The document discusses integrating Neutron, Nova, and Designate to provide DNS services for instances. It summarizes the motivation, outlines how DNS was handled in Neutron prior to integration, provides overviews of Designate and how the integration was accomplished. Key points include:
- DNS errors in instances motivated integration for a consistent user experience
- Neutron previously used its own internal DNS which caused issues
- Designate is an OpenStack DNS service that manages DNS servers without being a DNS server itself
- Integration was done in two stages - getting Nova and Neutron on instance names, then integrating Neutron and Designate
- Collaboration involved dividing work, getting buy-in from larger projects like Nova,
Integration of neutron, nova and designate how to use it and how to configur...Miguel Lavalle
This document discusses integrating Neutron, Nova, and Designate for DNS resolution and configuration. It provides three use cases: 1) floating IPs are published with associated port DNS attributes, 2) floating IPs are published directly in an external DNS service, and 3) ports are published directly in an external DNS service. It also covers configuring Neutron's internal DNS resolution, integrating with an external DNS service like Designate, and potential performance impacts of publishing ports directly to external DNS.
This talk was given in Vancouver B.C. in May 2015 at the OpenStack Summit
If you are an operator or user of DNS come learn about Designate, the DNSaaS provider for OpenStack. We will cover:
Designate Architecture Overview
Designate Use Cases
Exciting features that landed in the Kilo release: Server Pools, MiniDNS, Secondary Zones, and the Agent
Integration with Nova and Neutron
How Designate works with your chosen DNS server
Customization points - API Extensions, Storage Plugins, Backend Plugins
Designate Install and Operate WorkshopGraham Hayes
This document provides instructions for a Designate workshop including requirements and agenda. The requirements include bringing a USB drive with VirtualBox, Vagrant and a 30GB VM disk image. The agenda covers installing Designate, operations like creating and deleting domains and records, configuring Designate with Nova and Neutron for automatic DNS record updates, and how to contribute to Designate.
Designate - DNSaaS for OpenStack - FOSDEM 2014Graham Hayes
Designate is a newly incubated project in OpenStack, for providing an easy to use, integrated DNS service to users of your cloud. We integrate with Nova and Neutron, and allow control of Reverse DNS for floating IPs. Using sink features, we can pull events from the neutron / nova event queue and auto generate DNS entries.
We will show all of this functionality, and talk about the upcoming features, while taking feedback from the community about what else they would like to see provided by Designate.
We will also update the community on the developments of the Mid-Cycle summit (happening the week previously)
Graham Hayes is a member of designate-core, and one of the main architects of our current feature push called server pools, which will allow per user DNS servers, and the ability to run DNS servers at massive scale.
This workshop was given in Vancouver B.C. in May 2015 at the OpenStack Summit
In this interactive workshop, the Designate team will walk attendees through the installation and configuration of Designate on a virtual machine. Attendees will leave with an understanding of the various components of Designate, including the new services such as the MiniDNS and Pool Manager, and with a working single-VM install on their laptops.
Attendees will learn:
Designate Architecture 101
How to Install and Configure Designate
How to perform day to day Designate operations tasks
End user usage of the API, CLI and Horizon UI
Tips and Tricks for using Designate
Contributing to Designate 101
Part 3 - Local Name Resolution in Linux, FreeBSD and macOS/iOSMen and Mice
The focus of this webinar will be to take a deeper look into this local name-resolution system and the implementations for other Unix systems like Linux and FreeBSD. Linux’s new über-Daemon “systemd” supports both mDNS and the Windows LLMNR (Link-Local-Multicast-Name-Resolution). We will also show how well a Systemd-Linux behaves in heterogenous networks running both Windows and macOS.
Google has changed Chrome's code to enforce HTTPS encryption on all ".dev" domains by default. This causes problems for developers who use ".dev" locally without HTTPS. Alternatives for local domain names include subdomains of owned domains, reserved domains like ".test", or protocols besides DNS like LLMNR and mDNS. Unbound and BIND can configure local zones to resolve names without internet access.
Integration of neutron, nova and designate how to use it and how to configur...Miguel Lavalle
This document discusses integrating Neutron, Nova, and Designate for DNS resolution and configuration. It provides three use cases: 1) floating IPs are published with associated port DNS attributes, 2) floating IPs are published directly in an external DNS service, and 3) ports are published directly in an external DNS service. It also covers configuring Neutron's internal DNS resolution, integrating with an external DNS service like Designate, and potential performance impacts of publishing ports directly to external DNS.
This talk was given in Vancouver B.C. in May 2015 at the OpenStack Summit
If you are an operator or user of DNS come learn about Designate, the DNSaaS provider for OpenStack. We will cover:
Designate Architecture Overview
Designate Use Cases
Exciting features that landed in the Kilo release: Server Pools, MiniDNS, Secondary Zones, and the Agent
Integration with Nova and Neutron
How Designate works with your chosen DNS server
Customization points - API Extensions, Storage Plugins, Backend Plugins
Designate Install and Operate WorkshopGraham Hayes
This document provides instructions for a Designate workshop including requirements and agenda. The requirements include bringing a USB drive with VirtualBox, Vagrant and a 30GB VM disk image. The agenda covers installing Designate, operations like creating and deleting domains and records, configuring Designate with Nova and Neutron for automatic DNS record updates, and how to contribute to Designate.
Designate - DNSaaS for OpenStack - FOSDEM 2014Graham Hayes
Designate is a newly incubated project in OpenStack, for providing an easy to use, integrated DNS service to users of your cloud. We integrate with Nova and Neutron, and allow control of Reverse DNS for floating IPs. Using sink features, we can pull events from the neutron / nova event queue and auto generate DNS entries.
We will show all of this functionality, and talk about the upcoming features, while taking feedback from the community about what else they would like to see provided by Designate.
We will also update the community on the developments of the Mid-Cycle summit (happening the week previously)
Graham Hayes is a member of designate-core, and one of the main architects of our current feature push called server pools, which will allow per user DNS servers, and the ability to run DNS servers at massive scale.
