From e516ea509940113175cce24382c64d78a2fa42e3 Mon Sep 17 00:00:00 2001 From: Eduardo Gonzalez Date: Mon, 23 Jan 2017 17:01:02 +0000 Subject: [PATCH] Integrate designate with neutron Integrate designate service with neutron to allow instances and floatingip resolve designate dns. MDNS service need to be reachable from nova instances in order to resolve DNS queries. Added new dns_interface to make this configurable. Add designate guide. Closes-Bug: #1661330 Change-Id: I5a2ac5cf2a9aa0977ae42d53dd64699623ddf3ed --- ansible/group_vars/all.yml | 2 + ansible/roles/designate/tasks/precheck.yml | 2 +- .../designate/templates/designate.conf.j2 | 20 ++- ansible/roles/neutron/defaults/main.yml | 13 ++ .../roles/neutron/templates/ml2_conf.ini.j2 | 8 +- .../roles/neutron/templates/neutron.conf.j2 | 21 +++ doc/designate-guide.rst | 122 ++++++++++++++++++ doc/index.rst | 1 + etc/kolla/globals.yml | 1 + 9 files changed, 179 insertions(+), 11 deletions(-) create mode 100644 doc/designate-guide.rst diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml index 534639bf64..4b76e77b8b 100644 --- a/ansible/group_vars/all.yml +++ b/ansible/group_vars/all.yml @@ -118,6 +118,7 @@ storage_interface: "{{ network_interface }}" cluster_interface: "{{ network_interface }}" tunnel_interface: "{{ network_interface }}" bifrost_network_interface: "{{ network_interface }}" +dns_interface: "{{ network_interface }}" tunnel_interface_address: "{{ hostvars[inventory_hostname]['ansible_' + tunnel_interface]['ipv4']['address'] }}" # Valid options are [ openvswitch, linuxbridge, sfc ] @@ -359,6 +360,7 @@ enable_watcher: "no" ironic_keystone_user: "ironic" neutron_keystone_user: "neutron" nova_keystone_user: "nova" +designate_keystone_user: "designate" # Nova fake driver and the number of fake driver per compute node enable_nova_fake: "no" diff --git a/ansible/roles/designate/tasks/precheck.yml b/ansible/roles/designate/tasks/precheck.yml index dd8dc1c0f8..546547cb21 100644 --- a/ansible/roles/designate/tasks/precheck.yml +++ b/ansible/roles/designate/tasks/precheck.yml @@ -21,7 +21,7 @@ - name: Checking free port for designate mdns wait_for: - host: "{{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}" + host: "{{ hostvars[inventory_hostname]['ansible_' + dns_interface]['ipv4']['address'] }}" port: "{{ designate_mdns_port }}" connect_timeout: 1 state: stopped diff --git a/ansible/roles/designate/templates/designate.conf.j2 b/ansible/roles/designate/templates/designate.conf.j2 index d13f54a7c1..ee0a09d8f7 100644 --- a/ansible/roles/designate/templates/designate.conf.j2 +++ b/ansible/roles/designate/templates/designate.conf.j2 @@ -39,7 +39,7 @@ enabled_notification_handlers = nova_fixed, neutron_floatingip workers = {{ openstack_service_workers }} [service:mdns] -listen = {{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}:{{ designate_mdns_port }} +listen = {{ hostvars[inventory_hostname]['ansible_' + dns_interface]['ipv4']['address'] }}:{{ designate_mdns_port }} workers = {{ openstack_service_workers }} [service:worker] @@ -66,18 +66,30 @@ max_retries = 10 idle_timeout = 3600 [handler:nova_fixed] +#NOTE: zone_id must be manually filled an ID from openstack zone list +zone_id = notification_topics = notifications_designate control_exchange = nova -format = '(display_name)s.%(domain)s' +formatv4 = '%(octet0)s-%(octet1)s-%(octet2)s-%(octet3)s.%(zone)s' +formatv4 = '%(hostname)s.%(project)s.%(zone)s' +formatv4 = '%(hostname)s.%(zone)s' +formatv6 = '%(hostname)s.%(zone)s' +formatv6 = '%(hostname)s.%(project)s.%(zone)s' [handler:neutron_floatingip] +#NOTE: zone_id must be manually filled an ID from openstack zone list +zone_id = notification_topics = notifications_designate control_exchange = neutron -format = '%(octet0)s-%(octet1)s-%(octet2)s-%(octet3)s.