Configure Infoblox as an IPAM driver for neutron

This patch allows configuration of the Infoblox
pluggable IPAM driver in neutron [0].

When 'infoblox' is chosen as the driver, an Infoblox
IPAM agent can be started as well.  The agent
allows for enhanced DNS capabilities by listening
for neutron and nova notifications.

[0] https://github.com/openstack/networking-infoblox/blob/master/README.rst

Change-Id: I4f863750a7806a7b6eaf13900d44e5f063afe3de
Depends-On: Ia44f0e0d7a0d60cebf0857ad51700e02eba5099b
Partially-Implements: blueprint neutron-ipam-driver-infoblox

ansible/group_vars/all.yml

@@ -158,6 +158,9 @@ tunnel_interface_address: "{{ hostvars[inventory_hostname]['ansible_' + tunnel_i
 # Valid options are [ openvswitch, linuxbridge, vmware_nsxv, vmware_dvs, opendaylight ]
 neutron_plugin_agent: "openvswitch"
 
+# Valid options are [ internal, infoblox ]
+neutron_ipam_driver: "internal"
+
 # The default ports used by each service.
 # The list should be in alphabetical order
 aodh_api_port: "8042"
@@ -463,6 +466,7 @@ enable_neutron_bgp_dragent: "no"
 enable_neutron_provider_networks: "no"
 enable_neutron_segments: "no"
 enable_neutron_sfc: "no"
+enable_neutron_infoblox_ipam_agent: "no"
 enable_nova_serialconsole_proxy: "no"
 enable_octavia: "no"
 enable_opendaylight: "no"

ansible/inventory/all-in-one

@@ -302,6 +302,9 @@ neutron
 [neutron-bgp-dragent:children]
 neutron
 
+[neutron-infoblox-ipam-agent:children]
+neutron
+
 # Ceph
 [ceph-mds:children]
 ceph

ansible/inventory/multinode

@@ -321,6 +321,9 @@ neutron
 [neutron-bgp-dragent:children]
 neutron
 
+[neutron-infoblox-ipam-agent:children]
+neutron
+
 # Ceph
 [ceph-mds:children]
 ceph

ansible/roles/neutron/defaults/main.yml

@@ -173,6 +173,18 @@ neutron_services:
       - "/etc/localtime:/etc/localtime:ro"
       - "/run:/run:shared"
       - "kolla_logs:/var/log/kolla/"
+  neutron-infoblox-ipam-agent:
+    container_name: "neutron_infoblox_ipam_agent"
+    image: "{{ neutron_infoblox_ipam_agent_image_full }}"
+    privileged: True
+    enabled: "{{ enable_neutron_infoblox_ipam_agent | bool }}"
+    group: "neutron-infoblox-ipam-agent"
+    host_in_groups: "{{ inventory_hostname in groups['neutron-infoblox-ipam-agent'] }}"
+    volumes:
+      - "{{ node_config_directory }}/neutron-infoblox-ipam-agent/:{{ container_config_directory }}/:ro"
+      - "/etc/localtime:/etc/localtime:ro"
+      - "/run:/run:shared"
+      - "kolla_logs:/var/log/kolla/"
 
 
 ####################
@@ -229,6 +241,9 @@ neutron_bgp_dragent_image: "{{ docker_registry ~ '/' if docker_registry else ''
 neutron_bgp_dragent_tag: "{{ neutron_tag }}"
 neutron_bgp_dragent_image_full: "{{ neutron_bgp_dragent_image }}:{{ neutron_bgp_dragent_tag }}"
 
+neutron_infoblox_ipam_agent_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ neutron_install_type }}-neutron-infoblox-ipam-agent"
+neutron_infoblox_ipam_agent_tag: "{{ neutron_tag }}"
+neutron_infoblox_ipam_agent_image_full: "{{ neutron_infoblox_ipam_agent_image }}:{{ neutron_infoblox_ipam_agent_tag }}"
 
