Merge "Update README.rst for X.509 auth for MySQL and Designate"
diff --git a/README.rst b/README.rst
index 990e84d..77e1f3c 100644
--- a/README.rst
+++ b/README.rst
@@ -24,6 +24,7 @@
rndc_algorithm: hmac-sha512
api:
base_uri: 'http://127.0.0.1:9001'
+ quotas_verify_project_id: False
admin_api:
enabled: true
enabled_extensions_admin: quotas
@@ -113,6 +114,10 @@
In case with Designate tempest plugin (0.2.0) zones quota should be increased to 40, so all
tests can pass.
+.. note::
+ *server:api:quotas_verify_project_id* allows to enable project id verification when setting quotas
+ for project, when Designate will ask Keystone if the project id is valid
+
Pools pillar for BIND9 master and multiple slaves setup:
.. code:: yaml
diff --git a/designate/files/ocata/designate.conf.Debian b/designate/files/ocata/designate.conf.Debian
index a89914c..89ed2ca 100644
--- a/designate/files/ocata/designate.conf.Debian
+++ b/designate/files/ocata/designate.conf.Debian
@@ -204,6 +204,10 @@
# if an error occurs
#pecan_debug = False
+# Verify that the requested Project ID for quota target
+# is a valid project in Keystone.
+quotas_verify_project_id = {{ server.api.get('quotas_verify_project_id', False) }}
+
#-----------------------
# Keystone Middleware
#-----------------------
@@ -640,3 +644,10 @@
# hostname = 127.0.0.1
# Statsd server UDP port
# port = 8125
+
+[keystone]
+interface = {{ server.identity.get('endpoint_type', 'internal') }}
+region_name = {{ server.region }}
+{%- if server.identity.get('protocol', 'http') == 'https' %}
+cafile = {{ server.identity.get('cacert_file', server.cacert_file) }}
+{%- endif %}
diff --git a/designate/files/pike/designate.conf.Debian b/designate/files/pike/designate.conf.Debian
index 08ece94..5b856c6 100644
--- a/designate/files/pike/designate.conf.Debian
+++ b/designate/files/pike/designate.conf.Debian
@@ -211,6 +211,10 @@
# if an error occurs
#pecan_debug = False
+# Verify that the requested Project ID for quota target
+# is a valid project in Keystone.
+quotas_verify_project_id = {{ server.api.get('quotas_verify_project_id', False) }}
+
#-----------------------
# Keystone Middleware
#-----------------------
@@ -648,3 +652,10 @@
# hostname = 127.0.0.1
# Statsd server UDP port
# port = 8125
+
+[keystone]
+valid_interfaces = {{ server.identity.get('endpoint_type', 'internal') }}
+region_name = {{ server.region }}
+{%- if server.identity.get('protocol', 'http') == 'https' %}
+cafile = {{ server.identity.get('cacert_file', server.cacert_file) }}
+{%- endif %}
diff --git a/designate/files/queens/designate.conf.Debian b/designate/files/queens/designate.conf.Debian
index ca73a27..47630b6 100644
--- a/designate/files/queens/designate.conf.Debian
+++ b/designate/files/queens/designate.conf.Debian
@@ -731,6 +731,9 @@
# was set by an SSL terminating proxy. (string value)
#override_proto = <None>
+# Verify that the requested Project ID for quota target
+# is a valid project in Keystone.
