SlideShare a Scribd company logo

Get your instance by name integration of nova, neutron and designate

Miguel Lavalle
Miguel Lavalle

The document discusses integrating Neutron, Nova, and Designate to provide DNS services for instances. It summarizes the motivation, outlines how DNS was handled in Neutron prior to integration, provides overviews of Designate and how the integration was accomplished. Key points include: - DNS errors in instances motivated integration for a consistent user experience - Neutron previously used its own internal DNS which caused issues - Designate is an OpenStack DNS service that manages DNS servers without being a DNS server itself - Integration was done in two stages - getting Nova and Neutron on instance names, then integrating Neutron and Designate - Collaboration involved dividing work, getting buy-in from larger projects like Nova,

1 of 36
Download to read offline
Get your instance by name: integration of Nova, Neutron and Designate @CarlNBaldwin carl.baldwin@hpe.com Kiall Mac Innes kiall@hpe.com Miguel Lavalle malavall@us.ibm.com
Agenda ● Background and motivation to integrate Neutron, Nova and Designate ○ DNS in Neutron in Kilo version ● Designate overview ● How was the integration accomplished ● Demo ● Experience in cross project collaboration
Background and Motivation ● The error that started it all (I still see this everywhere) ● Floated the idea around in Atlanta and found that there was a lot of interest ○ “I'm mostly so in love with where this is going that I want to marry it.” ■ … a prominent spec reviewer ● So, why did it get stalled for so long? ubuntu@docker20140518: ~ $ sudo id sudo: unable to resolve host docker20140518 uid=0(root) gid=0(root) groups=0(root)
Other DNS anomalies in VM’s ● In following VM: $ hostname my-vm ● Other commands don’t work: $ hostname -f hostname: my-vm: Unknown host $ nslookup my-vm Server: 10.0.0.2 Address 1: 10.0.0.2 host-10-0-0-2.openstacklocal nslookup: can't resolve 'my-vm'
Neutron’s internal DNS
Neutron’s internal DNS $ neutron port-create ... ReST API RPCNeutron Server DHCP Agent dnsmasq {“port”: “fixed_ips”: [ {“subnet_id”: ... “ip_address”: “10.0.0.4” } ], “mac_address”: “fa:16:3e:c9:cb:f0” } SIGHUP fa:16:3e:c9:cb:f0 10.0.0.4 host-10-0-0-4 host-10-0-0-4.openstacklocal.
Agenda ● Background and motivation to integrate Neutron, Nova and Designate ● Designate overview ○ A 10,000ft view ○ Architecture ○ The Basics ○ So, what can you use Designate for? ○ What’s this “Sink” thing? ● How was the integration accomplished ● Demo ● Experience in cross project collaboration
Designate, a 10,000ft view ● OpenStack REST API for managing DNS ● Architecturally similar to Nova/Trove/etc - We’re not a DNS server, we just manage them ● Support for two deployment models: ○ On premise - You manage and maintain the DNS servers (PowerDNS or BIND) ○ 3rd party - Support for pushing zone contents to Akamai or DynECT
Designate Architecture CentralSink DB Pool Manager Mini DNS Customer Facing DNS Servers Backend Nova / Neutron Zone Manager API (Old)(New)
Designate Components Since this isn't a Designate talk, we're going to gloss over most components ● Central - The workhorse, all DB interactions (okay, most) and business logic ● API - End user facing API, a shim to Central that understands REST ● Mini DNS - A pure python DNS server, used exclusively interact with other DNS servers - i.e. to push content to the end user facing DNS servers ● Sink - An old Nova/Neutron event listener, with plugins to act upon notifications like "compute.instance.create" - more on this later ● Customer Facing DNS Servers - BIND, PowerDNS, Akamai, DynECT etc
So, what can you use Designate for? ● At its most basic, a REST API to manage DNS zones on a per tenant/project basis ● Acts as a gateway to the DNS server or 3rd parties, making “single tenant” DNS servers multi-tenant ● Slave zones from customer nameservers - i.e. “federate” zones from a customer’s corp NS to the providers pool of NS’s ● Most importantly, it lets you integrate DNS into your cloud provisioning workflow, using the same style of API as Compute, Networking, and so on
What’s this “Sink” thing? ● Designate Sink provided some really basic Nova/Neutron integration ● Listens in on the notification events, usually used for ceilometer ● Dispatches the events to registered plugins, which have access to Designate’ s internal RPC APIs ● It was fundamentally flawed as RabbitMQ / oslo.messaging notifications come with no real delivery guarantees, though the trade off was acceptable to some deployments
Agenda ● Background and motivation to integrate Neutron, Nova and Designate ○ DNS in Neutron in Kilo version ● Designate overview ● How was the integration accomplished ● Demo ● Experience in cross project collaboration
Neutron’s internal DNS: Liberty $ neutron port-create … --dns_name my-name ReST API RPCNeutron Server DHCP Agent dnsmasq {“port”: “fixed_ips”: [ {“subnet_id”: ... “ip_address”: “10.0.0.4” } ], “mac_address”: “fa:16:3e:c9:cb:f0”, “dns_name”: “my-name”, “dns_assignment”: { “hostname”: “my-name”, “ip_address”: “10.0.0.4”, “fqdn”: “my-name.my-domain.org.” } } SIGHUP fa:16:3e:c9:cb:f0 10.0.0.4 my-name my-name.my-domain.org. dns_domain = my-domain.org. neutron.conf
Neutron’s internal DNS with Nova: Mitaka $ neutron port-create … --dns_name instance.hostname ReST API RPCNeutron Server DHCP Agent dnsmasq {“port”: “fixed_ips”: [ {“subnet_id”: ... “ip_address”: “10.0.0.4” } ], “mac_address”: “fa:16:3e:c9:cb:f0”, “dns_name”: “my-vm”, “dns_assignment”: { “hostname”: “my-vm”, “ip_address”: “10.0.0.4”, “fqdn”: “my-vm.my-domain.org.” } } SIGHUP fa:16:3e:c9:cb:f0 10.0.0.4 my-vm my-vm.my-domain.org. dns_domain = my-domain.org. neutron.conf Nova compute manager creating instance my_vm
DNS anomalies in VM’s solved ● In following VM: $ hostname my-vm ● Commands work correctly: $ sudo id uid=0(root) gid=0(root) groups=0(root),10(wheel) $ hostname -f my-vm $ nslookup my-vm nslookup my-vm Server: 10.0.0.2 Address 1: 10.0.0.2 host-10-0-0-2.my-domain.org Name: my-vm Address 1: fdfa:152b:bc96:0:f816:3eff:fedc:1780 my-vm.my-domain.org Address 2: 10.0.0.4 my-vm.my-domain.org
Neutron and Designate integration Use case 1: name and domain belong to instance / port $ neutron net-create my-net --dns_domain my-domain.org. ReST API Neutron Designate {“network”: ... “name”: “my-net”, “dns_domain”: “my-domain.org.”, “id”: “b06b4967-ba73-4567-b060-cf6a9d7ecac6: ... } ReST API
ReST API Neutron Designate ReST API $ neutron port-create … --dns_name instance.hostname Nova compute manager creating instance my_vm {“port”: “fixed_ips”: [ {“subnet_id”: ... “ip_address”: “10.0.0.4” } ], “id”: “b9a82377-a89f-4b02-93ec-3573333f70c6”, “dns_name”: “my-vm”, “dns_assignment”: { “hostname”: “my-vm”, “ip_address”: “10.0.0.4”, “fqdn”: “my-vm.my-domain.org.” } } Neutron and Designate integration Use case 1: name and domain belong to instance / port
ReST API Neutron Designate ReST API $ neutron floatingip-create … --port_id b9a82377-a89f-4b02-93ec-3573333f70c6 {“floatingip”: “dns_domain”: “”, “dns_name”: “”, “fixed_ip_address”: “10.0.0.4”, “floating_ip_address”: “172.24.4.3”, ... } In zone my-domain.org.: record type: A name: my-vm.my-domain.org. data: 172.24.4.3 In zone 4.24.172.in-addr.arpa. record type: PTR name: 3.4.24.172.in-addr.arpa. data: my-vm.my-domain.org. Neutron and Designate integration Use case 1: name and domain belong to instance / port
ReST API Neutron Designate ReST API $ neutron floatingip-create … --port_id b9a82377-a89f-4b02-93ec-3573333f70c6 --dns_name my-fip --dns_domain my-other-domain.org. {“floatingip”: “dns_domain”: “my-other-domain.org”, “dns_name”: “my-fip”, “fixed_ip_address”: “10.0.0.4”, “floating_ip_address”: “172.24.4.4”, ... } In zone my-other-domain.org.: record type: A name: my-fip.my-domain.org. data: 172.24.4.4 In zone 4.24.172.in-addr.arpa. record type: PTR name: 4.4.24.172.in-addr.arpa. data: my-fip.my-domain.org. Neutron and Designate integration Use case 2: name and domain belong to floating ip
Neutron and Designate integration Implementation Neutron server ExternalDNSService get_instance create_record_set delete_record_set Designate create_record_set delete_record_set ● Design allows the implementation of different external DNS services drivers. The reference implementation is with Designate ● get_instance loads the driver configured in neutron.conf ● Designate driver uses the Designate python client v2.0 to send requests and receive responses ● create_record_set and delete_record_set in Designate driver instantiate two Designate clients (V2.0): ○ One with the token present in the user request. This client is used to create A and AAAA records ○ The second with admin privileges to
Neutron and Designate integration Configuration ● All the configuration is done in neutron.conf ● The external DNS service driver is configured in the [default] section ○ Parameter external_dns_driver ○ The Designate driver is: neutron.services.externaldns.drivers.designate.driver.Designate ● The [designate] section contains the following parameters ○ url: the Designate end point, for example http://23.253.217.34:9001/v2 ○ For the admin user / tenant used for the client that handles PTR records: ■ admin_auth_url: the Keystone end point for admin users authentication, for example http://23.253.217.34:35357/v2.0 ■ admin_username ■ admin_password ■ admin_tenant_id ■ admin_tenant_name ○ allow_reverse_dns_lookup to enable (True) or disable (False) the creation of PTR records
Agenda ● Background and motivation to integrate Neutron, Nova and Designate ○ DNS in Neutron in Kilo version ● Designate overview ● How was the integration accomplished ● Demo ● Experience in cross project collaboration
Agenda ● Background and motivation to integrate Neutron, Nova and Designate ○ DNS in Neutron in Kilo version ● Designate overview ● How was the integration accomplished ● Demo ● Experience in cross project collaboration
Two stages ● Divided the work into two stages to avoid coupling three projects together ● Stage One ○ Getting Nova and Neutron to agree on the instance’s name ○ The IP address hangs off the port. It made sense to us the port as the integration point. ● Stage Two ○ Getting Neutron and Designate to talk ■ Could be any DNS service. It can work along with pluggable IPAM. ○ Neutron Network is associated with the Designate domain
Working with Nova ● Nova is a very large project, as is Neutron ● Uncertainty around Nova-net and Neutron ● Nova may have bad bigger fish to fry ○ DNS integration spec, being relatively small, “fell through the cracks” during Liberty
Working with Designate ● “Why haven’t we just done this yet?” - Paraphrased from Kiall in Vancouver ● Smaller team looking to grow traction ● DNS is what they do. They were naturally interested. ● From the Neutron developer who wrote the integration with Designate: ○ Designate always available and ready to answer questions and provide guidance ○ The Designate team created a fixed topic in their weekly IRC meeting to track progress, which was very helpful to maintain coordination
Working with Neutron ● Who in their right mind… ;) ● Miguel and Carl have been excellent! ● Miguel consistently dropped by the weekly Designate IRC meeting to update the Designate team on progress