 ####################
 # OpenStack
@@ -296,7 +311,7 @@ neutron_service_plugins: "{{ service_plugins|selectattr('enabled', 'equalto', tr
 ####################
 neutron_notification_topics:
   - name: notifications
-    enabled: "{{ enable_ceilometer | bool or enable_searchlight | bool }}"
+    enabled: "{{ enable_ceilometer | bool or enable_searchlight | bool or enable_neutron_infoblox_ipam_agent | bool }}"
   - name: notifications_designate
     enabled: "{{ enable_designate | bool }}"
 
@@ -349,6 +364,16 @@ vmware_dvs_insecure: "True"
 vmware_dvs_dvs_name: "VDS-1"
 vmware_dvs_dhcp_override_mac: ""
 
+####################
+# Infoblox IPAM
+####################
+infoblox_cloud_data_center_id: "1"
+infoblox_grid_master_host: "192.168.1.1"
+infoblox_grid_master_name: "infoblox.localdomain"
+infoblox_admin_user_name: "admin"
+infoblox_wapi_version: "2.3"
+infoblox_wapi_max_results: "-50000"
+
 ######################
 # Notification Drivers
 ######################

ansible/roles/neutron/handlers/main.yml

@@ -325,3 +325,26 @@
       or neutron_bgp_dragent_ini | changed
       or policy_json | changed
       or neutron_bgp_dragent_container | changed
+
+- name: Restart neutron-infoblox-ipam-agent container
+  vars:
+    service_name: "neutron-infoblox-ipam-agent"
+    service: "{{ neutron_services[service_name] }}"
+    config_json: "{{ neutron_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
+    neutron_conf: "{{ neutron_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
+    neutron_ml2_conf: "{{ neutron_ml2_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
+    neutron_infoblox_ipam_agent_container: "{{ check_neutron_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
+  kolla_docker:
+    action: "recreate_or_restart_container"
+    common_options: "{{ docker_common_options }}"
+    name: "{{ service.container_name }}"
+    image: "{{ service.image }}"
+    volumes: "{{ service.volumes }}"
+    privileged: "{{ service.privileged | default(False) }}"
+  when:
+    - action != "config"
+    - service.enabled | bool
+    - service.host_in_groups | bool
+    - config_json | changed
+      or neutron_conf | changed
+      or neutron_ml2_conf | changed

ansible/roles/neutron/tasks/config.yml

@@ -56,6 +56,7 @@
       - "neutron-lbaas-agent"
       - "neutron-vpnaas-agent"
       - "neutron-bgp-dragent"
+      - "neutron-infoblox-ipam-agent"
       - "neutron-sriov-agent"
   merge_configs:
     sources:
@@ -126,6 +127,7 @@
     services_need_ml2_conf_ini:
       - "neutron-linuxbridge-agent"
       - "neutron-openvswitch-agent"
+      - "neutron-infoblox-ipam-agent"
       - "neutron-server"
   merge_configs:
     sources:

ansible/roles/neutron/templates/neutron-infoblox-ipam-agent.json.j2

@@ -0,0 +1,29 @@
+{
+    "command": "infoblox-ipam-agent --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini",
+    "config_files": [
+        {
+            "source": "{{ container_config_directory }}/neutron.conf",
+            "dest": "/etc/neutron/neutron.conf",
+            "owner": "neutron",
+            "perm": "0600"
+        },
+        {
+            "source": "{{ container_config_directory }}/ml2_conf.ini",
+            "dest": "/etc/neutron/plugins/ml2/ml2_conf.ini",
+            "owner": "neutron",
+            "perm": "0600"
+        }
+    ],
+    "permissions": [
+        {
+            "path": "/var/log/kolla/neutron",
+            "owner": "neutron:neutron",
+            "recurse": true
+        },
+        {
+            "path": "/var/lib/neutron/kolla",
+            "owner": "neutron:neutron",
+            "recurse": true
+        }
+    ]
+}

ansible/roles/neutron/templates/neutron.conf.j2

@@ -68,6 +68,8 @@ nsx_extension_drivers = vmware_dvs_dns
 {% endif %}
 {% endif %}
 
