Integrate designate with neutron

Integrate designate service with neutron to allow instances
and floatingip resolve designate dns.
MDNS service need to be reachable from nova instances
in order to resolve DNS queries.
Added new dns_interface to make this configurable.
Add designate guide.

Closes-Bug: #1661330

Change-Id: I5a2ac5cf2a9aa0977ae42d53dd64699623ddf3ed

ansible/group_vars/all.yml

@@ -118,6 +118,7 @@ storage_interface: "{{ network_interface }}"
 cluster_interface: "{{ network_interface }}"
 tunnel_interface: "{{ network_interface }}"
 bifrost_network_interface: "{{ network_interface }}"
+dns_interface: "{{ network_interface }}"
 tunnel_interface_address: "{{ hostvars[inventory_hostname]['ansible_' + tunnel_interface]['ipv4']['address'] }}"
 
 # Valid options are [ openvswitch, linuxbridge, sfc ]
@@ -359,6 +360,7 @@ enable_watcher: "no"
 ironic_keystone_user: "ironic"
 neutron_keystone_user: "neutron"
 nova_keystone_user: "nova"
+designate_keystone_user: "designate"
 
 # Nova fake driver and the number of fake driver per compute node
 enable_nova_fake: "no"

ansible/roles/designate/tasks/precheck.yml

@@ -21,7 +21,7 @@
 
 - name: Checking free port for designate mdns
   wait_for:
-    host: "{{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}"
+    host: "{{ hostvars[inventory_hostname]['ansible_' + dns_interface]['ipv4']['address'] }}"
     port: "{{ designate_mdns_port }}"
     connect_timeout: 1
     state: stopped

ansible/roles/designate/templates/designate.conf.j2

@@ -39,7 +39,7 @@ enabled_notification_handlers = nova_fixed, neutron_floatingip
 workers = {{ openstack_service_workers }}
 
 [service:mdns]
-listen = {{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}:{{ designate_mdns_port }}
+listen = {{ hostvars[inventory_hostname]['ansible_' + dns_interface]['ipv4']['address'] }}:{{ designate_mdns_port }}
 workers = {{ openstack_service_workers }}
 
 [service:worker]
@@ -66,18 +66,30 @@ max_retries = 10
 idle_timeout = 3600
 
 [handler:nova_fixed]
+#NOTE: zone_id must be manually filled an ID from openstack zone list
+zone_id =
 notification_topics = notifications_designate
 control_exchange = nova
-format = '(display_name)s.%(domain)s'
+formatv4 = '%(octet0)s-%(octet1)s-%(octet2)s-%(octet3)s.%(zone)s'
+formatv4 = '%(hostname)s.%(project)s.%(zone)s'
+formatv4 = '%(hostname)s.%(zone)s'
+formatv6 = '%(hostname)s.%(zone)s'
+formatv6 = '%(hostname)s.%(project)s.%(zone)s'
 
 [handler:neutron_floatingip]
+#NOTE: zone_id must be manually filled an ID from openstack zone list
+zone_id =
 notification_topics = notifications_designate
 control_exchange = neutron
-format = '%(octet0)s-%(octet1)s-%(octet2)s-%(octet3)s.%(domain)s'
+formatv4 = '%(octet0)s-%(octet1)s-%(octet2)s-%(octet3)s.%(zone)s'
+formatv4 = '%(hostname)s.%(project)s.%(zone)s'
+formatv4 = '%(hostname)s.%(zone)s'
+formatv6 = '%(hostname)s.%(zone)s'
+formatv6 = '%(hostname)s.%(project)s.%(zone)s'
 
 [oslo_messaging_notifications]
 topics = notifications_designate
-driver = messaging
+driver = messagingv2
 
 [oslo_messaging_rabbit]
 rabbit_userid = {{ rabbitmq_user }}

ansible/roles/neutron/defaults/main.yml

@@ -73,3 +73,16 @@ neutron_logging_debug: "{{ openstack_logging_debug }}"
 neutron_bridge_name: "br-ex"
 
 openstack_neutron_auth: "{{ openstack_auth }}"
+
+####################
+# Extension drivers
+####################
+extension_drivers:
+  - name: "qos"
+    enabled: "{{ enable_neutron_qos | bool }}"
+  - name: "port_security"
+    enabled: "{{ enable_tacker | bool or enable_designate | bool }}"
+  - name: "dns"
+    enabled: "{{ enable_designate | bool }}"
+
+neutron_extension_drivers: "{{ extension_drivers|selectattr('enabled', 'equalto', true)|list }}"

ansible/roles/neutron/templates/ml2_conf.ini.j2

@@ -15,12 +15,8 @@ mechanism_drivers = openvswitch,l2population
 mechanism_drivers = linuxbridge,l2population
 {% endif %}
 
-{% if enable_neutron_qos | bool %}
-extension_drivers = qos
-{% endif %}
-
-{% if enable_tacker | bool %}
-extension_drivers = port_security
+{% if extension_drivers %}
+extension_drivers = {{ neutron_extension_drivers|map(attribute='name')|join(',') }} 
 {% endif %}
 
 [ml2_type_vlan]

ansible/roles/neutron/templates/neutron.conf.j2

@@ -50,6 +50,11 @@ transport_url = rabbit://{% for host in groups['rabbitmq'] %}{{ rabbitmq_user }}
 router_distributed = True
 {% endif %}
 
