diff options
author | Bogdan Dobrelya <bdobreli@redhat.com> | 2017-08-25 16:15:40 +0200 |
---|---|---|
committer | Tomas Sedovic <tomas@sedovic.cz> | 2017-08-25 16:15:40 +0200 |
commit | 2ea1ccfb37461a70d329655f7eeaaab090f1ca0d (patch) | |
tree | 65c6384264d2e637d14a6412d246e5a90232d5f2 /roles | |
parent | 9593ffb85ab6c2b5ee3964d7566932cf9ae768c9 (diff) | |
download | openshift-2ea1ccfb37461a70d329655f7eeaaab090f1ca0d.tar.gz openshift-2ea1ccfb37461a70d329655f7eeaaab090f1ca0d.tar.bz2 openshift-2ea1ccfb37461a70d329655f7eeaaab090f1ca0d.tar.xz openshift-2ea1ccfb37461a70d329655f7eeaaab090f1ca0d.zip |
Support external/pre-provisioned authoritative cluster DNS (#690)
* Document how to use fully external DNS servers w/o provisioning
dns servers group with Heat.
* Document how to use a mixed servers setup for dynamic records
updates mathing public or private views.
* Allow custom nsupdate key names for OSP10 dns service compatibility.
The osp-dns configures the named service with the fixed key_name
'update-key'. Add optional key_name for the external_nsupdate_keys
public section to allow custom key names.
Diffstat (limited to 'roles')
-rw-r--r-- | roles/dns-records/tasks/main.yml | 6 | ||||
-rw-r--r-- | roles/openstack-stack/templates/heat_stack.yaml.j2 | 7 |
2 files changed, 11 insertions, 2 deletions
diff --git a/roles/dns-records/tasks/main.yml b/roles/dns-records/tasks/main.yml index 3672a8ea6..e9bce9718 100644 --- a/roles/dns-records/tasks/main.yml +++ b/roles/dns-records/tasks/main.yml @@ -14,6 +14,7 @@ nsupdate_server_private: "{{ external_nsupdate_keys['private']['server'] }}" nsupdate_key_secret_private: "{{ external_nsupdate_keys['private']['key_secret'] }}" nsupdate_key_algorithm_private: "{{ external_nsupdate_keys['private']['key_algorithm'] }}" + nsupdate_private_key_name: "{{ external_nsupdate_keys['private']['key_name']|default('private-' + full_dns_domain) }}" when: - external_nsupdate_keys is defined - external_nsupdate_keys['private'] is defined @@ -32,7 +33,7 @@ - view: "private" zone: "{{ full_dns_domain }}" server: "{{ nsupdate_server_private }}" - key_name: "{{ ( 'private-' + full_dns_domain ) }}" + key_name: "{{ nsupdate_private_key_name|default('private-' + full_dns_domain) }}" key_secret: "{{ nsupdate_key_secret_private }}" key_algorithm: "{{ nsupdate_key_algorithm_private | lower }}" entries: "{{ private_records }}" @@ -54,6 +55,7 @@ nsupdate_server_public: "{{ external_nsupdate_keys['public']['server'] }}" nsupdate_key_secret_public: "{{ external_nsupdate_keys['public']['key_secret'] }}" nsupdate_key_algorithm_public: "{{ external_nsupdate_keys['public']['key_algorithm'] }}" + nsupdate_public_key_name: "{{ external_nsupdate_keys['public']['key_name']|default('public-' + full_dns_domain) }}" when: - external_nsupdate_keys is defined - external_nsupdate_keys['public'] is defined @@ -72,7 +74,7 @@ - view: "public" zone: "{{ full_dns_domain }}" server: "{{ nsupdate_server_public }}" - key_name: "{{ ( 'public-' + full_dns_domain ) }}" + key_name: "{{ nsupdate_public_key_name|default('public-' + full_dns_domain) }}" key_secret: "{{ nsupdate_key_secret_public }}" key_algorithm: "{{ nsupdate_key_algorithm_public | lower }}" entries: "{{ public_records }}" diff --git a/roles/openstack-stack/templates/heat_stack.yaml.j2 b/roles/openstack-stack/templates/heat_stack.yaml.j2 index 1ecf84aa6..ea2742a2c 100644 --- a/roles/openstack-stack/templates/heat_stack.yaml.j2 +++ b/roles/openstack-stack/templates/heat_stack.yaml.j2 @@ -54,6 +54,7 @@ outputs: description: Floating IPs of the nodes value: { get_attr: [ infra_nodes, floating_ip ] } +{% if num_dns|int > 0 %} dns_name: description: Name of the DNS value: @@ -68,6 +69,7 @@ outputs: dns_private_ips: description: Private IPs of the DNS value: { get_attr: [ dns, private_ip ] } +{% endif %} resources: @@ -405,6 +407,7 @@ resources: port_range_min: 443 port_range_max: 443 +{% if num_dns|int > 0 %} dns-secgrp: type: OS::Neutron::SecurityGroup properties: @@ -439,6 +442,8 @@ resources: port_range_min: 53 port_range_max: 53 remote_ip_prefix: "{{ openstack_subnet_prefix }}.0/24" +{% endif %} + {% if num_masters|int > 1 or ui_ssh_tunnel|bool %} lb-secgrp: type: OS::Neutron::SecurityGroup @@ -716,6 +721,7 @@ resources: depends_on: - interface +{% if num_dns|int > 0 %} dns: type: OS::Heat::ResourceGroup properties: @@ -755,3 +761,4 @@ resources: volume_size: {{ dns_volume_size }} depends_on: - interface +{% endif %} |