| Pavel Cizinsky | 8236144 | 2016-11-25 14:26:47 +0100 | [diff] [blame] | 1 | |
| Aleš Komárek | 53c944b | 2017-02-06 14:08:15 +0100 | [diff] [blame] | 2 | ================= |
| 3 | Designate formula |
| 4 | ================= |
| 5 | |
| 6 | Designate provides DNSaaS services for OpenStack. |
| 7 | |
| 8 | Sample pillars |
| 9 | ============== |
| Pavel Cizinsky | 8236144 | 2016-11-25 14:26:47 +0100 | [diff] [blame] | 10 | |
| Mykyta Karpin | 8bda8df | 2017-06-08 14:48:55 +0300 | [diff] [blame] | 11 | For Designate with BIND9 local backend: |
| 12 | |
| Pavel Cizinsky | 8236144 | 2016-11-25 14:26:47 +0100 | [diff] [blame] | 13 | .. code:: yaml |
| 14 | |
| Mykyta Karpin | 8bda8df | 2017-06-08 14:48:55 +0300 | [diff] [blame] | 15 | designate: |
| 16 | server: |
| 17 | enabled: true |
| 18 | region: RegionOne |
| 19 | domain_id: 5186883b-91fb-4891-bd49-e6769234a8fc |
| 20 | version: ocata |
| 21 | backend: |
| 22 | bind9: |
| 23 | rndc_key: 4pc+X4PDqb2q+5o72dISm72LM1Ds9X2EYZjqg+nmsS7FhdTwzFFY8l/iEDmHxnyjkA33EQC8H+z0fLLBunoitw== |
| 24 | rndc_algorithm: hmac-sha512 |
| Mykyta Karpin | b251931 | 2017-08-08 13:24:22 +0300 | [diff] [blame] | 25 | api: |
| 26 | base_uri: 'http://127.0.0.1:9001' |
| Mykyta Karpin | 8bda8df | 2017-06-08 14:48:55 +0300 | [diff] [blame] | 27 | bind: |
| 28 | api: |
| 29 | address: 127.0.0.1 |
| 30 | database: |
| 31 | engine: mysql |
| 32 | host: 127.0.0.1 |
| 33 | port: 3306 |
| 34 | name: |
| 35 | main_database: designate |
| 36 | pool_manager: designate_pool_manager |
| 37 | user: designate |
| 38 | password: passw0rd |
| 39 | identity: |
| 40 | engine: keystone |
| 41 | host: 127.0.0.1 |
| 42 | port: 35357 |
| 43 | tenant: service |
| 44 | user: designate |
| 45 | password: passw0rd |
| 46 | message_queue: |
| 47 | engine: rabbitmq |
| 48 | members: |
| 49 | - host: 127.0.0.1 |
| 50 | user: openstack |
| 51 | password: password |
| 52 | virtual_host: '/openstack' |
| 53 | pools: |
| 54 | default: |
| 55 | description: 'default pool' |
| 56 | attributes: |
| 57 | service_tier: GOLD |
| 58 | ns_records: |
| 59 | - hostname: 'ns1.example.org.' |
| 60 | priority: 10 |
| Pavel Cizinsky | 8236144 | 2016-11-25 14:26:47 +0100 | [diff] [blame] | 61 | nameservers: |
| Mykyta Karpin | 8bda8df | 2017-06-08 14:48:55 +0300 | [diff] [blame] | 62 | - host: 127.0.0.1 |
| Pavel Cizinsky | 8236144 | 2016-11-25 14:26:47 +0100 | [diff] [blame] | 63 | port: 53 |
| 64 | targets: |
| Mykyta Karpin | 8bda8df | 2017-06-08 14:48:55 +0300 | [diff] [blame] | 65 | default_target: |
| 66 | type: bind9 |
| 67 | description: 'default target' |
| 68 | masters: |
| 69 | - host: 127.0.0.1 |
| 70 | port: 5354 |
| 71 | options: |
| 72 | host: 127.0.0.1 |
| 73 | port: 53 |
| 74 | rndc_host: 127.0.0.1 |
| 75 | rndc_port: 953 |
| 76 | rndc_key_file: /etc/designate/rndc.key |
| Ivan Udovichenko | 53fd311 | 2017-09-07 14:07:09 +0300 | [diff] [blame^] | 77 | worker: |
| 78 | enabled: true |
| Mykyta Karpin | 8bda8df | 2017-06-08 14:48:55 +0300 | [diff] [blame] | 79 | .. note:: |
| Ivan Udovichenko | 53fd311 | 2017-09-07 14:07:09 +0300 | [diff] [blame^] | 80 | *domain_id* parameter is UUID of DNS zone managed by designate-sink service. This zone will |
| Mykyta Karpin | 8bda8df | 2017-06-08 14:48:55 +0300 | [diff] [blame] | 81 | be populated by A records for fixed and floating ip addresses of spawned VMs. After designate |
| 82 | is deployed and zone is created, this parameter should be updated accordingly to UUID of |
| 83 | newly created zone. Then designate state should be reapplied. |
| 84 | |
| Mykyta Karpin | b251931 | 2017-08-08 13:24:22 +0300 | [diff] [blame] | 85 | .. note:: |
| 86 | *server:api:base_uri* allows to set URL which is returned in designate-api responses, it is |
| 87 | useful in cases when, designate-api is deployed under proxy server. If not overriden in reclass, |
