summaryrefslogtreecommitdiffstats
path: root/roles
diff options
context:
space:
mode:
authorBogdan Dobrelya <bdobreli@redhat.com>2017-08-25 16:15:40 +0200
committerTomas Sedovic <tomas@sedovic.cz>2017-08-25 16:15:40 +0200
commit2ea1ccfb37461a70d329655f7eeaaab090f1ca0d (patch)
tree65c6384264d2e637d14a6412d246e5a90232d5f2 /roles
parent9593ffb85ab6c2b5ee3964d7566932cf9ae768c9 (diff)
downloadopenshift-2ea1ccfb37461a70d329655f7eeaaab090f1ca0d.tar.gz
openshift-2ea1ccfb37461a70d329655f7eeaaab090f1ca0d.tar.bz2
openshift-2ea1ccfb37461a70d329655f7eeaaab090f1ca0d.tar.xz
openshift-2ea1ccfb37461a70d329655f7eeaaab090f1ca0d.zip
Support external/pre-provisioned authoritative cluster DNS (#690)
* Document how to use fully external DNS servers w/o provisioning dns servers group with Heat. * Document how to use a mixed servers setup for dynamic records updates mathing public or private views. * Allow custom nsupdate key names for OSP10 dns service compatibility. The osp-dns configures the named service with the fixed key_name 'update-key'. Add optional key_name for the external_nsupdate_keys public section to allow custom key names.
Diffstat (limited to 'roles')
-rw-r--r--roles/dns-records/tasks/main.yml6
-rw-r--r--roles/openstack-stack/templates/heat_stack.yaml.j27
2 files changed, 11 insertions, 2 deletions
diff --git a/roles/dns-records/tasks/main.yml b/roles/dns-records/tasks/main.yml
index 3672a8ea6..e9bce9718 100644
--- a/roles/dns-records/tasks/main.yml
+++ b/roles/dns-records/tasks/main.yml
@@ -14,6 +14,7 @@
nsupdate_server_private: "{{ external_nsupdate_keys['private']['server'] }}"
nsupdate_key_secret_private: "{{ external_nsupdate_keys['private']['key_secret'] }}"
nsupdate_key_algorithm_private: "{{ external_nsupdate_keys['private']['key_algorithm'] }}"
+ nsupdate_private_key_name: "{{ external_nsupdate_keys['private']['key_name']|default('private-' + full_dns_domain) }}"
when:
- external_nsupdate_keys is defined
- external_nsupdate_keys['private'] is defined
@@ -32,7 +33,7 @@
- view: "private"
zone: "{{ full_dns_domain }}"
server: "{{ nsupdate_server_private }}"
- key_name: "{{ ( 'private-' + full_dns_domain ) }}"
+ key_name: "{{ nsupdate_private_key_name|default('private-' + full_dns_domain) }}"
key_secret: "{{ nsupdate_key_secret_private }}"
key_algorithm: "{{ nsupdate_key_algorithm_private | lower }}"
entries: "{{ private_records }}"
@@ -54,6 +55,7 @@
nsupdate_server_public: "{{ external_nsupdate_keys['public']['server'] }}"
nsupdate_key_secret_public: "{{ external_nsupdate_keys['public']['key_secret'] }}"
nsupdate_key_algorithm_public: "{{ external_nsupdate_keys['public']['key_algorithm'] }}"
+ nsupdate_public_key_name: "{{ external_nsupdate_keys['public']['key_name']|default('public-' + full_dns_domain) }}"
when:
- external_nsupdate_keys is defined
- external_nsupdate_keys['public'] is defined
@@ -72,7 +74,7 @@
- view: "public"
zone: "{{ full_dns_domain }}"
server: "{{ nsupdate_server_public }}"
- key_name: "{{ ( 'public-' + full_dns_domain ) }}"
+ key_name: "{{ nsupdate_public_key_name|default('public-' + full_dns_domain) }}"
key_secret: "{{ nsupdate_key_secret_public }}"
key_algorithm: "{{ nsupdate_key_algorithm_public | lower }}"
entries: "{{ public_records }}"
diff --git a/roles/openstack-stack/templates/heat_stack.yaml.j2 b/roles/openstack-stack/templates/heat_stack.yaml.j2
index 1ecf84aa6..ea2742a2c 100644
--- a/roles/openstack-stack/templates/heat_stack.yaml.j2
+++ b/roles/openstack-stack/templates/heat_stack.yaml.j2
@@ -54,6 +54,7 @@ outputs:
description: Floating IPs of the nodes
value: { get_attr: [ infra_nodes, floating_ip ] }
+{% if num_dns|int > 0 %}
dns_name:
description: Name of the DNS
value:
@@ -68,6 +69,7 @@ outputs:
dns_private_ips:
description: Private IPs of the DNS
value: { get_attr: [ dns, private_ip ] }
+{% endif %}
resources:
@@ -405,6 +407,7 @@ resources:
port_range_min: 443
port_range_max: 443
+{% if num_dns|int > 0 %}
dns-secgrp:
type: OS::Neutron::SecurityGroup
properties:
@@ -439,6 +442,8 @@ resources:
port_range_min: 53
port_range_max: 53
remote_ip_prefix: "{{ openstack_subnet_prefix }}.0/24"
+{% endif %}
+
{% if num_masters|int > 1 or ui_ssh_tunnel|bool %}
lb-secgrp:
type: OS::Neutron::SecurityGroup
@@ -716,6 +721,7 @@ resources:
depends_on:
- interface
+{% if num_dns|int > 0 %}
dns:
type: OS::Heat::ResourceGroup
properties:
@@ -755,3 +761,4 @@ resources:
volume_size: {{ dns_volume_size }}
depends_on:
- interface
+{% endif %}