Designate role for OpenStack-Ansible

Designate role for OpenStack-Ansible

This Ansible role installs and configures OpenStack Designate.

This role will install the following services:
  • designate-api
  • designate-central
  • designate-worker
  • designate-producer
  • designate-mdns
  • designate-sink

The DNS servers Designate will interface with can be defined in the designate_pools_yaml variable. This is eventually written to the Designate pools.yaml file.

To clone or view the source code for this repository, visit the role repository for os_designate.

Default variables

## Verbosity Options
debug: False

# Set the host which will execute the shade modules
# for the service setup. The host must already have
# clouds.yaml properly configured.
designate_service_setup_host: "{{ openstack_service_setup_host | default('localhost') }}"
designate_service_setup_host_python_interpreter: "{{ openstack_service_setup_host_python_interpreter | default((designate_service_setup_host == 'localhost') | ternary(ansible_playbook_python, ansible_python['executable'])) }}"

# Set the package install state for distribution packages
# Options are 'present' and 'latest'
designate_package_state: "latest"
designate_pip_package_state: "latest"

# Set installation method.
designate_install_method: "source"

## The git source/branch
designate_git_repo: https://git.openstack.org/openstack/designate
designate_git_install_branch: 'stable/rocky'

# Developer mode is used for role functional testing and allows the role
# to build an environment directly from a git source without the presence
# of an OpenStack-Ansible repo_server.
designate_developer_mode: False

## The packages to build from source (used in developer mode)
designate_developer_constraints:
  - "git+{{ designate_git_repo }}@{{ designate_git_install_branch }}#egg=designate"

# Name of the virtual env to deploy into
designate_venv_tag: untagged
designate_bin: "{{ _designate_bin }}"

# Set the etc dir path where designate is installed.
#  This is used for role access to the db migrations.
#  Example:
#  designate_etc_dir: "/usr/local/etc/designate"
designate_etc_dir: "{{ _designate_etc }}/designate"

# venv_download, even when true, will use the fallback method of building the
# venv from scratch if the venv download fails.
designate_venv_download: "{{ not designate_developer_mode | bool }}"
# URL of the pre-built virtualenv
designate_venv_download_url: http://127.0.0.1/venvs/untagged/ubuntu/designate.tgz

## System info
designate_system_user_name: designate
designate_system_group_name: designate
designate_system_shell: /bin/false
designate_system_comment: designate system user
designate_system_user_home: "/var/lib/{{ designate_system_user_name }}"

## Database info
designate_db_setup_host: "{{ ('galera_all' in groups) | ternary(groups['galera_all'][0], 'localhost') }}"
designate_galera_address: "{{ galera_address | default('127.0.0.1') }}"
designate_galera_user: designate
designate_galera_database: designate
designate_galera_use_ssl: "{{ galera_use_ssl | default(False) }}"
designate_galera_ssl_ca_cert: "{{ galera_ssl_ca_cert | default('/etc/ssl/certs/galera-ca.pem') }}"

## Oslo Messaging
# RPC
designate_oslomsg_rpc_host_group: "{{ oslomsg_rpc_host_group | default('rabbitmq_all') }}"
designate_oslomsg_rpc_setup_host: "{{ (designate_oslomsg_rpc_host_group in groups) | ternary(groups[designate_oslomsg_rpc_host_group][0], 'localhost') }}"
designate_oslomsg_rpc_transport: "{{ oslomsg_rpc_transport | default('rabbit') }}"
designate_oslomsg_rpc_servers: "{{ oslomsg_rpc_servers | default('127.0.0.1') }}"
designate_oslomsg_rpc_port: "{{ oslomsg_rpc_port | default('5672') }}"
designate_oslomsg_rpc_use_ssl: "{{ oslomsg_rpc_use_ssl | default(False) }}"
designate_oslomsg_rpc_userid: designate-rpc
designate_oslomsg_rpc_vhost: /designate

# Notify
designate_oslomsg_notify_host_group: "{{ oslomsg_notify_host_group | default('rabbitmq_all') }}"
designate_oslomsg_notify_setup_host: "{{ (designate_oslomsg_notify_host_group in groups) | ternary(groups[designate_oslomsg_notify_host_group][0], 'localhost') }}"
designate_oslomsg_notify_transport: "{{ oslomsg_notify_transport | default('rabbit') }}"
designate_oslomsg_notify_servers: "{{ oslomsg_notify_servers | default('127.0.0.1') }}"
designate_oslomsg_notify_port: "{{ oslomsg_notify_port | default('5672') }}"
designate_oslomsg_notify_use_ssl: "{{ oslomsg_notify_use_ssl | default(False) }}"
designate_oslomsg_notify_userid: "{{ designate_oslomsg_rpc_userid }}"
designate_oslomsg_notify_password: "{{ designate_oslomsg_rpc_password }}"
designate_oslomsg_notify_vhost: "{{ designate_oslomsg_rpc_vhost }}"

## RabbitMQ info

## Pool Configuration Defaults
designate_pool_uuid: 794ccc2c-d751-44fe-b57f-8894c9f5c842

# Enable/Disable Ceilometer
designate_ceilometer_enabled: False

# Designate services info
designate_role_name: admin

## DNS Backend Configuration
#  Configuration for the DNS backend that Designate will talk to, Designate
#  supports lots of backends, bind9, powerdns, nsd, djb, dyn, akamai, etc.
#  DNS Backends are configured via a YAML file that Designate reads. The DNS
#  server need not be in the actual Designate container, but for development,
#  or for some internal addressing use cases, it may make sense.