+quotas_verify_project_id = {{ server.api.get('quotas_verify_project_id', False) }}
[service:central]
@@ -1074,6 +1077,12 @@
# Reason: Migrated to designate-worker
#export_synchronous = true
+[keystone]
+valid_interfaces = {{ server.identity.get('endpoint_type', 'internal') }}
+region_name = {{ server.region }}
+{%- if server.identity.get('protocol', 'http') == 'https' %}
+cafile = {{ server.identity.get('cacert_file', server.cacert_file) }}
+{%- endif %}
[ssl]
{%- include "oslo_templates/files/queens/oslo/service/_ssl.conf" %}
diff --git a/designate/map.jinja b/designate/map.jinja
index c299c7e..74f0f59 100644
--- a/designate/map.jinja
+++ b/designate/map.jinja
@@ -100,3 +100,5 @@
'pkgs': ['python-designateclient'],
},
}, merge=pillar.designate.get('client', {})) %}
+
+{% set upgrade = pillar.get('designate', {}).get('upgrade', {}) %}
diff --git a/designate/meta/salt.yml b/designate/meta/salt.yml
new file mode 100644
index 0000000..b9c88ed
--- /dev/null
+++ b/designate/meta/salt.yml
@@ -0,0 +1,5 @@
+orchestration:
+ upgrade:
+ applications:
+ designate:
+ priority: 1300
diff --git a/designate/server.sls b/designate/server.sls
index 30ebdaa..9e06037 100644
--- a/designate/server.sls
+++ b/designate/server.sls
@@ -66,6 +66,8 @@
- defaults:
service_name: designate
_data: {{ server.logging }}
+ - require_in:
+ - sls: designate.db.offline_sync
- require:
- pkg: designate_server_packages
{%- if server.logging.log_handlers.get('fluentd', {}).get('enabled', False) %}
diff --git a/designate/upgrade/pkgs_latest.sls b/designate/upgrade/pkgs_latest.sls
new file mode 100644
index 0000000..ae85199
--- /dev/null
+++ b/designate/upgrade/pkgs_latest.sls
@@ -0,0 +1,48 @@
+{%- from "designate/map.jinja" import server, client, pool_manager, agent, worker with context %}
+
+designate_task_pkgs_latest:
+ test.show_notification:
+ - name: "dump_message_pkgs_latest"
+ - text: "Running designate.upgrade.pkgs_latest"
+
+policy-rc.d_present:
+ file.managed:
+ - name: /usr/sbin/policy-rc.d
+ - mode: 755
+ - contents: |
+ #!/bin/sh
+ exit 101
+
+{%- set pkgs = [] %}
+
+{%- if server.get('enabled', false) %}
+ {%- do pkgs.extend(server.pkgs) %}
+{%- endif %}
+
+{%- if client.get('enabled', false) %}
+ {%- do pkgs.extend(client.pkgs) %}
+{%- endif %}
+
+{%- if pool_manager.get('enabled', false) %}
+ {%- do pkgs.extend(pool_manager.pkgs) %}
+{%- endif %}
+
+{%- if worker.get('enabled', false) %}
+ {%- do pkgs.extend(worker.pkgs) %}
+{%- endif %}
+
+{%- if agent.get('enabled', false) %}
+ {%- do pkgs.extend(agent.pkgs) %}
+{%- endif %}
+
+designate_packages:
+ pkg.latest:
+ - names: {{ pkgs|unique }}
+ - require:
+ - file: policy-rc.d_present
+ - require_in:
+ - file: policy-rc.d_absent
+
+policy-rc.d_absent:
+ file.absent:
+ - name: /usr/sbin/policy-rc.d
diff --git a/designate/upgrade/post/init.sls b/designate/upgrade/post/init.sls
new file mode 100644
index 0000000..39ce5be
--- /dev/null
+++ b/designate/upgrade/post/init.sls
@@ -0,0 +1,4 @@
+designate_post:
+ test.show_notification:
+ - name: "dump_post-upgrade_message_designate"
+ - text: "Running designate.upgrade.post"
diff --git a/designate/upgrade/pre/init.sls b/designate/upgrade/pre/init.sls
new file mode 100644
index 0000000..7c30d8f
--- /dev/null
+++ b/designate/upgrade/pre/init.sls
@@ -0,0 +1,4 @@
+designate_pre:
+ test.show_notification:
+ - name: "dump_pre-upgrade_message_designate"
+ - text: "Running designate.upgrade.pre"
diff --git a/designate/upgrade/render_config.sls b/designate/upgrade/render_config.sls
new file mode 100644
index 0000000..98c08ac
--- /dev/null
+++ b/designate/upgrade/render_config.sls
@@ -0,0 +1,20 @@
+{%- from "designate/map.jinja" import server, upgrade with context %}
+
+designate_render_config:
+ test.show_notification:
+ - name: "dump_message_render_config_designate"
+ - text: "Running designate.upgrade.render_config"
+
+{%- if server.get('enabled', False) %}
+
+/etc/designate/designate.conf:
+ file.managed:
+ - source: salt://designate/files/{{ server.version }}/designate.conf.{{ grains.os_family }}
+ - template: jinja
+
+/etc/designate/api-paste.ini:
+ file.managed:
+ - source: salt://designate/files/{{ server.version }}/api-paste.ini
+ - template: jinja
+
+{%- endif %}
