Merge "Add pike symlink to ocata"
diff --git a/README.rst b/README.rst
index 9ca7da7..943fbea 100644
--- a/README.rst
+++ b/README.rst
@@ -77,6 +77,8 @@
rndc_host: 127.0.0.1
rndc_port: 953
rndc_key_file: /etc/designate/rndc.key
+ quota:
+ zones: 40
worker:
enabled: true
.. note::
@@ -103,6 +105,11 @@
In releases starting from Newton, only Designate pool manager service still allows live syncs
with Power DNS server for now.
+.. note::
+ *server:quota:zones* allows to set default value for zones quota for all projects and users.
+ In case with Designate tempest plugin (0.2.0) zones quota should be increased to 40, so all
+ tests can pass.
+
Pools pillar for BIND9 master and multiple slaves setup:
.. code:: yaml
diff --git a/designate/files/liberty/designate.conf.Debian b/designate/files/liberty/designate.conf.Debian
index 9419a83..bcba3ae 100644
--- a/designate/files/liberty/designate.conf.Debian
+++ b/designate/files/liberty/designate.conf.Debian
@@ -1,4 +1,4 @@
-{%- from "designate/map.jinja" import server with context %}
+{%- from "designate/map.jinja" import server, system_cacerts_file with context %}
[DEFAULT]
# Where an option is commented out, but filled in this shows the default
# value of that option
@@ -35,6 +35,13 @@
{%- endif %}
{%- endif %}
+{%- if server.quota is defined %}
+# Default quotas
+{%- if server.quota.zones is defined %}
+quota_zones = {{ server.quota.zones }}
+{%- endif %}
+{%- endif %}
+
# Use "sudo designate-rootwrap /etc/designate/rootwrap.conf" to use the real
# root filter facility.
# Change to "sudo" to skip the filtering and just run the comand directly
@@ -319,7 +326,8 @@
# SQLAlchemy Pool Manager Cache
#-----------------------
[pool_manager_cache:sqlalchemy]
-connection = {{ server.database.engine }}://{{ server.database.user }}:{{ server.database.password }}@{{ server.database.host }}/{{ server.database.name.pool_manager }}
+connection = {{ server.database.engine }}://{{ server.database.user }}:{{ server.database.password }}@{{ server.database.host }}/{{ server.database.name.pool_manager }}{%- if server.database.get('ssl',{}).get('enabled',False) %}?ssl_ca={{ server.database.ssl.get('cacert_file', system_cacerts_file) }}{% endif %}
+
#connection_debug = 100
#connection_trace = False
#sqlite_synchronous = True
diff --git a/designate/files/mitaka/designate.conf.Debian b/designate/files/mitaka/designate.conf.Debian
index 5c63b5e..ba1a21c 100644
--- a/designate/files/mitaka/designate.conf.Debian
+++ b/designate/files/mitaka/designate.conf.Debian
@@ -35,6 +35,13 @@
{%- endif %}
{%- endif %}
+{%- if server.quota is defined %}
+# Default quotas
+{%- if server.quota.zones is defined %}
+quota_zones = {{ server.quota.zones }}
+{%- endif %}
+{%- endif %}
+
# Use "sudo designate-rootwrap /etc/designate/rootwrap.conf" to use the real
# root filter facility.
# Change to "sudo" to skip the filtering and just run the comand directly
@@ -421,7 +428,7 @@
#-----------------------
[pool_manager_cache:sqlalchemy]
#connection = sqlite:///$state_path/designate_pool_manager.sqlite
-connection = {{ server.database.engine }}://{{ server.database.user }}:{{ server.database.password }}@{{ server.database.host }}/{{ server.database.name.pool_manager }}
+connection = {{ server.database.engine }}://{{ server.database.user }}:{{ server.database.password }}@{{ server.database.host }}/{{ server.database.name.pool_manager }}{%- if server.database.get('ssl',{}).get('enabled',False) %}?ssl_ca={{ server.database.ssl.get('cacert_file', system_cacerts_file) }}{% endif %}
#connection_debug = 100
#connection_trace = False
diff --git a/designate/files/ocata/designate.conf.Debian b/designate/files/ocata/designate.conf.Debian
