designate #137

Supports: xenial bionic disco eoan trusty
Add to new model

Description

Designate provides DNSaaS services for OpenStack:
REST API for domain/record management
Multi-tenant
Integrated with Keystone for authentication
Framework in place to integrate with Nova and Neutron notifications
* Support for PowerDNS and Bind9 out of the box


Overview

This charm provides Designate (DNSaaS) for an OpenStack Cloud.

Usage

Designate relies on services from the mysql, rabbitmq-server and keystone
charms:

juju deploy designate
juju deploy mysql
juju deploy rabbitmq-server
juju deploy keystone
juju deploy memcached
juju add-relation designate memcached
juju add-relation designate mysql
juju add-relation designate rabbitmq-server
juju add-relation designate keystone

To add support for DNS record auto-generation when Neutron ports and
floating IPs are created the charm needs a relation with neutron-api charm:

juju deploy neutron-api
juju add-relation designate neutron-api

The charm needs to store DNS records. This can be achieved by setting the
dns-slave config option or by relating to the designate-bind charm:

juju deploy designate-bind
juju add-relation designate designate-bind

For Queens and later, the nameservers config value must be set:

juju config designate nameservers="ns1.example.com. ns2.example.com."

Policy Overrides

This feature allows for policy overrides using the policy.d directory. This
is an advanced feature and the policies that the OpenStack service supports
should be clearly and unambiguously understood before trying to override, or
add to, the default policies that the service uses. The charm also has some
policy defaults. They should also be understood before being overridden.

Caution: It is possible to break the system (for tenants and other
services) if policies are incorrectly applied to the service.

Policy overrides are YAML files that contain rules that will add to, or
override, existing policy rules in the service. The policy.d directory is
a place to put the YAML override files. This charm owns the
/etc/keystone/policy.d directory, and as such, any manual changes to it will
be overwritten on charm upgrades.

Overrides are provided to the charm using a Juju resource called
policyd-override. The resource is a ZIP file. This file, say
overrides.zip, is attached to the charm by:

juju attach-resource designate policyd-override=overrides.zip

The policy override is enabled in the charm using:

juju config designate use-policyd-override=true

When use-policyd-override is True the status line of the charm will be
prefixed with PO: indicating that policies have been overridden. If the
installation of the policy override YAML files failed for any reason then the
status line will be prefixed with PO (broken):. The log file for the charm
will indicate the reason. No policy override files are installed if the PO (broken): is shown. The status line indicates that the overrides are broken,
not that the policy for the service has failed. The policy will be the defaults
for the charm and service.

Policy overrides on one service may affect the functionality of another
service. Therefore, it may be necessary to provide policy overrides for
multiple service charms to achieve a consistent set of policies across the
OpenStack system. The charms for the other services that may need overrides
should be checked to ensure that they support overrides before proceeding.

Bugs

Please report bugs on Launchpad.

For general questions please refer to the OpenStack Charm Guide.


