A automated Designate DNSaaS setup for Red Hat OpenStack

#!/bin/bash

set -e

#### RUN IN YOUR DNS SERVER. CAN ALSO BE CO-LOCATED IN YOUR CONTROLLER NODE.
yum install -y bind bind-utils

#### CONFIG DNS
setenforce 0
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config

sed -i -e "s/listen-on port.*/listen-on port 53 { any; };/" /etc/named.conf
sed -i '/^options.*/i include "/etc/rndc.key"; controls {         inet * allow { any; } keys { "rndc-key"; }; };' /etc/named.conf
sed -i '/allow-query.*/d' /etc/named.conf
sed -i '/^options.*/a         allow-new-zones yes;         allow-query { any; };' /etc/named.conf

rndc-confgen -a

chmod g+w /var/named

systemctl enable named
systemctl start named

#### RUN IN YOUR CONTROLLER
yum install -y openstack-designate-api openstack-designate-central openstack-designate-sink openstack-designate-pool-manager openstack-designate-mdns openstack-designate-common python-designate python-designateclient openstack-designate-agent openstack-utils

#### SETUP VARIABLES
source ~/keystonerc_admin

CONTROLLER_IP_ADDRESS=`ip -f inet ad show dev br-ex | grep -Po 'inet \K[\d.]+'`

ZONE_NAME=openstack.rf01.co
INTERNAL_NET_NAME=interna
INSTANCES_PROJECT_NAME=admin
SERVICES_PROJECT_NAME=services
DESIGNATE_PASSWORD=Corinthians
EXTERNAL_DNS_SERVER_IP=$CONTROLLER_IP_ADDRESS
EXTERNAL_DNS_SERVER_FQDN=`hostname`
DESIGNATE_VIP_IP=$CONTROLLER_IP_ADDRESS
RABBIT_SERVER_IP=$CONTROLLER_IP_ADDRESS
REDIS_SERVER_IP=$CONTROLLER_IP_ADDRESS
MYSQL_SERVER_IP=$CONTROLLER_IP_ADDRESS
KEYSTONE_SERVER_IP=$CONTROLLER_IP_ADDRESS
DESIGNATE_SERVER_1=$CONTROLLER_IP_ADDRESS

SERVICES_TENANT_ID=`openstack project show $SERVICES_PROJECT_NAME -f value -c id`
INSTANCES_TENANT_ID=`openstack project show $INSTANCES_PROJECT_NAME -f value -c id`
DEFAULT_NAMESERVER_ID=$(uuidgen)
DEFAULT_TARGET_ID=$(uuidgen)
INTERNAL_NET_ID=`openstack network show $INTERNAL_NET_NAME -f value -c id`


#### PREPARE DATABASE
mysql -u root << EOF
CREATE DATABASE designate;
GRANT ALL ON designate.* TO 'designate'@'%' IDENTIFIED BY '$DESIGNATE_PASSWORD';
GRANT ALL ON designate.* TO 'designate'@'localhost' IDENTIFIED BY '$DESIGNATE_PASSWORD';
CREATE DATABASE designate_pool_manager;
GRANT ALL ON designate_pool_manager.* TO 'designate'@'%' IDENTIFIED BY '$DESIGNATE_PASSWORD';
GRANT ALL ON designate_pool_manager.* TO 'designate'@'localhost' IDENTIFIED BY '$DESIGNATE_PASSWORD';
FLUSH PRIVILEGES;
quit
EOF

# CREATE SERVICES ENDPOINTS
openstack user create designate --password $DESIGNATE_PASSWORD --email designate@localhost
openstack role add --project $SERVICES_TENANT_ID --user designate admin
openstack service create dns --name designate --description "Designate DNS Service"
openstack endpoint create --region RegionOne --publicurl http://$DESIGNATE_VIP_IP:9001 --internalurl http://$DESIGNATE_VIP_IP:9001 --adminurl http://$DESIGNATE_VIP_IP:9001 designate

## DESIGNATE BASE CONFIGURATION
crudini --set /etc/designate/designate.conf keystone_authtoken auth_uri http://$KEYSTONE_SERVER_IP:5000/v2.0
crudini --set /etc/designate/designate.conf keystone_authtoken identity_uri http://$KEYSTONE_SERVER_IP:35357/
crudini --set /etc/designate/designate.conf keystone_authtoken admin_tenant_name $SERVICES_PROJECT_NAME
crudini --set /etc/designate/designate.conf keystone_authtoken project_name $SERVICES_PROJECT_NAME
crudini --set /etc/designate/designate.conf keystone_authtoken admin_user designate
crudini --set /etc/designate/designate.conf keystone_authtoken admin_password $DESIGNATE_PASSWORD

