Operators Deep Dive
Graham Hayes / HP
Ron Rickard / eBay Inc.
Graham Hayes - HP Cloud
Ron Rickard
Sr. Cloud Engineer, eBay Inc.
rrickard@ebaysf.com
irc.freenode.net: rjrjr
Agenda
Designate Overview
Designate REST API
Designate and Neutron
Designate Central
Designate Sink
Designate Overview
Designate Overview
● Designate is the DNS as-a-service component in OpenStack.
● Designate consists of: REST API, Central,...
Designate Architecture
Database
DNS
Server
Backend
Central
API AMQP
Keystone
User
Designate REST API
Designate REST API
● Version 1 allows management of:
○ Servers
○ Domains
○ Records
● Experimental Version 2 adds:
○ Zone i...
Designate Client
● Provides a command-line interface (CLI) like Keystone and Nova CLIs.
● Functionality is a subset of ent...
Zone Import/Export
GET/POST - /v2/zones/<id> - Content-Type text/dns
● Use the API to:
○ import zones in zonefile format
○...
Top-Level Domains (TLDs)
GET/POST/PATCH - /v2/tlds/<id>
● Use the API to managed TLDs
● By default no TLDs exist and any d...
Zone Blacklists
GET/POST/PATCH - /v2/blacklists/<id>
● Use the API to manage blacklists
● Blacklist are regular expression...
Designate and Neutron
Floating IP Reverse DNS
Floating IP Pointers
GET/PATCH - /v2/reverse/floatingips/<id>
● Manage reverse DNS (PTR records) for Neutron Floating IPs
...
Designate Central
Designate Central
● Contains the core code for Designate.
● Uses pluggable storage driver for persisting data:
○ SQLAlchem...
Backend Drivers
● Currently, backend drivers need to implement functions for:
○ Create, update, delete TSIG keys
○ Create,...
Backends - MiniDNS
Database Central MiniDNS
Customer Facing
DNS Server
Backend /
Manager
API
Designate Sink
Automatic Record Creation
Designate Sink
● Designate Sink consumes events from Nova, Neutron, and other services and
turns those events into DNS ope...
Events
compute.instance.create.start/.error/. end
compute.instance.delete.start/.end
compute.instance.update
compute.insta...
Payload
{"state_description": "", "availability_zone": null, "terminated_at": "",
"ephemeral_gb": 0, "instance_type_id": 2...
Notification Handler Code
class NotificationHandler(ExtensionPlugin):
…
@abc.abstractmethod
def get_exchange_topics(self):...
Notification Handler Code (continued)
@abc.abstractmethod
def get_event_types(self):
"""
Returns a list of event types thi...
Designate Sink at eBay Inc.
Evolving custom notification handler:
○ Initial design:
■ Granular with a single forward and r...
Designate Sink at eBay Inc. (continued)
○ Final design (continued):
■ Nova instance metadata:
● zone - forward zone for A ...
def process_notification(self, context, event_type, payload):
domain_id = self.central_api.find_option(context, “default_d...
Workshop
B314 @ 13:30
Make sure you have installed:
VirtualBox (4.x)
Vagrant (Latest)
Designate - Operators Deep Dive
Designate - Operators Deep Dive
Designate - Operators Deep Dive
Designate - Operators Deep Dive
Upcoming SlideShare
Loading in...5
×

Designate - Operators Deep Dive

512

Published on

A talk I gave with Ron Rickard from eBay Inc. at the May 2014 OpenStack Summit in Atlanta.

