Commit 84be7f72 authored by Gary Wu's avatar Gary Wu Committed by Gerrit Code Review

Merge "Add vIMS heat template in demo repository"

parents cc7d0a1d c194953d
This heat template allows the deployement of the clearwater vIMS [1],
a fully functional open source vIMS solution.
The current heat template is derivated from the heat templates published
by Metaswitch [2].
Initial templates have been adapted to be VVP compliant (they are tested
through VVP linting in onap-tests repository [3])
These templates still require Ubuntu 14.04 as base image and would need some
adaptations to be upgraded with more recent ubuntu base images to perform
the userdata part at boot.
They are integrated in Orange Openlab onap-tests CI chains and part of
the non regression end to end tests used at ONAP gating for OOM [4] [5].
It has been succesfully tested on ONAP Beijing, Casablanca and Master.
Contacts: morgan.richomme AT orange.com
[1]: https://www.projectclearwater.org/
[2]: https://github.com/Metaswitch/clearwater-heat
[3]: https://gitlab.com/Orange-OpenSource/lfn/onap/onap-tests
[4]: https://gitlab.com/Orange-OpenSource/lfn/onap/xtesting-onap
[5]: https://wiki.onap.org/display/DW/OOM+Gating
parameters:
# Metadata required by ONAP
vnf_name: vIMS
vf_module_id: "654321"
vnf_id: "123456"
# Server parameters, naming required by ONAP
bono_flavor_name: "onap.medium"
bono_image_name: "ubuntu-14.04-daily"
dime_flavor_name: "onap.medium"
dime_image_name: "ubuntu-14.04-daily"
dns_flavor_name: "onap.medium"
dns_image_name: "ubuntu-14.04-daily"
ellis_flavor_name: "onap.medium"
ellis_image_name: "ubuntu-14.04-daily"
homer_flavor_name: "onap.medium"
homer_image_name: "ubuntu-14.04-daily"
robot_flavor_name: "onap.medium"
robot_image_name: "ubuntu-14.04-daily"
sprout_flavor_name: "onap.medium"
sprout_image_name: "ubuntu-14.04-daily"
vellum_flavor_name: "onap.medium"
vellum_image_name: "ubuntu-14.04-daily"
# Network parameters, naming required by ONAP
admin_plane_net_name: "admin"
# Additional parameters
clearwater_key_name: vims_demo
clearwater_pub_key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDY15cdBmIs2XOpe4EiFCsaY6bmUmK/GysMoLl4UG51JCfJwvwoWCoA+6mDIbymZxhxq9IGxilp/yTA6WQ9s/5pBag1cUMJmFuda9PjOkXl04jgqh5tR6I+GZ97AvCg93KAECis5ubSqw1xOCj4utfEUtPoF1OuzqM/lE5mY4N6VKXn+fT7pCD6cifBEs6JHhVNvs5OLLp/tO8Pa3kKYQOdyS0xc3rh+t2lrzvKUSWGZbX+dLiFiEpjsUL3tDqzkEMNUn4pdv69OJuzWHCxRWPfdrY9Wg0j3mJesP29EBht+w+EC9/kBKq+1VKdmsXUXAcjEvjovVL8l1BrX3BY0R8D imported-openssh-key
repo_url: "http://repo.cw-ngv.com/stable"
dnssec_key: "9FPdYTWhk5+LbhrqtTPQKw=="
dn_range_length: "10000"
dn_range_start: "2425550000"
zone: "vimstest.onap.org"
This diff is collapsed.