%(domain)s' +formatv4 = '%(octet0)s-%(octet1)s-%(octet2)s-%(octet3)s.%(zone)s' +formatv4 = '%(hostname)s.%(project)s.%(zone)s' +formatv4 = '%(hostname)s.%(zone)s' +formatv6 = '%(hostname)s.%(zone)s' +formatv6 = '%(hostname)s.%(project)s.%(zone)s' [oslo_messaging_notifications] topics = notifications_designate -driver = messaging +driver = messagingv2 [oslo_messaging_rabbit] rabbit_userid = {{ rabbitmq_user }} diff --git a/ansible/roles/neutron/defaults/main.yml b/ansible/roles/neutron/defaults/main.yml index ad8a3a43e2..2b2636ab7b 100644 --- a/ansible/roles/neutron/defaults/main.yml +++ b/ansible/roles/neutron/defaults/main.yml @@ -73,3 +73,16 @@ neutron_logging_debug: "{{ openstack_logging_debug }}" neutron_bridge_name: "br-ex" openstack_neutron_auth: "{{ openstack_auth }}" + +#################### +# Extension drivers +#################### +extension_drivers: + - name: "qos" + enabled: "{{ enable_neutron_qos | bool }}" + - name: "port_security" + enabled: "{{ enable_tacker | bool or enable_designate | bool }}" + - name: "dns" + enabled: "{{ enable_designate | bool }}" + +neutron_extension_drivers: "{{ extension_drivers|selectattr('enabled', 'equalto', true)|list }}" diff --git a/ansible/roles/neutron/templates/ml2_conf.ini.j2 b/ansible/roles/neutron/templates/ml2_conf.ini.j2 index b9cb102af3..c5f976f65d 100644 --- a/ansible/roles/neutron/templates/ml2_conf.ini.j2 +++ b/ansible/roles/neutron/templates/ml2_conf.ini.j2 @@ -15,12 +15,8 @@ mechanism_drivers = openvswitch,l2population mechanism_drivers = linuxbridge,l2population {% endif %} -{% if enable_neutron_qos | bool %} -extension_drivers = qos -{% endif %} - -{% if enable_tacker | bool %} -extension_drivers = port_security +{% if extension_drivers %} +extension_drivers = {{ neutron_extension_drivers|map(attribute='name')|join(',') }} {% endif %} [ml2_type_vlan] diff --git a/ansible/roles/neutron/templates/neutron.conf.j2 b/ansible/roles/neutron/templates/neutron.conf.j2 index cf1e0214a0..57399ebec3 100644 --- a/ansible/roles/neutron/templates/neutron.conf.j2 +++ b/ansible/roles/neutron/templates/neutron.conf.j2 @@ -50,6 +50,11 @@ transport_url = rabbit://{% for host in groups['rabbitmq'] %}{{ rabbitmq_user }} router_distributed = True {% endif %} +{% if enable_designate | bool %} +dns_domain = {{ designate_ns_record }}. +external_dns_driver = designate +{% endif %} + [nova] auth_url = {{ keystone_admin_url }} auth_type = password @@ -109,3 +114,19 @@ drivers = ovs [octavia] base_url = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ octavia_api_port }} {% endif %} + +{% if enable_designate | bool %} +[designate] +url = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ designate_api_port }}/v2 +auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }} +auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }} +auth_type = password +project_domain_id = default +user_domain_id = default +project_name = service +username = {{ designate_keystone_user }} +password = {{ designate_keystone_password }} +allow_reverse_dns_lookup = True +ipv4_ptr_zone_prefix_size = 24 +ipv6_ptr_zone_prefix_size = 116 +{% endif %} diff --git a/doc/designate-guide.rst b/doc/designate-guide.rst new file mode 100644 index 0000000000..9a2e35552c --- /dev/null +++ b/doc/designate-guide.rst @@ -0,0 +1,122 @@ +.. _designate-guide: + +================== +Designate in Kolla +================== + +Overview +======== +Designate provides DNSaaS services for OpenStack: + + - REST API for domain/record management + - Multi-tenant + - Integrated with Keystone for authentication + - Framework in place to integrate with Nova and Neutron + notifications (for auto-generated records) + - Support for PowerDNS and Bind9 out of the box + +Configuration on Kolla