# YAML to use for the Designate pools.yaml file. If this variable is defined,
# a pools.yaml file will be written to /etc/designate/pools.yaml with the
# provided YAML data.
#
# This is some example pools.yaml information that will work with a
# simple bind9 installation in the same container as Designate.
# designate_pools_yaml:
#   - name: "default"
#     description: Default BIND9 Pool
#     attributes: {}
#     ns_records:
#       - hostname: ns1.example.org.
#         priority: 1
#     nameservers:
#       - host: 127.0.0.1
#         port: 53
#     targets:
#       - type: bind9
#         description: BIND9 Server
#         masters:
#           - host: 127.0.0.1
#             port: 5354
#         options:
#           host: 127.0.0.1
#           port: 53
#           rndc_host: 127.0.0.1
#           rndc_port: 953

## rndc keys for authenticating with bind9
# define this to create as many key files as are required
# designate_rndc_keys
#   - name: "rndc-key"
#     file: /etc/designate/rndc.key
#     algorithm: "hmac-md5"
#     secret: "<key>"

# Owner of all managed resources - like auto-created records etc.
designate_managed_resource_project_name: "{{ designate_service_project_name }}"

## Service Type and Data
designate_service_region: RegionOne
designate_service_endpoint_type: internalURL
designate_service_name: designate
designate_service_port: 9001
designate_service_proto: http
designate_service_type: dns
designate_service_description: "Designate DNS as a Service"
designate_service_project_domain_id: default
designate_service_user_domain_id: default
designate_service_user_name: designate
designate_keystone_auth_type: password
designate_service_project_name: service

designate_service_publicuri_proto: "{{ openstack_service_publicuri_proto | default(designate_service_proto) }}"
designate_service_internaluri_proto: "{{ openstack_service_internaluri_proto | default(designate_service_proto) }}"

designate_service_publicuri: "{{ designate_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ designate_service_port }}"
designate_service_internaluri: "{{ designate_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ designate_service_port }}"
designate_service_adminuri: "{{ (designate_service_adminurl | default('http://localhost')) | netorigin }}"

designate_service_in_ldap: False

# Common pip packages
designate_pip_packages:
  - cryptography
  - designate
  - osprofiler
  - python-designateclient
  - PyMySQL
  - python-memcached
  - systemd-python
  - warlock

designate_central_init_overrides: {}
designate_worker_init_overrides: {}
designate_producer_init_overrides: {}
designate_mdns_init_overrides: {}
designate_sink_init_overrides: {}
designate_api_init_overrides: {}


## Service Name-Group Mapping
designate_services:
  designate-central:
    group: designate_central
    service_name: designate-central
    init_config_overrides: "{{ designate_central_init_overrides }}"
    execstarts: "{{ designate_bin }}/designate-central"
    start_order: 3
  designate-worker:
    group: designate_worker
    service_name: designate-worker
    init_config_overrides: "{{ designate_worker_init_overrides }}"
    execstarts: "{{ designate_bin }}/designate-worker"
    start_order: 2
  designate-producer:
    group: designate_producer
    service_name: designate-producer
    init_config_overrides: "{{ designate_producer_init_overrides }}"
    execstarts: "{{ designate_bin }}/designate-producer"
    start_order: 5
  designate-mdns:
    group: designate_mdns
    service_name: designate-mdns
    init_config_overrides: "{{ designate_mdns_init_overrides }}"
    execstarts: "{{ designate_bin }}/designate-mdns"
    start_order: 4
  designate-sink:
    group: designate_sink
    service_name: designate-sink
    init_config_overrides: "{{ designate_sink_init_overrides }}"
    execstarts: "{{ designate_bin }}/designate-sink"
    start_order: 6
  designate-api:
    group: designate_api
    service_name: designate-api
    init_config_overrides: "{{ designate_api_init_overrides }}"
    execstarts: "{{ designate_bin }}/designate-api"
    start_order: 1

# List of unit files this role will "mask". These units, when found, are knonw
# to conflict with running services for this given role. Any unit listed will be
# stopped and masked.
designate_mask_conflicting_units: "{{ _designate_mask_conflicting_units | default([]) }}"

# This variable is used by the repo_build process to determine
# which host group to check for members of before building the
# pip packages required by this role. The value is picked up
# by the py_pkgs lookup.
designate_role_project_group: designate_all

## Tunable overrides
designate_policy_overrides: {}
designate_designate_conf_overrides: {}
designate_api_paste_ini_overrides: {}
designate_rootwrap_conf_overrides: {}

Dependencies

This role needs pip >= 7.1 installed on the target host.

This role needs the following variables defined:

designate_galera_address
designate_galera_password
designate_service_password
designate_oslomsg_rpc_password
designate_oslomsg_notify_password

Example playbook

---
- name: Install Designate Server
  hosts: designate_all
  user: root
  roles:
    - { role: "os_designate", tags: [ "os-designate" ] }
  vars:
    external_lb_vip_address: 172.16.24.1
    internal_lb_vip_address: 192.168.0.1
    designate_galera_address: "{{ internal_lb_vip_address }}"
    designate_galera_password: "SuperSecretePassword1"
    designate_service_password: "SuperSecretePassword3"
    designate_oslomsg_rpc_password: "SuperSecretePassword4"

Tags

This role supports two tags: designate-install and designate-config. The designate-install tag can be used to install and upgrade. The designate-config tag can be used to maintain configuration of the service.

Creative Commons Attribution 3.0 License

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.