# Project Clearwater - IMS in the Cloud
# Copyright (C) 2015 Metaswitch Networks Ltd
#
# This program is free software: you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by the
# Free Software Foundation, either version 3 of the License, or (at your
# option) any later version, along with the "Special Exception" for use of
# the program along with SSL, set forth below. This program is distributed
# in the hope that it will be useful, but WITHOUT ANY WARRANTY;
# without even the implied warranty of MERCHANTABILITY or FITNESS FOR
# A PARTICULAR PURPOSE. See the GNU General Public License for more
# details. You should have received a copy of the GNU General Public
# License along with this program. If not, see
# <http://www.gnu.org/licenses/>.
#
# The author can be reached by email at clearwater@metaswitch.com or by
# post at Metaswitch Networks Ltd, 100 Church St, Enfield EN2 6BQ, UK
#
# Special Exception
# Metaswitch Networks Ltd grants you permission to copy, modify,
# propagate, and distribute a work formed by combining OpenSSL with The
# Software, or a work derivative of such a combination, even if such
# copying, modification, propagation, or distribution would otherwise
# violate the terms of the GPL. You must comply with the GPL in all
# respects for all of the code used other than OpenSSL.
# "OpenSSL" means OpenSSL toolkit software distributed by the OpenSSL
# Project and licensed under the OpenSSL Licenses, or a work based on such
# software and licensed under the OpenSSL Licenses.
# "OpenSSL Licenses" means the OpenSSL License and Original SSLeay License
# under which the OpenSSL Project distributes the OpenSSL toolkit software,
# as those licenses appear in the file LICENSE-OPENSSL.
heat_template_version: 2014-10-16
description: >
Clearwater Bono node
parameters:
vnf_name:
type: string
label: VNF ID
description: The VNF name provided by ONAP
vnf_id:
type: string
label: VNF ID
description: The VNF ID provided by ONAP
vf_module_id:
type: string
label: VNF module ID
description: The VNF module ID provided by ONAP
public_net_id:
type: string
description: ID of public network
constraints:
- custom_constraint: neutron.network
description: Must be a valid network ID
bono_flavor_name:
type: string
description: Flavor to use
constraints:
- custom_constraint: nova.flavor
description: Must be a valid flavor name
bono_image_name:
type: string
description: Name of image to use
key_name:
type: string
description: Name of keypair to assign
constraints:
- custom_constraint: nova.keypair
description: Must be a valid keypair name
repo_url:
type: string
description: URL for Clearwater repository
zone:
type: string
description: DNS zone
dns_ip:
type: string
description: IP address for DNS server on management network
dnssec_key:
type: string
description: DNSSEC private key (Base64-encoded)
constraints:
- allowed_pattern: "[0-9A-Za-z+/=]+"
description: Must be Base64-encoded
etcd_ip:
type: string
description: IP address of an existing member of the etcd cluster
resources:
bono_random_str:
type: OS::Heat::RandomString
properties:
length: 4
bono_Sec_Grp:
type: OS::Neutron::SecurityGroup
properties:
description: security group
name:
str_replace:
template: pre_base_rand
params:
pre: bono_sg_
base: { get_param: vnf_name }
rand: { get_resource: bono_random_str }
rules: [
{remote_ip_prefix: 0.0.0.0/0, protocol: tcp, port_range_min: 22, port_range_max: 22},
{remote_ip_prefix: 0.0.0.0/0, protocol: udp, port_range_min: 161, port_range_max: 162},
{remote_ip_prefix: 0.0.0.0/0, protocol: tcp, port_range_min: 2380, port_range_max: 2380},
{remote_ip_prefix: 0.0.0.0/0, protocol: tcp, port_range_min: 4000, port_range_max: 4000},
{remote_ip_prefix: 0.0.0.0/0, protocol: tcp, port_range_min: 3478, port_range_max: 3478},
{remote_ip_prefix: 0.0.0.0/0, protocol: udp, port_range_min: 3478, port_range_max: 3478},
{remote_ip_prefix: 0.0.0.0/0, protocol: tcp, port_range_min: 5060, port_range_max: 5060},
{remote_ip_prefix: 0.0.0.0/0, protocol: udp, port_range_min: 5060, port_range_max: 5060},
{remote_ip_prefix: 0.0.0.0/0, protocol: tcp, port_range_min: 5062, port_range_max: 5062},
{remote_ip_prefix: 0.0.0.0/0, protocol: udp, port_range_min: 32768, port_range_max: 65535},
{remote_ip_prefix: 0.0.0.0/0, protocol: tcp, port_range_min: 5058, port_range_max: 5058},
{remote_ip_prefix: 0.0.0.0/0, protocol: icmp}]
bono_admin_port_0:
type: OS::Neutron::Port
properties:
name:
str_replace:
template: pre_base_rand
params:
pre: bono_admin_
base: { get_param: vnf_name }
rand: { get_resource: bono_random_str }
network: { get_param: public_net_id }
security_groups: [{ get_resource: bono_Sec_Grp }]
bono_server_0:
type: OS::Nova::Server
properties:
name:
str_replace:
template: pre_base_rand
params:
pre: bono_
base: { get_param: vnf_name }
rand: { get_resource: bono_random_str }
image: { get_param: bono_image_name }
flavor: { get_param: bono_flavor_name }
key_name: { get_param: key_name }
networks:
- port: { get_resource: bono_admin_port_0 }
metadata: {vnf_id: { get_param: vnf_id }, vf_module_id: { get_param: vf_module_id }, vnf_name: { get_param: vnf_name }}
user_data_format: RAW
user_data:
str_replace:
params:
__repo_url__: { get_param: repo_url }
__zone__: { get_param: zone }
__dns_ip__: { get_param: dns_ip }
__dnssec_key__: { get_param: dnssec_key }
__etcd_ip__ : { get_param: etcd_ip }
__index__ : 0
template: |
#!/bin/bash
# Log all output to file.
exec > >(tee -a /var/log/clearwater-heat-bono.log) 2>&1
set -x
# Configure the APT software source.
echo 'deb __repo_url__ binary/' > /etc/apt/sources.list.d/clearwater.list
curl -L http://repo.cw-ngv.com/repo_key | apt-key add -
apt-get update
# Get the public IP address from eth0
sudo apt-get install ipcalc
ADDR=`ip addr show eth0 | awk '/inet /{print $2}'`
PUBLIC_ADDR=`ipcalc -n -b $ADDR | awk '/Address:/{print $2}'`
# Configure /etc/clearwater/local_config.
mkdir -p /etc/clearwater
etcd_ip=__etcd_ip__
[ -n "$etcd_ip" ] || etcd_ip=$PUBLIC_ADDR
cat > /etc/clearwater/local_config << EOF
management_local_ip=$PUBLIC_ADDR
local_ip=$PUBLIC_ADDR
public_ip=$PUBLIC_ADDR
public_hostname=__index__.bono.__zone__
etcd_cluster=$etcd_ip
EOF
# Now install the software.
DEBIAN_FRONTEND=noninteractive apt-get install bono restund --yes --force-yes
DEBIAN_FRONTEND=noninteractive apt-get install clearwater-management --yes --force-yes
# Function to give DNS record type and IP address for specified IP address
ip2rr() {
if echo $1 | grep -q -e '[^0-9.]' ; then
echo AAAA $1
else
echo A $1
fi
}
# Update DNS
retries=0
while ! { nsupdate -y "__zone__:__dnssec_key__" -v << EOF
server __dns_ip__
update add bono-__index__.__zone__. 30 $(ip2rr $PUBLIC_ADDR)
update add __index__.bono.__zone__. 30 $(ip2rr $PUBLIC_ADDR)
update add __zone__. 30 $(ip2rr $PUBLIC_ADDR)
update add __zone__. 30 NAPTR 0 0 "s" "SIP+D2T" "" _sip._tcp.__zone__.
update add __zone__. 30 NAPTR 0 0 "s" "SIP+D2U" "" _sip._udp.__zone__.
update add _sip._tcp.__zone__. 30 SRV 0 0 5060 __index__.bono.__zone__.
update add _sip._udp.__zone__. 30 SRV 0 0 5060 __index__.bono.__zone__.
send
EOF
} && [ $retries -lt 10 ]
do
retries=$((retries + 1))
echo 'nsupdate failed - retrying (retry '$retries')...'
