Difference between revisions of "Designate/Blueprints/IPABackend"
< Designate | Blueprints
(→Overview) |
(→API Changes) |
||
| Line 11: | Line 11: | ||
This implements support for using FreeIPA as a backend. FreeIPA has full support for DNS, using the JSON RPC interface for dnszone (domain) and dnsrecord commands. | This implements support for using FreeIPA as a backend. FreeIPA has full support for DNS, using the JSON RPC interface for dnszone (domain) and dnsrecord commands. | ||
| + | |||
| + | == Requirements == | ||
| + | * python-kerberos 1.1 or later | ||
| + | * MIT kerberos5 version 1.11.3 or later | ||
| + | * A FreeIPA deployment, with an account that has access to manage the DNS portion. The admin@DOMAIN account can be used for testing, but is not recommended for production. You must generate a keytab file for this account, and Designate Central must have read access to the keytab file. | ||
| + | * The CA cert file from FreeIPA (default /etc/ipa/ca.crt). | ||
== API Changes == | == API Changes == | ||
| − | + | None | |
=== One Per Change === | === One Per Change === | ||
| Line 25: | Line 31: | ||
| GET || /resource/{id} || Description of call | | GET || /resource/{id} || Description of call | ||
|} | |} | ||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
== Database Changes == | == Database Changes == | ||
Revision as of 21:26, 2 April 2014
Overview
| Gerrit Patch | [] |
|---|---|
| Launchpad Blueprint | [1] |
Summary
This implements support for using FreeIPA as a backend. FreeIPA has full support for DNS, using the JSON RPC interface for dnszone (domain) and dnsrecord commands.
Requirements
- python-kerberos 1.1 or later
- MIT kerberos5 version 1.11.3 or later
- A FreeIPA deployment, with an account that has access to manage the DNS portion. The admin@DOMAIN account can be used for testing, but is not recommended for production. You must generate a keytab file for this account, and Designate Central must have read access to the keytab file.
- The CA cert file from FreeIPA (default /etc/ipa/ca.crt).
API Changes
None
One Per Change
| Verb | Resource | Description |
|---|---|---|
| GET | /resource | Description of call |
| GET | /resource/{id} | Description of call |
Database Changes
Description of Changes to DB schemas
eg -
| Name | Data Type | Length | Nullable | Details |
|---|---|---|---|---|
| id | VARCHAR | 36 | False | Primary Key, Generated UUID |
| name | VARCHAR | 255 | False | Domain name to be blacklisted |
| version | INTEGER | - | False | Designate API version |
| created_at | DATETIME | - | False | UTC time of creation |
| updated_at | DATETIME | - | True | UTC time of creation |
| description | VARCHAR | 160 | True | UTF-8 text field |