+ipam_driver = {{ neutron_ipam_driver }}
+
 [nova]
 auth_url = {{ keystone_admin_url }}
 auth_type = password
@@ -170,3 +172,23 @@ os_interface = internal
 
 [privsep]
 helper_command=sudo neutron-rootwrap /etc/neutron/rootwrap.conf privsep-helper
+
+{% if enable_neutron_infoblox_ipam_agent | bool %}
+[infoblox]
+keystone_admin_project_domain_id = {{ default_project_domain_id }}
+keystone_admin_user_domain_id = {{ default_user_domain_id }}
+keystone_admin_project_name = service
+keystone_admin_username = {{ neutron_keystone_user }}
+keystone_admin_password = {{ neutron_keystone_password }}
+keystone_auth_uri = {{ keystone_internal_url }}
+keystone_auth_version = v3
+cloud_data_center_id = {{ infoblox_cloud_data_center_id }}
+
+[infoblox-dc:{{ infoblox_cloud_data_center_id }}]
+grid_master_host = {{ infoblox_grid_master_host }}
+grid_master_name = {{ infoblox_grid_master_name }}
+admin_user_name = {{ infoblox_admin_user_name }}
+admin_password = {{ infoblox_admin_password }}
+wapi_version = {{ infoblox_wapi_version }}
+wapi_max_results = {{ infoblox_wapi_max_results }}
+{% endif %}

ansible/roles/nova/defaults/main.yml

@@ -249,7 +249,7 @@ nova_ssh_port: "8022"
 ####################
 nova_notification_topics:
   - name: notifications
-    enabled: "{{ enable_ceilometer | bool or enable_searchlight | bool }}"
+    enabled: "{{ enable_ceilometer | bool or enable_searchlight | bool or enable_neutron_infoblox_ipam_agent | bool }}"
   - name: notifications_designate
     enabled: "{{ enable_designate | bool }}"
 

ansible/roles/nova/templates/nova.conf.j2

@@ -269,7 +269,7 @@ os_region_name = {{ openstack_region_name }}
 os_interface = internal
 
 [notifications]
-{% if enable_ceilometer | bool or enable_searchlight | bool or enable_designate | bool %}
+{% if enable_ceilometer | bool or enable_searchlight | bool or enable_designate | bool or enable_neutron_infoblox_ipam_agent | bool %}
 notify_on_state_change = vm_and_task_state
 {% endif %}
 

etc/kolla/globals.yml

@@ -102,6 +102,9 @@ kolla_internal_vip_address: "10.10.10.254"
 # Valid options are [ openvswitch, linuxbridge, vmware_nsxv, vmware_dvs, opendaylight ]
 #neutron_plugin_agent: "openvswitch"
 
+# Valid options are [ internal, infoblox ]
+#neutron_ipam_driver: "internal"
+
 
 ####################
 # keepalived options

etc/kolla/passwords.yml

@@ -45,6 +45,11 @@ hnas_nfs_password:
 ######################
 zfssa_iscsi_password:
 
+#######################
+# Infoblox IPAM support
+#######################
+infoblox_admin_password:
+
 ####################
 # OpenStack options
 ####################

releasenotes/notes/add-neutron-ipam-driver-infoblox-3621f44bb0017e91.yaml

@@ -0,0 +1,8 @@
+---
+features:
+  - |
+    Add support for the configuration of Infoblox as a pluggable
+    IPAM driver in neutron. Configure by selecting 'infoblox' as
+    the 'neutron_ipam_driver'. In addition to handling IP address
+    management within neutron, an agent will be started to
+    automatically manage DNS entries within the Infoblox appliance.

tests/templates/inventory.j2

@@ -294,6 +294,9 @@ neutron
 [neutron-bgp-dragent:children]
 neutron
 
+[neutron-infoblox-ipam-agent:children]
+neutron
+
 # Ceph
 [ceph-mds:children]
 ceph