Fix neutron DNS integration

This patch basically does a simple thing, on the basis of a variable neutron_dns_integration it enables/disables DNS integration. There is also precheck added which checks whether dns_domain in neutron.conf has a non-default value if DNS integration is enabled as this is requirement. [1] https://docs.openstack.org/neutron/latest/admin/config-dns-int.html [2] https://docs.openstack.org/neutron/latest/admin/config-dns-int-ext-serv.html#config-dns-int-ext-serv Closes-Bug: #2049503 Change-Id: I90f0f8dcec6fa0112179f050d96e9d9db5956cf8
2024-01-17 12:02:52 +01:00 · 2024-01-17 12:02:52 +01:00 · 6f847610b5
parent 66c4f72c50
commit 6f847610b5
7 changed files with 109 additions and 7 deletions
--- a/ansible/group_vars/all.yml
+++ b/ansible/group_vars/all.yml
@ -1128,7 +1128,7 @@ designate_coordination_backend: "{{ 'redis' if enable_redis | bool else '' }}"
 designate_internal_endpoint: "{{ designate_internal_fqdn | kolla_url(internal_protocol, designate_api_port) }}"
 designate_public_endpoint: "{{ designate_external_fqdn | kolla_url(public_protocol, designate_api_public_port) }}"

-designate_enable_notifications_sink: "{{ enable_designate | bool }}"
+designate_enable_notifications_sink: "no"
 designate_notifications_topic_name: "notifications_designate"

 #######################
--- a/ansible/roles/neutron/defaults/main.yml
+++ b/ansible/roles/neutron/defaults/main.yml
@ -697,7 +697,7 @@ extension_drivers:
  - name: "port_security"
    enabled: true
  - name: "subnet_dns_publish_fixed_ip"
-    enabled: "{{ enable_designate | bool }}"
+    enabled: "{{ neutron_dns_integration | bool }}"
  - name: "sfc"
    enabled: "{{ enable_neutron_sfc | bool }}"

@ -924,3 +924,10 @@ neutron_tls_proxy_server_timeout: "1m"
 neutron_tls_proxy_check_timeout: "10s"
 # Check http://www.haproxy.org/download/1.5/doc/configuration.txt for available options
 neutron_tls_proxy_defaults_balance: "roundrobin"
+
+####################
+# DNS
+####################
+neutron_dns_integration: "{{ enable_designate | bool }}"
+# When overridden by the user, this value must end with a dot.
+neutron_dns_domain: "openstacklocal"
--- a/ansible/roles/neutron/tasks/precheck.yml
+++ b/ansible/roles/neutron/tasks/precheck.yml
@ -54,4 +54,17 @@
  when:
    - enable_ironic_neutron_agent | bool

+- name: Checking if neutron's dns domain has proper value
+  assert:
+    that:
+      - neutron_dns_domain != None
+      - neutron_dns_domain | length != 0
+      - neutron_dns_domain[-1] == '.'
+      - neutron_dns_domain != "openstacklocal"
+    fail_msg: "The neutron_dns_domain value has to be non-empty and must end with a period '.'"
+  changed_when: false
+  run_once: True
+  when:
+    - neutron_dns_integration | bool
+
 - import_tasks: neutron_plugin_agent_check.yml
--- a/ansible/roles/neutron/templates/neutron.conf.j2
+++ b/ansible/roles/neutron/templates/neutron.conf.j2
@ -61,10 +61,8 @@ transport_url = {{ rpc_transport_url }}
 router_distributed = True
 {% endif %}

-{% if enable_designate | bool %}
-{% if designate_ns_record is string %}
-dns_domain = {{ designate_ns_record }}.
-{% endif %}
+dns_domain = {{ neutron_dns_domain }}
+{% if enable_designate | bool and neutron_dns_integration | bool %}
 external_dns_driver = designate
 {% if neutron_plugin_agent == 'vmware_nsxv' %}
 nsx_extension_drivers = vmware_nsxv_dns
--- a/doc/source/reference/networking/designate-guide.rst
+++ b/doc/source/reference/networking/designate-guide.rst
@ -24,13 +24,23 @@ Enable Designate service in ``/etc/kolla/globals.yml``
 .. code-block:: yaml

   enable_designate: "yes"
+   neutron_dns_domain: "example.org."
+
+.. important::
+   The ``neutron_dns_domain`` value has to be different to ``openstacklocal``
+   (its default value) and has to end with a period ``.``.
+
+.. important::
+   ``DNS Integration`` is enabled by default and can be disabled by
+   adding ``neutron_dns_integration: no`` to ``/etc/kolla/globals.yml``
+   and reconfiguring with ``--tags`` neutron.

