsg_rabbit_quorum_queues | ternary('absent', 'present') }}" 109 | - name: designate 110 | state: "{{ designate_oslomsg_rabbit_quorum_queues | ternary('present', 'absent') }}" 111 | designate_oslomsg_rpc_ssl_version: "{{ oslomsg_rpc_ssl_version | default('TLSv1_2') }}" 112 | designate_oslomsg_rpc_ssl_ca_file: "{{ oslomsg_rpc_ssl_ca_file | default('') }}" 113 | designate_oslomsg_rpc_policies: [] 114 | 115 | # Notify 116 | designate_oslomsg_notify_configure: "{{ oslomsg_notify_configure | default(designate_ceilometer_enabled) }}" 117 | designate_oslomsg_notify_host_group: "{{ oslomsg_notify_host_group | default('rabbitmq_all') }}" 118 | designate_oslomsg_notify_setup_host: >- 119 | {{ (designate_oslomsg_notify_host_group in groups) | ternary(groups[designate_oslomsg_notify_host_group][0], 'localhost') }} 120 | designate_oslomsg_notify_transport: "{{ oslomsg_notify_transport | default('rabbit') }}" 121 | designate_oslomsg_notify_servers: "{{ oslomsg_notify_servers | default('127.0.0.1') }}" 122 | designate_oslomsg_notify_port: "{{ oslomsg_notify_port | default('5672') }}" 123 | designate_oslomsg_notify_use_ssl: "{{ oslomsg_notify_use_ssl | default(False) }}" 124 | designate_oslomsg_notify_userid: "{{ designate_oslomsg_rpc_userid }}" 125 | designate_oslomsg_notify_password: "{{ designate_oslomsg_rpc_password }}" 126 | designate_oslomsg_notify_vhost: "{{ designate_oslomsg_rpc_vhost }}" 127 | designate_oslomsg_notify_ssl_version: "{{ oslomsg_notify_ssl_version | default('TLSv1_2') }}" 128 | designate_oslomsg_notify_ssl_ca_file: "{{ oslomsg_notify_ssl_ca_file | default('') }}" 129 | designate_oslomsg_notify_policies: [] 130 | 131 | ## RabbitMQ integration 132 | designate_oslomsg_rabbit_quorum_queues: "{{ oslomsg_rabbit_quorum_queues | default(True) }}" 133 | designate_oslomsg_rabbit_stream_fanout: "{{ oslomsg_rabbit_stream_fanout | default(designate_oslomsg_rabbit_quorum_queues) }}" 134 | designate_oslomsg_rabbit_transient_quorum_queues: "{{ oslomsg_rabbit_transient_quorum_queues | default(designate_oslomsg_rabbit_stream_fanout) }}" 135 | designate_oslomsg_rabbit_qos_prefetch_count: "{{ oslomsg_rabbit_qos_prefetch_count | default(designate_oslomsg_rabbit_stream_fanout | ternary(10, 0)) }}" 136 | designate_oslomsg_rabbit_queue_manager: "{{ oslomsg_rabbit_queue_manager | default(designate_oslomsg_rabbit_quorum_queues) }}" 137 | designate_oslomsg_rabbit_quorum_delivery_limit: "{{ oslomsg_rabbit_quorum_delivery_limit | default(0) }}" 138 | designate_oslomsg_rabbit_quorum_max_memory_bytes: "{{ oslomsg_rabbit_quorum_max_memory_bytes | default(0) }}" 139 | 140 | ## DNS Backend Configuration 141 | # Configuration for the DNS backend that Designate will talk to, Designate 142 | # supports lots of backends, bind9, powerdns, nsd, djb, dyn, akamai, etc. 143 | # DNS Backends are configured via a YAML file that Designate reads. The DNS 144 | # server need not be in the actual Designate container, but for development, 145 | # or for some internal addressing use cases, it may make sense. 146 | 147 | # YAML to use for the Designate pools.yaml file. If this variable is defined, 148 | # a pools.yaml file will be written to /etc/designate/pools.yaml with the 149 | # provided YAML data. 150 | # 151 | # This is some example pools.yaml information that will work with a 152 | # simple bind9 installation in the same container as Designate. 