From 2f69b3cbc66eafaaec1920ceb85255d0f84aa6a4 Mon Sep 17 00:00:00 2001 From: Gerry Buteau Date: Wed, 21 Mar 2018 11:39:26 -0400 Subject: [PATCH] Configure Infoblox as an IPAM driver for neutron This patch allows configuration of the Infoblox pluggable IPAM driver in neutron [0]. When 'infoblox' is chosen as the driver, an Infoblox IPAM agent can be started as well. The agent allows for enhanced DNS capabilities by listening for neutron and nova notifications. [0] https://github.com/openstack/networking-infoblox/blob/master/README.rst Change-Id: I4f863750a7806a7b6eaf13900d44e5f063afe3de Depends-On: Ia44f0e0d7a0d60cebf0857ad51700e02eba5099b Partially-Implements: blueprint neutron-ipam-driver-infoblox --- ansible/group_vars/all.yml | 4 +++ ansible/inventory/all-in-one | 3 ++ ansible/inventory/multinode | 3 ++ ansible/roles/neutron/defaults/main.yml | 27 ++++++++++++++++- ansible/roles/neutron/handlers/main.yml | 23 +++++++++++++++ ansible/roles/neutron/tasks/config.yml | 2 ++ .../neutron-infoblox-ipam-agent.json.j2 | 29 +++++++++++++++++++ .../roles/neutron/templates/neutron.conf.j2 | 22 ++++++++++++++ ansible/roles/nova/defaults/main.yml | 2 +- ansible/roles/nova/templates/nova.conf.j2 | 2 +- etc/kolla/globals.yml | 3 ++ etc/kolla/passwords.yml | 5 ++++ ...ipam-driver-infoblox-3621f44bb0017e91.yaml | 8 +++++ tests/templates/inventory.j2 | 3 ++ 14 files changed, 133 insertions(+), 3 deletions(-) create mode 100644 ansible/roles/neutron/templates/neutron-infoblox-ipam-agent.json.j2 create mode 100644 releasenotes/notes/add-neutron-ipam-driver-infoblox-3621f44bb0017e91.yaml diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml index 69a42f919b..1c4f2aabf2 100644 --- a/ansible/group_vars/all.yml +++ b/ansible/group_vars/all.yml @@ -158,6 +158,9 @@ tunnel_interface_address: "{{ hostvars[inventory_hostname]['ansible_' + tunnel_i # Valid options are [ openvswitch, linuxbridge, vmware_nsxv, vmware_dvs, opendaylight ] neutron_plugin_agent: "openvswitch" +# Valid options are [ internal, infoblox ] +neutron_ipam_driver: "internal" + # The default ports used by each service. # The list should be in alphabetical order aodh_api_port: "8042" @@ -463,6 +466,7 @@ enable_neutron_bgp_dragent: "no" enable_neutron_provider_networks: "no" enable_neutron_segments: "no" enable_neutron_sfc: "no" +enable_neutron_infoblox_ipam_agent: "no" enable_nova_serialconsole_proxy: "no" enable_octavia: "no" enable_opendaylight: "no" diff --git a/ansible/inventory/all-in-one b/ansible/inventory/all-in-one index ffa40675d8..d69fadafab 100644 --- a/ansible/inventory/all-in-one +++ b/ansible/inventory/all-in-one @@ -302,6 +302,9 @@ neutron [neutron-bgp-dragent:children] neutron +[neutron-infoblox-ipam-agent:children] +neutron + # Ceph [ceph-mds:children] ceph diff --git a/ansible/inventory/multinode b/ansible/inventory/multinode index 61918913e6..dcb2b11928 100644 --- a/ansible/inventory/multinode +++ b/ansible/inventory/multinode @@ -321,6 +321,9 @@ neutron [neutron-bgp-dragent:children] neutron +[neutron-infoblox-ipam-agent:children] +neutron + # Ceph [ceph-mds:children] ceph diff --git a/ansible/roles/neutron/defaults/main.yml b/ansible/roles/neutron/defaults/main.yml index 2ea00a1684..b8d4f509df 100644 --- a/ansible/roles/neutron/defaults/main.yml +++ b/ansible/roles/neutron/defaults/main.yml @@ -173,6 +173,18 @@ neutron_services: - "/etc/localtime:/etc/localtime:ro" - "/run:/run:shared" - "kolla_logs:/var/log/kolla/" + neutron-infoblox-ipam-agent: + container_name: "neutron_infoblox_ipam_agent" + image: "{{ neutron_infoblox_ipam_agent_image_full }}" + privileged: True + enabled: "{{ enable_neutron_infoblox_ipam_agent | bool }}" + group: "neutron-infoblox-ipam-agent" + host_in_groups: "{{ inventory_hostname in groups['neutron-infoblox-ipam-agent'] }}" + volumes: + - "{{ node_config_directory }}/neutron-infoblox-ipam-agent/:{{ container_config_directory }}/:ro" + - "/etc/localtime:/etc/localtime:ro" + - "/run:/run:shared" + - "kolla_logs:/var/log/kolla/" #################### @@ -229,6 +241,9 @@ neutron_bgp_dragent_image: "{{ docker_registry ~ '/' if docker_registry else '' neutron_bgp_dragent_tag: "{{ neutron_tag }}" neutron_bgp_dragent_image_full: "{{ neutron_bgp_dragent_image }}:{{ neutron_bgp_dragent_tag }}" +neutron_infoblox_ipam_agent_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ neutron_install_type }}-neutron-infoblox-ipam-agent" +neutron_infoblox_ipam_agent_tag: "{{ neutron_tag }}" +neutron_infoblox_ipam_agent_image_full: "{{ neutron_infoblox_ipam_agent_image }}:{{ neutron_infoblox_ipam_agent_tag }}" #################### # OpenStack @@ -296,7 +311,7 @@ neutron_service_plugins: "{{ service_plugins|selectattr('enabled', 'equalto', tr #################### neutron_notification_topics: - name: notifications - enabled: "{{ enable_ceilometer | bool or enable_searchlight | bool }}" + enabled: "{{ enable_ceilometer | bool or enable_searchlight | bool or enable_neutron_infoblox_ipam_agent | bool }}" - name: notifications_designate enabled: "{{ enable_designate | bool }}" @@ -349,6 +364,16 @@ vmware_dvs_insecure: "True" vmware_dvs_dvs_name: "VDS-1" vmware_dvs_dhcp_override_mac: "" +#################### +# Infoblox IPAM +#################### +infoblox_cloud_data_center_id: "1" +infoblox_grid_master_host: "192.168.1.1" +infoblox_grid_master_name: "infoblox.localdomain" +infoblox_admin_user_name: "admin" +infoblox_wapi_version: "2.3" +infoblox_wapi_max_results: "-50000" + ###################### # Notification Drivers ###################### diff --git a/ansible/roles/neutron/handlers/main.yml b/ansible/roles/neutron/handlers/main.yml index 74c39cfbaa..70eb837155 100644 --- a/ansible/roles/neutron/handlers/main.yml +++ b/ansible/roles/neutron/handlers/main.yml @@ -325,3 +325,26 @@ or neutron_bgp_dragent_ini | changed or policy_json | changed or neutron_bgp_dragent_container | changed + +- name: Restart neutron-infoblox-ipam-agent container + vars: + service_name: "neutron-infoblox-ipam-agent" + service: "{{ neutron_services[service_name] }}" + config_json: "{{ neutron_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" + neutron_conf: "{{ neutron_confs.results|selectattr('item.key', 'equalto', service_name)|first }}" + neutron_ml2_conf: "{{ neutron_ml2_confs.results|selectattr('item.key', 'equalto', service_name)|first }}" + neutron_infoblox_ipam_agent_container: "{{ check_neutron_containers.results|selectattr('item.key', 'equalto', service_name)|first }}" + kolla_docker: + action: "recreate_or_restart_container" + common_options: "{{ docker_common_options }}" + name: "{{ service.container_name }}" + image: "{{ service.image }}" + volumes: "{{ service.volumes }}" + privileged: "{{ service.privileged | default(False) }}" + when: + - action != "config" + - service.enabled | bool + - service.host_in_groups | bool + - config_json | changed + or neutron_conf | changed + or neutron_ml2_conf | changed diff --git a/ansible/roles/neutron/tasks/config.yml b/ansible/roles/neutron/tasks/config.yml index f6b1bcbb7f..aa51a9431f 100644 --- a/ansible/roles/neutron/tasks/config.yml +++ b/ansible/roles/neutron/tasks/config.yml @@ -56,6 +56,7 @@ - "neutron-lbaas-agent" - "neutron-vpnaas-agent" - "neutron-bgp-dragent" + - "neutron-infoblox-ipam-agent" - "neutron-sriov-agent" merge_configs: sources: @@ -126,6 +127,7 @@ services_need_ml2_conf_ini: - "neutron-linuxbridge-agent" - "neutron-openvswitch-agent" + - "neutron-infoblox-ipam-agent" - "neutron-server" merge_configs: sources: diff --git a/ansible/roles/neutron/templates/neutron-infoblox-ipam-agent.json.j2 b/ansible/roles/neutron/templates/neutron-infoblox-ipam-agent.json.j2 new file mode 100644 index 0000000000..24ef182f8c --- /dev/null +++ b/ansible/roles/neutron/templates/neutron-infoblox-ipam-agent.json.j2 @@ -0,0 +1,29 @@ +{ + "command": "infoblox-ipam-agent --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini", + "config_files": [ + { + "source": "{{ container_config_directory }}/neutron.conf", + "dest": "/etc/neutron/neutron.conf", + "owner": "neutron", + "perm": "0600" + }, + { + "source": "{{ container_config_directory }}/ml2_conf.ini", + "dest": "/etc/neutron/plugins/ml2/ml2_conf.ini", + "owner": "neutron", + "perm": "0600" + } + ], + "permissions": [ + { + "path": "/var/log/kolla/neutron", + "owner": "neutron:neutron", + "recurse": true + }, + { + "path": "/var/lib/neutron/kolla", + "owner": "neutron:neutron", + "recurse": true + } + ] +} diff --git a/ansible/roles/neutron/templates/neutron.conf.j2 b/ansible/roles/neutron/templates/neutron.conf.j2 index 4b5a553976..7a64f1d086 100644 --- a/ansible/roles/neutron/templates/neutron.conf.j2 +++ b/ansible/roles/neutron/templates/neutron.conf.j2 @@ -68,6 +68,8 @@ nsx_extension_drivers = vmware_dvs_dns {% endif %} {% endif %} +ipam_driver = {{ neutron_ipam_driver }} + [nova] auth_url = {{ keystone_admin_url }} auth_type = password @@ -170,3 +172,23 @@ os_interface = internal [privsep] helper_command=sudo neutron-rootwrap /etc/neutron/rootwrap.conf privsep-helper + +{% if enable_neutron_infoblox_ipam_agent | bool %} +[infoblox] +keystone_admin_project_domain_id = {{ default_project_domain_id }} +keystone_admin_user_domain_id = {{ default_user_domain_id }} +keystone_admin_project_name = service +keystone_admin_username = {{ neutron_keystone_user }} +keystone_admin_password = {{ neutron_keystone_password }} +keystone_auth_uri = {{ keystone_internal_url }} +keystone_auth_version = v3 +cloud_data_center_id = {{ infoblox_cloud_data_center_id }} + +[infoblox-dc:{{ infoblox_cloud_data_center_id }}] +grid_master_host = {{ infoblox_grid_master_host }} +grid_master_name = {{ infoblox_grid_master_name }} +admin_user_name = {{ infoblox_admin_user_name }} +admin_password = {{ infoblox_admin_password }} +wapi_version = {{ infoblox_wapi_version }} +wapi_max_results = {{ infoblox_wapi_max_results }} +{% endif %} diff --git a/ansible/roles/nova/defaults/main.yml b/ansible/roles/nova/defaults/main.yml index 0e108f51cd..3bbe452ab2 100644 --- a/ansible/roles/nova/defaults/main.yml +++ b/ansible/roles/nova/defaults/main.yml @@ -249,7 +249,7 @@ nova_ssh_port: "8022" #################### nova_notification_topics: - name: notifications - enabled: "{{ enable_ceilometer | bool or enable_searchlight | bool }}" + enabled: "{{ enable_ceilometer | bool or enable_searchlight | bool or enable_neutron_infoblox_ipam_agent | bool }}" - name: notifications_designate enabled: "{{ enable_designate | bool }}" diff --git a/ansible/roles/nova/templates/nova.conf.j2 b/ansible/roles/nova/templates/nova.conf.j2 index d94c8ace37..28e96e4a9a 100644 --- a/ansible/roles/nova/templates/nova.conf.j2 +++ b/ansible/roles/nova/templates/nova.conf.j2 @@ -269,7 +269,7 @@ os_region_name = {{ openstack_region_name }} os_interface = internal [notifications] -{% if enable_ceilometer | bool or enable_searchlight | bool or enable_designate | bool %} +{% if enable_ceilometer | bool or enable_searchlight | bool or enable_designate | bool or enable_neutron_infoblox_ipam_agent | bool %} notify_on_state_change = vm_and_task_state {% endif %} diff --git a/etc/kolla/globals.yml b/etc/kolla/globals.yml index 3f02dab982..713067c95b 100644 --- a/etc/kolla/globals.yml +++ b/etc/kolla/globals.yml @@ -102,6 +102,9 @@ kolla_internal_vip_address: "10.10.10.254" # Valid options are [ openvswitch, linuxbridge, vmware_nsxv, vmware_dvs, opendaylight ] #neutron_plugin_agent: "openvswitch" +# Valid options are [ internal, infoblox ] +#neutron_ipam_driver: "internal" + #################### # keepalived options diff --git a/etc/kolla/passwords.yml b/etc/kolla/passwords.yml index 0094a156c9..fc86a7f91f 100644 --- a/etc/kolla/passwords.yml +++ b/etc/kolla/passwords.yml @@ -45,6 +45,11 @@ hnas_nfs_password: ###################### zfssa_iscsi_password: +####################### +# Infoblox IPAM support +####################### +infoblox_admin_password: + #################### # OpenStack options #################### diff --git a/releasenotes/notes/add-neutron-ipam-driver-infoblox-3621f44bb0017e91.yaml b/releasenotes/notes/add-neutron-ipam-driver-infoblox-3621f44bb0017e91.yaml new file mode 100644 index 0000000000..73337d9252 --- /dev/null +++ b/releasenotes/notes/add-neutron-ipam-driver-infoblox-3621f44bb0017e91.yaml @@ -0,0 +1,8 @@ +--- +features: + - | + Add support for the configuration of Infoblox as a pluggable + IPAM driver in neutron. Configure by selecting 'infoblox' as + the 'neutron_ipam_driver'. In addition to handling IP address + management within neutron, an agent will be started to + automatically manage DNS entries within the Infoblox appliance. diff --git a/tests/templates/inventory.j2 b/tests/templates/inventory.j2 index ea9150a203..fe44aefbb7 100644 --- a/tests/templates/inventory.j2 +++ b/tests/templates/inventory.j2 @@ -294,6 +294,9 @@ neutron [neutron-bgp-dragent:children] neutron +[neutron-infoblox-ipam-agent:children] +neutron + # Ceph [ceph-mds:children] ceph