This change re-implements validation of ipvN_ptr_zone_prefix_size at
config definition layer. This brings a few benefits.
- The validation is executed at an earlier stage
- The validation can be leveraged by the oslo-config-validator.
Change-Id: Ib72109bcb537b3e44719efb6f33ea46f0d45a1ef
These were deprecated during Xena cycle[1], so can be removed now.
[1] adfd853267
Related-Bug: #1927494
Change-Id: I9fadaa6cfcd66409da47422505c145d9d67f6b8c
This bug was previously fixed for recordsets, but can also fail
when creating zones.
Closes-Bug: #1980673
Related-Bug: #1923700
Change-Id: Icef3eab6a27f3b8950a7877de0d387e668a067ad
The admin_* parameters are implementing the same functionality as
keystoneauth parameters alghouth these don't provide all parameters for
Keystone v3 identity but are still based on Keystone v2 identity.
This change deprecates these parameters so that we can remove
such redundant and outdated definitions in a future release.
Closes-Bug: #1927494
Change-Id: I6294098008fbebb2e64922b3aaa085c1361d48a2
When multiple PTR records are created at the same time, Neutron may try
to create the same zone multiple times, resulting in a conflict. Ignore
the resulting error instead and try to create the record anyway.
Change-Id: I59b0f99463ab00743f19016a890561916df900ed
Closes-Bug: 1891309
When floating IP or port with DNS records are created and the recordset
quota value of the external dns service (e.g. designate) exceeds limit,
the recordset creation fails. Report the exact reason of failure i.e.
ExternalDNSOverQuota instead of HttpException.
Depends-On: https://review.opendev.org/c/openstack/neutron-lib/+/786174
Closes-Bug: #1923700
Change-Id: Ie1dd5c26ec0eb1875d2a6a176838598117678f4a
this is a followup to I7cbb0e87a7e87f23ccf5d8750835b4785693473a
In case the zone was deleted out of band, or was not there in the first
place, keep the behavior of retry with "all projects" designate client
the same as before (just log exception and proceed)
by treating Forbidden from Designate as DNSDomainNotFound.
Change-Id: Ia42c1f86a4182b446455e9a1d794d3f57afefbda
Related-Bug: #1875981
This resolves a bug that causes stale records to be kept in place when
an admin deletes a port, server or floating IP that was created in some
project other than the admin project.
Change-Id: I7cbb0e87a7e87f23ccf5d8750835b4785693473a
Closes-Bug: #1875981
With python 3.x, classes can use the metaclass= logic
to not require usage of the six library.
One step in removing all of six usage from neutron.
Change-Id: I2f815e412d9a96eb5faf2b3bb3a1e393a9db9309
The admin part of the designate implementation, never
passes the region or url to client. This means that it
may fail in multi-region situations.
We fix this by always passing the endpoint
override to the client every-time it's instantiated.
We also add an alternative uri for devstack
when a designate-api port isn't set.
Closes-Bug: #1845891
Change-Id: Ia86c3177f1c0a1909a35e55e63b60aec5167124d
neutron-lib contains the dns API definition and associated exceptions,
constants, etc. This patch moves all references over to use the API
def from neutron-lib.
NeutronLibImpact
Change-Id: If180cf92d8ae31a0857080239e8233095cd6c768
The records found in ip_allocations contain objects of type IPAddress,
but the external dns service expects them as string, so we need to
insert a conversion.
Change-Id: I622993fc273121bfd051d2fd9c7811e2ae49a1d8
Closes-Bug: 1714641
Using the session loader has the benefit of compatibility with
settings in other sections (like keystone_authtoken), and the
ability to use client certs and setting the timeout. This changes
the designate.ca_cert setting to designate.cafile, but the former
is added as a deprecated option, so existing config files will work.
DocImpact
ca_cert in [designate] is deprecated, use cafile instead.
Change-Id: I9f2173b02af5c3929a96ef8c773d587e9b673d62
Using the loader from keystoneauth1, it is possible to easily use
keystone v3 options in [designate].
For the end user, it means she/he must specify designate.auth_type,
then she/he can specify an Keystone v3 endpoint in designate.auth_url.
Change-Id: I8bb02f11e60767dacdf6ac852979cfa82de1e08b
Closes-bug: #1585976
DocImpact
Refactoring neutron services config opts to be in neutron/conf/services
so that all the configuration options for services reside in a
centralized location. This simplifies the process of looking up the
extension config opts and provides an easy way to import.
Change-Id: Iad255b020910ee54bc6cce25f4f786376dfe3705
Partial-Bug: #1563069
Allow setting options in designate section to specify if want
to skip SSL cert check. This makes it possible to work with HTTPS
based endpoints, the default behavior of keystoneclient is to always
set verify=True however in current code, one cannot either provide
a valid CA cert or skip the verification.
DocImpact: Introduce two additional options for `[designate]` section
in neutron.conf
CONF.designate.insecure to allow insecure connections over SSL.
CONF.designate.ca_cert for a valid cert when connecting over SSL
Change-Id: Ic371cc11d783618c38ee40a18206b0c2a197bb3e
Closes-Bug: #1588067
Migrated from deprecated keystoneclient to keystoneauth for requests
to other OpenStack services.
Partially-Implements: blueprint keystone-v3
Change-Id: I6fe5954c83d98df5ce3d23e24f4e6f464161f611
Replace references to IPV[46]_MAX_PREFIXLEN with IPv[46]_BITS from
neutron-lib. Replace several integer literals used to represent IP
address sizes with these constants too.
Remove IPV4_MAX_PREFIXLEN and IPV6_MAX_PREFIXLEN from neutron constants
as they are no longer referenced:
http://codesearch.openstack.org/?q=IPV[46]_MAX_PREFIXLEN
Change-Id: I03e1405e71f08db9ac6e759258625139c28ecc89
The external DNS driver uses an index computed with a division to slice strings
when calculating PTR records. In Python 3.4, this division returns a float
instead of an int, which causes the slice operation to fail leading to Python
3.4 unit tests to fail in Jenkins
Change-Id: I15ec039a095e00db9087b67557f9fab997e48648
Closes-Bug: 1554922
An interface with an external DNS service is defined for Neutron. A reference
implementation is also included, based on Designate. The interface and the
driver will enable users to publish in the external DNS service the dns_name
and dns_domain attributes associated with floating ips, ports and networks. As
a consequence, the floating ips and networks api is extended to manage dns_name
and dns_domain attributes. The dns_name attribute was added to ports in a
preceding commit
DocImpact: Introduce config option external_dns_driver to specify a driver
for external dns integration. For more info, see
doc/source/devref/external_dns_integration.rst
APIImpact
Implements: blueprint external-dns-resolution
Change-Id: Ic298ad2558410ab9a614f22e1757d1fc8b22c482