[WIP] Allow different public and private DNS hostnames

playbooks/provisioning/openstack/advanced-configuration.md

@@ -182,15 +182,25 @@ So the provisioned cluster nodes will start using those natively as
 default nameservers. Technically, this allows to deploy OpenShift clusters
 without dnsmasq proxies.
 
-The `env_id` and `public_dns_domain` will form the cluster's DNS domain all
-your servers will be under. With the default values, this will be
-`openshift.example.com`. For workloads, the default subdomain is 'apps'.
-That sudomain can be set as well by the `openshift_app_domain` variable in
-the inventory.
+The `openshift_openstack_clusterid` and `openshift_openstack_public_dns_domain`
+will form the cluster's DNS domain all your servers will be under. With the
+default values, this will be `openshift.example.com`. For workloads, the default
+subdomain is 'apps'. That sudomain can be set as well by the
+`openshift_app_domain` variable in the inventory.
+
+If you want to use different public and private DNS records for your servers,
+specify `openshift_openstack_public_hostname_suffix` and/or
+`openshift_openstack_private_hostname_suffix`. These suffixes default to the
+`openshift_openstack_clusterid` subdomain. Or you may want to specify another
+private domain with `openshift_openstack_private_dns_domain`. Note that
+the servers' hostnames will not be updated. The deployment may be done on the
+arbitrary named hosts.
 
 The `openstack_<role name>_hostname` is a set of variables used for customising
-hostnames of servers with a given role. When such a variable stays commented,
-default hostname (usually the role name) is used.
+names of servers (not hostnames) with a given role. When such a variable stays
+commented, default name (usually the role name) is used for a Nova server name
+and associated with it Heat resources and ansible inventory variables, like
+`openshift_(public)_hostname`.
 
 The `public_dns_nameservers` is a list of DNS servers accessible from all
 the created Nova servers. These will be serving as your DNS forwarders for

playbooks/provisioning/openstack/post-provision-openstack.yml

@@ -21,13 +21,6 @@
 - name: OpenShift Pre-Requisites (part 1)
   include: pre-install.yml
 
-- name: Assign hostnames
-  hosts: cluster_hosts
-  gather_facts: False
-  become: true
-  roles:
-    - role: hostnames
-
 - name: Subscribe DNS Host to allow for configuration below
   hosts: dns
   gather_facts: False

playbooks/provisioning/openstack/pre_tasks.yml

@@ -12,12 +12,20 @@
 
 - name: Setting Common Facts
   set_fact:
-    env_id: "{{ env_id | default(default_env_id) }}"
+    openshift_openstack_clusterid: "{{ openshift_openstack_clusterid | default(default_env_id) }}"
+    openshift_openstack_public_dns_domain: "{{ public_dns_domain }}"
   delegate_to: localhost
 
-- name: Updating DNS domain to include env_id (if not empty)
+- name: Setting DNS hostnames suffixes
   set_fact:
-    full_dns_domain: "{{ (env_id|trim == '') | ternary(public_dns_domain, env_id + '.' + public_dns_domain) }}"
+    openshift_openstack_public_hostname_suffix: "{{ openshift_openstack_public_hostname_suffix|default(openshift_openstack_clusterid) }}"
+    openshift_openstack_private_hostname_suffix: "{{ openshift_openstack_private_hostname_suffix|default(openshift_openstack_clusterid) }}"
+  delegate_to: localhost
+
+- name: Updating DNS domain to include cluster id (if not empty)
+  set_fact:
+    openshift_openstack_full_public_dns_domain: "{{ (openshift_openstack_public_hostname_suffix|trim == '') | ternary(openshift_openstack_public_dns_domain, openshift_openstack_public_hostname_suffix + '.' + openshift_openstack_public_dns_domain) }}"
+    openshift_openstack_full_private_dns_domain: "{{ (openshift_openstack_private_hostname_suffix|trim == '') | ternary(openshift_openstack_private_dns_domain, openshift_openstack_private_hostname_suffix + '.' + openshift_openstack_private_dns_domain) }}"
   delegate_to: localhost
 
