From 6f847610b5e31cab912de2c83709e68e8d771125 Mon Sep 17 00:00:00 2001
From: Michal Arbet <michal.arbet@ultimum.io>
Date: Wed, 17 Jan 2024 12:02:52 +0100
Subject: [PATCH] Fix neutron DNS integration

This patch basically does a simple thing, on the basis
of a variable neutron_dns_integration it enables/disables
DNS integration.

There is also precheck added which checks whether dns_domain
in neutron.conf has a non-default value if DNS integration is
enabled as this is requirement.

[1] https://docs.openstack.org/neutron/latest/admin/config-dns-int.html
[2] https://docs.openstack.org/neutron/latest/admin/config-dns-int-ext-serv.html#config-dns-int-ext-serv

Closes-Bug: #2049503

Change-Id: I90f0f8dcec6fa0112179f050d96e9d9db5956cf8
---
 ansible/group_vars/all.yml                    |  2 +-
 ansible/roles/neutron/defaults/main.yml       |  9 +++-
 ansible/roles/neutron/tasks/precheck.yml      | 13 ++++++
 .../roles/neutron/templates/neutron.conf.j2   |  6 +--
 .../reference/networking/designate-guide.rst  | 21 +++++++++-
 doc/source/reference/networking/neutron.rst   | 41 +++++++++++++++++++
 ...nate-DNS-integration-5abedb5e09e4fc15.yaml | 24 +++++++++++
 7 files changed, 109 insertions(+), 7 deletions(-)
 create mode 100644 releasenotes/notes/fix-neutron-and-designate-DNS-integration-5abedb5e09e4fc15.yaml

diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml
index 8d95111ec..47bbc20c2 100644
--- a/ansible/group_vars/all.yml
+++ b/ansible/group_vars/all.yml
@@ -1128,7 +1128,7 @@ designate_coordination_backend: "{{ 'redis' if enable_redis | bool else '' }}"
 designate_internal_endpoint: "{{ designate_internal_fqdn | kolla_url(internal_protocol, designate_api_port) }}"
 designate_public_endpoint: "{{ designate_external_fqdn | kolla_url(public_protocol, designate_api_public_port) }}"
 
-designate_enable_notifications_sink: "{{ enable_designate | bool }}"
+designate_enable_notifications_sink: "no"
 designate_notifications_topic_name: "notifications_designate"
 
 #######################
diff --git a/ansible/roles/neutron/defaults/main.yml b/ansible/roles/neutron/defaults/main.yml
index 495e31ec1..b76d77336 100644
--- a/ansible/roles/neutron/defaults/main.yml
+++ b/ansible/roles/neutron/defaults/main.yml
@@ -697,7 +697,7 @@ extension_drivers:
   - name: "port_security"
     enabled: true
   - name: "subnet_dns_publish_fixed_ip"
-    enabled: "{{ enable_designate | bool }}"
+    enabled: "{{ neutron_dns_integration | bool }}"
   - name: "sfc"
     enabled: "{{ enable_neutron_sfc | bool }}"
 
@@ -924,3 +924,10 @@ neutron_tls_proxy_server_timeout: "1m"
 neutron_tls_proxy_check_timeout: "10s"
 # Check http://www.haproxy.org/download/1.5/doc/configuration.txt for available options
 neutron_tls_proxy_defaults_balance: "roundrobin"
+
+####################
+# DNS
+####################
+neutron_dns_integration: "{{ enable_designate | bool }}"
+# When overridden by the user, this value must end with a dot.
+neutron_dns_domain: "openstacklocal"
diff --git a/ansible/roles/neutron/tasks/precheck.yml b/ansible/roles/neutron/tasks/precheck.yml
index 715f4843f..8051a5399 100644
--- a/ansible/roles/neutron/tasks/precheck.yml
+++ b/ansible/roles/neutron/tasks/precheck.yml
@@ -54,4 +54,17 @@
   when:
     - enable_ironic_neutron_agent | bool
 
+- name: Checking if neutron's dns domain has proper value
+  assert:
+    that:
+      - neutron_dns_domain != None
+      - neutron_dns_domain | length != 0
+      - neutron_dns_domain[-1] == '.'
+      - neutron_dns_domain != "openstacklocal"
+    fail_msg: "The neutron_dns_domain value has to be non-empty and must end with a period '.'"
+  changed_when: false
+  run_once: True
+  when:
+    - neutron_dns_integration | bool
+
 - import_tasks: neutron_plugin_agent_check.yml
diff --git a/ansible/roles/neutron/templates/neutron.conf.j2 b/ansible/roles/neutron/templates/neutron.conf.j2
index 29c559339..7bb9b2336 100644
--- a/ansible/roles/neutron/templates/neutron.conf.j2
+++ b/ansible/roles/neutron/templates/neutron.conf.j2
@@ -61,10 +61,8 @@ transport_url = {{ rpc_transport_url }}
 router_distributed = True
 {% endif %}
 