153 | # designate_pools_yaml: 154 | # - name: "default" 155 | # description: Default BIND9 Pool 156 | # attributes: {} 157 | # ns_records: 158 | # - hostname: ns1.example.org. 159 | # priority: 1 160 | # nameservers: 161 | # - host: 127.0.0.1 162 | # port: 53 163 | # targets: 164 | # - type: bind9 165 | # description: BIND9 Server 166 | # masters: 167 | # - host: 127.0.0.1 168 | # port: 5354 169 | # options: 170 | # host: 127.0.0.1 171 | # port: 53 172 | # rndc_host: 127.0.0.1 173 | # rndc_port: 953 174 | 175 | ## rndc keys for authenticating with bind9 176 | # define this to create as many key files as are required 177 | # designate_rndc_keys 178 | # - name: "rndc-key" 179 | # file: /etc/designate/rndc.key 180 | # algorithm: "hmac-md5" 181 | # secret: "" 182 | 183 | # Owner of all managed resources - like auto-created records etc. 184 | designate_managed_resource_project_name: "{{ designate_service_project_name }}" 185 | 186 | ## Service Type and Data 187 | designate_service_region: "{{ service_region | default('RegionOne') }}" 188 | designate_service_endpoint_type: internalURL 189 | designate_service_name: designate 190 | designate_bind_address: "{{ openstack_service_bind_address | default('0.0.0.0') }}" 191 | designate_service_port: 9001 192 | designate_service_proto: http 193 | designate_service_type: dns 194 | designate_service_description: "Designate DNS as a Service" 195 | designate_service_project_domain_id: default 196 | designate_service_user_domain_id: default 197 | designate_service_user_name: designate 198 | designate_keystone_auth_type: password 199 | designate_service_project_name: service 200 | designate_service_role_names: 201 | - admin 202 | - service 203 | designate_service_token_roles: 204 | - service 205 | designate_service_token_roles_required: "{{ openstack_service_token_roles_required | default(True) }}" 206 | designate_service_publicuri_proto: "{{ openstack_service_publicuri_proto | default(designate_service_proto) }}" 207 | designate_service_internaluri_proto: "{{ openstack_service_internaluri_proto | default(designate_service_proto) }}" 208 | designate_service_adminuri_proto: "{{ openstack_service_adminuri_proto | default(designate_service_proto) }}" 209 | 210 | designate_service_publicuri: "{{ designate_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ designate_service_port }}" 211 | designate_service_internaluri: "{{ designate_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ designate_service_port }}" 212 | designate_service_adminuri: "{{ designate_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ designate_service_port }}" 213 | 214 | designate_service_in_ldap: "{{ service_ldap_backend_enabled | default(False) }}" 215 | 216 | # memcache override 217 | designate_memcached_servers: "{{ memcached_servers }}" 218 | 219 | # Common pip packages 220 | designate_pip_packages: 221 | - cryptography 222 | - "git+{{ designate_git_repo }}@{{ designate_git_install_branch }}#egg=designate" 223 | - osprofiler 224 | - python-designateclient 225 | - PyMySQL 226 | - pymemcache 227 | - python-memcached 228 | - systemd-python 229 | - "tooz[{{ designate_coordination_driver }}]" 230 | - warlock 231 | designate_user_pip_packages: [] 232 | 233 | designate_central_init_overrides: {} 234 | designate_worker_init_overrides: {} 235 | designate_producer_init_overrides: {} 236 | designate_mdns_init_overrides: {} 237 | designate_sink_init_overrides: {} 238 | designate_api_init_overrides: {} 239 | 240 | ## Service Name-Group Mapping 241 | designate_services: 242 | designate-central: 243 | group: designate_central 244 | service_name: designate-central 245 | init_config_overrides: "{{ designate_central_init_overrides }}" 246 | execstarts: "{{ designate_bin }}/designate-central" 247 | start_order: 3 248 | designate-worker: 249 | group: designate_worker 250 | service_name: designate-worker 251 | init_config_overrides: "{{ designate_worker_init_overrides }}" 252 | execstarts: "{{ designate_bin }}/designate-worker" 253 | start_order: 2 254 | designate-producer: 255 | group: designate_producer 256 | service_name: designate-producer 257 | init_config_overrides: "{{ designate_producer_init_overrides }}" 258 | execstarts: "{{ designate_bin }}/designate-producer" 259 | start_order: 5 260 | designate-mdns: 261 | group: designate_mdns 262 | service_name: designate-mdns 263 | init_config_overrides: "{{ designate_mdns_init_overrides }}" 264 | execstarts: "{{ designate_bin }}/designate-mdns" 265 | start_order: 4 266 | designate-sink: 267 | group: designate_sink 268 | service_name: designate-sink 269 | init_config_overrides: "{{ designate_sink_init_overrides }}" 270 | execstarts: "{{ designate_bin }}/designate-sink" 271 | start_order: 6 272 | designate-api: 273 | group: designate_api 274 | service_name: designate-api 275 | init_config_overrides: "{{ designate_api_init_overrides }}" 276 | execstarts: "{{ designate_bin }}/designate-api" 277 | start_order: 1 278 | 279 | ## Tunable overrides 280 | designate_policy_overrides: {} 281 | designate_designate_conf_overrides: {} 282 | designate_api_paste_ini_overrides: {} 283 | designate_rootwrap_conf_overrides: {} 284 | 285 | ### 286 | ### Backend TLS 287 | ### 288 | 289 | # Define if communication between haproxy and service backends should be 290 | # encrypted with TLS. 291 | designate_backend_ssl: "{{ openstack_service_backend_ssl | default(False) }}" 292 | 293 | # Storage location for SSL certificate authority 294 | designate_pki_dir: "{{ openstack_pki_dir | default('/etc/openstack_deploy/pki') }}" 295 | 296 | # Delegated host for operating the certificate authority 297 | designate_pki_setup_host: "{{ openstack_pki_setup_host | default('localhost') }}" 298 | 299 | # designate server certificate 300 | designate_pki_keys_path: "{{ designate_pki_dir ~ '/certs/private/' }}" 301 | designate_pki_certs_path: "{{ designate_pki_dir ~ '/certs/certs/' }}" 302 | designate_pki_intermediate_cert_name: "{{ openstack_pki_service_intermediate_cert_name | default('ExampleCorpIntermediate') }}" 303 | designate_pki_regen_cert: "" 304 | designate_pki_san: "{{ openstack_pki_san | default('DNS:' ~ ansible_facts['hostname'] ~ ',IP:' ~ management_address) }}" 305 | designate_pki_certificates: 306 | - name: "designate_{{ ansible_facts['hostname'] }}" 307 | provider: ownca 308 | cn: "{{ ansible_facts['hostname'] }}" 309 | san: "{{ designate_pki_san }}" 310 | signed_by: "{{ designate_pki_intermediate_cert_name }}" 311 | 312 | # designate destination files for SSL certificates 313 | designate_ssl_cert: /etc/designate/designate.pem 314 | designate_ssl_key: /etc/designate/designate.key 315 | 316 | # Installation details for SSL certificates 317 | designate_pki_install_certificates: 318 | - src: "{{ designate_user_ssl_cert | default(designate_pki_certs_path ~ 'designate_' ~ ansible_facts['hostname'] ~ '-chain.crt') }}" 319 | dest: "{{ designate_ssl_cert }}" 320 | owner: "{{ designate_system_user_name }}" 321 | group: "{{ designate_system_user_name }}" 322 | mode: "0644" 323 | - src: "{{ designate_user_ssl_key | default(designate_pki_keys_path ~ 'designate_' ~ ansible_facts['hostname'] ~ '.key.pem') }}" 324 | dest: "{{ designate_ssl_key }}" 325 | owner: "{{ designate_system_user_name }}" 326 | group: "{{ designate_system_user_name }}" 327 | mode: "0600" 328 | 329 | # Define user-provided SSL certificates 330 | # designate_user_ssl_cert: 331 | # designate_user_ssl_key: 332 | -------------------------------------------------------------------------------- /templates/designate.conf.j2: -------------------------------------------------------------------------------- 1 | [DEFAULT] 2 | use_journal = True 3 | # Disable stderr logging 4 | use_stderr = False 5 | 6 | ######################## 7 | ## General Configuration 8 | ######################## 9 | # Show debugging output in logs (sets DEBUG log level output) 10 | debug = {{ debug }} 11 | 12 | # Top-level directory for maintaining designate's state 13 | #state_path = /var/lib/designate 14 | 15 | {% if designate_ceilometer_enabled | bool %} 16 | # Driver used for issuing notifications 17 | notification_driver = messagingv2 18 | {% endif %} 19 | 20 | # Root helper 21 | root_helper = sudo designate-rootwrap /etc/designate/rootwrap.conf 22 | 23 | # Which networking API to use, Defaults to neutron 24 | #network_api = neutron 25 | 26 | ## RabbitMQ RPC 27 | transport_url = {{ designate_oslomsg_rpc_transport }}://{% for host in designate_oslomsg_rpc_servers.split(',') %}{{ designate_oslomsg_rpc_userid }}:{{ designate_oslomsg_rpc_password }}@{{ host }}:{{ designate_oslomsg_rpc_port }}{% if not loop.last %},{% else %}/{{ _designate_oslomsg_rpc_vhost_conf }}{% if designate_oslomsg_rpc_use_ssl | bool %}?ssl=1&ssl_version={{ designate_oslomsg_rpc_ssl_version }}&ssl_ca_file={{ designate_oslomsg_rpc_ssl_ca_file }}{% else %}?ssl=0{% endif %}{% endif %}{% endfor %} 28 | 29 | # RabbitMQ Config 30 | [oslo_messaging_rabbit] 31 | ssl = {{ designate_oslomsg_rpc_use_ssl }} 32 | rabbit_notification_exchange = designate 33 | rabbit_notification_topic = notifications 34 | rabbit_quorum_queue = {{ designate_oslomsg_rabbit_quorum_queues }} 35 | rabbit_transient_quorum_queue = {{ designate_oslomsg_rabbit_transient_quorum_queues }} 36 | rabbit_qos_prefetch_count = {{ designate_oslomsg_rabbit_qos_prefetch_count }} 37 | use_queue_manager = {{ designate_oslomsg_rabbit_queue_manager }} 38 | {% if designate_oslomsg_rabbit_queue_manager %} 39 | hostname = {{ [ansible_facts['hostname'], designate_service_name] | join('-') }} 40 | {% endif %} 41 | rabbit_stream_fanout = {{ designate_oslomsg_rabbit_stream_fanout }} 42 | rabbit_quorum_delivery_limit = {{ designate_oslomsg_rabbit_quorum_delivery_limit }} 43 | rabbit_quorum_max_memory_bytes = {{ designate_oslomsg_rabbit_quorum_max_memory_bytes }} 44 | 45 | [oslo_messaging_notifications] 46 | driver = {{ (designate_oslomsg_notify_configure | bool) | ternary('messagingv2', 'noop') }} 47 | transport_url = {{ designate_oslomsg_notify_transport }}://{% for host in designate_oslomsg_notify_servers.split(',') %}{{ designate_oslomsg_notify_userid }}:{{ designate_oslomsg_notify_password }}@{{ host }}:{{ designate_oslomsg_notify_port }}{% if not loop.last %},{% else %}/{{ _designate_oslomsg_notify_vhost_conf }}{% if designate_oslomsg_notify_use_ssl | bool %}?ssl=1&ssl_version={{ designate_oslomsg_notify_ssl_version }}&ssl_ca_file={{ designate_oslomsg_notify_ssl_ca_file }}{% else %}?ssl=0{% endif %}{% endif %}{% endfor %} 48 | 49 | {% if designate_backend_ssl | bool %} 50 | [ssl] 51 | cert_file = {{ designate_ssl_cert }} 52 | key_file = {{ designate_ssl_key }} 53 | {% endif %} 54 | 55 | ######################## 56 | ## Service Configuration 57 | ######################## 58 | #----------------------- 59 | # Central Service 60 | #----------------------- 61 | [service:central] 62 | # Number of central worker processes to spawn 63 | #workers = None 64 | 65 | # Number of central greenthreads to spawn 66 | #threads = 1000 67 | 68 | # Maximum domain name length 69 | #max_domain_name_len = 255 70 | 71 | # Maximum recordset name length 72 | #max_recordset_name_len = 255 73 | 74 | # Minimum TTL 75 | #min_ttl = None 76 | 77 | # The name of the default pool 78 | default_pool_id = {{ designate_pool_uuid }} 79 | 80 | ## Managed resources settings 81 | 82 | # Email to use for managed resources like domains created by the FloatingIP API 83 | #managed_resource_email = hostmaster@example.com. 84 | 85 | # Tenant ID to own all managed resources - like auto-created records etc. 86 | managed_resource_tenant_id = {{ designate_managed_resource_tenant_id }} 87 | 88 | #----------------------- 89 | # API Service 90 | #----------------------- 91 | [service:api] 92 | # Number of api worker processes to spawn 93 | #workers = None 94 | 95 | # Number of api greenthreads to spawn 96 | #threads = 1000 97 | 98 | # Enable host request headers 99 | enable_host_header = True 100 | 101 | # The base uri used in responses 102 | api_base_uri = "{{ designate_service_publicuri }}" 103 | 104 | # API host:port pairs to listen on 105 | listen = "{{ designate_bind_address }}:{{ designate_service_port }}" 106 | 107 | # Maximum line size of message headers to be accepted. max_header_line may 108 | # need to be increased when using large tokens (typically those generated by 109 | # the Keystone v3 API with big service catalogs). 110 | #max_header_line = 16384 111 | 112 | # Authentication strategy to use - can be either "noauth" or "keystone" 113 | auth_strategy = keystone 114 | 115 | # Enable API Version 2 116 | enable_api_v2 = True 117 | 118 | # Enabled API Version 2 extensions 119 | enabled_extensions_v2 = quotas, reports 120 | 121 | # Default per-page limit for the V2 API, a value of None means show all results 122 | # by default 123 | #default_limit_v2 = 20 124 | 125 | # Max page size in the V2 API 126 | #max_limit_v2 = 1000 127 | 128 | # Enable Admin API (experimental) 129 | enable_api_admin = False 130 | 131 | # Enabled Admin API extensions 132 | # Can be one or more of : reports, quotas, counts, tenants, zones 133 | # zone export is in zones extension 134 | #enabled_extensions_admin = 135 | 136 | # Default per-page limit for the Admin API, a value of None means show all results 137 | # by default 138 | #default_limit_admin = 20 139 | 140 | # Max page size in the Admin API 141 | #max_limit_admin = 1000 142 | 143 | # Show the pecan HTML based debug interface (v2 only) 144 | # This is only useful for development, and WILL break python-designateclient 145 | # if an error occurs 146 | #pecan_debug = False 147 | 148 | #----------------------- 149 | # Keystone Middleware 150 | #----------------------- 151 | [keystone_authtoken] 152 | 153 | insecure = {{ keystone_service_internaluri_insecure | bool }} 154 | auth_type = {{ designate_keystone_auth_type }} 155 | auth_url = {{ keystone_service_adminurl }} 156 | www_authenticate_uri = {{ keystone_service_internaluri }} 157 | project_domain_id = {{ designate_service_project_domain_id }} 158 | user_domain_id = {{ designate_service_user_domain_id }} 159 | project_name = {{ designate_service_project_name }} 160 | username = {{ designate_service_user_name }} 161 | password = {{ designate_service_password }} 162 | 163 | service_token_roles_required = {{ designate_service_token_roles_required | bool }} 164 | service_token_roles = {{ designate_service_token_roles | join(',') }} 165 | service_type = {{ designate_service_type }} 166 | 167 | memcached_servers = {{ designate_memcached_servers }} 168 | 169 | #----------------------- 170 | # Sink Service 171 | #----------------------- 172 | [service:sink] 173 | # List of notification handlers to enable, configuration of these needs to 174 | # correspond to a [handler:my_driver] section below