Recommended

Designate - Operators Deep Dive
Designate - Operators Deep DiveDesignate - Operators Deep Dive
Designate - Operators Deep Dive
Graham Hayes
 
Integration of neutron, nova and designate how to use it and how to configur...
Integration of neutron, nova and designate how to use it and how to configur...Integration of neutron, nova and designate how to use it and how to configur...
Integration of neutron, nova and designate how to use it and how to configur...
Miguel Lavalle
 
Designate: An Overview
Designate: An OverviewDesignate: An Overview
Designate: An Overview
Graham Hayes
 
Designate Install and Operate Workshop
Designate Install and Operate WorkshopDesignate Install and Operate Workshop
Designate Install and Operate Workshop
Graham Hayes
 
Designate - DNSaaS for OpenStack - FOSDEM 2014
Designate - DNSaaS for OpenStack - FOSDEM 2014Designate - DNSaaS for OpenStack - FOSDEM 2014
Designate - DNSaaS for OpenStack - FOSDEM 2014
Graham Hayes
 
Designate Installation Workshop
Designate Installation WorkshopDesignate Installation Workshop
Designate Installation Workshop
Graham Hayes
 
Part 3 - Local Name Resolution in Linux, FreeBSD and macOS/iOS
Part 3 - Local Name Resolution in Linux, FreeBSD and macOS/iOSPart 3 - Local Name Resolution in Linux, FreeBSD and macOS/iOS
Part 3 - Local Name Resolution in Linux, FreeBSD and macOS/iOS
Men and Mice
 
Namespaces for Local Networks
Namespaces for Local NetworksNamespaces for Local Networks
Namespaces for Local Networks
Men and Mice
 

Recommended

Designate - Operators Deep Dive
Designate - Operators Deep DiveDesignate - Operators Deep Dive
Designate - Operators Deep Dive
Graham Hayes
 
Integration of neutron, nova and designate how to use it and how to configur...
Integration of neutron, nova and designate how to use it and how to configur...Integration of neutron, nova and designate how to use it and how to configur...
Integration of neutron, nova and designate how to use it and how to configur...
Miguel Lavalle
 
Designate: An Overview
Designate: An OverviewDesignate: An Overview
Designate: An Overview
Graham Hayes
 
Designate Install and Operate Workshop
Designate Install and Operate WorkshopDesignate Install and Operate Workshop
Designate Install and Operate Workshop
Graham Hayes
 
Designate - DNSaaS for OpenStack - FOSDEM 2014
Designate - DNSaaS for OpenStack - FOSDEM 2014Designate - DNSaaS for OpenStack - FOSDEM 2014
Designate - DNSaaS for OpenStack - FOSDEM 2014
Graham Hayes
 
Designate Installation Workshop
Designate Installation WorkshopDesignate Installation Workshop
Designate Installation Workshop
Graham Hayes
 
