Red Hat SummitChapter 3. Install and Configure PowerDNS
These steps install PowerDNS, and then configure integration with DNSaaS.
3.1. Install PowerDNS
1. Install but disable the EPEL repository:
cd /root curl -O https://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-5.noarch.rpm yum -y install epel-release-7-5.noarch.rpm yum-config-manager --disable epel
# cd /root
# curl -O https://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-5.noarch.rpm
# yum -y install epel-release-7-5.noarch.rpm
# yum-config-manager --disable epel2. Install the PowerDNS and MySQL backends:
yum -y --enablerepo=epel install pdns pdns-backend-mysql bind-utils
# yum -y --enablerepo=epel install pdns pdns-backend-mysql bind-utils
3. Create the PowerDNS database. Update the IDENTIFIED BY 'ComplexAlphanumericPassword' value to suit your environment.
3.2. Configure PowerDNS
1. Update the local-address and mysql-password values in the /etc/pdns/pdns.conf file to suit your environment:
2. Configure the DNSaaS pool target for PowerDNS:
Remember to update your database password as needed. See the portion containing the string: ComplexAlphanumericPassword
openstack-config --set /etc/designate/designate.conf pool_target:$target_id type powerdns openstack-config --set /etc/designate/designate.conf pool_target:$target_id options "connection: mysql://designate:ComplexAlphanumericPassword@192.168.100.20/designate_pdns?charset=utf8" openstack-config --set /etc/designate/designate.conf pool_target:$target_id masters 192.168.100.20:5354
# openstack-config --set /etc/designate/designate.conf pool_target:$target_id type powerdns
# openstack-config --set /etc/designate/designate.conf pool_target:$target_id options "connection: mysql://designate:ComplexAlphanumericPassword@192.168.100.20/designate_pdns?charset=utf8"
# openstack-config --set /etc/designate/designate.conf pool_target:$target_id masters 192.168.100.20:53543. Sync your database: This creates the table structure for PowerDNS in its database.
designate-manage powerdns sync $target_id
# designate-manage powerdns sync $target_id4. Restart DNSaaS to apply the pool changes:
systemctl restart designate-api systemctl restart designate-central systemctl restart designate-mdns systemctl restart designate-pool-manager systemctl restart designate-sink
# systemctl restart designate-api
# systemctl restart designate-central
# systemctl restart designate-mdns
# systemctl restart designate-pool-manager
# systemctl restart designate-sink4. Start and enable the PowerDNS service:
systemctl enable pdns systemctl start pdns
# systemctl enable pdns
# systemctl start pdns5. Test PowerDNS:
netstat -tap | grep pdns netstat -tulpn | grep 53 dig @192.168.100.20
# netstat -tap | grep pdns
# netstat -tulpn | grep 53
# dig @192.168.100.203.3. Troubleshooting
You can review the DNSaaS logs for any error messages:
3.4. Test DNSaaS integration with PowerDNS
1. Create your DNS server record (don’t forget the . at the end of the --name option)
designate server-list designate server-create --name $(hostname).
# designate server-list
# designate server-create --name $(hostname).
2. Create a domain (don’t forget the . at the end of the --name option)
designate domain-list designate domain-create --name example.com. --email root@example.com
# designate domain-list
# designate domain-create --name example.com. --email root@example.com
3. Create a record and test lookup (don’t forget the . at the end of the --name option)
DOMAINID=$(designate domain-list | grep example.com | awk '{print $2}')
designate record-create --name server1.example.com. --type A --data 1.2.3.4 $DOMAINID
dig +short -p 53 @192.168.100.20 server1.example.com A
# DOMAINID=$(designate domain-list | grep example.com | awk '{print $2}')
# designate record-create --name server1.example.com. --type A --data 1.2.3.4 $DOMAINID
# dig +short -p 53 @192.168.100.20 server1.example.com A3.5. Configure auto-generation of DNS records (nova fixed and neutron floating)
The DNSaaS Sink listens to Compute and OpenStack Networking notifications, and will take action based on them. You completed the majority of the configuration in the previous steps, however, you need to specify which domain DNSaaS should use for the auto-generation of DNS entries.