or else in the config 175 | # Can be one or more of : nova_fixed, neutron_floatingip 176 | #enabled_notification_handlers = 177 | 178 | #----------------------- 179 | # mDNS Service 180 | #----------------------- 181 | [service:mdns] 182 | # Number of mdns worker processes to spawn 183 | #workers = None 184 | 185 | # Number of mdns greenthreads to spawn 186 | #threads = 1000 187 | 188 | # mDNS Bind Host 189 | #host = 0.0.0.0 190 | 191 | # mDNS Port Number 192 | #port = 5354 193 | 194 | # mDNS TCP Backlog 195 | #tcp_backlog = 100 196 | 197 | # mDNS TCP Receive Timeout 198 | #tcp_recv_timeout = 0.5 199 | 200 | # Enforce all incoming queries (including AXFR) are TSIG signed 201 | #query_enforce_tsig = False 202 | 203 | # Send all traffic over TCP 204 | #all_tcp = False 205 | 206 | # Maximum message size to emit 207 | #max_message_size = 65535 208 | 209 | #----------------------- 210 | # Agent Service 211 | #----------------------- 212 | [service:agent] 213 | #workers = None 214 | #host = 0.0.0.0 215 | #port = 5358 216 | #tcp_backlog = 100 217 | #allow_notify = 127.0.0.1 218 | #masters = 127.0.0.1:5354 219 | #backend_driver = fake 220 | #transfer_source = None 221 | #notify_delay = 0 222 | 223 | #----------------------- 224 | # Producer Service 225 | #----------------------- 226 | [service:producer] 227 | # Number of Zone Manager worker processes to spawn 228 | #workers = None 229 | 230 | # Number of Zone Manager greenthreads to spawn 231 | #threads = 1000 232 | 233 | # List of Zone Manager tasks to enable, a value of None will enable all tasks. 234 | # Can be one or more of: periodic_exists 235 | #enabled_tasks = None 236 | 237 | # Whether to allow synchronous zone exports 238 | #export_synchronous = True 239 | 240 | #------------------------ 241 | # Deleted domains purging 242 | #------------------------ 243 | [producer_task:domain_purge] 244 | # How frequently to purge deleted domains, in seconds 245 | #interval = 3600 # 1h 246 | 247 | # How many records to be deleted on each run 248 | #batch_size = 100 249 | 250 | # How old deleted records should be (deleted_at) to be purged, in seconds 251 | #time_threshold = 604800 # 7 days 252 | 253 | #------------------------ 254 | # Delayed zones NOTIFY 255 | #------------------------ 256 | [producer_task:delayed_notify] 257 | # How frequently to scan for zones pending NOTIFY, in seconds 258 | #interval = 5 259 | 260 | #------------------------ 261 | # Worker Periodic Recovery 262 | #------------------------ 263 | [producer_task:worker_periodic_recovery] 264 | # How frequently to scan for zones in ERROR, in seconds 265 | #interval = 120 266 | 267 | #----------------------- 268 | # Pool Manager Service 269 | #----------------------- 270 | [service:pool_manager] 271 | # Number of Pool Manager worker processes to spawn 272 | #workers = None 273 | 274 | # Number of Pool Manager greenthreads to spawn 275 | #threads = 1000 276 | 277 | # The percentage of servers requiring a successful update for a domain change 278 | # to be considered active 279 | #threshold_percentage = 100 280 | 281 | # The time to wait for a response from a server 282 | #poll_timeout = 30 283 | 284 | # The time between retrying to send a request and waiting for a response from a 285 | # server 286 | #poll_retry_interval = 15 287 | 288 | # The maximum number of times to retry sending a request and wait for a 289 | # response from a server 290 | #poll_max_retries = 10 291 | 292 | # The time to wait before sending the first request to a server 293 | #poll_delay = 5 294 | 295 | # Enable the recovery thread 296 | #enable_recovery_timer = True 297 | 298 | # The