sleep 5
done
# Use the DNS server.
echo 'nameserver __dns_ip__' > /etc/dnsmasq.resolv.conf
echo 'RESOLV_CONF=/etc/dnsmasq.resolv.conf' >> /etc/default/dnsmasq
service dnsmasq force-reload
outputs:
bono_ip:
description: IP address in public network
value: { get_attr: [ bono_server_0, networks, { get_param: public_net_id }, 0 ] }
# Project Clearwater - IMS in the Cloud
# Copyright (C) 2015 Metaswitch Networks Ltd
#
# This program is free software: you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by the
# Free Software Foundation, either version 3 of the License, or (at your
# option) any later version, along with the "Special Exception" for use of
# the program along with SSL, set forth below. This program is distributed
# in the hope that it will be useful, but WITHOUT ANY WARRANTY;
# without even the implied warranty of MERCHANTABILITY or FITNESS FOR
# A PARTICULAR PURPOSE. See the GNU General Public License for more
# details. You should have received a copy of the GNU General Public
# License along with this program. If not, see
# <http://www.gnu.org/licenses/>.
#
# The author can be reached by email at clearwater@metaswitch.com or by
# post at Metaswitch Networks Ltd, 100 Church St, Enfield EN2 6BQ, UK
#
# Special Exception
# Metaswitch Networks Ltd grants you permission to copy, modify,
# propagate, and distribute a work formed by combining OpenSSL with The
# Software, or a work derivative of such a combination, even if such
# copying, modification, propagation, or distribution would otherwise
# violate the terms of the GPL. You must comply with the GPL in all
# respects for all of the code used other than OpenSSL.
# "OpenSSL" means OpenSSL toolkit software distributed by the OpenSSL
# Project and licensed under the OpenSSL Licenses, or a work based on such
# software and licensed under the OpenSSL Licenses.
# "OpenSSL Licenses" means the OpenSSL License and Original SSLeay License
# under which the OpenSSL Project distributes the OpenSSL toolkit software,
# as those licenses appear in the file LICENSE-OPENSSL.
heat_template_version: 2014-10-16
description: >
Clearwater dime node
parameters:
vnf_name:
type: string
label: VNF ID
description: The VNF name provided by ONAP
vnf_id:
type: string
label: VNF ID
description: The VNF ID provided by ONAP
vf_module_id:
type: string
label: VNF module ID
description: The VNF module ID provided by ONAP
public_net_id:
type: string
description: ID of public network
constraints:
- custom_constraint: neutron.network
description: Must be a valid network ID
dime_flavor_name:
type: string
description: Flavor to use
constraints:
- custom_constraint: nova.flavor
description: Must be a valid flavor name
dime_image_name:
type: string
description: Name of image to use
key_name:
type: string
description: Name of keypair to assign
constraints:
- custom_constraint: nova.keypair
description: Must be a valid keypair name
repo_url:
type: string
description: URL for Clearwater repository
zone:
type: string
description: DNS zone
dns_ip:
type: string
description: IP address for DNS server
dnssec_key:
type: string
description: DNSSEC private key (Base64-encoded)
constraints:
- allowed_pattern: "[0-9A-Za-z+/=]+"
description: Must be Base64-encoded
etcd_ip:
type: string
description: IP address of an existing member of the etcd cluster
resources:
dime_random_str:
type: OS::Heat::RandomString
properties:
length: 4
dime_security_group:
type: OS::Neutron::SecurityGroup