-{% if enable_designate | bool %}
-{% if designate_ns_record is string %}
-dns_domain = {{ designate_ns_record }}.
-{% endif %}
+dns_domain = {{ neutron_dns_domain }}
+{% if enable_designate | bool and neutron_dns_integration | bool %}
 external_dns_driver = designate
 {% if neutron_plugin_agent == 'vmware_nsxv' %}
 nsx_extension_drivers = vmware_nsxv_dns
diff --git a/doc/source/reference/networking/designate-guide.rst b/doc/source/reference/networking/designate-guide.rst
index 8a21a04de..b59b5fcfe 100644
--- a/doc/source/reference/networking/designate-guide.rst
+++ b/doc/source/reference/networking/designate-guide.rst
@@ -24,13 +24,23 @@ Enable Designate service in ``/etc/kolla/globals.yml``
 .. code-block:: yaml
 
    enable_designate: "yes"
+   neutron_dns_domain: "example.org."
+
+.. important::
+   The ``neutron_dns_domain`` value has to be different to ``openstacklocal``
+   (its default value) and has to end with a period ``.``.
+
+.. important::
+   ``DNS Integration`` is enabled by default and can be disabled by
+   adding ``neutron_dns_integration: no`` to ``/etc/kolla/globals.yml``
+   and reconfiguring with ``--tags`` neutron.
 
 Configure Designate options in ``/etc/kolla/globals.yml``
 
 .. important::
 
    Designate MDNS node requires the ``dns_interface`` to be reachable from
-   public network.
+   management network.
 
 .. code-block:: yaml
 
@@ -91,6 +101,15 @@ For more information about how the Infoblox backend works, see
 Neutron and Nova Integration
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
+The ``designate-sink`` is an optional service which listens for event
+notifications, such as compute.instance.create.end, handlers are
+available for Nova and Neutron. Notification events can then be used
+to trigger record creation & deletion.
+
+.. note::
+   Service ``designate-sink`` in kolla deployments is disabled by default
+   and can be enabled by ``designate_enable_notifications_sink: yes``.
+
 Create default Designate Zone for Neutron:
 
 .. code-block:: console
diff --git a/doc/source/reference/networking/neutron.rst b/doc/source/reference/networking/neutron.rst
index 3c6b4d119..57b50efcb 100644
--- a/doc/source/reference/networking/neutron.rst
+++ b/doc/source/reference/networking/neutron.rst
@@ -87,6 +87,47 @@ created and configured by Ansible (this is also necessary when
 ``neutron_external_interface`` is configured correctly for hosts in the
 ``compute`` group.
 
+Internal DNS resolution
+~~~~~~~~~~~~~~~~~~~~~~~
+
+The Networking service enables users to control the name assigned
+to ports using two attributes associated with ports, networks, and
+floating IPs. The following table shows the attributes available for each
+one of these resources:
+
+.. list-table::
+   :header-rows: 1
+   :widths: 30 30 30
+
+   * - Resource
+     - dns_name
+     - dns_domain
+   * - Ports
+     - Yes
+     - Yes
+   * - Networks
+     - No
+     - Yes
+   * - Floating IPs
+     - Yes
+     - Yes
+
+To enable this functionality, you need to set the following in
+``/etc/kolla/globals.yml``:
+
+.. code-block:: yaml
+
+   neutron_dns_integration: "yes"
+   neutron_dns_domain: "example.org."
+
+.. important::
+   The ``neutron_dns_domain`` value has to be different to ``openstacklocal``
+   (its default value) and has to end with a period ``.``.
+
+.. note::
+   The integration of the Networking service with an external DNSaaS (DNS-as-a-Service)
+   is described in :ref:`designate-guide`.
+
 OpenvSwitch (ml2/ovs)
 ~~~~~~~~~~~~~~~~~~~~~
 
diff --git a/releasenotes/notes/fix-neutron-and-designate-DNS-integration-5abedb5e09e4fc15.yaml b/releasenotes/notes/fix-neutron-and-designate-DNS-integration-5abedb5e09e4fc15.yaml
new file mode 100644
index 000000000..559a47963
--- /dev/null
+++ b/releasenotes/notes/fix-neutron-and-designate-DNS-integration-5abedb5e09e4fc15.yaml
@@ -0,0 +1,24 @@
+---
+upgrade:
+  - |
+    Changes configuration variable ``designate_enable_notifications_sink``
+    to ``no`` which configures notifications for designate in neutron, nova
+    and control deployment of ``designate-sink`` which is now optional.
+
+    Operators that want to keep the previous behavior should set this to
+    ``true``.
+features:
+  - |
+    Adds new variables to be used by the neutron role,
+    ``neutron_dns_integration`` and ``neutron_dns_domain``.
+    They allow to enable/disable internal/external DNS integrations,
+    or their combinations.
+fixes:
+  - |
+    Fixes configuration of DNS integrations. See `LP##2049503
+    <https://bugs.launchpad.net/kolla-ansible/+bug/2049503>`__,
+    `DNS Integration
+    <https://docs.openstack.org/neutron/latest/admin/config-dns-int.html>`__
+    and the `DNS Integration with an External Service
+    <https://docs.openstack.org/neutron/latest/admin/config-dns-int-ext-serv.html#config-dns-int-ext-serv>`__
+    for details.
-- 
GitLab