Chapter 4. Using an integrated DNS service
The Red Hat OpenStack Platform (RHOSP) DNS service (designate) integrates with the Networking service (neutron) to provide automatic record set creation for ports and through the Compute service (nova), virtual machine instances.
Cloud administrators use the DNS service to create a zone which they associate to a network. Using this network provided by their cloud administrator, cloud users can create a virtual machine instance, port, or floating IP and the DNS service automatically creates the necessary DNS records.
During DNS service deployment the installation toolset, RHOSP director, loads the Networking service (neutron) extension, dns_domain_ports. This extension enables you to add the following DNS attributes to RHOSP ports, networks, and floating IPs:
| Resource | DNS name | DNS domain (zone) |
|---|---|---|
| Ports | Yes | Yes |
| Networks | No | Yes |
| Floating IPs | Yes | Yes |
For DNS domains that are specified on both a network and a floating IP, the domain on the port of the floating IP takes precedence over the domain set on the network.
In Red Hat OpenStack Platform (RHOSP) 17.1 GA, a technology preview is available for integration between the RHOSP Networking service (neutron) ML2/OVN and the RHOSP DNS service (designate). As a result, the DNS service does not automatically add DNS entries for newly created VMs.
The topics included in this section are:
4.1. Setting up a project for DNS integration
Cloud administrators create the required zones, networks, and subnets that cloud users must specify when they create virtual machine instances, ports, or floating IPs. Because the RHOSP Networking service (neutron) is integrated with the DNS service (designate), when cloud users create these objects, they are automatically added to the DNS service.
This feature is available in this release as a Technology Preview, and therefore is not fully supported by Red Hat. It should only be used for testing, and should not be deployed in a production environment. For more information about Technology Preview features, see Scope of Coverage Details.
Prerequisites
-
You must be a RHOSP user with the
adminrole. -
The network used for ports and VMs cannot have the attribute
router:externalset toTrue. When creating the network, the--externaloption must not be specified. - The network must be one of the following types: FLAT, VLAN, GRE, VXLAN or GENEVE.
For VLAN, GRE, VXLAN, or GENEVE networks, the segmentation ID must be outside the ranges configured in the Networking service
ml2_conf.inifile.The
ml2_conf.inifile resides on the Controller node host in/var/lib/config-data/puppet-generated/neutron/etc/neutron/plugins/ml2.+ Use the following table for determining which section and option to consult for your network segmentation ID range:Table 4.2. ml2_conf.ini options used to set network segmentation IDs Type of network Section Option Geneve
[ml2_type_geneve]
vni_ranges
GRE
[ml2_type_gre]
tunnel_id_ranges
VLAN
[ml2_type_vlan]
network_vlan_ranges
VXLAN
[ml2_type_vxlan]
vni_ranges
If these prerequisites are not all met, the Networking service creates a DNS assignment in the internal resolvers using the default dns_domain value, openstacklocal..
Procedure
As a cloud administrator, source your credentials file.
Example
$ source ~/overcloudrc
Create the zone that you want users in a particular project to create DNS entries with.
Example
In this example, the cloud administrator creates a zone called
example.com.and specifies that users in the project ID,f75ec24a-d361-ab86-54c0-dfe6093245a3, have permission to add record sets to the zone:$ openstack zone create --email example@example.com example.com. --sudo-project-id f75ec24a-d361-ab86-54c0-dfe6093245a3
NoteThe DNS domain must always be a fully qualified domain name (FQDN), meaning it will always end with a period.
Create the network that you want users in a particular project to create DNS entries with.
Example
In this example, the cloud administrator creates a network,
example-network, that uses the earlier created zone,example.com., and a segmentation ID,2017, that is outside of the range defined in ml2_conf.ini:$ openstack network create --dns-domain example.com. \ --provider-segment 2017 --provider-network-type geneve \ example-network
On the network, create a subnet.
Example
In this example, the cloud administrator creates a subnet,
example-subnet, on the network,example-network:$ openstack subnet create \ --allocation-pool start=192.0.2.10,end=192.0.2.200 \ --network example-network \ --subnet-range 192.0.2.0/24 \ example-subnet
- Instruct the cloud users in the project to use the zone and network you have created when they add instances, ports, and floating IPs.