 - name: Set the APP domain for OpenShift use
@@ -27,7 +35,7 @@
 
 - name: Set the default app domain for routing purposes
   set_fact:
-    openshift_master_default_subdomain: "{{ openshift_app_domain }}.{{ full_dns_domain }}"
+    openshift_master_default_subdomain: "{{ openshift_app_domain }}.{{ openshift_openstack_full_public_dns_domain }}"
   delegate_to: localhost
   when:
   - openshift_master_default_subdomain is undefined

playbooks/provisioning/openstack/sample-inventory/group_vars/OSEv3.yml

@@ -2,11 +2,11 @@
 openshift_deployment_type: origin
 #openshift_deployment_type: openshift-enterprise
 #openshift_release: v3.5
-openshift_master_default_subdomain: "apps.{{ env_id }}.{{ public_dns_domain }}"
+openshift_master_default_subdomain: "apps.{{ openshift_openstack_full_public_dns_domain }}"
 
 openshift_master_cluster_method: native
-openshift_master_cluster_public_hostname: "console.{{ env_id }}.{{ public_dns_domain }}"
-openshift_master_cluster_hostname: "{{ openshift_master_cluster_public_hostname }}"
+openshift_master_cluster_public_hostname: "console.{{ openshift_openstack_full_public_dns_domain }}"
+openshift_master_cluster_hostname: "console.{{ openshift_openstack_full_private_dns_domain }}"
 
 osm_default_node_selector: 'region=primary'
 

playbooks/provisioning/openstack/sample-inventory/group_vars/all.yml

@@ -3,6 +3,20 @@ env_id: "openshift"
 public_dns_domain: "example.com"
 public_dns_nameservers: []
 
+# FIXME(bogdando) transitioning variable names for compatibility with
+# https://github.com/openshift/openshift-ansible/pull/6039 namespaces
+# remove it once resubmitted by the new location in openshift-ansible
+openshift_openstack_clusterid: "{{ env_id }}"
+openshift_openstack_public_dns_domain: "{{ public_dns_domain }}"
+
+# Allows to override the suffix provided in openshift_openstack_clusterid
+# and the private DNS domain.
+openshift_openstack_public_hostname_suffix: "{{ openshift_openstack_clusterid }}"
+openshift_openstack_private_hostname_suffix: "{{ openshift_openstack_clusterid }}"
+openshift_openstack_private_dns_domain: "{{ openshift_openstack_public_dns_domain }}"
+openshift_openstack_full_public_dns_domain: "{{ (openshift_openstack_public_hostname_suffix|trim == '') | ternary(openshift_openstack_public_dns_domain, openshift_openstack_public_hostname_suffix + '.' + openshift_openstack_public_dns_domain) }}"
+openshift_openstack_full_private_dns_domain: "{{ (openshift_openstack_private_hostname_suffix|trim == '') | ternary(openshift_openstack_private_dns_domain, openshift_openstack_private_hostname_suffix + '.' + openshift_openstack_private_dns_domain) }}"
+
 # Used Hostnames
 # - set custom hostnames for roles by uncommenting corresponding lines
 #openstack_master_hostname: "master"
@@ -149,7 +163,7 @@ ansible_user: openshift
 # The Nova keypair's private SSH key to access inventory nodes.
 #openstack_private_ssh_key: ~/.ssh/id_rsa
 # The path for the SSH config to access all nodes
-#openstack_ssh_config_path: /tmp/ssh.config.openshift.ansible.{{ env_id }}.{{ public_dns_domain }}
+#openstack_ssh_config_path: /tmp/ssh.config.openshift.ansible.{{ openshift_openstack_full_public_dns_domain }}
 
 # If you want to use the VM storage instead of Cinder volumes, set this to `true`.
 # NOTE: this is for testing only! Your data will be gone once the VM disappears!