properties:
description: security group
name:
str_replace:
template: pre_base_rand
params:
pre: dime_sg_
base: { get_param: vnf_name }
rand: { get_resource: dime_random_str }
rules: [
{remote_ip_prefix: 0.0.0.0/0, protocol: tcp, port_range_min: 22, port_range_max: 22},
{remote_ip_prefix: 0.0.0.0/0, protocol: udp, port_range_min: 161, port_range_max: 162},
{remote_ip_prefix: 0.0.0.0/0, protocol: tcp, port_range_min: 2380, port_range_max: 2380},
{remote_ip_prefix: 0.0.0.0/0, protocol: tcp, port_range_min: 4000, port_range_max: 4000},
{remote_ip_prefix: 0.0.0.0/0, protocol: tcp, port_range_min: 8888, port_range_max: 8888},
{remote_ip_prefix: 0.0.0.0/0, protocol: tcp, port_range_min: 8889, port_range_max: 8889},
{remote_ip_prefix: 0.0.0.0/0, protocol: tcp, port_range_min: 10888, port_range_max: 10888},
{remote_ip_prefix: 0.0.0.0/0, protocol: icmp}]
dime_admin_port_0:
type: OS::Neutron::Port
properties:
name:
str_replace:
template: pre_base_rand
params:
pre: dime_admin_port_0_
base: { get_param: vnf_name }
rand: { get_resource: dime_random_str }
network: { get_param: public_net_id }
security_groups: [{ get_resource: dime_security_group }]
dime_server_0:
type: OS::Nova::Server
properties:
name:
str_replace:
template: pre_base_rand
params:
pre: dime_server_0_
base: { get_param: vnf_name }
rand: { get_resource: dime_random_str }
image: { get_param: dime_image_name }
flavor: { get_param: dime_flavor_name }
key_name: { get_param: key_name }
networks:
- port: { get_resource: dime_admin_port_0 }
metadata: {vnf_id: { get_param: vnf_id }, vf_module_id: { get_param: vf_module_id }, vnf_name: { get_param: vnf_name }}
user_data_format: RAW
user_data:
str_replace:
params:
__repo_url__: { get_param: repo_url }
__zone__: { get_param: zone }
__dns_ip__: { get_param: dns_ip }
__dnssec_key__: { get_param: dnssec_key }
__etcd_ip__ : { get_param: etcd_ip }
__index__ : 0
template: |
#!/bin/bash
# Log all output to file.
exec > >(tee -a /var/log/clearwater-heat-dime.log) 2>&1
set -x
# Configure the APT software source.
echo 'deb __repo_url__ binary/' > /etc/apt/sources.list.d/clearwater.list
curl -L http://repo.cw-ngv.com/repo_key | apt-key add -
apt-get update
# Get the public IP address from eth0
sudo apt-get install ipcalc
ADDR=`ip addr show eth0 | awk '/inet /{print $2}'`
PUBLIC_ADDR=`ipcalc -n -b $ADDR | awk '/Address:/{print $2}'`
# Configure /etc/clearwater/local_config.
mkdir -p /etc/clearwater
etcd_ip=__etcd_ip__
[ -n "$etcd_ip" ] || etcd_ip=$PUBLIC_ADDR
cat > /etc/clearwater/local_config << EOF
management_local_ip=$PUBLIC_ADDR
local_ip=$PUBLIC_ADDR
public_ip=$PUBLIC_ADDR
public_hostname=dime-__index__.__zone__
etcd_cluster=$etcd_ip
EOF
# Now install the software.
DEBIAN_FRONTEND=noninteractive apt-get install dime clearwater-prov-tools --yes --force-yes
DEBIAN_FRONTEND=noninteractive apt-get install clearwater-management --yes --force-yes
# Function to give DNS record type and IP address for specified IP address
ip2rr() {
if echo $1 | grep -q -e '[^0-9.]' ; then
echo AAAA $1
else
echo A $1
fi
}
# Update DNS
retries=0
while ! { nsupdate -y "__zone__:__dnssec_key__" -v << EOF
server __dns_ip__
update add dime-__index__.__zone__. 30 $(ip2rr $PUBLIC_ADDR)
update add dime.__zone__. 30 $(ip2rr $PUBLIC_ADDR)
update add hs.__zone__. 30 $(ip2rr $PUBLIC_ADDR)
update add ralf.__zone__. 30 $(ip2rr $PUBLIC_ADDR)
send
EOF
} && [ $retries -lt 10 ]
do
retries=$((retries + 1))
echo 'nsupdate failed - retrying (retry '$retries')...'
