Configure Infoblox as an IPAM driver for neutron

This patch allows configuration of the Infoblox
pluggable IPAM driver in neutron [0].

When 'infoblox' is chosen as the driver, an Infoblox
IPAM agent can be started as well.  The agent
allows for enhanced DNS capabilities by listening
for neutron and nova notifications.

[0] https://github.com/openstack/networking-infoblox/blob/master/README.rst

Change-Id: I4f863750a7806a7b6eaf13900d44e5f063afe3de
Depends-On: Ia44f0e0d7a0d60cebf0857ad51700e02eba5099b
Partially-Implements: blueprint neutron-ipam-driver-infoblox
This commit is contained in:
Gerry Buteau 2018-03-21 11:39:26 -04:00
parent 71033e8f21
commit 2f69b3cbc6
14 changed files with 133 additions and 3 deletions

View File

@ -158,6 +158,9 @@ tunnel_interface_address: "{{ hostvars[inventory_hostname]['ansible_' + tunnel_i
# Valid options are [ openvswitch, linuxbridge, vmware_nsxv, vmware_dvs, opendaylight ] # Valid options are [ openvswitch, linuxbridge, vmware_nsxv, vmware_dvs, opendaylight ]
neutron_plugin_agent: "openvswitch" neutron_plugin_agent: "openvswitch"
# Valid options are [ internal, infoblox ]
neutron_ipam_driver: "internal"
# The default ports used by each service. # The default ports used by each service.
# The list should be in alphabetical order # The list should be in alphabetical order
aodh_api_port: "8042" aodh_api_port: "8042"
@ -463,6 +466,7 @@ enable_neutron_bgp_dragent: "no"
enable_neutron_provider_networks: "no" enable_neutron_provider_networks: "no"
enable_neutron_segments: "no" enable_neutron_segments: "no"
enable_neutron_sfc: "no" enable_neutron_sfc: "no"
enable_neutron_infoblox_ipam_agent: "no"
enable_nova_serialconsole_proxy: "no" enable_nova_serialconsole_proxy: "no"
enable_octavia: "no" enable_octavia: "no"
enable_opendaylight: "no" enable_opendaylight: "no"

View File

@ -302,6 +302,9 @@ neutron
[neutron-bgp-dragent:children] [neutron-bgp-dragent:children]
neutron neutron
[neutron-infoblox-ipam-agent:children]
neutron
# Ceph # Ceph
[ceph-mds:children] [ceph-mds:children]
ceph ceph

View File

@ -321,6 +321,9 @@ neutron
[neutron-bgp-dragent:children] [neutron-bgp-dragent:children]
neutron neutron
[neutron-infoblox-ipam-agent:children]
neutron
# Ceph # Ceph
[ceph-mds:children] [ceph-mds:children]
ceph ceph