+{% if enable_designate | bool %}
+dns_domain = {{ designate_ns_record }}.
+external_dns_driver = designate
+{% endif %}
+
 [nova]
 auth_url = {{ keystone_admin_url }}
 auth_type = password
@@ -109,3 +114,19 @@ drivers = ovs
 [octavia]
 base_url = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ octavia_api_port }}
 {% endif %}
+
+{% if enable_designate | bool %}
+[designate]
+url = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ designate_api_port }}/v2
+auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}
+auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
+auth_type = password
+project_domain_id = default
+user_domain_id = default
+project_name = service
+username = {{ designate_keystone_user }}
+password = {{ designate_keystone_password }}
+allow_reverse_dns_lookup = True
+ipv4_ptr_zone_prefix_size = 24
+ipv6_ptr_zone_prefix_size = 116
+{% endif %}

doc/designate-guide.rst

@@ -0,0 +1,122 @@
+.. _designate-guide:
+
+==================
+Designate in Kolla
+==================
+
+Overview
+========
+Designate provides DNSaaS services for OpenStack:
+
+  -  REST API for domain/record management
+  -  Multi-tenant
+  -  Integrated with Keystone for authentication
+  -  Framework in place to integrate with Nova and Neutron
+     notifications (for auto-generated records)
+  -  Support for PowerDNS and Bind9 out of the box
+
+Configuration on Kolla deployment
+---------------------------------
+
+Enable Designate service in ``/etc/kolla/globals.yml``
+
+.. code-block:: console
+
+    enable_designate: "yes"
+
+Configure Designate options in ``/etc/kolla/globals.yml``
+
+.. important::
+
+    Designate MDNS node requires the ``dns_interface`` to be reachable from
+    public network.
+
+.. code-block:: console
+
+    dns_interface: "eth1"
+    designate_backend: "bind9"
+    designate_ns_record: "sample.openstack.org"
+
+Neutron and Nova Integration
+----------------------------
+
+Create default Designate Zone for Neutron:
+
+.. code-block:: console
+
+    $ openstack zone create --email admin@sample.openstack.org sample.openstack.org.
+
+Create designate-sink custom configuration folder:
+
+.. code-block:: console
+
+   $ mkdir -p /etc/kolla/config/designate/designate-sink/
+
+Append Designate Zone ID in ``/etc/kolla/config/designate/designate-sink.conf``
+
+.. code-block:: console
+
+    [handler:nova_fixed]
+    zone_id = <ZONE_ID>
+    [handler:neutron_floatingip]
+    zone_id = <ZONE_ID>
+
+Reconfigure Designate:
+
+.. code-block:: console
+
+    $ kolla-ansible reconfigure -i <INVENTORY_FILE> --tags designate
+
+Verify operation
+----------------
+
+List available networks:
+
+.. code-block:: console
+
+    $ neutron net-list
+
+Associate a domain to a network:
+
+.. code-block:: console
+
+    $ neutron net-update <NETWORK_ID> --dns_domain sample.openstack.org.
+
+Start an instance:
+
+.. code-block:: console
+
+    $ openstack server create \
+      --image cirros \
+      --flavor m1.tiny \
+      --key-name mykey \
+      --nic net-id=${NETWORK_ID} \
+      my-vm
+
+Check DNS records in Designate:
+
+.. code-block:: console
+
+    $ designate record-list sample.openstack.org.
+    +--------------------------------------+------+---------------------------------------+---------------------------------------------+
+    | id                                   | type | name                                  | data                                        |
+    +--------------------------------------+------+---------------------------------------+---------------------------------------------+
+    | 5aec6f5b-2121-4a2e-90d7-9e4509f79506 | SOA  | sample.openstack.org.                 | sample.openstack.org.                       |
+    |                                      |      |                                       | admin.sample.openstack.org. 1485266928 3514 |
+    |                                      |      |                                       | 600 86400 3600                              |
+    | 578dc94a-df74-4086-a352-a3b2db9233ae | NS   | sample.openstack.org.                 | sample.openstack.org.                       |
+    | de9ff01e-e9ef-4a0f-88ed-6ec5ecabd315 | A    | 192-168-190-232.sample.openstack.org. | 192.168.190.232                             |
+    | f67645ee-829c-4154-a988-75341050a8d6 | A    | my-vm.None.sample.openstack.org.      | 192.168.190.232                             |
+    | e5623d73-4f9f-4b54-9045-b148e0c3342d | A    | my-vm.sample.openstack.org.           | 192.168.190.232                             |
+    +--------------------------------------+------+---------------------------------------+---------------------------------------------+
+
+Query instance DNS information to Designate ``dns_interface`` IP address:
+
+.. code-block:: console
+
+    $ dig +short -p 5354 @<DNS_INTERFACE_IP> my-vm.sample.openstack.org. A
+    192.168.190.232
+
+For more information about how Designate works, see
+`Designate, a DNSaaS component for OpenStack
+<http://docs.openstack.org/developer/designate>`__.

doc/index.rst

@@ -66,6 +66,7 @@ Kolla Services
    external-ceph-guide
    cinder-guide
    cinder-guide-hnas
+   designate-guide
    ironic-guide
    manila-guide
    manila-hnas-guide

etc/kolla/globals.yml

@@ -77,6 +77,7 @@ kolla_internal_vip_address: "10.10.10.254"
 #storage_interface: "{{ network_interface }}"
 #cluster_interface: "{{ network_interface }}"
 #tunnel_interface: "{{ network_interface }}"
+#dns_interface: "{{ network_interface }}"
 
 # This is the raw interface given to neutron as its external network port. Even
 # though an IP address can exist on this interface, it will be unusable in most