Merge "Integrate designate with neutron"

ansible/group_vars/all.yml

@@ -118,6 +118,7 @@ storage_interface: "{{ network_interface }}"
 cluster_interface: "{{ network_interface }}"
 tunnel_interface: "{{ network_interface }}"
 bifrost_network_interface: "{{ network_interface }}"
+dns_interface: "{{ network_interface }}"
 tunnel_interface_address: "{{ hostvars[inventory_hostname]['ansible_' + tunnel_interface]['ipv4']['address'] }}"
 
 # Valid options are [ openvswitch, linuxbridge, sfc ]
@@ -361,6 +362,7 @@ enable_watcher: "no"
 ironic_keystone_user: "ironic"
 neutron_keystone_user: "neutron"
 nova_keystone_user: "nova"
+designate_keystone_user: "designate"
 
 # Nova fake driver and the number of fake driver per compute node
 enable_nova_fake: "no"

ansible/roles/designate/tasks/precheck.yml

@@ -21,7 +21,7 @@
 
 - name: Checking free port for designate mdns
   wait_for:
-    host: "{{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}"
+    host: "{{ hostvars[inventory_hostname]['ansible_' + dns_interface]['ipv4']['address'] }}"
     port: "{{ designate_mdns_port }}"
     connect_timeout: 1
     state: stopped

ansible/roles/designate/templates/designate.conf.j2

@@ -39,7 +39,7 @@ enabled_notification_handlers = nova_fixed, neutron_floatingip
 workers = {{ openstack_service_workers }}
 
 [service:mdns]
-listen = {{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}:{{ designate_mdns_port }}
+listen = {{ hostvars[inventory_hostname]['ansible_' + dns_interface]['ipv4']['address'] }}:{{ designate_mdns_port }}
 workers = {{ openstack_service_workers }}
 
 [service:worker]
@@ -66,18 +66,30 @@ max_retries = 10
 idle_timeout = 3600
 
 [handler:nova_fixed]
+#NOTE: zone_id must be manually filled an ID from openstack zone list
+zone_id =
 notification_topics = notifications_designate
 control_exchange = nova
-format = '(display_name)s.%(domain)s'
+formatv4 = '%(octet0)s-%(octet1)s-%(octet2)s-%(octet3)s.%(zone)s'
+formatv4 = '%(hostname)s.%(project)s.%(zone)s'
+formatv4 = '%(hostname)s.%(zone)s'
+formatv6 = '%(hostname)s.%(zone)s'
+formatv6 = '%(hostname)s.%(project)s.%(zone)s'
 
 [handler:neutron_floatingip]
+#NOTE: zone_id must be manually filled an ID from openstack zone list
+zone_id =
 notification_topics = notifications_designate
 control_exchange = neutron
-format = '%(octet0)s-%(octet1)s-%(octet2)s-%(octet3)s.%(domain)s'
+formatv4 = '%(octet0)s-%(octet1)s-%(octet2)s-%(octet3)s.%(zone)s'
+formatv4 = '%(hostname)s.%(project)s.%(zone)s'
+formatv4 = '%(hostname)s.%(zone)s'
+formatv6 = '%(hostname)s.%(zone)s'
+formatv6 = '%(hostname)s.%(project)s.%(zone)s'
 
 [oslo_messaging_notifications]
 topics = notifications_designate
-driver = messaging
+driver = messagingv2
 
 [oslo_messaging_rabbit]
 rabbit_userid = {{ rabbitmq_user }}

ansible/roles/neutron/defaults/main.yml

@@ -73,3 +73,16 @@ neutron_logging_debug: "{{ openstack_logging_debug }}"
 neutron_bridge_name: "br-ex"
 
 openstack_neutron_auth: "{{ openstack_auth }}"
+
+####################
+# Extension drivers
+####################
+extension_drivers:
+  - name: "qos"
+    enabled: "{{ enable_neutron_qos | bool }}"
+  - name: "port_security"
+    enabled: "{{ enable_tacker | bool or enable_designate | bool }}"
+  - name: "dns"
+    enabled: "{{ enable_designate | bool }}"
+
+neutron_extension_drivers: "{{ extension_drivers|selectattr('enabled', 'equalto', true)|list }}"

ansible/roles/neutron/templates/ml2_conf.ini.j2

@@ -15,12 +15,8 @@ mechanism_drivers = openvswitch,l2population
 mechanism_drivers = linuxbridge,l2population
 {% endif %}
 
-{% if enable_neutron_qos | bool %}
+{% if extension_drivers %}
-extension_drivers = qos
+extension_drivers = {{ neutron_extension_drivers|map(attribute='name')|join(',') }} 
-{% endif %}
-
-{% if enable_tacker | bool %}
-extension_drivers = port_security
 {% endif %}
 
 [ml2_type_vlan]

ansible/roles/neutron/templates/neutron.conf.j2

@@ -50,6 +50,11 @@ transport_url = rabbit://{% for host in groups['rabbitmq'] %}{{ rabbitmq_user }}
 router_distributed = True
 {% endif %}
 