View File

@ -173,6 +173,18 @@ neutron_services:
- "/etc/localtime:/etc/localtime:ro" - "/etc/localtime:/etc/localtime:ro"
- "/run:/run:shared" - "/run:/run:shared"
- "kolla_logs:/var/log/kolla/" - "kolla_logs:/var/log/kolla/"
neutron-infoblox-ipam-agent:
container_name: "neutron_infoblox_ipam_agent"
image: "{{ neutron_infoblox_ipam_agent_image_full }}"
privileged: True
enabled: "{{ enable_neutron_infoblox_ipam_agent | bool }}"
group: "neutron-infoblox-ipam-agent"
host_in_groups: "{{ inventory_hostname in groups['neutron-infoblox-ipam-agent'] }}"
volumes:
- "{{ node_config_directory }}/neutron-infoblox-ipam-agent/:{{ container_config_directory }}/:ro"
- "/etc/localtime:/etc/localtime:ro"
- "/run:/run:shared"
- "kolla_logs:/var/log/kolla/"
#################### ####################
@ -229,6 +241,9 @@ neutron_bgp_dragent_image: "{{ docker_registry ~ '/' if docker_registry else ''
neutron_bgp_dragent_tag: "{{ neutron_tag }}" neutron_bgp_dragent_tag: "{{ neutron_tag }}"
neutron_bgp_dragent_image_full: "{{ neutron_bgp_dragent_image }}:{{ neutron_bgp_dragent_tag }}" neutron_bgp_dragent_image_full: "{{ neutron_bgp_dragent_image }}:{{ neutron_bgp_dragent_tag }}"
neutron_infoblox_ipam_agent_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ neutron_install_type }}-neutron-infoblox-ipam-agent"
neutron_infoblox_ipam_agent_tag: "{{ neutron_tag }}"
neutron_infoblox_ipam_agent_image_full: "{{ neutron_infoblox_ipam_agent_image }}:{{ neutron_infoblox_ipam_agent_tag }}"
#################### ####################
# OpenStack # OpenStack
@ -296,7 +311,7 @@ neutron_service_plugins: "{{ service_plugins|selectattr('enabled', 'equalto', tr
#################### ####################
neutron_notification_topics: neutron_notification_topics:
- name: notifications - name: notifications
enabled: "{{ enable_ceilometer | bool or enable_searchlight | bool }}" enabled: "{{ enable_ceilometer | bool or enable_searchlight | bool or enable_neutron_infoblox_ipam_agent | bool }}"
- name: notifications_designate - name: notifications_designate
enabled: "{{ enable_designate | bool }}" enabled: "{{ enable_designate | bool }}"
@ -349,6 +364,16 @@ vmware_dvs_insecure: "True"
vmware_dvs_dvs_name: "VDS-1" vmware_dvs_dvs_name: "VDS-1"
vmware_dvs_dhcp_override_mac: "" vmware_dvs_dhcp_override_mac: ""
####################
# Infoblox IPAM
####################
infoblox_cloud_data_center_id: "1"
infoblox_grid_master_host: "192.168.1.1"
infoblox_grid_master_name: "infoblox.localdomain"
infoblox_admin_user_name: "admin"
infoblox_wapi_version: "2.3"
infoblox_wapi_max_results: "-50000"
###################### ######################
# Notification Drivers # Notification Drivers
###################### ######################

View File

@ -325,3 +325,26 @@
or neutron_bgp_dragent_ini | changed or neutron_bgp_dragent_ini | changed
or policy_json | changed or policy_json | changed
or neutron_bgp_dragent_container | changed or neutron_bgp_dragent_container | changed
- name: Restart neutron-infoblox-ipam-agent container
vars:
service_name: "neutron-infoblox-ipam-agent"
service: "{{ neutron_services[service_name] }}"
config_json: "{{ neutron_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
neutron_conf: "{{ neutron_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
neutron_ml2_conf: "{{ neutron_ml2_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
neutron_infoblox_ipam_agent_container: "{{ check_neutron_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
kolla_docker:
action: "recreate_or_restart_container"
common_options: "{{ docker_common_options }}"
name: "{{ service.container_name }}"
image: "{{ service.image }}"
volumes: "{{ service.volumes }}"
privileged: "{{ service.privileged | default(False) }}"
when:
- action != "config"
- service.enabled | bool
- service.host_in_groups | bool
- config_json | changed
or neutron_conf | changed
or neutron_ml2_conf | changed

View File

@ -56,6 +56,7 @@
- "neutron-lbaas-agent" - "neutron-lbaas-agent"
- "neutron-vpnaas-agent" - "neutron-vpnaas-agent"
- "neutron-bgp-dragent" - "neutron-bgp-dragent"
- "neutron-infoblox-ipam-agent"
- "neutron-sriov-agent" - "neutron-sriov-agent"
merge_configs: merge_configs:
sources: sources:
@ -126,6 +127,7 @@
services_need_ml2_conf_ini: services_need_ml2_conf_ini:
- "neutron-linuxbridge-agent" - "neutron-linuxbridge-agent"
- "neutron-openvswitch-agent" - "neutron-openvswitch-agent"
- "neutron-infoblox-ipam-agent"
- "neutron-server" - "neutron-server"
merge_configs: merge_configs:
sources: sources:

View File

@ -0,0 +1,29 @@
{
"command": "infoblox-ipam-agent --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini",
"config_files": [
{
"source": "{{ container_config_directory }}/neutron.conf",
"dest": "/etc/neutron/neutron.conf",
"owner": "neutron",
"perm": "0600"
},
{
"source": "{{ container_config_directory }}/ml2_conf.ini",
"dest": "/etc/neutron/plugins/ml2/ml2_conf.ini",
"owner": "neutron",
"perm": "0600"
}
],
"permissions": [
{
"path": "/var/log/kolla/neutron",
"owner": "neutron:neutron",
"recurse": true
},
{
"path": "/var/lib/neutron/kolla",
"owner": "neutron:neutron",
"recurse": true
}
]
}