Video is here: https://www.youtube.com/watch?v=SdTf8OvHC60

Published in: Software, Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
512
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
15
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Designate - Operators Deep Dive

  1. 1. Operators Deep Dive Graham Hayes / HP Ron Rickard / eBay Inc.
  2. 2. Graham Hayes - HP Cloud
  3. 3. Ron Rickard Sr. Cloud Engineer, eBay Inc. rrickard@ebaysf.com irc.freenode.net: rjrjr
  4. 4. Agenda Designate Overview Designate REST API Designate and Neutron Designate Central Designate Sink
  5. 5. Designate Overview
  6. 6. Designate Overview ● Designate is the DNS as-a-service component in OpenStack. ● Designate consists of: REST API, Central, and Sink. ● Internal and external Designate communication use the message queue. ● A designate client will allow you to manage servers, domains, and records. ○ More functionality is available in the REST API. ● Designate is the source of record for DNS records for the domains it manages. ● Domains are owned by tenants. ● Additional information: ○ http://designate.readthedocs.org
  7. 7. Designate Architecture Database DNS Server Backend Central API AMQP Keystone User
  8. 8. Designate REST API
  9. 9. Designate REST API ● Version 1 allows management of: ○ Servers ○ Domains ○ Records ● Experimental Version 2 adds: ○ Zone import/export ○ Top-Level Domains (TLDs) ○ Zone blacklists ○ Managed Floating IP PTR Records ● Additional information: ○ http://designate.readthedocs.org/en/latest/rest.html
  10. 10. Designate Client ● Provides a command-line interface (CLI) like Keystone and Nova CLIs. ● Functionality is a subset of entire Designate API: ○ Servers ○ Domains ○ Records
  11. 11. Zone Import/Export GET/POST - /v2/zones/<id> - Content-Type text/dns ● Use the API to: ○ import zones in zonefile format ○ export zones in zonefile format ● A zoneextractor.py tool assists with generating the zonefile format for imports
  12. 12. Top-Level Domains (TLDs) GET/POST/PATCH - /v2/tlds/<id> ● Use the API to managed TLDs ● By default no TLDs exist and any domain name can be created ● Presence of TLDs causes domain creation checks: ○ last label in domain name must be a TLD ○ the entire domain name cannot be a TLD
  13. 13. Zone Blacklists GET/POST/PATCH - /v2/blacklists/<id> ● Use the API to manage blacklists ● Blacklist are regular expressions used to block domains from being created ○ Example to prevent example.com. domain from being created: ■ ^example.com.$ ○ Example to prevent example.com. and subdomains of example.com. from being created: ■ ^([A-Za-z0-9_-]+.)*example.com.$
  14. 14. Designate and Neutron Floating IP Reverse DNS
  15. 15. Floating IP Pointers GET/PATCH - /v2/reverse/floatingips/<id> ● Manage reverse DNS (PTR records) for Neutron Floating IPs ● Allow Operators to delegate the *.in-addr.arpa zone to Designate ○ Users can manage their own DNS, without support ○ Users can only set PTRs for IPs currently associated with their tenant
  16. 16. Designate Central
  17. 17. Designate Central ● Contains the core code for Designate. ● Uses pluggable storage driver for persisting data: ○ SQLAlchemy ● Uses pluggable backend driver for DNS operations: ○ PowerDNS ○ NSD4 ○ FreeIPA ○ DynECT ○ BIND (needs work)
  18. 18. Backend Drivers ● Currently, backend drivers need to implement functions for: ○ Create, update, delete TSIG keys ○ Create, update, delete domains ○ Create, update, delete record set ○ Create, update, delete records ● Coming is a mini-DNS in Designate. Mini-DNS will: ○ Pushes data using zone transfers (AXFR/IXFR) ○ Simplify backend drivers ● Additional Information: ○ http://designate.readthedocs.org/en/latest/backends.html
  19. 19. Backends - MiniDNS Database Central MiniDNS Customer Facing DNS Server Backend / Manager API
  20. 20. Designate Sink Automatic Record Creation