diff --git a/designate/upgrade/service_running.sls b/designate/upgrade/service_running.sls
new file mode 100644
index 0000000..4d5dcb1
--- /dev/null
+++ b/designate/upgrade/service_running.sls
@@ -0,0 +1,28 @@
+{%- from "designate/map.jinja" import server, pool_manager, agent with context %}
+
+designate_task_service_running:
+ test.show_notification:
+ - name: "dump_message_service_running_designate"
+ - text: "Running designate.upgrade.service_running"
+
+{%- if server.get('enabled', false) %}
+ {%- set dservices = server.services %}
+{%- endif %}
+
+{%- if pool_manager.get('enabled', false) %}
+ {%- do dservices.append(pool_manager.services) %}
+{%- endif %}
+
+{%- if agent.get('enabled', false) %}
+ {%- do dservices.append(agent.services) %}
+{%- endif %}
+
+{%- for dservice in dservices %}
+designate_service_running_{{ dservice }}:
+ service.running:
+ - enable: true
+ - name: {{ dservice }}
+ {%- if grains.get('noservices') %}
+ - onlyif: /bin/false
+ {%- endif %}
+{%- endfor %}
diff --git a/designate/upgrade/service_stopped.sls b/designate/upgrade/service_stopped.sls
new file mode 100644
index 0000000..83cee90
--- /dev/null
+++ b/designate/upgrade/service_stopped.sls
@@ -0,0 +1,28 @@
+{%- from "designate/map.jinja" import server, pool_manager, agent with context %}
+
+designate_task_service_stopped:
+ test.show_notification:
+ - name: "dump_message_service_stopped_designate"
+ - text: "Running dsignate.upgrade.service_stopped"
+
+{%- if server.get('enabled', false) %}
+ {%- set dservices = server.services %}
+{%- endif %}
+
+{%- if pool_manager.get('enabled', false) %}
+ {%- do dservices.append(pool_manager.services) %}
+{%- endif %}
+
+{%- if agent.get('enabled', false) %}
+ {%- do dservices.append(agent.services) %}
+{%- endif %}
+
+{%- for dservice in dservices %}
+designate_service_stopped_{{ dservice }}:
+ service.dead:
+ - enable: false
+ - name: {{ dservice }}
+ {%- if grains.get('noservices') %}
+ - onlyif: /bin/false
+ {%- endif %}
+{%- endfor %}
diff --git a/designate/upgrade/upgrade/init.sls b/designate/upgrade/upgrade/init.sls
new file mode 100644
index 0000000..c6bb6d4
--- /dev/null
+++ b/designate/upgrade/upgrade/init.sls
@@ -0,0 +1,13 @@
+{%- from "designate/map.jinja" import server with context %}
+
+designate_upgrade:
+ test.show_notification:
+ - name: "dump_message_upgrade_designate"
+ - text: "Running designate.upgrade.upgrade"
+
+include:
+ - designate.upgrade.service_stopped
+ - designate.upgrade.pkgs_latest
+ - designate.upgrade.render_config
+ - designate.db.offline_sync
+ - designate.upgrade.service_running
diff --git a/designate/upgrade/verify/api.sls b/designate/upgrade/verify/api.sls
new file mode 100644
index 0000000..810026c
--- /dev/null
+++ b/designate/upgrade/verify/api.sls
@@ -0,0 +1,7 @@
+designate_upgrade_verify_api:
+ test.show_notification:
+ - name: "dump_message_verify_api"
+ - text: "Running designate.upgrade.verify.api"
+
+#TODO: comprehensive designate module should be created to have
+# a chanse perform managment and monitor actions
diff --git a/metadata/service/server/cluster.yml b/metadata/service/server/cluster.yml
index 6080424..064cfd7 100644
--- a/metadata/service/server/cluster.yml
+++ b/metadata/service/server/cluster.yml
@@ -13,6 +13,8 @@
region: RegionOne
domain_id: 5186883b-91fb-4891-bd49-e6769234a8fc
version: ${_param:designate_version}
+ api:
+ quotas_verify_project_id: False
bind:
api:
address: ${_param:cluster_local_address}
diff --git a/metadata/service/server/single.yml b/metadata/service/server/single.yml
index a3796ef..2cf8bfe 100644
--- a/metadata/service/server/single.yml
+++ b/metadata/service/server/single.yml
@@ -13,6 +13,8 @@
region: RegionOne
domain_id: 5186883b-91fb-4891-bd49-e6769234a8fc
version: ${_param:designate_version}
+ api:
+ quotas_verify_project_id: False
bind:
api:
address: ${_param:single_address}
diff --git a/tests/pillar/designate_ocata.sls b/tests/pillar/designate_ocata.sls
index 048756f..93e7e7a 100644
--- a/tests/pillar/designate_ocata.sls
+++ b/tests/pillar/designate_ocata.sls
@@ -7,6 +7,8 @@
region: RegionOne
domain_id: 5186883b-91fb-4891-bd49-e6769234a8fc
version: ocata
+ api:
+ quotas_verify_project_id: false
bind:
api:
address: 127.0.0.1