This workshop was given in Vancouver B.C. in May 2015 at the OpenStack Summit
In this interactive workshop, the Designate team will walk attendees through the installation and configuration of Designate on a virtual machine. Attendees will leave with an understanding of the various components of Designate, including the new services such as the MiniDNS and Pool Manager, and with a working single-VM install on their laptops.
Attendees will learn:
Designate Architecture 101
How to Install and Configure Designate
How to perform day to day Designate operations tasks
End user usage of the API, CLI and Horizon UI
Tips and Tricks for using Designate
Contributing to Designate 101
Part 3 - Local Name Resolution in Linux, FreeBSD and macOS/iOSMen and Mice
The focus of this webinar will be to take a deeper look into this local name-resolution system and the implementations for other Unix systems like Linux and FreeBSD. Linux’s new über-Daemon “systemd” supports both mDNS and the Windows LLMNR (Link-Local-Multicast-Name-Resolution). We will also show how well a Systemd-Linux behaves in heterogenous networks running both Windows and macOS.
Google has changed Chrome's code to enforce HTTPS encryption on all ".dev" domains by default. This causes problems for developers who use ".dev" locally without HTTPS. Alternatives for local domain names include subdomains of owned domains, reserved domains like ".test", or protocols besides DNS like LLMNR and mDNS. Unbound and BIND can configure local zones to resolve names without internet access.
Part 2 - Local Name Resolution in Windows NetworksMen and Mice
This webinar discusses local name resolution protocols in Windows networks. It focuses on Link Local Multicast Name Resolution (LLMNR) and Peer Name Resolution Protocol (PNRP). LLMNR provides serverless name resolution on the local subnet using multicast queries. PNRP is a peer-to-peer name resolution protocol that operates over IPv6 or IPv4-IPv6 tunnels. The webinar explains how these protocols work, how to configure and use them, and potential security issues to be aware of when using them. It also advertises upcoming Men & Mice training courses on DNS and name resolution topics.
A webinar that looks into the new features that the Windows Server 2016 will offer in the DNS, DHCP and IPv6 space.
Showcase of some of the new stuff using the latest tech preview and the aim is to give administrators a quick overview of the Windows Server 2016 and enough information to decide if early adoption is worthwhile.
Install and Understand DNSSEC in Linux Server running BIND 9 with CHROOT JAIL system and Service.
By Utah Networxs
Follow - @fabioandpires
Follow - @utah_networxs
Encrypted DNS - DNS over TLS / DNS over HTTPSAlex Mayrhofer
Encryption is coming to mainstream DNS. This briefing discusses the history, protocols and architecture of encrypted DNS, specifically DNS over TLS and DNS over HTTPS. It also describes the impact of DoT and DoH on various operational models.
This briefing was given during DNSheads Vienna #5 at the nic.at office in Vienna on Jan 30 2018.
Jaime Piña, @variadico, Software Engineer at Apcera
Microservice issues are networking issues. Fixing code in your app is easy, but the hard part of using microservices is the networking. How do you actually know if you're sending what you think you are? Why does this request fail in my app, but not when I use curl? Is this service very slow or is it up at all?
This talk will help demystify some common problems you might experience while building out your collection of microservices. Once you can find the issue, it becomes way easier to fix.
DNS High-Availability Tools - Open-Source Load Balancing SolutionsMen and Mice
The DNS protocol has built-in high availability for authoritative DNS servers (this will be better explained in the webinar!), but client machines can see a degraded DNS service if a DNS resolver (caching DNS server) is failing.
In this webinar, we will look into how the DNS clients in popular operating systems (Windows, Linux, macOS/iOS) choose the DNS resolver among a list of available servers, and how a DNS resolver service can be made failure-tolerant with open-source solutions such as “dnsdist” from PowerDNS and “relayd” from OpenBSD.
The DNSSEC key signing key (or KSK) of the DNS root zone will be changed in the summer of 2017. During the time between July and October, all DNSSEC validating resolver need to get the new key material.
In this webinar we explain the KSK roll, how DNS resolver will load the new KSK with the RFC 5011 protocol and how a DNS administrator can verify that the new KSK is present in the resolvers configuration.
The Domain Name System (DNS) is a critical part of Internet infrastructure and the largest distributed Internet directory service. DNS translates names to IP addresses, a required process for web navigation, email delivery, and other Internet functions. However, the DNS infrastructure is not secure enough unless the security mechanisms such as Transaction Signatures (TSIG) and DNS Security Extensions (DNSSEC) are implemented. To guarantee the availability and the secure Internet services, it is important for networking professionals to understand DNS concepts, DNS Security, configurations, and operations.
This course will discuss the concept of DNS Operations in detail, mechanisms to authenticate the communication between DNS Servers, mechanisms to establish authenticity, and integrity of DNS data and mechanisms to delegate trust to public keys of third parties. Participant will be involved in Lab exercises and do configurations based on number of scenarios.
The Domain Name System (DNS) is a critical part of Internet infrastructure and the largest distributed Internet directory service. DNS translates names to IP addresses, a required process for web navigation, email delivery, and other Internet functions. However, the DNS infrastructure is not secure enough unless the security mechanisms such as Transaction Signatures (TSIG) and DNS Security Extensions (DNSSEC) are implemented. To guarantee the availability and the secure Internet services, it is important for networking professionals to understand DNS concepts, DNS Security, configurations, and operations.
This course will discuss the concept of DNS Operations in detail, mechanisms to authenticate the communication between DNS Servers, mechanisms to establish authenticity, and integrity of DNS data and mechanisms to delegate trust to public keys of third parties. Participant will be involved in Lab exercises and do configurations based on number of scenarios.
This document summarizes a study of an outage of a company's DNS full-resolvers. During the outage, both of the company's caching nameservers failed for 12 minutes. During this period, clients were unable to resolve hostnames and query rates increased as clients retried requests. When the servers were restored, they received much higher query rates for several seconds as clients flushed their caches. The study found that having multiple DNS resolvers provides redundancy and avoids a complete outage. It also showed that clients unintentionally synchronize, likely due to scheduled tasks on devices, which can lead to spikes in query rates.