sleep 5
done
# Use the DNS server.
echo 'nameserver __dns_ip__' > /etc/dnsmasq.resolv.conf
echo 'RESOLV_CONF=/etc/dnsmasq.resolv.conf' >> /etc/default/dnsmasq
service dnsmasq force-reload
outputs:
dime_ip:
description: IP address in public network
value: { get_attr: [ dime_server_0, networks, { get_param: public_net_id }, 0 ] }
# Project Clearwater - IMS in the Cloud
# Copyright (C) 2015 Metaswitch Networks Ltd
#
# This program is free software: you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by the
# Free Software Foundation, either version 3 of the License, or (at your
# option) any later version, along with the "Special Exception" for use of
# the program along with SSL, set forth below. This program is distributed
# in the hope that it will be useful, but WITHOUT ANY WARRANTY;
# without even the implied warranty of MERCHANTABILITY or FITNESS FOR
# A PARTICULAR PURPOSE. See the GNU General Public License for more
# details. You should have received a copy of the GNU General Public
# License along with this program. If not, see
# <http://www.gnu.org/licenses/>.
#
# The author can be reached by email at clearwater@metaswitch.com or by
# post at Metaswitch Networks Ltd, 100 Church St, Enfield EN2 6BQ, UK
#
# Special Exception
# Metaswitch Networks Ltd grants you permission to copy, modify,
# propagate, and distribute a work formed by combining OpenSSL with The
# Software, or a work derivative of such a combination, even if such
# copying, modification, propagation, or distribution would otherwise
# violate the terms of the GPL. You must comply with the GPL in all
# respects for all of the code used other than OpenSSL.
# "OpenSSL" means OpenSSL toolkit software distributed by the OpenSSL
# Project and licensed under the OpenSSL Licenses, or a work based on such
# software and licensed under the OpenSSL Licenses.
# "OpenSSL Licenses" means the OpenSSL License and Original SSLeay License
# under which the OpenSSL Project distributes the OpenSSL toolkit software,
# as those licenses appear in the file LICENSE-OPENSSL.
heat_template_version: 2014-10-16
description: >
DNS server exposing dynamic DNS using DNSSEC
parameters:
vnf_name:
type: string
label: VNF ID
description: The VNF name provided by ONAP
vnf_id:
type: string
label: VNF ID
description: The VNF ID provided by ONAP
vf_module_id:
type: string
label: VNF module ID
description: The VNF module ID provided by ONAP
public_net_id:
type: string
description: ID of public network
constraints:
- custom_constraint: neutron.network
description: Must be a valid network ID
dns_name_0:
type: string
description: Name of server to use
dns_flavor_name:
type: string
description: Flavor to use
constraints:
- custom_constraint: nova.flavor
description: Must be a valid flavor name
dns_image_name:
type: string
description: Name of image to use
key_name:
type: string
description: Name of keypair to assign
constraints:
- custom_constraint: nova.keypair
description: Must be a valid keypair name
zone:
type: string
description: DNS zone
dnssec_key:
type: string
description: DNSSEC private key (Base64-encoded)
resources:
dns_random_str:
type: OS::Heat::RandomString
properties:
length: 4
dns_security_group:
type: OS::Neutron::SecurityGroup
properties:
description: security group
name:
str_replace:
template: pre_base_rand
params:
pre: dns_sg_
base: { get_param: vnf_name }
rand: { get_resource: dns_random_str }
rules: [
{remote_ip_prefix: 0.0.0.0/0, protocol: tcp, port_range_min: 22, port_range_max: 22},
{remote_ip_prefix: 0.0.0.0/0, protocol: tcp, port_range_min: 53, port_range_max: 53},
{remote_ip_prefix: 0.0.0.0/0, protocol: udp, port_range_min: 53, port_range_max: 53},
{remote_ip_prefix: 0.0.0.0/0, protocol: icmp}]
dns_admin_port_0:
type: OS::Neutron::Port
properties:
name:
str_replace:
template: base_rand
params:
base: dns_admin_port_0
rand: { get_resource: dns_random_str }
network: { get_param: public_net_id }
security_groups: [{ get_resource: dns_security_group }]
dns_server_0:
type: OS::Nova::Server
properties:
name:
str_replace:
template: pre_base_rand
params:
pre: dns_server_0_
base: { get_param: vnf_name }
rand: { get_resource: dns_random_str }
image: { get_param: dns_image_name }
flavor: { get_param: dns_flavor_name }
key_name: { get_param: key_name }
networks:
- port: { get_resource: dns_admin_port_0 }
metadata: {vnf_id: { get_param: vnf_id }, vf_module_id: { get_param: vf_module_id }, vnf_name: { get_param: vnf_name }}
user_data_format: RAW
user_data:
str_replace:
params:
