Add dns-nameserver option to internal-dns spec

Update internal-dns spec to include options for setting dns
forwarding servers on the neutron-gatway and neutron-openvswitch
charms in order to add cloud-wide nameserver configurations.

Also add neutron-openvswitch to the list of charms which need
updating.

Change-Id: Ia5d48199ca38d30a61f3f008bc7c1389a762d292
This commit is contained in:
Billy Olsen 2017-05-02 13:11:48 -07:00
parent 777e067511
commit e11cb1b7da
1 changed files with 48 additions and 4 deletions

View File

@ -119,6 +119,45 @@ In order to enable internal DNS resolution, the user must set the
``enable-ml2-dns`` to True. The default value is False in order to provide
backwards compatibility with existing deployments.
DNS Forwarding Servers
----------------------
The dns-domain alone is not enough to provide all the necessary configuration
options for the neutron networking. In most instances, the administrator will
need to be able to specify a dns fowarding server as well. In order to do this,
a new config option will be provided allowing the user to set configure the
nameservers to use as forwarding servers.
Per [#]_ there are three ways of configuring DNS nameservers for instances
launched in the cloud. Tenant subnets can have their own nameservers identified
and requires ano additional work in order to enable that. Default nameserver
information is provided by the DHCP agents to point to the dhcp port address
but contains no additional forwarding servers. By default, this only allows
instances to be able to resolve other instances in the subnet. To amend this,
the neutron-openvswitch and neutron-gateway charms will be amended to allow
the user to specify the DNS forwarding servers. The charms will not include
any options to allow the use of the DNS resolvers configured on the DHCP
agent's host (the dnsmasq_local_resolv option) as it poses a risk of leaking
internal infrastructure level resources to the instances.
.. [#] https://docs.openstack.org/draft/networking-guide/config-dns-res.html
As such, the neutron-openvswitch and neutron-gateway charms will add an option
``dns-servers``, which will configure the dnsmasq_dns_servers option in the
dhcp_agent.ini file. This option is defined as follows:
.. code-block:: yaml
dns-servers:
type: string
default:
description: |
A comma-separated list of DNS servers which will be used by dnsmasq as
forwarders.
The ``dns-servers`` option will only apply for the neutron-openvswitch charm
when the ``enable-local-dhcp-and-metadata`` option is set to True.
Relation Implications
---------------------
@ -176,12 +215,17 @@ Work Items
----------
charm-neutron-api
Add new config option to the neutron api charm
Add dns-domain to the neutron-plugin-api interface
Update README.md to reflect new behavior
* Add new config option to the neutron api charm
* Add dns-domain to the neutron-plugin-api interface
* Update README.md to reflect new behavior
charm-neutron-gateway
Update neutron-gatway to consume dns-domain from relation data
* Update neutron-gatway to consume dns-domain from relation data
* Add dns-servers config option to charm
charm-neutron-openvswitch
* Update neutron-openvswitch charm to consume dns-domain from relation data
* Add dns-servers config option to charm
Repositories
------------