deployment +--------------------------------- + +Enable Designate service in ``/etc/kolla/globals.yml`` + +.. code-block:: console + + enable_designate: "yes" + +Configure Designate options in ``/etc/kolla/globals.yml`` + +.. important:: + + Designate MDNS node requires the ``dns_interface`` to be reachable from + public network. + +.. code-block:: console + + dns_interface: "eth1" + designate_backend: "bind9" + designate_ns_record: "sample.openstack.org" + +Neutron and Nova Integration +---------------------------- + +Create default Designate Zone for Neutron: + +.. code-block:: console + + $ openstack zone create --email admin@sample.openstack.org sample.openstack.org. + +Create designate-sink custom configuration folder: + +.. code-block:: console + + $ mkdir -p /etc/kolla/config/designate/designate-sink/ + +Append Designate Zone ID in ``/etc/kolla/config/designate/designate-sink.conf`` + +.. code-block:: console + + [handler:nova_fixed] + zone_id = + [handler:neutron_floatingip] + zone_id = + +Reconfigure Designate: + +.. code-block:: console + + $ kolla-ansible reconfigure -i --tags designate + +Verify operation +---------------- + +List available networks: + +.. code-block:: console + + $ neutron net-list + +Associate a domain to a network: + +.. code-block:: console + + $ neutron net-update --dns_domain sample.openstack.org. + +Start an instance: + +.. code-block:: console + + $ openstack server create \ + --image cirros \ + --flavor m1.tiny \ + --key-name mykey \ + --nic net-id=${NETWORK_ID} \ + my-vm + +Check DNS records in Designate: + +.. code-block:: console + + $ designate record-list sample.openstack.org. + +--------------------------------------+------+---------------------------------------+---------------------------------------------+ + | id | type | name | data | + +--------------------------------------+------+---------------------------------------+---------------------------------------------+ + | 5aec6f5b-2121-4a2e-90d7-9e4509f79506 | SOA | sample.openstack.org. | sample.openstack.org. | + | | | | admin.sample.openstack.org. 1485266928 3514 | + | | | | 600 86400 3600 | + | 578dc94a-df74-4086-a352-a3b2db9233ae | NS | sample.openstack.org. | sample.openstack.org. | + | de9ff01e-e9ef-4a0f-88ed-6ec5ecabd315 | A | 192-168-190-232.sample.openstack.org. | 192.168.190.232 | + | f67645ee-829c-4154-a988-75341050a8d6 | A | my-vm.None.sample.openstack.org. | 192.168.190.232 | + | e5623d73-4f9f-4b54-9045-b148e0c3342d | A | my-vm.sample.openstack.org. | 192.168.190.232 | + +--------------------------------------+------+---------------------------------------+---------------------------------------------+ + +Query instance DNS information to Designate ``dns_interface`` IP address: + +.. code-block:: console + + $ dig +short -p 5354 @ my-vm.sample.openstack.org. A + 192.168.190.232 + +For more information about how Designate works, see +`Designate, a DNSaaS component for OpenStack +`__. diff --git a/doc/index.rst b/doc/index.rst index 59e688fcc0..c9685547cf 100644 --- a/doc/index.rst +++ b/doc/index.rst @@ -66,6 +66,7 @@ Kolla Services external-ceph-guide cinder-guide cinder-guide-hnas + designate-guide ironic-guide manila-guide manila-hnas-guide diff --git a/etc/kolla/globals.yml b/etc/kolla/globals.yml index d4f8820eb3..3cf3c71fb5 100644 --- a/etc/kolla/globals.yml +++ b/etc/kolla/globals.yml @@ -77,6 +77,7 @@ kolla_internal_vip_address: "10.10.10.254" #storage_interface: "{{ network_interface }}" #cluster_interface: "{{ network_interface }}" #tunnel_interface: "{{ network_interface }}" +#dns_interface: "{{ network_interface }}" # This is the raw interface given to neutron as its external network port. Even # though an IP address can exist on this interface, it will be unusable in most