__zone__: { get_param: zone }
__dnssec_key__: { get_param: dnssec_key }
template: |
#!/bin/bash
# Log all output to file.
exec > >(tee -a /var/log/clearwater-heat-dns.log) 2>&1
set -x
# Install BIND.
apt-get update
DEBIAN_FRONTEND=noninteractive apt-get install bind9 --yes
# Get the IP address from eth0
sudo apt-get install ipcalc
ADDR=`ip addr show eth0 | awk '/inet /{print $2}'`
PUBLIC_ADDR=`ipcalc -n -b $ADDR | awk '/Address:/{print $2}'`
# Update BIND configuration with the specified zone and key.
cat >> /etc/bind/named.conf.local << EOF
key __zone__. {properties
algorithm "HMAC-MD5";
secret "__dnssec_key__";
};
zone "__zone__" IN {
type master;
file "/var/lib/bind/db.__zone__";
allow-update {
key __zone__.;
};
};
EOF
# Function to give DNS record type and IP address for specified IP address
ip2rr() {
if echo $1 | grep -q -e '[^0-9.]' ; then
echo AAAA $1
else
echo A $1
fi
}
# Create basic zone configuration.
cat > /var/lib/bind/db.__zone__ << EOF
\$ORIGIN __zone__.
\$TTL 1h
@ IN SOA ns admin\@__zone__. ( $(date +%Y%m%d%H) 1d 2h 1w 30s )
@ NS ns
ns $(ip2rr $PUBLIC_ADDR)
EOF
chown root:bind /var/lib/bind/db.__zone__
# Now that BIND configuration is correct, kick it to reload.
service bind9 reload
outputs:
dns_ip:
description: IP address of DNS server
value: { get_attr: [ dns_server_0, networks, { get_param: public_net_id }, 0 ] }
zone:
description: DNS zone
value: { get_param: zone }
dnssec_key:
description: DNSSEC private key (Base64-encoded)
value: { get_param: dnssec_key }
This diff is collapsed.
# Project Clearwater - IMS in the Cloud
# Copyright (C) 2015 Metaswitch Networks Ltd
#
# This program is free software: you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by the
# Free Software Foundation, either version 3 of the License, or (at your
# option) any later version, along with the "Special Exception" for use of
# the program along with SSL, set forth below. This program is distributed
# in the hope that it will be useful, but WITHOUT ANY WARRANTY;
# without even the implied warranty of MERCHANTABILITY or FITNESS FOR
# A PARTICULAR PURPOSE. See the GNU General Public License for more
# details. You should have received a copy of the GNU General Public
# License along with this program. If not, see
# <http://www.gnu.org/licenses/>.
#
# The author can be reached by email at clearwater@metaswitch.com or by
# post at Metaswitch Networks Ltd, 100 Church St, Enfield EN2 6BQ, UK
#
# Special Exception
# Metaswitch Networks Ltd grants you permission to copy, modify,
# propagate, and distribute a work formed by combining OpenSSL with The
# Software, or a work derivative of such a combination, even if such
# copying, modification, propagation, or distribution would otherwise
# violate the terms of the GPL. You must comply with the GPL in all
# respects for all of the code used other than OpenSSL.