  21. 21. Designate Sink ● Designate Sink consumes events from Nova, Neutron, and other services and turns those events into DNS operations. ● What events and what DNS operations are performed are determined by custom notification handlers. ● Designate ships with sample notification handlers: ○ Nova handler ○ Neutron handler
  22. 22. Events compute.instance.create.start/.error/. end compute.instance.delete.start/.end compute.instance.update compute.instance.rebuild.start/.end orchestration.stack.create.start/.error/.end orchestration.stack.update.start/.error/.end orchestration.stack.delete.start/.error/.end network.create network.delete network.port.create network.port.delete floatingip.update.end floatingip.delete.start trove.instance.create trove.instance.delete
  23. 23. Payload {"state_description": "", "availability_zone": null, "terminated_at": "", "ephemeral_gb": 0, "instance_type_id": 2, "message": "Success", "deleted_at": "", "reservation_id": "r-0fhyl6wq", "instance_id": "192c1697-bc90-483f-bffc-6f461dd793cc", "user_id": "7101d930ff084aab9136db2b359719e2", "fixed_ips": [{"floating_ips": [], "label": "private", "version": 4, "meta": {}, "address": "10.0.0.2", "type": "fixed"}], "hostname": "rontest", "state": "active", "launched_at": "2014-02-24T23:16:43.058572", "metadata": [], "node": "frodo", "ramdisk_id": "", "access_ip_v6": null, "disk_gb": 1, "access_ip_v4": null, "kernel_id": "", "image_name": "cirros-0.3.0-x86_64-disk", "host": "frodo", "display_name": "rontest", "image_ref_url": "http://192.168.56.35:9292/images/afd10e78-d2e2-41cf-b1f7-573d7c89ac18", "root_gb": 1, "tenant_id": "c8344a592b574589b531fe8956ef7ec1", "created_at": "2014-02-24T23:16:37.000000", "memory_mb": 512, "instance_type": "m1.tiny", "vcpus": 1, "image_meta": {"min_disk": "1", "container_format": "bare", "min_ram": "0", "disk_format": "qcow2", "base_image_ref": "afd10e78-d2e2-41cf-b1f7-573d7c89ac18"}, "architecture": null, "os_type": null, "instance_flavor_id": "1"}
  24. 24. Notification Handler Code class NotificationHandler(ExtensionPlugin): … @abc.abstractmethod def get_exchange_topics(self): """ Returns a tuple of (exchange, list(topics)) this handler wishes to receive notifications from. """
  25. 25. Notification Handler Code (continued) @abc.abstractmethod def get_event_types(self): """ Returns a list of event types this handler is capable of processing """ @abc.abstractmethod def process_notification(self, context, event_type, payload): """ Processes a given notification """ ...
  26. 26. Designate Sink at eBay Inc. Evolving custom notification handler: ○ Initial design: ■ Granular with a single forward and reverse zone per tenant ■ Context (user, tenant, token) taken from notification message ○ Final design: ■ VPC - Virtual Private Cloud (dev, prod, ext) ■ VPCs are implemented as special tenant (not seen by user): ● admin_extcos ● admin_devcos ● admin_prodcos ■ tenants grouped into VPCs ■ many forward and reverse zones associated with VPC tenants
  27. 27. Designate Sink at eBay Inc. (continued) ○ Final design (continued): ■ Nova instance metadata: ● zone - forward zone for A record ● hostname - hostname portion of FQDN for A record ● VPC name ■ VPC name is mapped to VPC tenant in designate.conf: ● network_host_tenants = ext:admin_extcos,dev:admin_devcos,prod: admin_prodcos ■ service account is member of VPC tenants and used to add A and PTR records to Designate
  28. 28. def process_notification(self, context, event_type, payload): domain_id = self.central_api.find_option(context, “default_domain”) recordset = self.central_api.create_recordset(context, domain_id, {'name': name, 'type': type, 'ttl': ttl,}) address = {'version': 4, 'address': payload['floatingip']['floating_ip_address']} record_values = {'data': address['address']} self.central_api.create_record(context, domain_id, recordset['id'], record_values)
  29. 29. Workshop B314 @ 13:30 Make sure you have installed: VirtualBox (4.x) Vagrant (Latest)
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×