playbooks/provisioning/openstack/sample-inventory/inventory.py

@@ -72,12 +72,18 @@
             'ansible_host': ssh_ip_address
         }
 
+        vars['openshift_public_hostname'] = server.name
+        if 'private_fqdn' in server.metadata:
+            vars['openshift_hostname'] = server.metadata.private_fqdn
+
         public_v4 = server.public_v4 or server.private_v4
         if public_v4:
-            vars['public_v4'] = public_v4
+            vars['public_v4'] = server.public_v4
+            vars['openshift_public_ip'] = server.public_v4
         # TODO(shadower): what about multiple networks?
         if server.private_v4:
             vars['private_v4'] = server.private_v4
+            vars['openshift_ip'] = server.private_v4
 
         node_labels = server.metadata.get('node_labels')
         if node_labels:

roles/dns-records/tasks/main.yml

@@ -11,14 +11,14 @@
 
 - name: "Add public master cluster hostname records to the private A records (single master)"
   set_fact:
-    private_records: "{{ private_records | default([]) + [ { 'type': 'A', 'hostname': (hostvars[groups.masters[0]].openshift_master_cluster_public_hostname | replace(full_dns_domain, ''))[:-1], 'ip': hostvars[groups.masters[0]].private_v4 } ] }}"
+    private_records: "{{ private_records | default([]) + [ { 'type': 'A', 'hostname': (hostvars[groups.masters[0]].openshift_master_cluster_public_hostname | replace(openshift_openstack_full_public_dns_domain, ''))[:-1], 'ip': hostvars[groups.masters[0]].private_v4 } ] }}"
   when:
     - hostvars[groups.masters[0]].openshift_master_cluster_public_hostname is defined
     - openstack_num_masters == 1
 
 - name: "Add public master cluster hostname records to the private A records (multi-master)"
   set_fact:
-    private_records: "{{ private_records | default([]) + [ { 'type': 'A', 'hostname': (hostvars[groups.masters[0]].openshift_master_cluster_public_hostname | replace(full_dns_domain, ''))[:-1], 'ip': hostvars[groups.lb[0]].private_v4 } ] }}"
+    private_records: "{{ private_records | default([]) + [ { 'type': 'A', 'hostname': (hostvars[groups.masters[0]].openshift_master_cluster_public_hostname | replace(openshift_openstack_full_public_dns_domain, ''))[:-1], 'ip': hostvars[groups.lb[0]].private_v4 } ] }}"
   when:
     - hostvars[groups.masters[0]].openshift_master_cluster_public_hostname is defined
     - openstack_num_masters > 1
@@ -28,30 +28,49 @@
     nsupdate_server_private: "{{ external_nsupdate_keys['private']['server'] }}"
     nsupdate_key_secret_private: "{{ external_nsupdate_keys['private']['key_secret'] }}"
     nsupdate_key_algorithm_private: "{{ external_nsupdate_keys['private']['key_algorithm'] }}"
-    nsupdate_private_key_name: "{{ external_nsupdate_keys['private']['key_name']|default('private-' + full_dns_domain) }}"
+    nsupdate_private_key_name: "{{ external_nsupdate_keys['private']['key_name']|default('private-' + openshift_openstack_full_private_dns_domain) }}"
   when:
     - external_nsupdate_keys is defined
     - external_nsupdate_keys['private'] is defined
 
 - name: "Set the private DNS server to use the provisioned value"
   set_fact:
     nsupdate_server_private: "{{ hostvars[groups['dns'][0]].public_v4 }}"
-    nsupdate_key_secret_private: "{{ hostvars[groups['dns'][0]].nsupdate_keys['private-' + full_dns_domain].key_secret }}"
-    nsupdate_key_algorithm_private: "{{ hostvars[groups['dns'][0]].nsupdate_keys['private-' + full_dns_domain].key_algorithm }}"
+    nsupdate_key_secret_private: "{{ hostvars[groups['dns'][0]].nsupdate_keys['private-' + openshift_openstack_full_private_dns_domain].key_secret }}"
+    nsupdate_key_algorithm_private: "{{ hostvars[groups['dns'][0]].nsupdate_keys['private-' + openshift_openstack_full_private_dns_domain].key_algorithm }}"
   when:
     - nsupdate_server_private is undefined
 
