Designate/Blueprints/IPABackend
< Designate | Blueprints
Overview
| Gerrit Patch | [] |
|---|---|
| Launchpad Blueprint | [1] |
Summary
This implements support for using FreeIPA as a backend. FreeIPA has full support for DNS, using the JSON RPC interface for dnszone (domain) and dnsrecord commands.
Requirements
- python-kerberos 1.1 or later
- MIT kerberos5 version 1.11.3 or later
- A FreeIPA deployment, with an account that has access to manage the DNS portion. The admin@DOMAIN account can be used for testing, but is not recommended for production. You must generate a keytab file for this account, and Designate Central must have read access to the keytab file.
- The CA cert file from FreeIPA (default /etc/ipa/ca.crt).
API Changes
None
One Per Change
| Verb | Resource | Description |
|---|---|---|
| GET | /resource | Description of call |
| GET | /resource/{id} | Description of call |
Database Changes
Description of Changes to DB schemas
eg -
| Name | Data Type | Length | Nullable | Details |
|---|---|---|---|---|
| id | VARCHAR | 36 | False | Primary Key, Generated UUID |
| name | VARCHAR | 255 | False | Domain name to be blacklisted |
| version | INTEGER | - | False | Designate API version |
| created_at | DATETIME | - | False | UTC time of creation |
| updated_at | DATETIME | - | True | UTC time of creation |
| description | VARCHAR | 160 | True | UTF-8 text field |