+{% if enable_designate | bool %}
+dns_domain = {{ designate_ns_record }}.
+external_dns_driver = designate
+{% endif %}
+
 [nova]
 auth_url = {{ keystone_admin_url }}
 auth_type = password
@@ -109,3 +114,19 @@ drivers = ovs
 [octavia]
 base_url = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ octavia_api_port }}
 {% endif %}
+
+{% if enable_designate | bool %}
+[designate]
+url = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ designate_api_port }}/v2
+auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}
+auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
+auth_type = password
+project_domain_id = default
+user_domain_id = default
+project_name = service
+username = {{ designate_keystone_user }}
+password = {{ designate_keystone_password }}
+allow_reverse_dns_lookup = True
+ipv4_ptr_zone_prefix_size = 24
+ipv6_ptr_zone_prefix_size = 116
+{% endif %}

doc/designate-guide.rst

@@ -0,0 +1,122 @@
+.. _designate-guide:
+
+==================
+Designate in Kolla
+==================
+
+Overview
+========
+Designate provides DNSaaS services for OpenStack:
+
+  -  REST API for domain/record management
+  -  Multi-tenant
+  -  Integrated with Keystone for authentication
+  -  Framework in place to integrate with Nova and Neutron
+     notifications (for auto-generated records)
+  -  Support for PowerDNS and Bind9 out of the box
+
+Configuration on Kolla deployment
+---------------------------------
+
+Enable Designate service in ``/etc/kolla/globals.yml``
+
+.. code-block:: console
+
+    enable_designate: "yes"
+
+Configure Designate options in ``/etc/kolla/globals.yml``
+
+.. important::
+
+    Designate MDNS node requires the ``dns_interface`` to be reachable from
+    public network.
+
+.. code-block:: console
+
+    dns_interface: "eth1"
+    designate_backend: "bind9"
+    designate_ns_record: "sample.openstack.org"
+
+Neutron and Nova Integration
+----------------------------
+
+Create default Designate Zone for Neutron:
+
+.. code-block:: console
+
+    $ openstack zone create --email admin@sample.openstack.org sample.openstack.org.
+
+Create designate-sink custom configuration folder:
+
+.. code-block:: console
+
+   $ mkdir -p /etc/kolla/config/designate/designate-sink/
+
+Append Designate Zone ID in ``/etc/kolla/config/designate/designate-sink.conf``
+
+.. code-block:: console
+
+    [handler:nova_fixed]
+    zone_id = <ZONE_ID>
+    [handler:neutron_floatingip]
+    zone_id = <ZONE_ID>
+
+Reconfigure Designate:
+
+.. code-block:: console
+
+    $ kolla-ansible reconfigure -i <INVENTORY_FILE> --tags designate
+
+Verify operation
+----------------
+
+List available networks:
+
+.. code-block:: console
+
+    $ neutron net-list
+
+Associate a domain to a network:
+
+.. code-block:: console
+
+    $ neutron net-update <NETWORK_ID> --dns_domain sample.openstack.org.
+
+Start an instance:
+
+.. code-block:: console
+
+    $ openstack server create \
+      --image cirros \
+      --flavor m1.tiny \
+      --key-name mykey \
+      --nic net-id=${NETWORK_ID} \
+      my-vm
+
+Check DNS records in Designate:
+
+.. code-block:: console
+
+    $ designate record-list sample.openstack.org.
+    +--------------------------------------+------+---------------------------------------+---------------------------------------------+
+    | id                                   | type | name                                  | data                                        |
+    +--------------------------------------+------+---------------------------------------+---------------------------------------------+
+    | 5aec6f5b-2121-4a2e-90d7-9e4509f79506 | SOA  | sample.openstack.org.                 | sample.openstack.org.                       |
+    |                                      |      |                                       | admin.sample.openstack.org. 1485266928 3514 |
+    |                                      |      |                                       | 600 86400 3600                              |
+    | 578dc94a-df74-4086-a352-a3b2db9233ae | NS   | sample.openstack.org.                 | sample.openstack.org.                       |
+    | de9ff01e-e9ef-4a0f-88ed-6ec5ecabd315 | A    | 192-168-190-232.sample.openstack.org. | 192.168.190.232                             |
+    | f67645ee-829c-4154-a988-75341050a8d6 | A    | my-vm.None.sample.openstack.org.      | 192.168.190.232                             |
+    | e5623d73-4f9f-4b54-9045-b148e0c3342d | A    | my-vm.sample.openstack.org.           | 192.168.190.232                             |
+    +--------------------------------------+------+---------------------------------------+---------------------------------------------+
+
+Query instance DNS information to Designate ``dns_interface`` IP address:
+
+.. code-block:: console
+
+    $ dig +short -p 5354 @<DNS_INTERFACE_IP> my-vm.sample.openstack.org. A
+    192.168.190.232
+
+For more information about how Designate works, see
+`Designate, a DNSaaS component for OpenStack
+<http://docs.openstack.org/developer/designate>`__.

doc/index.rst

@@ -66,6 +66,7 @@ Kolla Services
    external-ceph-guide
    cinder-guide
    cinder-guide-hnas
+   designate-guide
    ironic-guide
    manila-guide
    manila-hnas-guide

etc/kolla/globals.yml

@@ -77,6 +77,7 @@ kolla_internal_vip_address: "10.10.10.254"
 #storage_interface: "{{ network_interface }}"
 #cluster_interface: "{{ network_interface }}"
 #tunnel_interface: "{{ network_interface }}"
+#dns_interface: "{{ network_interface }}"
 
 # This is the raw interface given to neutron as its external network port. Even
 # though an IP address can exist on this interface, it will be unusable in most