crudini --set /etc/designate/designate.conf service:api enabled_extensions_v1 "diagnostics, quotas, reports, sync, touch"
crudini --set /etc/designate/designate.conf service:api enabled_extensions_v2 "quotas, reports"

crudini --set /etc/designate/designate.conf service:central managed_resource_tenant_id $INSTANCES_TENANT_ID

crudini --set /etc/designate/designate.conf storage:sqlalchemy connection mysql+pymysql://designate:$DESIGNATE_PASSWORD@$MYSQL_SERVER_IP/designate

crudini --set /etc/designate/designate.conf pool_manager_cache:sqlalchemy connection mysql+pymysql://designate:$DESIGNATE_PASSWORD@$MYSQL_SERVER_IP/designate_pool_manager

crudini --set /etc/designate/designate.conf oslo_messaging_rabbit rabbit_hosts $RABBIT_SERVER_IP:5672

## POPULATE DESIGNATE DATABASE
su -s /bin/sh -c "designate-manage database sync" designate
su -s /bin/sh -c "designate-manage pool-manager-cache sync" designate

## PRELIMINARY SERVICE START
systemctl enable designate-central designate-api
systemctl start designate-central designate-api

## YML FILE WITH POOL CONFIG
cat << EOF > /etc/designate/pools.yaml
- name: default
  description: Default BIND9 Pool

  attributes:
    external: true
  ns_records:
    - hostname: $EXTERNAL_DNS_SERVER_FQDN.
      priority: 1
  nameservers:
    - host: $EXTERNAL_DNS_SERVER_IP
      port: 53

  targets:
    - type: bind9
      description: BIND9 Server 1
      masters:
        - host: $DESIGNATE_SERVER_1
          port: 5354
# ---        - host: $DESIGNATE_SERVER_2
# ---          port: 5354
# ---        - host: $DESIGNATE_SERVER_3
# ---          port: 5354
      options:
        host: $EXTERNAL_DNS_SERVER_IP
        port: 53
        rndc_host: $EXTERNAL_DNS_SERVER_IP
        rndc_port: 953
        rndc_key_file: /etc/designate/rndc.key
EOF

cp -f /etc/rndc.key /etc/designate/rndc.key
chown designate:designate /etc/designate/rndc.key

### LOAD THE ABOVE YML INTO DESIGNATE RUNTIME
su -s /bin/sh -c "designate-manage pool update" designate

### ACTIVATE AND START SERVICE
systemctl enable designate-pool-manager designate-mdns designate-sink
systemctl start designate-pool-manager designate-mdns designate-sink

# CREATE THE ZONE THAT WILL BE USED BY NEUTRON
ZONE_ID=`openstack zone create --email admin@$ZONE_NAME $ZONE_NAME. -f value -c id`
crudini --set /etc/designate/designate.conf handler:nova_fixed domain_id $ZONE_ID
crudini --set /etc/designate/designate.conf handler:neutron_floatingip domain_id $ZONE_ID

### RESTART THE SERVICES TO LOAD THE ABOVE CHANGED CONFIG
systemctl restart designate-api designate-central designate-mdns designate-pool-manager designate-sink

#### SETUP NEUTRON SERVICES
crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 extension_drivers port_security,dns

crudini --set /etc/neutron/neutron.conf DEFAULT dns_domain $ZONE_NAME.
crudini --set /etc/neutron/neutron.conf DEFAULT external_dns_driver designate

crudini --set /etc/neutron/dhcp_agent.ini DEFAULT dnsmasq_dns_servers $EXTERNAL_DNS_SERVER_IP

crudini --set /etc/neutron/neutron.conf designate url http://$DESIGNATE_VIP_IP:9001/v2
crudini --set /etc/neutron/neutron.conf designate admin_auth_url http://$DESIGNATE_VIP_IP:35357/v2.0
crudini --set /etc/neutron/neutron.conf designate admin_username designate
crudini --set /etc/neutron/neutron.conf designate admin_password $DESIGNATE_PASSWORD
crudini --set /etc/neutron/neutron.conf designate admin_tenant_name $SERVICES_PROJECT_NAME
crudini --set /etc/neutron/neutron.conf designate allow_reverse_dns_lookup True
crudini --set /etc/neutron/neutron.conf designate ipv4_ptr_zone_prefix_size 24
crudini --set /etc/neutron/neutron.conf designate ipv6_ptr_zone_prefix_size 116
crudini --set /etc/neutron/neutron.conf designate insecure true

openstack-service restart neutron
openstack-service restart nova

neutron net-update $INTERNAL_NET_ID  --dns_domain $ZONE_NAME.