Configuration

action-managed-upgrade
(boolean) If True enables openstack upgrades for this charm via juju actions. You will still need to set openstack-origin to the new repository but instead of an upgrade running automatically across all units, it will wait for you to execute the openstack-upgrade action for this charm on each unit. If False it will revert to existing behavior of upgrading all units on config change.
also-notifies
(string) Space delimited list of DNS servers which should be notified on every zone change in addition to the backend servers. List is of the form also_notify_ip:also_notify_port
debug
(boolean) Enable debug logging
default-soa-expire
(int) Default SOA expire value in seconds to specify how long a secondary will still treat its copy of the zone data as valid if it can't contact the primary.
86400
dns-ha
(boolean) Use DNS HA with MAAS 2.0. Note if this is set do not set vip settings below.
dns-slaves
(string) List of DNS slaves which will accept addzone/delzone rndc commands from Designate. List is of the form slave_ip:rndc_port:rndc_key. This should only be used if DNS servers are outside of Juju control. Using the designate-bind charm is the prefered approach.
enable-admin-api
(boolean) Enables experimental admin API for Designate.
haproxy-client-timeout
(int) Client timeout configuration in ms for haproxy, used in HA configurations. If not provided, default value of 90000ms is used.
haproxy-connect-timeout
(int) Connect timeout configuration in ms for haproxy, used in HA configurations. If not provided, default value of 9000ms is used.
haproxy-queue-timeout
(int) Queue timeout configuration in ms for haproxy, used in HA configurations. If not provided, default value of 9000ms is used.
haproxy-server-timeout
(int) Server timeout configuration in ms for haproxy, used in HA configurations. If not provided, default value of 90000ms is used.
nameservers
(string) Space delimited list of nameservers. These are the nameservers that have been provided to the domain registrar in order to delegate the domain to Designate. e.g. "ns1.example.com. ns2.example.com." This config value is required for Queens and later.
neutron-domain
(string) Domain to add floating IP records to. (NOTE: This option is obsolete starting from OpenStack Mitaka release)
neutron-domain-email
(string) Email address of the person responsible for the domain. (NOTE: This option is obsolete starting from OpenStack Mitaka release)
neutron-record-format
(string) Format of floating IP global records. (NOTE: This option is obsolete starting from OpenStack Mitaka release)
%(octet0)s-%(octet1)s-%(octet2)s-%(octet3)s.%(zone)s
neutron-record-formatv6
(string) Format of floating IPv6 global records. (NOTE: This option is obsolete starting from OpenStack Mitaka release)
%(hostname)s.%(tenant_id)s.%(zone)s
nova-domain
(string) Domain to add records for new instances to (NOTE: This option is obsolete starting from OpenStack Mitaka release)
nova-domain-email
(string) Email address of the person responsible for the domain. (NOTE: This option is obsolete starting from OpenStack Mitaka release)
nova-record-format
(string) Format of floating IP global records. (NOTE: This option is obsolete starting from OpenStack Mitaka release)
%(hostname)s.%(tenant_id)s.%(zone)s
nova-record-formatv6
(string) Format of floating IPv6 global records. (NOTE: This option is obsolete starting from OpenStack Mitaka release)
%(hostname)s.%(tenant_id)s.%(zone)s
openstack-origin
(string) Repository from which to install OpenStack. May be one of the following: distro (default) ppa:somecustom/ppa (PPA name must include OpenStack Release) deb url sources entry|key id or a supported Ubuntu Cloud Archive pocket. Supported Ubuntu Cloud Archive pockets include: cloud:trusty-liberty cloud:trusty-juno cloud:trusty-kilo cloud:trusty-liberty cloud:trusty-mitaka Note that updating this setting to a source that is known to provide a later version of OpenStack will trigger a software upgrade.
distro
os-admin-hostname
(string) The hostname or address of the admin endpoints created in the keystone identity provider. . This value will be used for admin endpoints. For example, an os-admin-hostname set to 'api-admin.example.com' with ssl enabled will create the following endpoint for neutron-api: . https://api-admin.example.com:9696/
os-admin-network
(string) The IP address and netmask of the OpenStack Admin network (e.g., 192.168.0.0/24) . This network will be used for admin endpoints.
os-internal-hostname
(string) The hostname or address of the internal endpoints created in the keystone identity provider. . This value will be used for internal endpoints. For example, an os-internal-hostname set to 'api-internal.example.com' with ssl enabled will create the following endpoint for neutron-api: . https://api-internal.example.com:9696/
os-internal-network
(string) The IP address and netmask of the OpenStack Internal network (e.g., 192.168.0.0/24) . This network will be used for internal endpoints.
os-public-hostname
(string) The hostname or address of the public endpoints created in the keystone identity provider. . This value will be used for public endpoints. For example, an os-public-hostname set to 'api-public.example.com' with ssl enabled will create the following endpoint for neutron-api: . https://api-public.example.com:9696/
os-public-network
(string) The IP address and netmask of the OpenStack Public network (e.g., 192.168.0.0/24) . This network will be used for public endpoints.
region
(string) OpenStack Region
RegionOne
ssl_ca
(string) TLS CA to use to communicate with other components in a deployment. . __NOTE__: This configuration option will take precedence over any certificates received over the ``certificates`` relation.
ssl_cert
(string) TLS certificate to install and use for any listening services. . __NOTE__: This configuration option will take precedence over any certificates received over the ``certificates`` relation.
ssl_key
(string) TLS key to use with certificate specified as ``ssl_cert``. . __NOTE__: This configuration option will take precedence over any certificates received over the ``certificates`` relation.
use-internal-endpoints
(boolean) Openstack mostly defaults to using public endpoints for internal communication between services. If set to True this option will configure services to use internal endpoints where possible.
use-policyd-override
(boolean) If True then use the resource file named 'policyd-override' to install override YAML files in the service's policy.d directory. The resource file should be a ZIP file containing at least one yaml file with a .yaml or .yml extension. If False then remove the overrides.
use-syslog
(boolean) Setting this to True will allow supporting services to log to syslog.
verbose
(boolean) Enable verbose logging
vip
(string) Virtual IP(s) to use to front API services in HA configuration. If multiple networks are being used, a VIP should be provided for each network, separated by spaces.
vip_cidr
(int) Default CIDR netmask to use for HA vip when it cannot be automatically determined.
24
vip_iface
(string) Default network interface to use for HA vip when it cannot be automatically determined.
eth0
worker-multiplier
(float) The CPU core multiplier to use when configuring worker processes. By default, the number of workers for each daemon is set to twice the number of CPU cores a service unit has. When deployed in a LXD container, this default value will be capped to 4 workers unless this configuration option is set.