+- name: "Set the private DNS server to use the provisioned value for multiple hostnames"
+  set_fact:
+    nsupdate_key_secret_private_public: "{{ hostvars[groups['dns'][0]].nsupdate_keys['private-' + openshift_openstack_full_public_dns_domain].key_secret }}"
+  when:
+    - openshift_openstack_full_public_dns_domain != openshift_openstack_full_private_dns_domain
+
 - name: "Generate the private Add section for DNS"
   set_fact:
     private_named_records:
       - view: "private"
-        zone: "{{ full_dns_domain }}"
+        zone: "{{ openshift_openstack_full_private_dns_domain }}"
         server: "{{ nsupdate_server_private }}"
-        key_name: "{{ nsupdate_private_key_name|default('private-' + full_dns_domain) }}"
+        key_name: "{{ nsupdate_private_key_name|default('private-' + openshift_openstack_full_private_dns_domain) }}"
         key_secret: "{{ nsupdate_key_secret_private }}"
         key_algorithm: "{{ nsupdate_key_algorithm_private | lower }}"
         entries: "{{ private_records }}"
 
+- name: "Generate the private for public Add section for DNS"
+  set_fact:
+    private_named_records:
+      - view: "private"
+        zone: "{{ openshift_openstack_full_public_dns_domain }}"
+        server: "{{ nsupdate_server_private }}"
+        key_name: "{{ 'private-' + openshift_openstack_full_public_dns_domain }}"
+        key_secret: "{{ nsupdate_key_secret_private_public }}"
+        key_algorithm: "{{ nsupdate_key_algorithm_private | lower }}"
+        entries: "{{ private_records }}"
+  when:
+    - openshift_openstack_full_public_dns_domain != openshift_openstack_full_private_dns_domain
+
 - name: "Generate list of public A records"
   set_fact:
     public_records: "{{ public_records | default([]) + [ { 'type': 'A', 'hostname': hostvars[item]['ansible_hostname'], 'ip': hostvars[item]['public_v4'] } ] }}"
@@ -66,23 +85,23 @@
 
 - name: "Add public master cluster hostname records to the public A records (single master)"
   set_fact:
-    public_records: "{{ public_records | default([]) + [ { 'type': 'A', 'hostname': (hostvars[groups.masters[0]].openshift_master_cluster_public_hostname | replace(full_dns_domain, ''))[:-1], 'ip': hostvars[groups.masters[0]].public_v4 } ] }}"
+    public_records: "{{ public_records | default([]) + [ { 'type': 'A', 'hostname': (hostvars[groups.masters[0]].openshift_master_cluster_public_hostname | replace(openshift_openstack_full_public_dns_domain, ''))[:-1], 'ip': hostvars[groups.masters[0]].public_v4 } ] }}"
   when:
     - hostvars[groups.masters[0]].openshift_master_cluster_public_hostname is defined
     - openstack_num_masters == 1
     - not use_bastion|bool
 
 - name: "Add public master cluster hostname records to the public A records (single master behind a bastion)"
   set_fact:
-    public_records: "{{ public_records | default([]) + [ { 'type': 'A', 'hostname': (hostvars[groups.masters[0]].openshift_master_cluster_public_hostname | replace(full_dns_domain, ''))[:-1], 'ip': hostvars[groups.bastions[0]].public_v4 } ] }}"
+    public_records: "{{ public_records | default([]) + [ { 'type': 'A', 'hostname': (hostvars[groups.masters[0]].openshift_master_cluster_public_hostname | replace(openshift_openstack_full_public_dns_domain, ''))[:-1], 'ip': hostvars[groups.bastions[0]].public_v4 } ] }}"
   when:
     - hostvars[groups.masters[0]].openshift_master_cluster_public_hostname is defined
     - openstack_num_masters == 1
     - use_bastion|bool
 
 - name: "Add public master cluster hostname records to the public A records (multi-master)"
   set_fact:
-    public_records: "{{ public_records | default([]) + [ { 'type': 'A', 'hostname': (hostvars[groups.masters[0]].openshift_master_cluster_public_hostname | replace(full_dns_domain, ''))[:-1], 'ip': hostvars[groups.lb[0]].public_v4 } ] }}"
+    public_records: "{{ public_records | default([]) + [ { 'type': 'A', 'hostname': (hostvars[groups.masters[0]].openshift_master_cluster_public_hostname | replace(openshift_openstack_full_public_dns_domain, ''))[:-1], 'ip': hostvars[groups.lb[0]].public_v4 } ] }}"
   when:
     - hostvars[groups.masters[0]].openshift_master_cluster_public_hostname is defined
     - openstack_num_masters > 1
@@ -92,26 +111,26 @@
     nsupdate_server_public: "{{ external_nsupdate_keys['public']['server'] }}"
     nsupdate_key_secret_public: "{{ external_nsupdate_keys['public']['key_secret'] }}"
     nsupdate_key_algorithm_public: "{{ external_nsupdate_keys['public']['key_algorithm'] }}"
-    nsupdate_public_key_name: "{{ external_nsupdate_keys['public']['key_name']|default('public-' + full_dns_domain) }}"
+    nsupdate_public_key_name: "{{ external_nsupdate_keys['public']['key_name']|default('public-' + openshift_openstack_full_public_dns_domain) }}"
   when:
     - external_nsupdate_keys is defined
     - external_nsupdate_keys['public'] is defined
 