 Configure Designate options in ``/etc/kolla/globals.yml``

 .. important::

   Designate MDNS node requires the ``dns_interface`` to be reachable from
-   public network.
+   management network.

 .. code-block:: yaml

@ -91,6 +101,15 @@ For more information about how the Infoblox backend works, see
 Neutron and Nova Integration
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~

+The ``designate-sink`` is an optional service which listens for event
+notifications, such as compute.instance.create.end, handlers are
+available for Nova and Neutron. Notification events can then be used
+to trigger record creation & deletion.
+
+.. note::
+   Service ``designate-sink`` in kolla deployments is disabled by default
+   and can be enabled by ``designate_enable_notifications_sink: yes``.
+
 Create default Designate Zone for Neutron:

 .. code-block:: console
--- a/doc/source/reference/networking/neutron.rst
+++ b/doc/source/reference/networking/neutron.rst
@ -87,6 +87,47 @@ created and configured by Ansible (this is also necessary when
 ``neutron_external_interface`` is configured correctly for hosts in the
 ``compute`` group.

+Internal DNS resolution
+~~~~~~~~~~~~~~~~~~~~~~~
+
+The Networking service enables users to control the name assigned
+to ports using two attributes associated with ports, networks, and
+floating IPs. The following table shows the attributes available for each
+one of these resources:
+
+.. list-table::
+   :header-rows: 1
+   :widths: 30 30 30
+
+   * - Resource
+     - dns_name
+     - dns_domain
+   * - Ports
+     - Yes
+     - Yes
+   * - Networks
+     - No
+     - Yes
+   * - Floating IPs
+     - Yes
+     - Yes
+
+To enable this functionality, you need to set the following in
+``/etc/kolla/globals.yml``:
+
+.. code-block:: yaml
+
+   neutron_dns_integration: "yes"
+   neutron_dns_domain: "example.org."
+
+.. important::
+   The ``neutron_dns_domain`` value has to be different to ``openstacklocal``
+   (its default value) and has to end with a period ``.``.
+
+.. note::
+   The integration of the Networking service with an external DNSaaS (DNS-as-a-Service)
+   is described in :ref:`designate-guide`.
+
 OpenvSwitch (ml2/ovs)
 ~~~~~~~~~~~~~~~~~~~~~

--- a/releasenotes/notes/fix-neutron-and-designate-DNS-integration-5abedb5e09e4fc15.yaml
+++ b/releasenotes/notes/fix-neutron-and-designate-DNS-integration-5abedb5e09e4fc15.yaml
@ -0,0 +1,24 @@
+---
+upgrade:
+  - |
+    Changes configuration variable ``designate_enable_notifications_sink``
+    to ``no`` which configures notifications for designate in neutron, nova
+    and control deployment of ``designate-sink`` which is now optional.
+
+    Operators that want to keep the previous behavior should set this to
+    ``true``.
+features:
+  - |
+    Adds new variables to be used by the neutron role,
+    ``neutron_dns_integration`` and ``neutron_dns_domain``.
+    They allow to enable/disable internal/external DNS integrations,
+    or their combinations.
+fixes:
+  - |
+    Fixes configuration of DNS integrations. See `LP##2049503
+    <https://bugs.launchpad.net/kolla-ansible/+bug/2049503>`__,
+    `DNS Integration
+    <https://docs.openstack.org/neutron/latest/admin/config-dns-int.html>`__
+    and the `DNS Integration with an External Service
+    <https://docs.openstack.org/neutron/latest/admin/config-dns-int-ext-serv.html#config-dns-int-ext-serv>`__
+    for details.