Part 3 - Local Name Resolution in Linux, FreeBSD and macOS/iOS
Part 3 - Local Name Resolution in Linux, FreeBSD and macOS/iOSPart 3 - Local Name Resolution in Linux, FreeBSD and macOS/iOS
Part 3 - Local Name Resolution in Linux, FreeBSD and macOS/iOS
Men and Mice
 
Namespaces for Local Networks
Namespaces for Local NetworksNamespaces for Local Networks
Namespaces for Local Networks
Men and Mice
 
Part 2 - Local Name Resolution in Windows Networks
Part 2 - Local Name Resolution in Windows NetworksPart 2 - Local Name Resolution in Windows Networks
Part 2 - Local Name Resolution in Windows Networks
Men and Mice
 
Windows Server 2016 Webinar
Windows Server 2016 WebinarWindows Server 2016 Webinar
Windows Server 2016 Webinar
Men and Mice
 
DNSSEC - WHAT IS IT ? INSTALL AND CONFIGURE IN CHROOT JAIL
DNSSEC - WHAT IS IT ? INSTALL AND CONFIGURE IN CHROOT JAILDNSSEC - WHAT IS IT ? INSTALL AND CONFIGURE IN CHROOT JAIL
DNSSEC - WHAT IS IT ? INSTALL AND CONFIGURE IN CHROOT JAIL
Utah Networxs Consultoria e Treinamento
 
Encrypted DNS - DNS over TLS / DNS over HTTPS
Encrypted DNS - DNS over TLS / DNS over HTTPSEncrypted DNS - DNS over TLS / DNS over HTTPS
Encrypted DNS - DNS over TLS / DNS over HTTPS
Alex Mayrhofer
 
Debugging Network Issues
Debugging Network IssuesDebugging Network Issues
Debugging Network Issues
Apcera
 
DNS High-Availability Tools - Open-Source Load Balancing Solutions
DNS High-Availability Tools - Open-Source Load Balancing SolutionsDNS High-Availability Tools - Open-Source Load Balancing Solutions
DNS High-Availability Tools - Open-Source Load Balancing Solutions
Men and Mice
 
Building the Right Platform Architecture for Hadoop
Building the Right Platform Architecture for HadoopBuilding the Right Platform Architecture for Hadoop
Building the Right Platform Architecture for Hadoop
All Things Open
 
The DNSSEC KSK of the root rolls
The DNSSEC KSK of the root rollsThe DNSSEC KSK of the root rolls
The DNSSEC KSK of the root rolls
Men and Mice
 
8 technical-dns-workshop-day4
8 technical-dns-workshop-day48 technical-dns-workshop-day4
8 technical-dns-workshop-day4
DNS Entrepreneurship Center
 
7 technical-dns-workshop-day3
7 technical-dns-workshop-day37 technical-dns-workshop-day3
7 technical-dns-workshop-day3
DNS Entrepreneurship Center
 
A study of our DNS full-resolvers
A study of our DNS full-resolversA study of our DNS full-resolvers
A study of our DNS full-resolvers
Bangladesh Network Operators Group
 
What is new in BIND 9.11?
What is new in BIND 9.11?What is new in BIND 9.11?
What is new in BIND 9.11?
Men and Mice
 
How to send DNS over anything encrypted
How to send DNS over anything encryptedHow to send DNS over anything encrypted
How to send DNS over anything encrypted
Men and Mice
 
Kea DHCP – the new open source DHCP server from ISC
Kea DHCP – the new open source DHCP server from ISCKea DHCP – the new open source DHCP server from ISC
Kea DHCP – the new open source DHCP server from ISC
Men and Mice
 
2 technical-dns-workshop-day1
2 technical-dns-workshop-day12 technical-dns-workshop-day1
2 technical-dns-workshop-day1
DNS Entrepreneurship Center
 
DNSSEC signing Tutorial
DNSSEC signing Tutorial DNSSEC signing Tutorial
DNSSEC signing Tutorial
Men and Mice
 
Yeti DNS - Experimenting at the root
Yeti DNS - Experimenting at the rootYeti DNS - Experimenting at the root
Yeti DNS - Experimenting at the root
Men and Mice
 
Understanding and Deploying DNSSEC, by Champika Wijayatunga [APRICOT 2015]
Understanding and Deploying DNSSEC, by Champika Wijayatunga [APRICOT 2015]Understanding and Deploying DNSSEC, by Champika Wijayatunga [APRICOT 2015]
Understanding and Deploying DNSSEC, by Champika Wijayatunga [APRICOT 2015]
APNIC
 
Scaling your logging infrastructure using syslog-ng
Scaling your logging infrastructure using syslog-ngScaling your logging infrastructure using syslog-ng
Scaling your logging infrastructure using syslog-ng
Peter Czanik
 
Windows 2012 and DNSSEC
Windows 2012 and DNSSECWindows 2012 and DNSSEC
Windows 2012 and DNSSEC
Men and Mice
 
Dockerizing the Hard Services: Neutron and Nova
Dockerizing the Hard Services: Neutron and NovaDockerizing the Hard Services: Neutron and Nova
Dockerizing the Hard Services: Neutron and Nova
clayton_oneill
 
Kubernetes at (Organizational) Scale
Kubernetes at (Organizational) ScaleKubernetes at (Organizational) Scale
Kubernetes at (Organizational) Scale
Jeff Zellner
 

More Related Content

What's hot

Part 2 - Local Name Resolution in Windows Networks
Part 2 - Local Name Resolution in Windows NetworksPart 2 - Local Name Resolution in Windows Networks
Part 2 - Local Name Resolution in Windows Networks
Men and Mice
 
Windows Server 2016 Webinar
Windows Server 2016 WebinarWindows Server 2016 Webinar
Windows Server 2016 Webinar
Men and Mice
 
DNSSEC - WHAT IS IT ? INSTALL AND CONFIGURE IN CHROOT JAIL
DNSSEC - WHAT IS IT ? INSTALL AND CONFIGURE IN CHROOT JAILDNSSEC - WHAT IS IT ? INSTALL AND CONFIGURE IN CHROOT JAIL
DNSSEC - WHAT IS IT ? INSTALL AND CONFIGURE IN CHROOT JAIL
Utah Networxs Consultoria e Treinamento
 
Encrypted DNS - DNS over TLS / DNS over HTTPS
Encrypted DNS - DNS over TLS / DNS over HTTPSEncrypted DNS - DNS over TLS / DNS over HTTPS
Encrypted DNS - DNS over TLS / DNS over HTTPS
Alex Mayrhofer
 
Debugging Network Issues
Debugging Network IssuesDebugging Network Issues
Debugging Network Issues
Apcera
 
DNS High-Availability Tools - Open-Source Load Balancing Solutions
DNS High-Availability Tools - Open-Source Load Balancing SolutionsDNS High-Availability Tools - Open-Source Load Balancing Solutions
DNS High-Availability Tools - Open-Source Load Balancing Solutions
Men and Mice
 
Building the Right Platform Architecture for Hadoop
Building the Right Platform Architecture for HadoopBuilding the Right Platform Architecture for Hadoop
Building the Right Platform Architecture for Hadoop
All Things Open
 