| 88 | it defaults to http://*server:bind:api:address*:9001/. |
| 89 | |
| Ivan Udovichenko | 53fd311 | 2017-09-07 14:07:09 +0300 | [diff] [blame^] | 90 | .. note:: |
| 91 | *worker:enabled* sets worker role and installs designate-worker and designate-producer packages |
| 92 | which services will push changes to backend DNS servers. |
| 93 | *pool_manager:enabled* should be a default role for older releases of OpenStack, older than |
| 94 | Newton in which designate-worker and designate-producer were represented. |
| 95 | In releases starting from Newton, only Designate pool manager service still allows live syncs |
| 96 | with Power DNS server for now. |
| 97 | |
| Mykyta Karpin | 8bda8df | 2017-06-08 14:48:55 +0300 | [diff] [blame] | 98 | Pools pillar for BIND9 master and multiple slaves setup: |
| 99 | |
| 100 | .. code:: yaml |
| 101 | |
| 102 | pools: |
| 103 | default: |
| 104 | description: 'default pool' |
| 105 | attributes: |
| 106 | service_tier: GOLD |
| 107 | ns_records: |
| 108 | - hostname: 'ns1.example.org.' |
| 109 | priority: 10 |
| 110 | nameservers: |
| 111 | - host: 192.168.0.1 |
| 112 | port: 53 |
| 113 | - host: 192.168.0.2 |
| 114 | port: 53 |
| 115 | - host: 192.168.0.3 |
| 116 | port: 53 |
| 117 | targets: |
| 118 | default_target: |
| 119 | type: bind9 |
| 120 | description: 'default target' |
| 121 | masters: |
| 122 | - host: 192.168.0.4 |
| 123 | port: 5354 |
| 124 | options: |
| 125 | host: 192.168.0.4 |
| 126 | port: 53 |
| 127 | rndc_host: 192.168.0.4 |
| 128 | rndc_port: 953 |
| 129 | rndc_key_file: /etc/designate/rndc.key |
| Pavel Cizinsky | 8236144 | 2016-11-25 14:26:47 +0100 | [diff] [blame] | 130 | |
| 131 | Usage |
| Aleš Komárek | 53c944b | 2017-02-06 14:08:15 +0100 | [diff] [blame] | 132 | ===== |
| Pavel Cizinsky | 8236144 | 2016-11-25 14:26:47 +0100 | [diff] [blame] | 133 | |
| 134 | Create server |
| 135 | |
| 136 | .. code:: bash |
| 137 | |
| 138 | designate server-create --name ns.example.com. |
| 139 | |
| 140 | Create domain |
| 141 | |
| 142 | .. code:: bash |
| 143 | |
| 144 | designate domain-create --name example.com. --email mail@example.com |
| 145 | |
| 146 | Create record |
| 147 | |
| 148 | .. code:: bash |
| 149 | |
| 150 | designate record-create example.com. --name test.example.com. --type A --data 10.2.14.15 |
| 151 | |
| 152 | Test it |
| 153 | |
| 154 | .. code:: bash |
| 155 | |
| 156 | dig @127.0.0.1 test.example.com. |
| Filip Pytloun | bfa7211 | 2017-02-02 13:17:47 +0100 | [diff] [blame] | 157 | |
| 158 | Documentation and Bugs |
| 159 | ====================== |
| 160 | |
| 161 | To learn how to install and update salt-formulas, consult the documentation |
| 162 | available online at: |
| 163 | |
| 164 | http://salt-formulas.readthedocs.io/ |
| 165 | |
| 166 | In the unfortunate event that bugs are discovered, they should be reported to |
| 167 | the appropriate issue tracker. Use Github issue tracker for specific salt |
| 168 | formula: |
| 169 | |
| 170 | https://github.com/salt-formulas/salt-formula-letsencrypt/issues |
| 171 | |
| 172 | For feature requests, bug reports or blueprints affecting entire ecosystem, |
| 173 | use Launchpad salt-formulas project: |
| 174 | |
| 175 | https://launchpad.net/salt-formulas |
| 176 | |
| 177 | You can also join salt-formulas-users team and subscribe to mailing list: |
| 178 | |
| 179 | https://launchpad.net/~salt-formulas-users |
| 180 | |
| 181 | Developers wishing to work on the salt-formulas projects should always base |
| 182 | their work on master branch and submit pull request against specific formula. |
| 183 | |
| 184 | https://github.com/salt-formulas/salt-formula-letsencrypt |
| 185 | |
| 186 | Any questions or feedback is always welcome so feel free to join our IRC |
| 187 | channel: |
| 188 | |
| 189 | #salt-formulas @ irc.freenode.net |