 - name: "Set the public DNS server details to use the provisioned value"
   set_fact:
     nsupdate_server_public: "{{ hostvars[groups['dns'][0]].public_v4 }}"
-    nsupdate_key_secret_public: "{{ hostvars[groups['dns'][0]].nsupdate_keys['public-' + full_dns_domain].key_secret }}"
-    nsupdate_key_algorithm_public: "{{ hostvars[groups['dns'][0]].nsupdate_keys['public-' + full_dns_domain].key_algorithm }}"
+    nsupdate_key_secret_public: "{{ hostvars[groups['dns'][0]].nsupdate_keys['public-' + openshift_openstack_full_public_dns_domain].key_secret }}"
+    nsupdate_key_algorithm_public: "{{ hostvars[groups['dns'][0]].nsupdate_keys['public-' + openshift_openstack_full_public_dns_domain].key_algorithm }}"
   when:
     - nsupdate_server_public is undefined
 
 - name: "Generate the public Add section for DNS"
   set_fact:
     public_named_records:
       - view: "public"
-        zone: "{{ full_dns_domain }}"
+        zone: "{{ openshift_openstack_full_public_dns_domain }}"
         server: "{{ nsupdate_server_public }}"
-        key_name: "{{ nsupdate_public_key_name|default('public-' + full_dns_domain) }}"
+        key_name: "{{ nsupdate_public_key_name|default('public-' + openshift_openstack_full_public_dns_domain) }}"
         key_secret: "{{ nsupdate_key_secret_public }}"
         key_algorithm: "{{ nsupdate_key_algorithm_public | lower }}"
         entries: "{{ public_records }}"

roles/dns-views/tasks/main.yml

@@ -4,24 +4,40 @@
     acl_list: "{{ acl_list | default([]) + [ (hostvars[item]['private_v4'] + '/32') ] }}"
   with_items: "{{ groups['cluster_hosts'] }}"
 
+- name: "Generate the private view for multiple hostnames"
+  set_fact:
+    private_named_view:
+      - name: "private"
+        recursion: "{{ named_private_recursion }}"
+        acl_entry: "{{ acl_list }}"
+        zone:
+          - dns_domain: "{{ openshift_openstack_full_private_dns_domain }}"
+          - dns_domain: "{{ openshift_openstack_full_public_dns_domain }}"
+        forwarder: "{{ public_dns_nameservers }}"
+  when:
+    - external_nsupdate_keys['private'] is undefined
+    - openshift_openstack_full_private_dns_domain != openshift_openstack_full_public_dns_domain
+
 - name: "Generate the private view"
   set_fact:
     private_named_view:
       - name: "private"
         recursion: "{{ named_private_recursion }}"
         acl_entry: "{{ acl_list }}"
         zone:
-          - dns_domain: "{{ full_dns_domain }}"
+          - dns_domain: "{{ openshift_openstack_full_private_dns_domain }}"
         forwarder: "{{ public_dns_nameservers }}"
-  when: external_nsupdate_keys['private'] is undefined
+  when:
+    - external_nsupdate_keys['private'] is undefined
+    - openshift_openstack_full_private_dns_domain == openshift_openstack_full_public_dns_domain
 
 - name: "Generate the public view"
   set_fact:
     public_named_view:
       - name: "public"
         recursion: "{{ named_public_recursion }}"
         zone:
-          - dns_domain: "{{ full_dns_domain }}"
+          - dns_domain: "{{ openshift_openstack_full_public_dns_domain }}"
         forwarder: "{{ public_dns_nameservers }}"
   when: external_nsupdate_keys['public'] is undefined