The DNSSEC KSK of the root rolls
The DNSSEC KSK of the root rollsThe DNSSEC KSK of the root rolls
The DNSSEC KSK of the root rolls
Men and Mice
 
8 technical-dns-workshop-day4
8 technical-dns-workshop-day48 technical-dns-workshop-day4
8 technical-dns-workshop-day4
DNS Entrepreneurship Center
 
7 technical-dns-workshop-day3
7 technical-dns-workshop-day37 technical-dns-workshop-day3
7 technical-dns-workshop-day3
DNS Entrepreneurship Center
 
A study of our DNS full-resolvers
A study of our DNS full-resolversA study of our DNS full-resolvers
A study of our DNS full-resolvers
Bangladesh Network Operators Group
 
What is new in BIND 9.11?
What is new in BIND 9.11?What is new in BIND 9.11?
What is new in BIND 9.11?
Men and Mice
 
How to send DNS over anything encrypted
How to send DNS over anything encryptedHow to send DNS over anything encrypted
How to send DNS over anything encrypted
Men and Mice
 
Kea DHCP – the new open source DHCP server from ISC
Kea DHCP – the new open source DHCP server from ISCKea DHCP – the new open source DHCP server from ISC
Kea DHCP – the new open source DHCP server from ISC
Men and Mice
 
2 technical-dns-workshop-day1
2 technical-dns-workshop-day12 technical-dns-workshop-day1
2 technical-dns-workshop-day1
DNS Entrepreneurship Center
 
DNSSEC signing Tutorial
DNSSEC signing Tutorial DNSSEC signing Tutorial
DNSSEC signing Tutorial
Men and Mice
 
Yeti DNS - Experimenting at the root
Yeti DNS - Experimenting at the rootYeti DNS - Experimenting at the root
Yeti DNS - Experimenting at the root
Men and Mice
 
Understanding and Deploying DNSSEC, by Champika Wijayatunga [APRICOT 2015]
Understanding and Deploying DNSSEC, by Champika Wijayatunga [APRICOT 2015]Understanding and Deploying DNSSEC, by Champika Wijayatunga [APRICOT 2015]
Understanding and Deploying DNSSEC, by Champika Wijayatunga [APRICOT 2015]
APNIC
 
Scaling your logging infrastructure using syslog-ng
Scaling your logging infrastructure using syslog-ngScaling your logging infrastructure using syslog-ng
Scaling your logging infrastructure using syslog-ng
Peter Czanik
 
Windows 2012 and DNSSEC
Windows 2012 and DNSSECWindows 2012 and DNSSEC
Windows 2012 and DNSSEC
Men and Mice
 

What's hot (20)

Part 2 - Local Name Resolution in Windows Networks
Part 2 - Local Name Resolution in Windows NetworksPart 2 - Local Name Resolution in Windows Networks
Part 2 - Local Name Resolution in Windows Networks
 
Windows Server 2016 Webinar
Windows Server 2016 WebinarWindows Server 2016 Webinar
Windows Server 2016 Webinar
 
DNSSEC - WHAT IS IT ? INSTALL AND CONFIGURE IN CHROOT JAIL
DNSSEC - WHAT IS IT ? INSTALL AND CONFIGURE IN CHROOT JAILDNSSEC - WHAT IS IT ? INSTALL AND CONFIGURE IN CHROOT JAIL
DNSSEC - WHAT IS IT ? INSTALL AND CONFIGURE IN CHROOT JAIL
 
Encrypted DNS - DNS over TLS / DNS over HTTPS
Encrypted DNS - DNS over TLS / DNS over HTTPSEncrypted DNS - DNS over TLS / DNS over HTTPS
Encrypted DNS - DNS over TLS / DNS over HTTPS
 
Debugging Network Issues
Debugging Network IssuesDebugging Network Issues
Debugging Network Issues
 
DNS High-Availability Tools - Open-Source Load Balancing Solutions
DNS High-Availability Tools - Open-Source Load Balancing SolutionsDNS High-Availability Tools - Open-Source Load Balancing Solutions
DNS High-Availability Tools - Open-Source Load Balancing Solutions
 
Building the Right Platform Architecture for Hadoop
Building the Right Platform Architecture for HadoopBuilding the Right Platform Architecture for Hadoop
Building the Right Platform Architecture for Hadoop
 
The DNSSEC KSK of the root rolls
The DNSSEC KSK of the root rollsThe DNSSEC KSK of the root rolls
The DNSSEC KSK of the root rolls
 
8 technical-dns-workshop-day4
8 technical-dns-workshop-day48 technical-dns-workshop-day4
8 technical-dns-workshop-day4
 
7 technical-dns-workshop-day3
7 technical-dns-workshop-day37 technical-dns-workshop-day3
7 technical-dns-workshop-day3
 
A study of our DNS full-resolvers
A study of our DNS full-resolversA study of our DNS full-resolvers
A study of our DNS full-resolvers
 
What is new in BIND 9.11?
What is new in BIND 9.11?What is new in BIND 9.11?
What is new in BIND 9.11?
 
How to send DNS over anything encrypted
How to send DNS over anything encryptedHow to send DNS over anything encrypted
How to send DNS over anything encrypted
 
Kea DHCP – the new open source DHCP server from ISC
Kea DHCP – the new open source DHCP server from ISCKea DHCP – the new open source DHCP server from ISC
Kea DHCP – the new open source DHCP server from ISC
 
2 technical-dns-workshop-day1
2 technical-dns-workshop-day12 technical-dns-workshop-day1
2 technical-dns-workshop-day1
 
DNSSEC signing Tutorial
DNSSEC signing Tutorial DNSSEC signing Tutorial
DNSSEC signing Tutorial
 
Yeti DNS - Experimenting at the root
Yeti DNS - Experimenting at the rootYeti DNS - Experimenting at the root
Yeti DNS - Experimenting at the root
 
Understanding and Deploying DNSSEC, by Champika Wijayatunga [APRICOT 2015]
Understanding and Deploying DNSSEC, by Champika Wijayatunga [APRICOT 2015]Understanding and Deploying DNSSEC, by Champika Wijayatunga [APRICOT 2015]
Understanding and Deploying DNSSEC, by Champika Wijayatunga [APRICOT 2015]
 
Scaling your logging infrastructure using syslog-ng
Scaling your logging infrastructure using syslog-ngScaling your logging infrastructure using syslog-ng
Scaling your logging infrastructure using syslog-ng
 
Windows 2012 and DNSSEC
Windows 2012 and DNSSECWindows 2012 and DNSSEC
Windows 2012 and DNSSEC
 

Similar to Get your instance by name integration of nova, neutron and designate

Dockerizing the Hard Services: Neutron and Nova
Dockerizing the Hard Services: Neutron and NovaDockerizing the Hard Services: Neutron and Nova
Dockerizing the Hard Services: Neutron and Nova
clayton_oneill
 
Kubernetes at (Organizational) Scale
Kubernetes at (Organizational) ScaleKubernetes at (Organizational) Scale
Kubernetes at (Organizational) Scale
Jeff Zellner
 
Banog meetup August 30th, network device property as code
Banog meetup August 30th, network device property as codeBanog meetup August 30th, network device property as code
Banog meetup August 30th, network device property as code
Damien Garros
 