1. Modify the DNSaaS configuration for the example domain:
2. Test Compute (nova) record creation:
Here you will follow a normal nova boot procedure. This step can be performed from the OpenStack Dashboard if preferred. Also, any Image Service (glance) image should work.
This step assumes you have already validated that your OpenStack environment works without DNSaaS. You must already be able to boot instances, assign floating IP addresses, and have functional networking.
glance image-list neutron net-list nova boot testserver --flavor m1.tiny --image cirros-0.3.4-x86_64 --key-name yourkey --security-groups default --nic net-id=<Private Net ID>
# glance image-list
# neutron net-list
# nova boot testserver --flavor m1.tiny --image cirros-0.3.4-x86_64 --key-name yourkey --security-groups default --nic net-id=<Private Net ID>
3. Review the Sink log: Make certain your instance has moved into an active status (using nova list; nova console-log testserver). Once up, you should see a create_record entry if it has picked up the notification correctly.
tail /var/log/designate/sink.log
# tail /var/log/designate/sink.logCheck in PDNS:
dig +short @192.168.100.20 testserver.example.com
# dig +short @192.168.100.20 testserver.example.comIf this test doesn’t work as expected, you can also check directly in the database:
mysql
# mysql
use designate_pdns;
show tables;
select * from records;
quit;3.6. Test OpenStack Networking (neutron) floating IP record creation
Run the command below to test the creation of a floating IP record (replace pubnet1 with a name appropriate for your environment):
FLOATINGIP=$(neutron floatingip-create pubnet1 | grep floating_ip_address | awk '{print $4}')
nova add-floating-ip testserver $FLOATINGIP
DNSRESULT=$(echo $FLOATINGIP |sed 's/\./-/g').example.com
dig +short @192.168.100.20 $DNSRESULT
# FLOATINGIP=$(neutron floatingip-create pubnet1 | grep floating_ip_address | awk '{print $4}')
# nova add-floating-ip testserver $FLOATINGIP
# DNSRESULT=$(echo $FLOATINGIP |sed 's/\./-/g').example.com
# dig +short @192.168.100.20 $DNSRESULT
You should see a create_record event in the log file:
tail /var/log/designate/sink.log
# tail /var/log/designate/sink.log
It is not currently possible to create floating IP addresses by hostname rather than octets. At present, you can instead create a CNAME against this manually. In a future update it is expected that you will be able to create by hostname.
3.7. Cleanup OpenStack Networking and Compute DNS entries
1. Remove the floating IP address created previously:
nova remove-floating-ip testserver $FLOATINGIP
# nova remove-floating-ip testserver $FLOATINGIP
You should see a delete_record event in the log:
tail /var/log/designate/sink.log
# tail /var/log/designate/sink.logAnd the record should be removed.
2. Remove the testserver created previously:
designate record-list $DOMAINID nova delete testserver
# designate record-list $DOMAINID
# nova delete testserver
You should see another delete_record event in the log:
tail /var/log/designate/sink.log
# tail /var/log/designate/sink.log
If DNSaaS Sink manages a record it may not be updated manually. There is an option designate --edit-managed record-delete <Domain ID> <Record ID> which was created in Liberty and backported to the Kilo release. However it is not currently available in the generally available release of Red Hat Enterprise Linux OpenStack Platform 7. At present, you will need to manually remove it from your backend DNS and DNSaaS database in the event of any issues.
3.8. Cleanup the PowerDNS configuration
You will not modify the DNSaaS configuration as you will overwrite it when configuring your Bind target.
SERV1ID=$(designate record-list $DOMAINID| grep server1.example.com | awk '{print $2}')
designate record-delete $DOMAINID $SERV1ID
designate domain-delete $DOMAINID
systemctl disable pdns
systemctl stop pdns
# SERV1ID=$(designate record-list $DOMAINID| grep server1.example.com | awk '{print $2}')
# designate record-delete $DOMAINID $SERV1ID
# designate domain-delete $DOMAINID
# systemctl disable pdns
# systemctl stop pdns
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}