It goes without saying that DNS is only as secure as its servers. To ensure the successful and secure operation of a DNS server, secure configuration is paramount.
The new BIND 9 version 9.11 is a major version of the popular DNS server, released in August by ISC.
In this webinar Mr. Carsten Strotmann will demonstrate new features such as:
- Catalog Zones,
- dnssec-keymgr, new *rndc* functions
- CDS/CDNSKEY auto generation
- Negative Trust Anchor
- DNS cookies
-Refuse “any”
-and more.
How to send DNS over anything encryptedMen and Mice
Today, nearly all DNS queries are send unencrypted. This makes DNS vulnerable to eavesdropping by someone with access to the network. The DNS-Privacy group (DPRIVE) inside the Internet Engineering Task Force (IETF), as well as people outside the IETF, are working on new transport protocols to encrypt DNS traffic between DNS clients and resolver.
* DNS over TLS (RFC 7858)
* DNS over DTLS (RFC 8094)
* DNS over HTTP(S) (ID-draft)
* DNS over QUIC (ID-draft)
* DNS over DNSCrypt (outside IETF)
* DNS over TOR (outside IETF)
In this webinar, we will explain the protocols available or discussed inside and outside the IETF, and give some example configurations on how to use this new privacy protocols today.
Kea DHCP – the new open source DHCP server from ISCMen and Mice
This webinar will highlight the differences between the old ISC DHCP and new Kea DHCP (database support, dynamic reconfiguration, performance wins, scripting hooks) and will showcase the Men & Mice Suite as a graphical front-end to both ISC DHCP and Kea to ease the migration.
The Domain Name System (DNS) is a critical part of Internet infrastructure and the largest distributed Internet directory service. DNS translates names to IP addresses, a required process for web navigation, email delivery, and other Internet functions. However, the DNS infrastructure is not secure enough unless the security mechanisms such as Transaction Signatures (TSIG) and DNS Security Extensions (DNSSEC) are implemented. To guarantee the availability and the secure Internet services, it is important for networking professionals to understand DNS concepts, DNS Security, configurations, and operations.
This course will discuss the concept of DNS Operations in detail, mechanisms to authenticate the communication between DNS Servers, mechanisms to establish authenticity, and integrity of DNS data and mechanisms to delegate trust to public keys of third parties. Participant will be involved in Lab exercises and do configurations based on number of scenarios.
This webinar is designed as an easy-to-follow tutorial on DNSSEC signing a zone for DNS admins. Our focus will be on DNSSEC zone signing automation with the Knot DNS Server and BIND 9.
Yeti-DNS is an international research project with the purpose of testing new technologies and procedures in running the Internet root zone. The project runs tests on DNSSEC key rollovers in the root, as well as experimenting with new ways to manage the DNSSEC keys (multiple zone signing keys).
An interview with Shane Kerr, a coordinator for the Yeti-DNS project, forms part of this webinar. The interview sheds light on the technical and political aspects of the project and introduces the latest results from experiments.
The webinar also includes a tutorial on how to use the Yeti-DNS root name servers to configure a BIND 9 DNS resolver in order to take part in the project.
Scaling your logging infrastructure using syslog-ngPeter Czanik
This talk was presented at All Things Open: https://allthingsopen.org/talk/scaling-your-logging-infrastructure/
Event logging is important not only for IT security and operations, but also for business decisions. The syslog-ng application is an enhanced logging daemon, with a focus on central log collection. It collects logs from many different sources, processes and filters them and finally it stores them or routes them for further analysis.
From this session you will learn (using examples from syslog-ng) why and how to parse important information from incoming messages, and how to route logs, feeding downstream systems using arbitrary formats. We will also discuss how the client – relay – server architecture can solve scalability problems. Also, I will present some of the recently introduced “Big Data” destinations of syslog-ng, which can help to scale your infrastructure even further.
Dockerizing the Hard Services: Neutron and Novaclayton_oneill
Talk about the benefits and pitfalls involved in successfully running complex services like Neutron and Nova inside of Docker containers.
Topics include:
* What magic incantations are needed to run these services at all?
* How to prevent HA router failover on service restarts.
* How to prevent network namespaces from breaking everything.
* Bonus: How network namespace fixes also helped fix Cinder NFS backend
This document summarizes a talk about Kubernetes at scale at DigitalOcean. It discusses how DigitalOcean initially used Kubernetes internally through a proprietary platform called DOCC, but has since opened access to Kubernetes and now manages it at a large scale across 20+ clusters. Key points include how they have transitioned to bare metal clusters for better performance and manage configuration of all clusters through a custom tool called Jackrackham.
Part 2 - Local Name Resolution in Windows NetworksMen and Mice
This webinar discusses local name resolution protocols in Windows networks. It focuses on Link Local Multicast Name Resolution (LLMNR) and Peer Name Resolution Protocol (PNRP). LLMNR provides serverless name resolution on the local subnet using multicast queries. PNRP is a peer-to-peer name resolution protocol that operates over IPv6 or IPv4-IPv6 tunnels. The webinar explains how these protocols work, how to configure and use them, and potential security issues to be aware of when using them. It also advertises upcoming Men & Mice training courses on DNS and name resolution topics.
A webinar that looks into the new features that the Windows Server 2016 will offer in the DNS, DHCP and IPv6 space.
Showcase of some of the new stuff using the latest tech preview and the aim is to give administrators a quick overview of the Windows Server 2016 and enough information to decide if early adoption is worthwhile.
Install and Understand DNSSEC in Linux Server running BIND 9 with CHROOT JAIL system and Service.
By Utah Networxs
Follow - @fabioandpires
Follow - @utah_networxs
Encrypted DNS - DNS over TLS / DNS over HTTPSAlex Mayrhofer
Encryption is coming to mainstream DNS. This briefing discusses the history, protocols and architecture of encrypted DNS, specifically DNS over TLS and DNS over HTTPS. It also describes the impact of DoT and DoH on various operational models.
This briefing was given during DNSheads Vienna #5 at the nic.at office in Vienna on Jan 30 2018.
Jaime Piña, @variadico, Software Engineer at Apcera
Microservice issues are networking issues. Fixing code in your app is easy, but the hard part of using microservices is the networking. How do you actually know if you're sending what you think you are? Why does this request fail in my app, but not when I use curl? Is this service very slow or is it up at all?
This talk will help demystify some common problems you might experience while building out your collection of microservices. Once you can find the issue, it becomes way easier to fix.
DNS High-Availability Tools - Open-Source Load Balancing SolutionsMen and Mice
The DNS protocol has built-in high availability for authoritative DNS servers (this will be better explained in the webinar!), but client machines can see a degraded DNS service if a DNS resolver (caching DNS server) is failing.
In this webinar, we will look into how the DNS clients in popular operating systems (Windows, Linux, macOS/iOS) choose the DNS resolver among a list of available servers, and how a DNS resolver service can be made failure-tolerant with open-source solutions such as “dnsdist” from PowerDNS and “relayd” from OpenBSD.
The DNSSEC key signing key (or KSK) of the DNS root zone will be changed in the summer of 2017. During the time between July and October, all DNSSEC validating resolver need to get the new key material.
In this webinar we explain the KSK roll, how DNS resolver will load the new KSK with the RFC 5011 protocol and how a DNS administrator can verify that the new KSK is present in the resolvers configuration.
The Domain Name System (DNS) is a critical part of Internet infrastructure and the largest distributed Internet directory service. DNS translates names to IP addresses, a required process for web navigation, email delivery, and other Internet functions. However, the DNS infrastructure is not secure enough unless the security mechanisms such as Transaction Signatures (TSIG) and DNS Security Extensions (DNSSEC) are implemented. To guarantee the availability and the secure Internet services, it is important for networking professionals to understand DNS concepts, DNS Security, configurations, and operations.
This course will discuss the concept of DNS Operations in detail, mechanisms to authenticate the communication between DNS Servers, mechanisms to establish authenticity, and integrity of DNS data and mechanisms to delegate trust to public keys of third parties. Participant will be involved in Lab exercises and do configurations based on number of scenarios.
The Domain Name System (DNS) is a critical part of Internet infrastructure and the largest distributed Internet directory service. DNS translates names to IP addresses, a required process for web navigation, email delivery, and other Internet functions. However, the DNS infrastructure is not secure enough unless the security mechanisms such as Transaction Signatures (TSIG) and DNS Security Extensions (DNSSEC) are implemented. To guarantee the availability and the secure Internet services, it is important for networking professionals to understand DNS concepts, DNS Security, configurations, and operations.
This course will discuss the concept of DNS Operations in detail, mechanisms to authenticate the communication between DNS Servers, mechanisms to establish authenticity, and integrity of DNS data and mechanisms to delegate trust to public keys of third parties. Participant will be involved in Lab exercises and do configurations based on number of scenarios.
This document summarizes a study of an outage of a company's DNS full-resolvers. During the outage, both of the company's caching nameservers failed for 12 minutes. During this period, clients were unable to resolve hostnames and query rates increased as clients retried requests. When the servers were restored, they received much higher query rates for several seconds as clients flushed their caches. The study found that having multiple DNS resolvers provides redundancy and avoids a complete outage. It also showed that clients unintentionally synchronize, likely due to scheduled tasks on devices, which can lead to spikes in query rates.
It goes without saying that DNS is only as secure as its servers. To ensure the successful and secure operation of a DNS server, secure configuration is paramount.
The new BIND 9 version 9.11 is a major version of the popular DNS server, released in August by ISC.
In this webinar Mr. Carsten Strotmann will demonstrate new features such as:
- Catalog Zones,
- dnssec-keymgr, new *rndc* functions
- CDS/CDNSKEY auto generation
- Negative Trust Anchor
- DNS cookies
-Refuse “any”
-and more.
How to send DNS over anything encryptedMen and Mice
Today, nearly all DNS queries are send unencrypted. This makes DNS vulnerable to eavesdropping by someone with access to the network. The DNS-Privacy group (DPRIVE) inside the Internet Engineering Task Force (IETF), as well as people outside the IETF, are working on new transport protocols to encrypt DNS traffic between DNS clients and resolver.
* DNS over TLS (RFC 7858)
* DNS over DTLS (RFC 8094)
* DNS over HTTP(S) (ID-draft)
* DNS over QUIC (ID-draft)
* DNS over DNSCrypt (outside IETF)
* DNS over TOR (outside IETF)
In this webinar, we will explain the protocols available or discussed inside and outside the IETF, and give some example configurations on how to use this new privacy protocols today.
Kea DHCP – the new open source DHCP server from ISCMen and Mice
This webinar will highlight the differences between the old ISC DHCP and new Kea DHCP (database support, dynamic reconfiguration, performance wins, scripting hooks) and will showcase the Men & Mice Suite as a graphical front-end to both ISC DHCP and Kea to ease the migration.
The Domain Name System (DNS) is a critical part of Internet infrastructure and the largest distributed Internet directory service. DNS translates names to IP addresses, a required process for web navigation, email delivery, and other Internet functions. However, the DNS infrastructure is not secure enough unless the security mechanisms such as Transaction Signatures (TSIG) and DNS Security Extensions (DNSSEC) are implemented. To guarantee the availability and the secure Internet services, it is important for networking professionals to understand DNS concepts, DNS Security, configurations, and operations.
This course will discuss the concept of DNS Operations in detail, mechanisms to authenticate the communication between DNS Servers, mechanisms to establish authenticity, and integrity of DNS data and mechanisms to delegate trust to public keys of third parties. Participant will be involved in Lab exercises and do configurations based on number of scenarios.
This webinar is designed as an easy-to-follow tutorial on DNSSEC signing a zone for DNS admins. Our focus will be on DNSSEC zone signing automation with the Knot DNS Server and BIND 9.
Yeti-DNS is an international research project with the purpose of testing new technologies and procedures in running the Internet root zone. The project runs tests on DNSSEC key rollovers in the root, as well as experimenting with new ways to manage the DNSSEC keys (multiple zone signing keys).
An interview with Shane Kerr, a coordinator for the Yeti-DNS project, forms part of this webinar. The interview sheds light on the technical and political aspects of the project and introduces the latest results from experiments.
The webinar also includes a tutorial on how to use the Yeti-DNS root name servers to configure a BIND 9 DNS resolver in order to take part in the project.
Scaling your logging infrastructure using syslog-ngPeter Czanik
This talk was presented at All Things Open: https://allthingsopen.org/talk/scaling-your-logging-infrastructure/
Event logging is important not only for IT security and operations, but also for business decisions. The syslog-ng application is an enhanced logging daemon, with a focus on central log collection. It collects logs from many different sources, processes and filters them and finally it stores them or routes them for further analysis.
From this session you will learn (using examples from syslog-ng) why and how to parse important information from incoming messages, and how to route logs, feeding downstream systems using arbitrary formats. We will also discuss how the client – relay – server architecture can solve scalability problems. Also, I will present some of the recently introduced “Big Data” destinations of syslog-ng, which can help to scale your infrastructure even further.
Dockerizing the Hard Services: Neutron and Novaclayton_oneill
Talk about the benefits and pitfalls involved in successfully running complex services like Neutron and Nova inside of Docker containers.
Topics include:
* What magic incantations are needed to run these services at all?
* How to prevent HA router failover on service restarts.
* How to prevent network namespaces from breaking everything.
* Bonus: How network namespace fixes also helped fix Cinder NFS backend
This document summarizes a talk about Kubernetes at scale at DigitalOcean. It discusses how DigitalOcean initially used Kubernetes internally through a proprietary platform called DOCC, but has since opened access to Kubernetes and now manages it at a large scale across 20+ clusters. Key points include how they have transitioned to bare metal clusters for better performance and manage configuration of all clusters through a custom tool called Jackrackham.
Banog meetup August 30th, network device property as codeDamien Garros
Managing Network Device Properties as Code:
Device configuration templates have simplified a lot of things for the network industry but most people are still managing their device properties (aka variables) manually which is very tedious and error prone. This talk will present a new approach to generate and manage network device properties easily using infrastructure as code principles.
Netflix Open Source Meetup Season 4 Episode 2aspyker
In this episode, we will take a close look at 2 different approaches to high-throughput/low-latency data stores, developed by Netflix.
The first, EVCache, is a battle-tested distributed memcached-backed data store, optimized for the cloud. You will also hear about the road ahead for EVCache it evolves into an L1/L2 cache over RAM and SSDs.
The second, Dynomite, is a framework to make any non-distributed data-store, distributed. Netflix's first implementation of Dynomite is based on Redis.
Come learn about the products' features and hear from Thomson and Reuters, Diego Pacheco from Ilegra and other third party speakers, internal and external to Netflix, on how these products fit in their stack and roadmap.
Clusternaut: Orchestrating Percona XtraDB Cluster with Kubernetes.Raghavendra Prabhu
The talk presented at MySQL & Friends devroom at FOSDEM 2016 in Brussels: https://fosdem.org/2016/schedule/event/clusternaut/
Devroom: https://fosdem.org/2016/schedule/track/mysql_and_friends/
Second Skin: Real-Time Retheming a Legacy Web Application with Diazo in the C...Chris Shenton
Presentation for PloneConf2017 in Barcelona. Backend tools used to develop and deploy the Diazo theme engine, for front- and back-end developers. Toolchain including build, tests, continuous integration, and deployment to a high-availability AWS cloud cluster. AWS cloudformation creation of the cluster.
This document provides an introduction to cloud computing and OpenStack. It defines cloud computing and its service models (IaaS, PaaS, SaaS). It discusses public, private and hybrid cloud deployments. It also covers OpenStack components, how to install and use OpenStack, common OpenStack implementations, and hypervisors.
Connect Everything with NATS - Cloud Expo Europewallyqs
NATS is a high performance publish/subscribe messaging system that has as one of its main goals connecting services in the simplest, most secure and reliable way possible.
The project has a long history of being part of production deployments as the core component for the internal communication of a distributed system, and in its latest release NATS v2.0, its feature set was enhanced so that it can also be used to create a global and decentralized communication network.
Docker in Production - Stateful ServicesKontena, Inc.
This document discusses running stateful applications in Docker containers. It describes three common approaches: mounting host directories, creating dedicated data volumes, and using Docker volume drivers. It then explains how the Kontena platform automates and simplifies managing stateful services with Docker by automatically creating data volumes and handling data persistence when services are rescheduled. Finally, it provides examples of running MongoDB and MariaDB clusters with stateful persistence using Kontena.
New Jersey Red Hat Users Group Presentation: Provisioning anywhereRodrique Heron
This presentation is from the October 10, 2017, Red Hat Users Group meeting. Please check us out on meetup.com.
https://www.meetup.com/NorthernNJRHUG
Tools like Docker and Ansible enable new capabilities and speed, and this session will help you and your organization to put it all in context and be more successful and collaborative than ever before.
This session will provide both practical advice to improve your organization's provisioning process, as well as discuss best practices to achieve the much sought-after "push button infrastructure" across multi-cloud environments.
Provisioning means more than simply deploying VMs (or cloud instances) and participants will leave this session with a fresh understanding of the various aspects that go into providing a reliable, flexible and portable platform to their businesses' workloads.
Our Speaker: Andre Pitanga, Red Hat Solutions Architect
Andre is at heart just a chill and optimistic guy. He's delivered agile infrastructure projects with some of the world's biggest banks, financial analytics and media companies, but he swears he didn't break anything. When not reviewing or writing Ansible playbooks, he can be found working shoulder-to-shoulder with his awesome clients to build better platforms the open source way.
The document provides an overview of DNS (Domain Name System) security. It begins with introductions and defines DNS as the core internet protocol that converts domain names to IP addresses. It then discusses some security issues with DNS like hijacking and cache poisoning since DNS data is not encrypted or authenticated. It provides examples of how DNS works through a system of delegation from the root zone down. It explains how DNSSEC aims to address security but has limitations. The document demonstrates DNSSEC in action by showing signed responses from the root zone down to an example domain.
An introduction to Netty. A powerful framework to develop networking applications.
This is suppose to be followed as hands on training, as the exercises on the slides imply, but can be also used an introduction guidance.
This document provides an overview of Netty, an asynchronous event-driven network application framework for Java. It discusses key Netty concepts like the event loop, channels, pipelines and handlers. It also provides examples of building an echo server and client with Netty. Additionally, it mentions several large companies that use Netty in production and open-source projects built with Netty. Finally, it discusses some alternative solutions to Netty like ServiceTalk, Armeria and Reactor Netty that provide additional features on top of the Netty core.
Terraforming your Infrastructure on GCPSamuel Chow
A talk I gave at the Google Cloud Platform LA Meetup event at Google Playa Vista on Nov 6, 2019. This is a 1+ hour-long, tutorial-oriented talk on Infrastructure as Code (IaC), Terraform (as a toolset for IaC and modern devops), and leverage the practice and tools in defining, deploying, and managing your infrastructure in GCP.
DNSSEC Tutorial, by Champika Wijayatunga [APNIC 38]APNIC
This document provides an overview of DNSSEC (Domain Name System Security Extensions). It discusses how DNSSEC introduces digital signatures to cryptographically protect DNS data and prevent man-in-the-middle attacks. It also describes some common DNS record types used in DNSSEC like DNSKEY, RRSIG, and DS. The document notes that while DNSSEC deployment has increased in top-level domains and root servers, adoption remains low at the second-level domain level, and more work is still needed for full deployment.
Traefik on Kubernetes at MySocialApp (CNCF Paris Meetup)Pierre Mavro
This document discusses using Traefik as an ingress controller on Kubernetes to route traffic to applications running on a Kubernetes cluster. It provides details on Traefik's features like load balancing, SSL termination, and integration with Let's Encrypt for automatic SSL certificate management. It also describes how the presenter's company MySocialApp uses Traefik on their Kubernetes infrastructure, including configuration with annotations, support for high availability, and using Consul for storage and distributed locking. The document offers advice on dealing with Let's Encrypt rate limiting and using a CDN like Cloudflare to help mitigate those issues in a production environment.
The Icehouse release of OpenStack focused on improving the user experience and operational capabilities. It included stability enhancements and bug fixes for core projects like Nova, Neutron, Glance, Cinder, and Swift. New features were added for many services, such as scheduler improvements in Nova, policy-based storage in Swift, and alarming capabilities in Ceilometer. The release also incubated several new projects, including Sahara, Barbican, Marconi, and continued development of TripleO, Ironic, and other underlying projects.
Zoom is a comprehensive platform designed to connect individuals and teams efficiently. With its user-friendly interface and powerful features, Zoom has become a go-to solution for virtual communication and collaboration. It offers a range of tools, including virtual meetings, team chat, VoIP phone systems, online whiteboards, and AI companions, to streamline workflows and enhance productivity.
Using Query Store in Azure PostgreSQL to Understand Query PerformanceGrant Fritchey
Microsoft has added an excellent new extension in PostgreSQL on their Azure Platform. This session, presented at Posette 2024, covers what Query Store is and the types of information you can get out of it.
GraphSummit Paris - The art of the possible with Graph TechnologyNeo4j
Sudhir Hasbe, Chief Product Officer, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
Atelier - Innover avec l’IA Générative et les graphes de connaissancesNeo4j
Atelier - Innover avec l’IA Générative et les graphes de connaissances
Allez au-delà du battage médiatique autour de l’IA et découvrez des techniques pratiques pour utiliser l’IA de manière responsable à travers les données de votre organisation. Explorez comment utiliser les graphes de connaissances pour augmenter la précision, la transparence et la capacité d’explication dans les systèmes d’IA générative. Vous partirez avec une expérience pratique combinant les relations entre les données et les LLM pour apporter du contexte spécifique à votre domaine et améliorer votre raisonnement.
Amenez votre ordinateur portable et nous vous guiderons sur la mise en place de votre propre pile d’IA générative, en vous fournissant des exemples pratiques et codés pour démarrer en quelques minutes.
UI5con 2024 - Keynote: Latest News about UI5 and it’s EcosystemPeter Muessig
Learn about the latest innovations in and around OpenUI5/SAPUI5: UI5 Tooling, UI5 linter, UI5 Web Components, Web Components Integration, UI5 2.x, UI5 GenAI.
Recording:
https://www.youtube.com/live/MSdGLG2zLy8?si=INxBHTqkwHhxV5Ta&t=0
What is Master Data Management by PiLog Groupaymanquadri279
PiLog Group's Master Data Record Manager (MDRM) is a sophisticated enterprise solution designed to ensure data accuracy, consistency, and governance across various business functions. MDRM integrates advanced data management technologies to cleanse, classify, and standardize master data, thereby enhancing data quality and operational efficiency.
E-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian CompaniesQuickdice ERP
Explore the seamless transition to e-invoicing with this comprehensive guide tailored for Saudi Arabian businesses. Navigate the process effortlessly with step-by-step instructions designed to streamline implementation and enhance efficiency.
A Study of Variable-Role-based Feature Enrichment in Neural Models of CodeAftab Hussain
Understanding variable roles in code has been found to be helpful by students
in learning programming -- could variable roles help deep neural models in
performing coding tasks? We do an exploratory study.
- These are slides of the talk given at InteNSE'23: The 1st International Workshop on Interpretability and Robustness in Neural Software Engineering, co-located with the 45th International Conference on Software Engineering, ICSE 2023, Melbourne Australia
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
Hand Rolled Applicative User ValidationCode KataPhilip Schwarz
Could you use a simple piece of Scala validation code (granted, a very simplistic one too!) that you can rewrite, now and again, to refresh your basic understanding of Applicative operators <*>, <*, *>?
The goal is not to write perfect code showcasing validation, but rather, to provide a small, rough-and ready exercise to reinforce your muscle-memory.
Despite its grandiose-sounding title, this deck consists of just three slides showing the Scala 3 code to be rewritten whenever the details of the operators begin to fade away.
The code is my rough and ready translation of a Haskell user-validation program found in a book called Finding Success (and Failure) in Haskell - Fall in love with applicative functors.
Transform Your Communication with Cloud-Based IVR SolutionsTheSMSPoint
Discover the power of Cloud-Based IVR Solutions to streamline communication processes. Embrace scalability and cost-efficiency while enhancing customer experiences with features like automated call routing and voice recognition. Accessible from anywhere, these solutions integrate seamlessly with existing systems, providing real-time analytics for continuous improvement. Revolutionize your communication strategy today with Cloud-Based IVR Solutions. Learn more at: https://thesmspoint.com/channel/cloud-telephony
Neo4j - Product Vision and Knowledge Graphs - GraphSummit ParisNeo4j
Dr. Jesús Barrasa, Head of Solutions Architecture for EMEA, Neo4j
Découvrez les dernières innovations de Neo4j, et notamment les dernières intégrations cloud et les améliorations produits qui font de Neo4j un choix essentiel pour les développeurs qui créent des applications avec des données interconnectées et de l’IA générative.
Takashi Kobayashi and Hironori Washizaki, "SWEBOK Guide and Future of SE Education," First International Symposium on the Future of Software Engineering (FUSE), June 3-6, 2024, Okinawa, Japan
Graspan: A Big Data System for Big Code AnalysisAftab Hussain
We built a disk-based parallel graph system, Graspan, that uses a novel edge-pair centric computation model to compute dynamic transitive closures on very large program graphs.
We implement context-sensitive pointer/alias and dataflow analyses on Graspan. An evaluation of these analyses on large codebases such as Linux shows that their Graspan implementations scale to millions of lines of code and are much simpler than their original implementations.
These analyses were used to augment the existing checkers; these augmented checkers found 132 new NULL pointer bugs and 1308 unnecessary NULL tests in Linux 4.4.0-rc5, PostgreSQL 8.3.9, and Apache httpd 2.2.18.
- Accepted in ASPLOS ‘17, Xi’an, China.
- Featured in the tutorial, Systemized Program Analyses: A Big Data Perspective on Static Analysis Scalability, ASPLOS ‘17.
- Invited for presentation at SoCal PLS ‘16.
- Invited for poster presentation at PLDI SRC ‘16.
Software Engineering, Software Consulting, Tech Lead, Spring Boot, Spring Cloud, Spring Core, Spring JDBC, Spring Transaction, Spring MVC, OpenShift Cloud Platform, Kafka, REST, SOAP, LLD & HLD.
Get your instance by name integration of nova, neutron and designate
1. Get your instance by name: integration
of Nova, Neutron and Designate
@CarlNBaldwin carl.baldwin@hpe.com
Kiall Mac Innes kiall@hpe.com
Miguel Lavalle malavall@us.ibm.com
2. Agenda
● Background and motivation to integrate Neutron, Nova and Designate
○ DNS in Neutron in Kilo version
● Designate overview
● How was the integration accomplished
● Demo
● Experience in cross project collaboration
3. Background and Motivation
● The error that started it all (I still see this everywhere)
● Floated the idea around in Atlanta and found that there was a lot of interest
○ “I'm mostly so in love with where this is going that I want to marry it.”
■ … a prominent spec reviewer
● So, why did it get stalled for so long?
ubuntu@docker20140518: ~ $ sudo id
sudo: unable to resolve host docker20140518
uid=0(root) gid=0(root) groups=0(root)
4. Other DNS anomalies in VM’s
● In following VM:
$ hostname
my-vm
● Other commands don’t work:
$ hostname -f
hostname: my-vm: Unknown host
$ nslookup my-vm
Server: 10.0.0.2
Address 1: 10.0.0.2 host-10-0-0-2.openstacklocal
nslookup: can't resolve 'my-vm'
7. Agenda
● Background and motivation to integrate Neutron, Nova and Designate
● Designate overview
○ A 10,000ft view
○ Architecture
○ The Basics
○ So, what can you use Designate for?
○ What’s this “Sink” thing?
● How was the integration accomplished
● Demo
● Experience in cross project collaboration
8. Designate, a 10,000ft view
● OpenStack REST API for managing DNS
● Architecturally similar to Nova/Trove/etc - We’re not a DNS server, we just
manage them
● Support for two deployment models:
○ On premise - You manage and maintain the DNS servers (PowerDNS or BIND)
○ 3rd party - Support for pushing zone contents to Akamai or DynECT
10. Designate Components
Since this isn't a Designate talk, we're going to gloss over most components
● Central - The workhorse, all DB interactions (okay, most) and business logic
● API - End user facing API, a shim to Central that understands REST
● Mini DNS - A pure python DNS server, used exclusively interact with other
DNS servers - i.e. to push content to the end user facing DNS servers
● Sink - An old Nova/Neutron event listener, with plugins to act upon
notifications like "compute.instance.create" - more on this later
● Customer Facing DNS Servers - BIND, PowerDNS, Akamai, DynECT etc
11. So, what can you use Designate for?
● At its most basic, a REST API to manage DNS zones on a per tenant/project
basis
● Acts as a gateway to the DNS server or 3rd parties, making “single tenant”
DNS servers multi-tenant
● Slave zones from customer nameservers - i.e. “federate” zones from a
customer’s corp NS to the providers pool of NS’s
● Most importantly, it lets you integrate DNS into your cloud provisioning
workflow, using the same style of API as Compute, Networking, and so on
12. What’s this “Sink” thing?
● Designate Sink provided some really basic Nova/Neutron integration
● Listens in on the notification events, usually used for ceilometer
● Dispatches the events to registered plugins, which have access to Designate’
s internal RPC APIs
● It was fundamentally flawed as RabbitMQ / oslo.messaging notifications
come with no real delivery guarantees, though the trade off was acceptable to
some deployments
13. Agenda
● Background and motivation to integrate Neutron, Nova and Designate
○ DNS in Neutron in Kilo version
● Designate overview
● How was the integration accomplished
● Demo
● Experience in cross project collaboration
16. DNS anomalies in VM’s solved
● In following VM:
$ hostname
my-vm
● Commands work correctly:
$ sudo id
uid=0(root) gid=0(root) groups=0(root),10(wheel)
$ hostname -f
my-vm
$ nslookup my-vm
nslookup my-vm
Server: 10.0.0.2
Address 1: 10.0.0.2 host-10-0-0-2.my-domain.org
Name: my-vm
Address 1: fdfa:152b:bc96:0:f816:3eff:fedc:1780 my-vm.my-domain.org
Address 2: 10.0.0.4 my-vm.my-domain.org
17. Neutron and Designate integration
Use case 1: name and domain belong to instance / port
$ neutron net-create my-net
--dns_domain my-domain.org.
ReST API
Neutron Designate
{“network”:
...
“name”: “my-net”,
“dns_domain”: “my-domain.org.”,
“id”: “b06b4967-ba73-4567-b060-cf6a9d7ecac6:
...
}
ReST API
18. ReST API
Neutron Designate
ReST API
$ neutron port-create …
--dns_name instance.hostname
Nova compute manager
creating instance my_vm
{“port”:
“fixed_ips”: [
{“subnet_id”: ...
“ip_address”: “10.0.0.4”
}
],
“id”: “b9a82377-a89f-4b02-93ec-3573333f70c6”,
“dns_name”: “my-vm”,
“dns_assignment”: {
“hostname”: “my-vm”,
“ip_address”: “10.0.0.4”,
“fqdn”: “my-vm.my-domain.org.”
}
}
Neutron and Designate integration
Use case 1: name and domain belong to instance / port
19. ReST API
Neutron Designate
ReST API
$ neutron floatingip-create …
--port_id b9a82377-a89f-4b02-93ec-3573333f70c6
{“floatingip”:
“dns_domain”: “”,
“dns_name”: “”,
“fixed_ip_address”: “10.0.0.4”,
“floating_ip_address”: “172.24.4.3”,
...
}
In zone my-domain.org.:
record type: A
name: my-vm.my-domain.org.
data: 172.24.4.3
In zone 4.24.172.in-addr.arpa.
record type: PTR
name: 3.4.24.172.in-addr.arpa.
data: my-vm.my-domain.org.
Neutron and Designate integration
Use case 1: name and domain belong to instance / port
20. ReST API
Neutron Designate
ReST API
$ neutron floatingip-create …
--port_id b9a82377-a89f-4b02-93ec-3573333f70c6
--dns_name my-fip
--dns_domain my-other-domain.org.
{“floatingip”:
“dns_domain”: “my-other-domain.org”,
“dns_name”: “my-fip”,
“fixed_ip_address”: “10.0.0.4”,
“floating_ip_address”: “172.24.4.4”,
...
}
In zone my-other-domain.org.:
record type: A
name: my-fip.my-domain.org.
data: 172.24.4.4
In zone 4.24.172.in-addr.arpa.
record type: PTR
name: 4.4.24.172.in-addr.arpa.
data: my-fip.my-domain.org.
Neutron and Designate integration
Use case 2: name and domain belong to floating ip
21. Neutron and Designate integration
Implementation
Neutron server
ExternalDNSService
get_instance
create_record_set
delete_record_set
Designate
create_record_set
delete_record_set
● Design allows the implementation of
different external DNS services drivers.
The reference implementation is with
Designate
● get_instance loads the driver configured in
neutron.conf
● Designate driver uses the Designate
python client v2.0 to send requests and
receive responses
● create_record_set and delete_record_set
in Designate driver instantiate two
Designate clients (V2.0):
○ One with the token present in the
user request. This client is used to
create A and AAAA records
○ The second with admin privileges to
22. Neutron and Designate integration
Configuration
● All the configuration is done in neutron.conf
● The external DNS service driver is configured in the [default] section
○ Parameter external_dns_driver
○ The Designate driver is: neutron.services.externaldns.drivers.designate.driver.Designate
● The [designate] section contains the following parameters
○ url: the Designate end point, for example http://23.253.217.34:9001/v2
○ For the admin user / tenant used for the client that handles PTR records:
■ admin_auth_url: the Keystone end point for admin users authentication, for example
http://23.253.217.34:35357/v2.0
■ admin_username
■ admin_password
■ admin_tenant_id
■ admin_tenant_name
○ allow_reverse_dns_lookup to enable (True) or disable (False) the creation of PTR records
23. Agenda
● Background and motivation to integrate Neutron, Nova and Designate
○ DNS in Neutron in Kilo version
● Designate overview
● How was the integration accomplished
● Demo
● Experience in cross project collaboration
24.
25.
26.
27.
28.
29.
30.
31.
32. Agenda
● Background and motivation to integrate Neutron, Nova and Designate
○ DNS in Neutron in Kilo version
● Designate overview
● How was the integration accomplished
● Demo
● Experience in cross project collaboration
33. Two stages
● Divided the work into two stages to avoid coupling three projects together
● Stage One
○ Getting Nova and Neutron to agree on the instance’s name
○ The IP address hangs off the port. It made sense to us the port as the integration point.
● Stage Two
○ Getting Neutron and Designate to talk
■ Could be any DNS service. It can work along with pluggable IPAM.
○ Neutron Network is associated with the Designate domain
34. Working with Nova
● Nova is a very large project, as is Neutron
● Uncertainty around Nova-net and Neutron
● Nova may have bad bigger fish to fry
○ DNS integration spec, being relatively small, “fell through the cracks” during Liberty
35. Working with Designate
● “Why haven’t we just done this yet?” - Paraphrased from Kiall in Vancouver
● Smaller team looking to grow traction
● DNS is what they do. They were naturally interested.
● From the Neutron developer who wrote the integration with Designate:
○ Designate always available and ready to answer questions and provide guidance
○ The Designate team created a fixed topic in their weekly IRC meeting to track progress, which
was very helpful to maintain coordination
36. Working with Neutron
● Who in their right mind… ;)
● Miguel and Carl have been excellent!
● Miguel consistently dropped by the weekly Designate IRC meeting to update
the Designate team on progress