Netflix Open Source Meetup Season 4 Episode 2
Netflix Open Source Meetup Season 4 Episode 2Netflix Open Source Meetup Season 4 Episode 2
Netflix Open Source Meetup Season 4 Episode 2
aspyker
 
Clusternaut: Orchestrating Percona XtraDB Cluster with Kubernetes.
Clusternaut: Orchestrating Percona XtraDB Cluster with Kubernetes.Clusternaut: Orchestrating Percona XtraDB Cluster with Kubernetes.
Clusternaut: Orchestrating Percona XtraDB Cluster with Kubernetes.
Raghavendra Prabhu
 
Second Skin: Real-Time Retheming a Legacy Web Application with Diazo in the C...
Second Skin: Real-Time Retheming a Legacy Web Application with Diazo in the C...Second Skin: Real-Time Retheming a Legacy Web Application with Diazo in the C...
Second Skin: Real-Time Retheming a Legacy Web Application with Diazo in the C...
Chris Shenton
 
MySQL Connectors 8.0.19 & DNS SRV
MySQL Connectors 8.0.19 & DNS SRVMySQL Connectors 8.0.19 & DNS SRV
MySQL Connectors 8.0.19 & DNS SRV
Kenny Gryp
 
Introduction to cloud and openstack
Introduction to cloud and openstackIntroduction to cloud and openstack
Introduction to cloud and openstack
Shivaling Sannalli
 
Connect Everything with NATS - Cloud Expo Europe
Connect Everything with NATS - Cloud Expo EuropeConnect Everything with NATS - Cloud Expo Europe
Connect Everything with NATS - Cloud Expo Europe
wallyqs
 
Docker in Production - Stateful Services
Docker in Production - Stateful ServicesDocker in Production - Stateful Services
Docker in Production - Stateful Services
Kontena, Inc.
 
New Jersey Red Hat Users Group Presentation: Provisioning anywhere
New Jersey Red Hat Users Group Presentation: Provisioning anywhereNew Jersey Red Hat Users Group Presentation: Provisioning anywhere
New Jersey Red Hat Users Group Presentation: Provisioning anywhere
Rodrique Heron
 
DNS Over HTTPS by Michael Casadevall
DNS Over HTTPS by Michael CasadevallDNS Over HTTPS by Michael Casadevall
DNS Over HTTPS by Michael Casadevall
Glenn McKnight
 
Netty training
Netty trainingNetty training
Netty training
Jackson dos Santos Olveira
 
Netty training
Netty trainingNetty training
Netty training
Marcelo Serpa
 
Terraforming your Infrastructure on GCP
Terraforming your Infrastructure on GCPTerraforming your Infrastructure on GCP
Terraforming your Infrastructure on GCP
Samuel Chow
 
DNSSEC Tutorial, by Champika Wijayatunga [APNIC 38]
DNSSEC Tutorial, by Champika Wijayatunga [APNIC 38]DNSSEC Tutorial, by Champika Wijayatunga [APNIC 38]
DNSSEC Tutorial, by Champika Wijayatunga [APNIC 38]
APNIC
 
Traefik on Kubernetes at MySocialApp (CNCF Paris Meetup)
Traefik on Kubernetes at MySocialApp (CNCF Paris Meetup)Traefik on Kubernetes at MySocialApp (CNCF Paris Meetup)
Traefik on Kubernetes at MySocialApp (CNCF Paris Meetup)
Pierre Mavro
 
Welcome to icehouse
Welcome to icehouseWelcome to icehouse
Welcome to icehouse
Marcos García
 
Neutron Network Namespaces and IPtables--A Technical Deep Dive
Neutron Network Namespaces and IPtables--A Technical Deep DiveNeutron Network Namespaces and IPtables--A Technical Deep Dive
Neutron Network Namespaces and IPtables--A Technical Deep Dive
Mirantis
 
Swarm: Native Docker Clustering
Swarm: Native Docker ClusteringSwarm: Native Docker Clustering
Swarm: Native Docker Clustering
Royee Tager
 

Similar to Get your instance by name integration of nova, neutron and designate (20)

Dockerizing the Hard Services: Neutron and Nova
Dockerizing the Hard Services: Neutron and NovaDockerizing the Hard Services: Neutron and Nova
Dockerizing the Hard Services: Neutron and Nova
 
Kubernetes at (Organizational) Scale
Kubernetes at (Organizational) ScaleKubernetes at (Organizational) Scale
Kubernetes at (Organizational) Scale
 
Banog meetup August 30th, network device property as code
Banog meetup August 30th, network device property as codeBanog meetup August 30th, network device property as code
Banog meetup August 30th, network device property as code
 
Netflix Open Source Meetup Season 4 Episode 2
Netflix Open Source Meetup Season 4 Episode 2Netflix Open Source Meetup Season 4 Episode 2
Netflix Open Source Meetup Season 4 Episode 2
 
Clusternaut: Orchestrating Percona XtraDB Cluster with Kubernetes.
Clusternaut: Orchestrating Percona XtraDB Cluster with Kubernetes.Clusternaut: Orchestrating Percona XtraDB Cluster with Kubernetes.
Clusternaut: Orchestrating Percona XtraDB Cluster with Kubernetes.
 
Second Skin: Real-Time Retheming a Legacy Web Application with Diazo in the C...
Second Skin: Real-Time Retheming a Legacy Web Application with Diazo in the C...Second Skin: Real-Time Retheming a Legacy Web Application with Diazo in the C...
Second Skin: Real-Time Retheming a Legacy Web Application with Diazo in the C...
 
MySQL Connectors 8.0.19 & DNS SRV
MySQL Connectors 8.0.19 & DNS SRVMySQL Connectors 8.0.19 & DNS SRV
MySQL Connectors 8.0.19 & DNS SRV
 
Introduction to cloud and openstack
Introduction to cloud and openstackIntroduction to cloud and openstack
Introduction to cloud and openstack
 
Connect Everything with NATS - Cloud Expo Europe
Connect Everything with NATS - Cloud Expo EuropeConnect Everything with NATS - Cloud Expo Europe
Connect Everything with NATS - Cloud Expo Europe
 
Docker in Production - Stateful Services
Docker in Production - Stateful ServicesDocker in Production - Stateful Services
Docker in Production - Stateful Services
 
New Jersey Red Hat Users Group Presentation: Provisioning anywhere
New Jersey Red Hat Users Group Presentation: Provisioning anywhereNew Jersey Red Hat Users Group Presentation: Provisioning anywhere
New Jersey Red Hat Users Group Presentation: Provisioning anywhere
 
DNS Over HTTPS by Michael Casadevall
DNS Over HTTPS by Michael CasadevallDNS Over HTTPS by Michael Casadevall
DNS Over HTTPS by Michael Casadevall
 
Netty training
Netty trainingNetty training
Netty training
 
Netty training
Netty trainingNetty training
Netty training
 
Terraforming your Infrastructure on GCP
Terraforming your Infrastructure on GCPTerraforming your Infrastructure on GCP
Terraforming your Infrastructure on GCP
 
DNSSEC Tutorial, by Champika Wijayatunga [APNIC 38]
DNSSEC Tutorial, by Champika Wijayatunga [APNIC 38]DNSSEC Tutorial, by Champika Wijayatunga [APNIC 38]
DNSSEC Tutorial, by Champika Wijayatunga [APNIC 38]
 
Traefik on Kubernetes at MySocialApp (CNCF Paris Meetup)
Traefik on Kubernetes at MySocialApp (CNCF Paris Meetup)Traefik on Kubernetes at MySocialApp (CNCF Paris Meetup)
Traefik on Kubernetes at MySocialApp (CNCF Paris Meetup)
 
Welcome to icehouse
Welcome to icehouseWelcome to icehouse
Welcome to icehouse
 
Neutron Network Namespaces and IPtables--A Technical Deep Dive
Neutron Network Namespaces and IPtables--A Technical Deep DiveNeutron Network Namespaces and IPtables--A Technical Deep Dive
Neutron Network Namespaces and IPtables--A Technical Deep Dive
 
Swarm: Native Docker Clustering
Swarm: Native Docker ClusteringSwarm: Native Docker Clustering
Swarm: Native Docker Clustering
 

Recently uploaded

LORRAINE ANDREI_LEQUIGAN_HOW TO USE ZOOM
LORRAINE ANDREI_LEQUIGAN_HOW TO USE ZOOMLORRAINE ANDREI_LEQUIGAN_HOW TO USE ZOOM
LORRAINE ANDREI_LEQUIGAN_HOW TO USE ZOOM
lorraineandreiamcidl
 
Using Query Store in Azure PostgreSQL to Understand Query Performance
Using Query Store in Azure PostgreSQL to Understand Query PerformanceUsing Query Store in Azure PostgreSQL to Understand Query Performance
Using Query Store in Azure PostgreSQL to Understand Query Performance
Grant Fritchey
 
GraphSummit Paris - The art of the possible with Graph Technology
GraphSummit Paris - The art of the possible with Graph TechnologyGraphSummit Paris - The art of the possible with Graph Technology
GraphSummit Paris - The art of the possible with Graph Technology
Neo4j
 
Atelier - Innover avec l’IA Générative et les graphes de connaissances
Atelier - Innover avec l’IA Générative et les graphes de connaissancesAtelier - Innover avec l’IA Générative et les graphes de connaissances
Atelier - Innover avec l’IA Générative et les graphes de connaissances
Neo4j
 
UI5con 2024 - Keynote: Latest News about UI5 and it’s Ecosystem
UI5con 2024 - Keynote: Latest News about UI5 and it’s EcosystemUI5con 2024 - Keynote: Latest News about UI5 and it’s Ecosystem
UI5con 2024 - Keynote: Latest News about UI5 and it’s Ecosystem
Peter Muessig
 
Oracle Database 19c New Features for DBAs and Developers.pptx
Oracle Database 19c New Features for DBAs and Developers.pptxOracle Database 19c New Features for DBAs and Developers.pptx
Oracle Database 19c New Features for DBAs and Developers.pptx
Remote DBA Services
 
What is Master Data Management by PiLog Group
What is Master Data Management by PiLog GroupWhat is Master Data Management by PiLog Group
What is Master Data Management by PiLog Group
aymanquadri279
 
How to write a program in any programming language
How to write a program in any programming languageHow to write a program in any programming language
How to write a program in any programming language
Rakesh Kumar R
 
E-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian Companies
E-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian CompaniesE-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian Companies
E-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian Companies
Quickdice ERP
 
A Study of Variable-Role-based Feature Enrichment in Neural Models of Code
A Study of Variable-Role-based Feature Enrichment in Neural Models of CodeA Study of Variable-Role-based Feature Enrichment in Neural Models of Code
A Study of Variable-Role-based Feature Enrichment in Neural Models of Code
Aftab Hussain
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
Safe Software
 
Using Xen Hypervisor for Functional Safety
Using Xen Hypervisor for Functional SafetyUsing Xen Hypervisor for Functional Safety
Using Xen Hypervisor for Functional Safety
Ayan Halder
 
Hand Rolled Applicative User Validation Code Kata
Hand Rolled Applicative User Validation Code KataHand Rolled Applicative User Validation Code Kata
Hand Rolled Applicative User Validation Code Kata
Philip Schwarz
 
Transform Your Communication with Cloud-Based IVR Solutions
Transform Your Communication with Cloud-Based IVR SolutionsTransform Your Communication with Cloud-Based IVR Solutions
Transform Your Communication with Cloud-Based IVR Solutions
TheSMSPoint
 
Fundamentals of Programming and Language Processors
Fundamentals of Programming and Language ProcessorsFundamentals of Programming and Language Processors
Fundamentals of Programming and Language Processors
Rakesh Kumar R
 
Neo4j - Product Vision and Knowledge Graphs - GraphSummit Paris
Neo4j - Product Vision and Knowledge Graphs - GraphSummit ParisNeo4j - Product Vision and Knowledge Graphs - GraphSummit Paris
Neo4j - Product Vision and Knowledge Graphs - GraphSummit Paris
Neo4j
 
SWEBOK and Education at FUSE Okinawa 2024
SWEBOK and Education at FUSE Okinawa 2024SWEBOK and Education at FUSE Okinawa 2024
SWEBOK and Education at FUSE Okinawa 2024
Hironori Washizaki
 
Graspan: A Big Data System for Big Code Analysis
Graspan: A Big Data System for Big Code AnalysisGraspan: A Big Data System for Big Code Analysis
Graspan: A Big Data System for Big Code Analysis
Aftab Hussain
 
openEuler Case Study - The Journey to Supply Chain Security
openEuler Case Study - The Journey to Supply Chain SecurityopenEuler Case Study - The Journey to Supply Chain Security
openEuler Case Study - The Journey to Supply Chain Security
Shane Coughlan
 
Vitthal Shirke Java Microservices Resume.pdf
Vitthal Shirke Java Microservices Resume.pdfVitthal Shirke Java Microservices Resume.pdf
Vitthal Shirke Java Microservices Resume.pdf
Vitthal Shirke
 

Recently uploaded (20)

LORRAINE ANDREI_LEQUIGAN_HOW TO USE ZOOM
LORRAINE ANDREI_LEQUIGAN_HOW TO USE ZOOMLORRAINE ANDREI_LEQUIGAN_HOW TO USE ZOOM
LORRAINE ANDREI_LEQUIGAN_HOW TO USE ZOOM
 
Using Query Store in Azure PostgreSQL to Understand Query Performance
Using Query Store in Azure PostgreSQL to Understand Query PerformanceUsing Query Store in Azure PostgreSQL to Understand Query Performance
Using Query Store in Azure PostgreSQL to Understand Query Performance
 
GraphSummit Paris - The art of the possible with Graph Technology
GraphSummit Paris - The art of the possible with Graph TechnologyGraphSummit Paris - The art of the possible with Graph Technology
GraphSummit Paris - The art of the possible with Graph Technology
 
Atelier - Innover avec l’IA Générative et les graphes de connaissances
Atelier - Innover avec l’IA Générative et les graphes de connaissancesAtelier - Innover avec l’IA Générative et les graphes de connaissances
Atelier - Innover avec l’IA Générative et les graphes de connaissances
 
UI5con 2024 - Keynote: Latest News about UI5 and it’s Ecosystem
UI5con 2024 - Keynote: Latest News about UI5 and it’s EcosystemUI5con 2024 - Keynote: Latest News about UI5 and it’s Ecosystem
UI5con 2024 - Keynote: Latest News about UI5 and it’s Ecosystem
 
Oracle Database 19c New Features for DBAs and Developers.pptx
Oracle Database 19c New Features for DBAs and Developers.pptxOracle Database 19c New Features for DBAs and Developers.pptx
Oracle Database 19c New Features for DBAs and Developers.pptx
 
What is Master Data Management by PiLog Group
What is Master Data Management by PiLog GroupWhat is Master Data Management by PiLog Group
What is Master Data Management by PiLog Group
 
How to write a program in any programming language
How to write a program in any programming languageHow to write a program in any programming language
How to write a program in any programming language
 
E-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian Companies
E-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian CompaniesE-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian Companies
E-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian Companies
 
A Study of Variable-Role-based Feature Enrichment in Neural Models of Code
A Study of Variable-Role-based Feature Enrichment in Neural Models of CodeA Study of Variable-Role-based Feature Enrichment in Neural Models of Code
A Study of Variable-Role-based Feature Enrichment in Neural Models of Code
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
 
Using Xen Hypervisor for Functional Safety
Using Xen Hypervisor for Functional SafetyUsing Xen Hypervisor for Functional Safety
Using Xen Hypervisor for Functional Safety
 
Hand Rolled Applicative User Validation Code Kata
Hand Rolled Applicative User Validation Code KataHand Rolled Applicative User Validation Code Kata
Hand Rolled Applicative User Validation Code Kata
 
Transform Your Communication with Cloud-Based IVR Solutions
Transform Your Communication with Cloud-Based IVR SolutionsTransform Your Communication with Cloud-Based IVR Solutions
Transform Your Communication with Cloud-Based IVR Solutions
 
Fundamentals of Programming and Language Processors
Fundamentals of Programming and Language ProcessorsFundamentals of Programming and Language Processors
Fundamentals of Programming and Language Processors
 
Neo4j - Product Vision and Knowledge Graphs - GraphSummit Paris
Neo4j - Product Vision and Knowledge Graphs - GraphSummit ParisNeo4j - Product Vision and Knowledge Graphs - GraphSummit Paris
Neo4j - Product Vision and Knowledge Graphs - GraphSummit Paris
 
SWEBOK and Education at FUSE Okinawa 2024
SWEBOK and Education at FUSE Okinawa 2024SWEBOK and Education at FUSE Okinawa 2024
SWEBOK and Education at FUSE Okinawa 2024
 
Graspan: A Big Data System for Big Code Analysis
Graspan: A Big Data System for Big Code AnalysisGraspan: A Big Data System for Big Code Analysis
Graspan: A Big Data System for Big Code Analysis
 
openEuler Case Study - The Journey to Supply Chain Security
openEuler Case Study - The Journey to Supply Chain SecurityopenEuler Case Study - The Journey to Supply Chain Security
openEuler Case Study - The Journey to Supply Chain Security
 
Vitthal Shirke Java Microservices Resume.pdf
Vitthal Shirke Java Microservices Resume.pdfVitthal Shirke Java Microservices Resume.pdf
Vitthal Shirke Java Microservices Resume.pdf
 

