openstack/kolla-ansible
Code Issues Proposed changes

Fix neutron DNS integration

Browse Source 
This patch basically does a simple thing, on the basis
of a variable neutron_dns_integration it enables/disables
DNS integration.

There is also precheck added which checks whether dns_domain
in neutron.conf has a non-default value if DNS integration is
enabled as this is requirement.

[1] https://docs.openstack.org/neutron/latest/admin/config-dns-int.html
[2] https://docs.openstack.org/neutron/latest/admin/config-dns-int-ext-serv.html#config-dns-int-ext-serv

Closes-Bug: #2049503

Change-Id: I90f0f8dcec6fa0112179f050d96e9d9db5956cf8
This commit is contained in:
Michal Arbet 2024-01-17 12:02:52 +01:00
parent 66c4f72c50
commit 6f847610b5
7 changed files with 109 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ansible/group_vars/all.yml
View File

@ -1128,7 +1128,7 @@ designate_coordination_backend: "{{ 'redis' if enable_redis | bool else '' }}"
designate_internal_endpoint: "{{ designate_internal_fqdn | kolla_url(internal_protocol, designate_api_port) }}" designate_internal_endpoint: "{{ designate_internal_fqdn | kolla_url(internal_protocol, designate_api_port) }}"
designate_public_endpoint: "{{ designate_external_fqdn | kolla_url(public_protocol, designate_api_public_port) }}" designate_public_endpoint: "{{ designate_external_fqdn | kolla_url(public_protocol, designate_api_public_port) }}"
designate_enable_notifications_sink: "{{ enable_designate | bool }}" designate_enable_notifications_sink: "no"
designate_notifications_topic_name: "notifications_designate" designate_notifications_topic_name: "notifications_designate"
####################### #######################

9
ansible/roles/neutron/defaults/main.yml
View File

@ -697,7 +697,7 @@ extension_drivers:
- name: "port_security" - name: "port_security"
enabled: true enabled: true
- name: "subnet_dns_publish_fixed_ip" - name: "subnet_dns_publish_fixed_ip"
enabled: "{{ enable_designate | bool }}" enabled: "{{ neutron_dns_integration | bool }}"
- name: "sfc" - name: "sfc"
enabled: "{{ enable_neutron_sfc | bool }}" enabled: "{{ enable_neutron_sfc | bool }}"
@ -924,3 +924,10 @@ neutron_tls_proxy_server_timeout: "1m"
neutron_tls_proxy_check_timeout: "10s" neutron_tls_proxy_check_timeout: "10s"
# Check http://www.haproxy.org/download/1.5/doc/configuration.txt for available options # Check http://www.haproxy.org/download/1.5/doc/configuration.txt for available options
neutron_tls_proxy_defaults_balance: "roundrobin" neutron_tls_proxy_defaults_balance: "roundrobin"
####################
# DNS
####################
neutron_dns_integration: "{{ enable_designate | bool }}"
# When overridden by the user, this value must end with a dot.
neutron_dns_domain: "openstacklocal"

13
ansible/roles/neutron/tasks/precheck.yml
View File

@ -54,4 +54,17 @@
when: when:
- enable_ironic_neutron_agent | bool - enable_ironic_neutron_agent | bool
- name: Checking if neutron's dns domain has proper value
assert:
that:
- neutron_dns_domain != None
- neutron_dns_domain | length != 0
- neutron_dns_domain[-1] == '.'
- neutron_dns_domain != "openstacklocal"
fail_msg: "The neutron_dns_domain value has to be non-empty and must end with a period '.'"
changed_when: false
run_once: True
when:
- neutron_dns_integration | bool
- import_tasks: neutron_plugin_agent_check.yml - import_tasks: neutron_plugin_agent_check.yml

6
ansible/roles/neutron/templates/neutron.conf.j2
View File

@ -61,10 +61,8 @@ transport_url = {{ rpc_transport_url }}
router_distributed = True router_distributed = True
{% endif %} {% endif %}
{% if enable_designate | bool %} dns_domain = {{ neutron_dns_domain }}
{% if designate_ns_record is string %} {% if enable_designate | bool and neutron_dns_integration | bool %}
dns_domain = {{ designate_ns_record }}.
{% endif %}
external_dns_driver = designate external_dns_driver = designate
{% if neutron_plugin_agent == 'vmware_nsxv' %} {% if neutron_plugin_agent == 'vmware_nsxv' %}
nsx_extension_drivers = vmware_nsxv_dns nsx_extension_drivers = vmware_nsxv_dns