time between recovering from failures 299 | #periodic_recovery_interval = 120 300 | 301 | # Enable the sync thread 302 | #enable_sync_timer = True 303 | 304 | # The time between synchronizing the servers with storage 305 | #periodic_sync_interval = 1800 306 | 307 | # Zones Updated within last N seconds will be syncd. Use None to sync all zones 308 | #periodic_sync_seconds = None 309 | 310 | # Perform multiple update attempts during periodic_sync 311 | #periodic_sync_max_attempts = 3 312 | #periodic_sync_retry_interval = 30 313 | 314 | # The cache driver to use 315 | #cache_driver = memcache 316 | 317 | #----------------------- 318 | # Worker Service 319 | #----------------------- 320 | [service:worker] 321 | # Whether to send events to worker instead of Pool Manager 322 | enabled = True 323 | 324 | # Number of Worker processes to spawn 325 | #workers = None 326 | 327 | # Number of Worker greenthreads to spawn 328 | #threads = 1000 329 | 330 | # The percentage of servers requiring a successful update for a zone change 331 | # to be considered active 332 | #threshold_percentage = 100 333 | 334 | # The time to wait for a response from a server 335 | #poll_timeout = 30 336 | 337 | # The time between retrying to send a request and waiting for a response from a 338 | # server 339 | #poll_retry_interval = 15 340 | 341 | # The maximum number of times to retry sending a request and wait for a 342 | # response from a server 343 | #poll_max_retries = 10 344 | 345 | # The time to wait before sending the first request to a server 346 | #poll_delay = 5 347 | 348 | # Whether to allow worker to send NOTIFYs. NOTIFY requests to mdns will noop 349 | notify = True 350 | 351 | ################################### 352 | ## Pool Manager Cache Configuration 353 | ################################### 354 | #----------------------- 355 | # SQLAlchemy Pool Manager Cache 356 | #----------------------- 357 | [pool_manager_cache:sqlalchemy] 358 | #connection=sqlite:///$state_path/designate_pool_manager.sqlite 359 | #connection_debug = 100 360 | #connection_trace = False 361 | #sqlite_synchronous = True 362 | #idle_timeout = 3600 363 | #max_retries = 10 364 | #retry_interval = 10 365 | 366 | #----------------------- 367 | # Memcache Pool Manager Cache 368 | #----------------------- 369 | [pool_manager_cache:memcache] 370 | #memcached_servers = None 371 | #expiration = 3600 372 | 373 | ############## 374 | ## Network API 375 | ############## 376 | [network_api:neutron] 377 | # Comma separated list of values, formatted "|" 378 | #endpoints = RegionOne|http://localhost:9696 379 | endpoint_type = internalURL 380 | #timeout = 30 381 | #admin_username = designate 382 | #admin_password = designate 383 | #admin_tenant_name = designate 384 | #auth_url = http://localhost:5000/v2.0 385 | #insecure = False 386 | #auth_strategy = keystone 387 | #ca_certificates_file = 388 | 389 | ######################## 390 | ## Storage Configuration 391 | ######################## 392 | #----------------------- 393 | # SQLAlchemy Storage 394 | #----------------------- 395 | [storage:sqlalchemy] 396 | connection = mysql+pymysql://{{ designate_galera_user }}:{{ designate_galera_password }}@{{ designate_galera_address }}:{{ designate_galera_port }}/{{ designate_galera_database }}?charset=utf8{% if designate_galera_use_ssl | bool %}&ssl_verify_cert=true{% if designate_galera_ssl_ca_cert | length > 0 %}&ssl_ca={{ designate_galera_ssl_ca_cert }}{% endif %}{% endif +%} 397 | max_overflow = {{ designate_db_max_overflow }} 398 | max_pool_size = {{ designate_db_max_pool_size }} 399 | pool_timeout = {{ designate_db_pool_timeout }} 400 | connection_recycle_time = {{ designate_db_connection_recycle_time }} 401 | 402 | #connection_debug = 0 403 | #connection_trace = False 404 | #sqlite_synchronous = True 405 | #idle_timeout = 3600 406 | #max_retries = 10 407 | #retry_interval = 10 408 | 409 | ######################## 410 | ## Handler Configuration 411 | ######################## 412 | #----------------------- 413 | # Nova Fixed Handler 414 | #----------------------- 415 | [handler:nova_fixed] 416 | # Domain ID of domain to create records in. Should be pre-created 417 | #domain_id = 418 | #notification_topics = notifications 419 | #control_exchange = 'nova' 420 | ##Following https://docs.openstack.org/releasenotes/designate/pike.html#critical-issues 421 | #formatv4 = '%(octet0)s-%(octet1)s-%(octet2)s-%(octet3)s.%(zone)s' 422 | #formatv4 = '%(hostname)s.%(project)s.%(zone)s' 423 | #formatv4 = '%(hostname)s.%(zone)s' 424 | #formatv6 = '%(hostname)s.%(project)s.%(zone)s' 425 | #formatv6 = '%(hostname)s.%(zone)s' 426 | 427 | #------------------------ 428 | # Neutron Floating Handler 429 | #------------------------ 430 | [handler:neutron_floatingip] 431 | # Domain ID of domain to create records in. Should be pre-created 432 | #domain_id = 433 | #notification_topics = notifications 434 | #control_exchange = 'neutron' 435 | ##Following https://docs.openstack.org/releasenotes/designate/pike.html#critical-issues 436 | #formatv4 = '%(octet0)s-%(octet1)s-%(octet2)s-%(octet3)s.%(zone)s' 437 | #formatv4 = '%(hostname)s.%(project)s.%(zone)s' 438 | #formatv4 = '%(hostname)s.%(zone)s' 439 | #formatv6 = '%(hostname)s.%(project)s.%(zone)s' 440 | #formatv6 = '%(hostname)s.%(zone)s' 441 | 442 | ############################# 443 | ## Agent Backend Configuration 444 | ############################# 445 | [backend:agent:bind9] 446 | #rndc_host = 127.0.0.1 447 | #rndc_port = 953 448 | #rndc_config_file = /etc/rndc.conf 449 | #rndc_key_file = /etc/rndc.key 450 | #zone_file_path = $state_path/zones 451 | #query_destination = 127.0.0.1 452 | # 453 | [backend:agent:denominator] 454 | #name = dynect 455 | #config_file = /etc/denominator.conf 456 | 457 | ######################## 458 | ## Library Configuration 459 | ######################## 460 | [oslo_concurrency] 461 | # Path for Oslo Concurrency to store lock files, defaults to the value 462 | # of the state_path setting. 463 | #lock_path = $state_path 464 | 465 | ################################# 466 | ## Oslo Middleware Configuration 467 | ################################# 468 | [oslo_middleware] 469 | enable_proxy_headers_parsing = true 470 | 471 | {% if designate_coordination_enable %} 472 | ######################## 473 | ## Coordination 474 | ######################## 475 | [coordination] 476 | backend_url = {{ designate_coordination_url }} 477 | {% endif %} 478 | 479 | ######################## 480 | ## Hook Points 481 | ######################## 482 | # Hook Points are enabled when added to the config and there has been 483 | # a package that provides the corresponding named designate.hook_point 484 | # entry point. 485 | 486 | # [hook_point:name_of_hook_point] 487 | # some_param_for_hook = 42 488 | # Hooks can be disabled in the config 489 | # enabled = False 490 | 491 | # Hook can also be applied to the import path when the hook has not 492 | # been given an explicit name. The name is created from the hook 493 | # target function / method: 494 | # 495 | # name = '%s.%s' % (func.__module__, func.__name__) 496 | 497 | # [hook_point:designate.api.v2.controllers.zones.get_one] 498 | --------------------------------------------------------------------------------