index 28534b7..5dc78ef 100644
--- a/designate/files/ocata/designate.conf.Debian
+++ b/designate/files/ocata/designate.conf.Debian
@@ -36,6 +36,13 @@
{%- endif %}
{%- endif %}
+{%- if server.quota is defined %}
+# Default quotas
+{%- if server.quota.zones is defined %}
+quota_zones = {{ server.quota.zones }}
+{%- endif %}
+{%- endif %}
+
# Use "sudo designate-rootwrap /etc/designate/rootwrap.conf" to use the real
# root filter facility.
# Change to "sudo" to skip the filtering and just run the command directly
@@ -469,7 +476,7 @@
#-----------------------
[pool_manager_cache:sqlalchemy]
#connection = sqlite:///$state_path/designate_pool_manager.sqlite
-connection = {{ server.database.engine }}://{{ server.database.user }}:{{ server.database.password }}@{{ server.database.host }}/{{ server.database.name.pool_manager }}
+connection = {{ server.database.engine }}://{{ server.database.user }}:{{ server.database.password }}@{{ server.database.host }}/{{ server.database.name.pool_manager }}{%- if server.database.get('ssl',{}).get('enabled',False) %}?ssl_ca={{ server.database.ssl.get('cacert_file', system_cacerts_file) }}{% endif %}
#connection_debug = 100
#connection_trace = False
diff --git a/designate/server.sls b/designate/server.sls
index 1228817..ee20f54 100644
--- a/designate/server.sls
+++ b/designate/server.sls
@@ -68,6 +68,9 @@
{%- if server.message_queue.get('ssl',{}).get('enabled', False) %}
- file: rabbitmq_ca
{%- endif %}
+ {%- if server.database.get('ssl',{}).get('enabled', False) %}
+ - file: mysql_ca_designate_server
+ {%- endif %}
{%- endif %}
{%- if server.version not in ['liberty', 'juno', 'kilo'] and server.pools is defined %}
@@ -98,9 +101,32 @@
- contents_pillar: designate:server:message_queue:ssl:cacert
- mode: 0444
- makedirs: true
+ - require_in:
+ - file: /etc/designate/designate.conf
{%- else %}
file.exists:
- name: {{ server.message_queue.ssl.get('cacert_file', system_cacerts_file) }}
+ - require_in:
+ - file: /etc/designate/designate.conf
+{%- endif %}
+{%- endif %}
+
+
+{%- if server.database.get('ssl',{}).get('enabled', False) %}
+mysql_ca_designate_server:
+{%- if server.database.ssl.cacert is defined %}
+ file.managed:
+ - name: {{ server.database.ssl.cacert_file }}
+ - contents_pillar: designate:server:database:ssl:cacert
+ - mode: 0444
+ - makedirs: true
+ - require_in:
+ - file: /etc/designate/designate.conf
+{%- else %}
+ file.exists:
+ - name: {{ server.database.ssl.get('cacert_file', system_cacerts_file) }}
+ - require_in:
+ - file: /etc/designate/designate.conf
{%- endif %}
{%- endif %}
diff --git a/tests/pillar/designate_liberty.sls b/tests/pillar/designate_liberty.sls
index 3ed12f5..8022e0c 100644
--- a/tests/pillar/designate_liberty.sls
+++ b/tests/pillar/designate_liberty.sls
@@ -9,6 +9,15 @@
mdns:
address: 0.0.0.0
port: 5354
+ database:
+ engine: mysql
+ host: 127.0.0.1
+ port: 3306
+ name:
+ main_database: designate
+ pool_manager: designate_pool_manager
+ user: designate
+ password: passw0rd
message_queue:
members:
- host: 127.0.0.1
diff --git a/tests/pillar/designate_mitaka.sls b/tests/pillar/designate_mitaka.sls
index 90775a5..caffa4f 100644
--- a/tests/pillar/designate_mitaka.sls
+++ b/tests/pillar/designate_mitaka.sls
@@ -9,6 +9,15 @@
mdns:
address: 0.0.0.0
port: 5354
+ database:
+ engine: mysql
+ host: 127.0.0.1
+ port: 3306
+ name:
+ main_database: designate
+ pool_manager: designate_pool_manager
+ user: designate
+ password: passw0rd
message_queue:
members:
- host: 127.0.0.1
diff --git a/tests/pillar/designate_ocata.sls b/tests/pillar/designate_ocata.sls
index 0656fd9..68ce620 100644
--- a/tests/pillar/designate_ocata.sls
+++ b/tests/pillar/designate_ocata.sls
@@ -68,6 +68,8 @@
also_notifies:
- host: 127.0.3.1
port: 53
+ quota:
+ zones: 40
worker:
enabled: true
mysql:
diff --git a/tests/pillar/ssl.sls b/tests/pillar/ssl.sls
index bc033e8..7168c35 100644
--- a/tests/pillar/ssl.sls
+++ b/tests/pillar/ssl.sls
@@ -3,6 +3,9 @@
designate:
server:
+ database:
+ ssl:
+ enabled: True
message_queue:
port: 5671
ssl: