neutron: enable designate integration

The config enabled by the flag lets neutron create dns records when floating ip are created and assigned. (flag: designate_enabled) The config was previously added but was not enabled as the barclamp was still under development. Add designate public url to the config.[1] Set domain name for fixed and floating network. This allows neutron to assign correct dns domain to the port as they are created. There is more information at [1]. This is mainly needed when integrating neutron with external dns service (designate). Using the neutron cli to net-update as openstack cli does not support it (`openstack help network set` has no option for dns-domain) Fixed a typo in template for neutron as domains are expected to end with a dot(.) [1] https://docs.openstack.org/ocata/networking-guide/config-dns-int.html
sjamgade · May 16, 2019 · a50b459 · a50b459
1 parent 3b308f0
commit a50b459
Show file tree

Hide file tree

Showing 5 changed files with 56 additions and 14 deletions.
diff --git a/chef/cookbooks/neutron/recipes/common_config.rb b/chef/cookbooks/neutron/recipes/common_config.rb
@@ -119,6 +119,17 @@
   infoblox_settings = neutron[:neutron][:infoblox]
 end
 
+designate_public_uri = nil
+designate_server = node_search_with_cache("roles:designate-server").first
+unless designate_server.nil?
+  node_designate = designate_server[:designate]
+  public_host = CrowbarHelper.get_host_for_public_url(designate_server,
+                                                    node_designate[:api][:protocol] == "https",
+                                                    node_designate[:ha][:enabled])
+  api_protocol = node_designate[:api][:protocol]
+  designate_public_uri = "#{api_protocol}://#{public_host}:#{node_designate[:api][:bind_port]}/v2"
+end
+
 template neutron[:neutron][:config_file] do
     cookbook "neutron"
     source "neutron.conf.erb"
@@ -132,8 +143,8 @@
       sql_max_pool_overflow: neutron[:neutron][:sql][:max_pool_overflow],
       sql_pool_timeout: neutron[:neutron][:sql][:pool_timeout],
       debug: neutron[:neutron][:debug],
-      # TODO
-      designate_enabled: false,
+      designate_enabled: (not designate_server.nil?),
+      designate_public_uri: designate_public_uri,
       bind_host: bind_host,
       bind_port: bind_port,
       use_syslog: neutron[:neutron][:use_syslog],

diff --git a/chef/cookbooks/neutron/recipes/post_install_conf.rb b/chef/cookbooks/neutron/recipes/post_install_conf.rb
@@ -211,6 +211,25 @@ def mask_to_bits(mask)
   action :nothing
 end
 
+domain_float = node[:neutron][:floating_dns_domain]
+domain_fixed = node[:neutron][:dns_domain]
+
+execute "update_dns_domain_for_fixed_network" do
+  command "#{env} neutron net-update fixed --dns-domain #{domain_fixed}"
+  not_if "#{openstack_cmd} network show fixed -f value -c dns_domain | grep -q #{domain_fixed}"
+  retries 5
+  retry_delay 10
+  action :nothing
+end
+
+execute "update_dns_domain_for_floating_network" do
+  command "#{env} neutron net-update floating --dns-domain #{domain_float}"
+  not_if "#{openstack_cmd} network show floating -f value -c dns_domain | grep -q #{domain_float}"
+  retries 5
+  retry_delay 10
+  action :nothing
+end
+
 execute "Neutron network configuration" do
   command "#{openstack_cmd} network list &>/dev/null"
   retries 5
@@ -226,6 +245,8 @@ def mask_to_bits(mask)
   notifies :run, "execute[set_router_gateway]", :delayed
   notifies :run, "execute[add_fixed_network_to_router]", :delayed
   notifies :run, "execute[add_ironic_network_to_router]", :delayed
+  notifies :run, "execute[update_dns_domain_for_fixed_network]", :delayed
+  notifies :run, "execute[update_dns_domain_for_floating_network]", :delayed
 end
 
 # This is to trigger all the above "execute" resources to run :delayed, so that
@@ -235,4 +256,3 @@ def mask_to_bits(mask)
   command "true"
   notifies :run, "execute[Neutron network configuration]", :delayed
 end
-
diff --git a/chef/cookbooks/neutron/templates/default/neutron.conf.erb b/chef/cookbooks/neutron/templates/default/neutron.conf.erb
@@ -37,17 +37,18 @@ default_log_levels = <%= @default_log_levels.join(", ") %>
 external_dns_driver = designate
 
 [designate]
+auth_type = password
 url = <%= @designate_public_uri %>
-admin_auth_url = <%= @keystone_settings['internal_auth_url'] %>
-admin_tenant_name = <%= @keystone_settings['service_tenant'] %>
-admin_username = <%= @keystone_settings['service_user'] %>
-admin_password = <%= @keystone_settings['service_password'] %>
+username = <%= @keystone_settings['service_user'] %>
+password = <%= @keystone_settings['service_password'] %>
+auth_url = <%= @keystone_settings['internal_auth_url'] %>
 region_name = <%= @keystone_settings['endpoint_region'] %>
-admin_user_domain = <%= @keystone_settings['admin_domain'] %>
-admin_project_domain = <%= @keystone_settings['admin_domain'] %>
+project_domain_name = <%= @keystone_settings['default_user_domain'] %>
+user_domain_name = <%= @keystone_settings['default_user_domain'] %>
+project_name = <%= @keystone_settings['service_tenant'] %>
+allow_reverse_dns_lookup = False
 <% end -%>
 
-
 [agent]
 root_helper = sudo neutron-rootwrap /etc/neutron/rootwrap.conf
 root_helper_daemon = sudo neutron-rootwrap-daemon /etc/neutron/rootwrap.conf
@@ -156,4 +157,4 @@ enabled = true
 trace_sqlalchemy = <%= @profiler_settings[:trace_sqlalchemy] ? "true" : "false" %>
 hmac_keys = <%= @profiler_settings[:hmac_keys].join(",") %>
 connection_string = <%= @profiler_settings[:connection_string] %>
-<% end -%>
+<% end -%>
diff --git a/chef/data_bags/crowbar/migrate/neutron/306_fix_domains_names.rb b/chef/data_bags/crowbar/migrate/neutron/306_fix_domains_names.rb
@@ -0,0 +1,10 @@
+def upgrade(template_attributes, template_deployment, attributes, deployment)
+  ["floating_dns_domain", "dns_domain"].each do |key|
+    attributes[key] = attributes[key] + "." unless attributes[key].end_with? "."
+  end
+  return attributes, deployment
+end
+
+def downgrade(template_attributes, template_deployment, attributes, deployment)
+  return attributes, deployment
+end
diff --git a/chef/data_bags/crowbar/template-neutron.json b/chef/data_bags/crowbar/template-neutron.json
@@ -10,8 +10,8 @@
       "max_header_line": 16384,
       "debug": false,
       "create_default_networks": true,
-      "dns_domain": "openstack.local",
-      "floating_dns_domain": "floating.openstack.local",
+      "dns_domain": "openstack.local.",
+      "floating_dns_domain": "floating.openstack.local.",
       "rpc_workers": 1,
       "use_lbaas": true,
       "lbaasv2_driver": "haproxy",
@@ -192,7 +192,7 @@
     "neutron": {
       "crowbar-revision": 0,
       "crowbar-applied": false,
-      "schema-revision": 305,
+      "schema-revision": 306,
       "element_states": {
         "neutron-server": [ "readying", "ready", "applying" ],
         "neutron-network": [ "readying", "ready", "applying" ],