Page MenuHomePhabricator

Create some mechanism for instances in projects to modify the project Designate records
Closed, ResolvedPublic

Description

See parent - to automate ACME DNS-01 challenges we'll need a user in Keystone that can manage Designate records for the project, and be logged into from within the labs instances network.

Event Timeline

(alternatively we could just not use designate and instead run our own DNS server and stick an NS record in designate, but that kind of sucks)

Might also be worth looking into TSIG, dunno if what we run (pdns IIRC?) supports it in a way we can easily configure or not

https://developer.openstack.org/api-ref/dns/#tsigkey

Ottomata triaged this task as Medium priority.Jan 16 2018, 7:43 PM