View File

@ -68,6 +68,8 @@ nsx_extension_drivers = vmware_dvs_dns
{% endif %} {% endif %}
{% endif %} {% endif %}
ipam_driver = {{ neutron_ipam_driver }}
[nova] [nova]
auth_url = {{ keystone_admin_url }} auth_url = {{ keystone_admin_url }}
auth_type = password auth_type = password
@ -170,3 +172,23 @@ os_interface = internal
[privsep] [privsep]
helper_command=sudo neutron-rootwrap /etc/neutron/rootwrap.conf privsep-helper helper_command=sudo neutron-rootwrap /etc/neutron/rootwrap.conf privsep-helper
{% if enable_neutron_infoblox_ipam_agent | bool %}
[infoblox]
keystone_admin_project_domain_id = {{ default_project_domain_id }}
keystone_admin_user_domain_id = {{ default_user_domain_id }}
keystone_admin_project_name = service
keystone_admin_username = {{ neutron_keystone_user }}
keystone_admin_password = {{ neutron_keystone_password }}
keystone_auth_uri = {{ keystone_internal_url }}
keystone_auth_version = v3
cloud_data_center_id = {{ infoblox_cloud_data_center_id }}
[infoblox-dc:{{ infoblox_cloud_data_center_id }}]
grid_master_host = {{ infoblox_grid_master_host }}
grid_master_name = {{ infoblox_grid_master_name }}
admin_user_name = {{ infoblox_admin_user_name }}
admin_password = {{ infoblox_admin_password }}
wapi_version = {{ infoblox_wapi_version }}
wapi_max_results = {{ infoblox_wapi_max_results }}
{% endif %}

View File

@ -249,7 +249,7 @@ nova_ssh_port: "8022"
#################### ####################
nova_notification_topics: nova_notification_topics:
- name: notifications - name: notifications
enabled: "{{ enable_ceilometer | bool or enable_searchlight | bool }}" enabled: "{{ enable_ceilometer | bool or enable_searchlight | bool or enable_neutron_infoblox_ipam_agent | bool }}"
- name: notifications_designate - name: notifications_designate
enabled: "{{ enable_designate | bool }}" enabled: "{{ enable_designate | bool }}"

View File

@ -269,7 +269,7 @@ os_region_name = {{ openstack_region_name }}
os_interface = internal os_interface = internal
[notifications] [notifications]
{% if enable_ceilometer | bool or enable_searchlight | bool or enable_designate | bool %} {% if enable_ceilometer | bool or enable_searchlight | bool or enable_designate | bool or enable_neutron_infoblox_ipam_agent | bool %}
notify_on_state_change = vm_and_task_state notify_on_state_change = vm_and_task_state
{% endif %} {% endif %}

View File

@ -102,6 +102,9 @@ kolla_internal_vip_address: "10.10.10.254"
# Valid options are [ openvswitch, linuxbridge, vmware_nsxv, vmware_dvs, opendaylight ] # Valid options are [ openvswitch, linuxbridge, vmware_nsxv, vmware_dvs, opendaylight ]
#neutron_plugin_agent: "openvswitch" #neutron_plugin_agent: "openvswitch"
# Valid options are [ internal, infoblox ]
#neutron_ipam_driver: "internal"
#################### ####################
# keepalived options # keepalived options

View File

@ -45,6 +45,11 @@ hnas_nfs_password:
###################### ######################
zfssa_iscsi_password: zfssa_iscsi_password:
#######################
# Infoblox IPAM support
#######################
infoblox_admin_password:
#################### ####################
# OpenStack options # OpenStack options
#################### ####################

View File

@ -0,0 +1,8 @@
---
features:
- |
Add support for the configuration of Infoblox as a pluggable
IPAM driver in neutron. Configure by selecting 'infoblox' as
the 'neutron_ipam_driver'. In addition to handling IP address
management within neutron, an agent will be started to
automatically manage DNS entries within the Infoblox appliance.

View File

@ -294,6 +294,9 @@ neutron
[neutron-bgp-dragent:children] [neutron-bgp-dragent:children]
neutron neutron
[neutron-infoblox-ipam-agent:children]
neutron
# Ceph # Ceph
[ceph-mds:children] [ceph-mds:children]
ceph ceph