Get your instance by name integration of nova, neutron and designate

  • 1. Get your instance by name: integration of Nova, Neutron and Designate @CarlNBaldwin carl.baldwin@hpe.com Kiall Mac Innes kiall@hpe.com Miguel Lavalle malavall@us.ibm.com
  • 2. Agenda ● Background and motivation to integrate Neutron, Nova and Designate ○ DNS in Neutron in Kilo version ● Designate overview ● How was the integration accomplished ● Demo ● Experience in cross project collaboration
  • 3. Background and Motivation ● The error that started it all (I still see this everywhere) ● Floated the idea around in Atlanta and found that there was a lot of interest ○ “I'm mostly so in love with where this is going that I want to marry it.” ■ … a prominent spec reviewer ● So, why did it get stalled for so long? ubuntu@docker20140518: ~ $ sudo id sudo: unable to resolve host docker20140518 uid=0(root) gid=0(root) groups=0(root)
  • 4. Other DNS anomalies in VM’s ● In following VM: $ hostname my-vm ● Other commands don’t work: $ hostname -f hostname: my-vm: Unknown host $ nslookup my-vm Server: 10.0.0.2 Address 1: 10.0.0.2 host-10-0-0-2.openstacklocal nslookup: can't resolve 'my-vm'
  • 6. Neutron’s internal DNS $ neutron port-create ... ReST API RPCNeutron Server DHCP Agent dnsmasq {“port”: “fixed_ips”: [ {“subnet_id”: ... “ip_address”: “10.0.0.4” } ], “mac_address”: “fa:16:3e:c9:cb:f0” } SIGHUP fa:16:3e:c9:cb:f0 10.0.0.4 host-10-0-0-4 host-10-0-0-4.openstacklocal.
  • 7. Agenda ● Background and motivation to integrate Neutron, Nova and Designate ● Designate overview ○ A 10,000ft view ○ Architecture ○ The Basics ○ So, what can you use Designate for? ○ What’s this “Sink” thing? ● How was the integration accomplished ● Demo ● Experience in cross project collaboration
  • 8. Designate, a 10,000ft view ● OpenStack REST API for managing DNS ● Architecturally similar to Nova/Trove/etc - We’re not a DNS server, we just manage them ● Support for two deployment models: ○ On premise - You manage and maintain the DNS servers (PowerDNS or BIND) ○ 3rd party - Support for pushing zone contents to Akamai or DynECT
  • 9. Designate Architecture CentralSink DB Pool Manager Mini DNS Customer Facing DNS Servers Backend Nova / Neutron Zone Manager API (Old)(New)
  • 10. Designate Components Since this isn't a Designate talk, we're going to gloss over most components ● Central - The workhorse, all DB interactions (okay, most) and business logic ● API - End user facing API, a shim to Central that understands REST ● Mini DNS - A pure python DNS server, used exclusively interact with other DNS servers - i.e. to push content to the end user facing DNS servers ● Sink - An old Nova/Neutron event listener, with plugins to act upon notifications like "compute.instance.create" - more on this later ● Customer Facing DNS Servers - BIND, PowerDNS, Akamai, DynECT etc
  • 11. So, what can you use Designate for? ● At its most basic, a REST API to manage DNS zones on a per tenant/project basis ● Acts as a gateway to the DNS server or 3rd parties, making “single tenant” DNS servers multi-tenant ● Slave zones from customer nameservers - i.e. “federate” zones from a customer’s corp NS to the providers pool of NS’s ● Most importantly, it lets you integrate DNS into your cloud provisioning workflow, using the same style of API as Compute, Networking, and so on
  • 12. What’s this “Sink” thing? ● Designate Sink provided some really basic Nova/Neutron integration ● Listens in on the notification events, usually used for ceilometer ● Dispatches the events to registered plugins, which have access to Designate’ s internal RPC APIs ● It was fundamentally flawed as RabbitMQ / oslo.messaging notifications come with no real delivery guarantees, though the trade off was acceptable to some deployments
  • 13. Agenda ● Background and motivation to integrate Neutron, Nova and Designate ○ DNS in Neutron in Kilo version ● Designate overview ● How was the integration accomplished ● Demo ● Experience in cross project collaboration
  • 14. Neutron’s internal DNS: Liberty $ neutron port-create … --dns_name my-name ReST API RPCNeutron Server DHCP Agent dnsmasq {“port”: “fixed_ips”: [ {“subnet_id”: ... “ip_address”: “10.0.0.4” } ], “mac_address”: “fa:16:3e:c9:cb:f0”, “dns_name”: “my-name”, “dns_assignment”: { “hostname”: “my-name”, “ip_address”: “10.0.0.4”, “fqdn”: “my-name.my-domain.org.” } } SIGHUP fa:16:3e:c9:cb:f0 10.0.0.4 my-name my-name.my-domain.org. dns_domain = my-domain.org. neutron.conf
  • 15. Neutron’s internal DNS with Nova: Mitaka $ neutron port-create … --dns_name instance.hostname ReST API RPCNeutron Server DHCP Agent dnsmasq {“port”: “fixed_ips”: [ {“subnet_id”: ... “ip_address”: “10.0.0.4” } ], “mac_address”: “fa:16:3e:c9:cb:f0”, “dns_name”: “my-vm”, “dns_assignment”: { “hostname”: “my-vm”, “ip_address”: “10.0.0.4”, “fqdn”: “my-vm.my-domain.org.” } } SIGHUP fa:16:3e:c9:cb:f0 10.0.0.4 my-vm my-vm.my-domain.org. dns_domain = my-domain.org. neutron.conf Nova compute manager creating instance my_vm
  • 16. DNS anomalies in VM’s solved ● In following VM: $ hostname my-vm ● Commands work correctly: $ sudo id uid=0(root) gid=0(root) groups=0(root),10(wheel) $ hostname -f my-vm $ nslookup my-vm nslookup my-vm Server: 10.0.0.2 Address 1: 10.0.0.2 host-10-0-0-2.my-domain.org Name: my-vm Address 1: fdfa:152b:bc96:0:f816:3eff:fedc:1780 my-vm.my-domain.org Address 2: 10.0.0.4 my-vm.my-domain.org
  • 17. Neutron and Designate integration Use case 1: name and domain belong to instance / port $ neutron net-create my-net --dns_domain my-domain.org. ReST API Neutron Designate {“network”: ... “name”: “my-net”, “dns_domain”: “my-domain.org.”, “id”: “b06b4967-ba73-4567-b060-cf6a9d7ecac6: ... } ReST API
  • 18. ReST API Neutron Designate ReST API $ neutron port-create … --dns_name instance.hostname Nova compute manager creating instance my_vm {“port”: “fixed_ips”: [ {“subnet_id”: ... “ip_address”: “10.0.0.4” } ], “id”: “b9a82377-a89f-4b02-93ec-3573333f70c6”, “dns_name”: “my-vm”, “dns_assignment”: { “hostname”: “my-vm”, “ip_address”: “10.0.0.4”, “fqdn”: “my-vm.my-domain.org.” } } Neutron and Designate integration Use case 1: name and domain belong to instance / port
  • 19. ReST API Neutron Designate ReST API $ neutron floatingip-create … --port_id b9a82377-a89f-4b02-93ec-3573333f70c6 {“floatingip”: “dns_domain”: “”, “dns_name”: “”, “fixed_ip_address”: “10.0.0.4”, “floating_ip_address”: “172.24.4.3”, ... } In zone my-domain.org.: record type: A name: my-vm.my-domain.org. data: 172.24.4.3 In zone 4.24.172.in-addr.arpa. record type: PTR name: 3.4.24.172.in-addr.arpa. data: my-vm.my-domain.org. Neutron and Designate integration Use case 1: name and domain belong to instance / port
  • 20. ReST API Neutron Designate ReST API $ neutron floatingip-create … --port_id b9a82377-a89f-4b02-93ec-3573333f70c6 --dns_name my-fip --dns_domain my-other-domain.org. {“floatingip”: “dns_domain”: “my-other-domain.org”, “dns_name”: “my-fip”, “fixed_ip_address”: “10.0.0.4”, “floating_ip_address”: “172.24.4.4”, ... } In zone my-other-domain.org.: record type: A name: my-fip.my-domain.org. data: 172.24.4.4 In zone 4.24.172.in-addr.arpa. record type: PTR name: 4.4.24.172.in-addr.arpa. data: my-fip.my-domain.org. Neutron and Designate integration Use case 2: name and domain belong to floating ip
  • 21. Neutron and Designate integration Implementation Neutron server ExternalDNSService get_instance create_record_set delete_record_set Designate create_record_set delete_record_set ● Design allows the implementation of different external DNS services drivers. The reference implementation is with Designate ● get_instance loads the driver configured in neutron.conf ● Designate driver uses the Designate python client v2.0 to send requests and receive responses ● create_record_set and delete_record_set in Designate driver instantiate two Designate clients (V2.0): ○ One with the token present in the user request. This client is used to create A and AAAA records ○ The second with admin privileges to
  • 22. Neutron and Designate integration Configuration ● All the configuration is done in neutron.conf ● The external DNS service driver is configured in the [default] section ○ Parameter external_dns_driver ○ The Designate driver is: neutron.services.externaldns.drivers.designate.driver.Designate ● The [designate] section contains the following parameters ○ url: the Designate end point, for example http://23.253.217.34:9001/v2 ○ For the admin user / tenant used for the client that handles PTR records: ■ admin_auth_url: the Keystone end point for admin users authentication, for example http://23.253.217.34:35357/v2.0 ■ admin_username ■ admin_password ■ admin_tenant_id ■ admin_tenant_name ○ allow_reverse_dns_lookup to enable (True) or disable (False) the creation of PTR records
  • 23. Agenda ● Background and motivation to integrate Neutron, Nova and Designate ○ DNS in Neutron in Kilo version ● Designate overview ● How was the integration accomplished ● Demo ● Experience in cross project collaboration
  • 24.
  • 25.
  • 26.
  • 27.
  • 28.
  • 29.
  • 30.
  • 31.
  • 32. Agenda ● Background and motivation to integrate Neutron, Nova and Designate ○ DNS in Neutron in Kilo version ● Designate overview ● How was the integration accomplished ● Demo ● Experience in cross project collaboration
  • 33. Two stages ● Divided the work into two stages to avoid coupling three projects together ● Stage One ○ Getting Nova and Neutron to agree on the instance’s name ○ The IP address hangs off the port. It made sense to us the port as the integration point. ● Stage Two ○ Getting Neutron and Designate to talk ■ Could be any DNS service. It can work along with pluggable IPAM. ○ Neutron Network is associated with the Designate domain
  • 34. Working with Nova ● Nova is a very large project, as is Neutron ● Uncertainty around Nova-net and Neutron ● Nova may have bad bigger fish to fry ○ DNS integration spec, being relatively small, “fell through the cracks” during Liberty
  • 35. Working with Designate ● “Why haven’t we just done this yet?” - Paraphrased from Kiall in Vancouver ● Smaller team looking to grow traction ● DNS is what they do. They were naturally interested. ● From the Neutron developer who wrote the integration with Designate: ○ Designate always available and ready to answer questions and provide guidance ○ The Designate team created a fixed topic in their weekly IRC meeting to track progress, which was very helpful to maintain coordination
  • 36. Working with Neutron ● Who in their right mind… ;) ● Miguel and Carl have been excellent! ● Miguel consistently dropped by the weekly Designate IRC meeting to update the Designate team on progress