21
doc/source/reference/networking/designate-guide.rst
View File

@ -24,13 +24,23 @@ Enable Designate service in ``/etc/kolla/globals.yml``
.. code-block:: yaml .. code-block:: yaml
enable_designate: "yes" enable_designate: "yes"
neutron_dns_domain: "example.org."
.. important::
The ``neutron_dns_domain`` value has to be different to ``openstacklocal``
(its default value) and has to end with a period ``.``.
.. important::
``DNS Integration`` is enabled by default and can be disabled by
adding ``neutron_dns_integration: no`` to ``/etc/kolla/globals.yml``
and reconfiguring with ``--tags`` neutron.
Configure Designate options in ``/etc/kolla/globals.yml`` Configure Designate options in ``/etc/kolla/globals.yml``
.. important:: .. important::
Designate MDNS node requires the ``dns_interface`` to be reachable from Designate MDNS node requires the ``dns_interface`` to be reachable from
public network. management network.
.. code-block:: yaml .. code-block:: yaml
@ -91,6 +101,15 @@ For more information about how the Infoblox backend works, see
Neutron and Nova Integration Neutron and Nova Integration
~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The ``designate-sink`` is an optional service which listens for event
notifications, such as compute.instance.create.end, handlers are
available for Nova and Neutron. Notification events can then be used
to trigger record creation & deletion.
.. note::
Service ``designate-sink`` in kolla deployments is disabled by default
and can be enabled by ``designate_enable_notifications_sink: yes``.
Create default Designate Zone for Neutron: Create default Designate Zone for Neutron:
.. code-block:: console .. code-block:: console

41
doc/source/reference/networking/neutron.rst
View File

@ -87,6 +87,47 @@ created and configured by Ansible (this is also necessary when
``neutron_external_interface`` is configured correctly for hosts in the ``neutron_external_interface`` is configured correctly for hosts in the
``compute`` group. ``compute`` group.
Internal DNS resolution
~~~~~~~~~~~~~~~~~~~~~~~
The Networking service enables users to control the name assigned
to ports using two attributes associated with ports, networks, and
floating IPs. The following table shows the attributes available for each
one of these resources:
.. list-table::
:header-rows: 1
:widths: 30 30 30
* - Resource
- dns_name
- dns_domain
* - Ports
- Yes
- Yes
* - Networks
- No
- Yes
* - Floating IPs
- Yes
- Yes
To enable this functionality, you need to set the following in
``/etc/kolla/globals.yml``:
.. code-block:: yaml
neutron_dns_integration: "yes"
neutron_dns_domain: "example.org."
.. important::
The ``neutron_dns_domain`` value has to be different to ``openstacklocal``
(its default value) and has to end with a period ``.``.
.. note::
The integration of the Networking service with an external DNSaaS (DNS-as-a-Service)
is described in :ref:`designate-guide`.
OpenvSwitch (ml2/ovs) OpenvSwitch (ml2/ovs)
~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~

24
releasenotes/notes/fix-neutron-and-designate-DNS-integration-5abedb5e09e4fc15.yaml Normal file
View File

@ -0,0 +1,24 @@
---
upgrade:
- |
Changes configuration variable ``designate_enable_notifications_sink``
to ``no`` which configures notifications for designate in neutron, nova
and control deployment of ``designate-sink`` which is now optional.
Operators that want to keep the previous behavior should set this to
``true``.
features:
- |
Adds new variables to be used by the neutron role,
``neutron_dns_integration`` and ``neutron_dns_domain``.
They allow to enable/disable internal/external DNS integrations,
or their combinations.
fixes:
- |
Fixes configuration of DNS integrations. See `LP##2049503
<https://bugs.launchpad.net/kolla-ansible/+bug/2049503>`__,
`DNS Integration
<https://docs.openstack.org/neutron/latest/admin/config-dns-int.html>`__
and the `DNS Integration with an External Service
<https://docs.openstack.org/neutron/latest/admin/config-dns-int-ext-serv.html#config-dns-int-ext-serv>`__
for details.