If the user creating the instance, port, or floating IP does not have permission to create record sets in the zone, or if the zone does not exist in the DNS service, the Networking service does the following:
-
creates the port with the
dns_assignmentfield populated using thedns_domainprovided. - does not create a record set in the DNS service.
- logs the error, "Error publishing port data in external DNS service.".
Verification
Confirm that the network you created exists.
Example
$ openstack network show example-network
Sample output
+---------------------------+--------------------------------------+ | Field | Value | +---------------------------+--------------------------------------+ | admin_state_up | UP | | availability_zone_hints | | | availability_zones | | | created_at | 2022-09-07T19:03:32Z | | description | | | dns_domain | example.com. | | id | 9ae5b3d5-f12c-4a67-b0e5-655d53cd4f7c | | ipv4_address_scope | None | | ipv6_address_scope | None | | is_default | None | | is_vlan_transparent | None | | mtu | 1450 | | name | network-example | | port_security_enabled | True | | project_id | f75ec24a-d361-ab86-54c0-dfe6093245a3 | | provider:network_type | vxlan | | provider:physical_network | None | | provider:segmentation_id | 2017 | | qos_policy_id | None | | revision_number | 3 | | router:external | Internal | | segments | None | | shared | False | | status | ACTIVE | | subnets | 15546c9d-6faf-43aa-83e7-b1e705eed060 | | tags | | | updated_at | 2022-09-07T19:03:43Z | +---------------------------+--------------------------------------+
4.2. Integrating virtual machine instances with DNS
Integration between the Networking service (neutron) and the DNS service (designate) enables you to automatically enable DNS whenever you create a virtual machine instance.
Prerequisites
- Your cloud administrator has provided you with the required network to use, when creating your DNS-enabled instances.
Procedure
Source your credentials file.
Example
$ source ~/overcloudrc
Using the network that your cloud administrator has provided, create an instance.
Example
In this example, the cloud user creates an instance named
my_vm:$ openstack server create --image cirros-0.5.2-x86_64-disk --flavor m1.micro --nic net-id=example-network my_vm
Verification
Confirm that a record exists in the DNS service for the instance you created.
Example
In this example, the DNS service is queried for the
example.com.zone:$ openstack recordset list --type A example.com.
Sample output
+---------------+---------------------+------+------------+--------+--------+ | id | name | type | records | status | action | +---------------+---------------------+------+------------+--------+--------+ | 7b8d1be6-1b23 | my_vm.example.com. | A | 192.0.2.44 | ACTIVE | NONE | | -478a-94d5-60 | | | | | | | b876dca2c8 | | | | | | +---------------+---------------------+------+------------+--------+--------+
Additional resources
- server create in the Command line interface reference
4.3. Integrating ports with DNS
Integration between the Networking service (neutron) and the DNS service (designate) enables you to automatically add a DNS record set whenever you create a port.
Prerequisites
- Your cloud administrator has provided you with the required network to use, when creating your DNS-enabled ports.
Procedure
Source your credentials file.
Example
$ source ~/overcloudrc
Using the zone and network that your cloud administrator has provided, create a port.
Example
In this example, the cloud user creates a port,
my-port, with a DNS name ofexample-portin the network,example-network:$ openstack port create --network example-network \ --dns-name example-port \ my-port
Verification
Confirm that a record exists in the DNS service for the port that you created.
Example
In this example, the DNS service is queried for the
example.com.zone:$ openstack recordset list --type A example.com.
Sample output
+---------------+---------------------------+------+-------------+--------+--------+ | id | name | type | records | status | action | +---------------+---------------------------+------+-------------+--------+--------+ | 9ebbe94f-2442 | example-port.example.com. | A | 192.0.2.149 | ACTIVE | NONE | | -4bb8-9cfa-6d | | | | | | | ca1daba73f | | | | | | +---------------+---------------------------+------+-------------+--------+--------+
Additional resources
- port create in the Command line interface reference
4.4. Integrating floating IPs with DNS
Integration between the Networking service (neutron) and the DNS service (designate) enables you to automatically add a DNS record set whenever you create a floating IP.
Prerequisites
- Your cloud administrator has provided you with the required external network to use, when creating your DNS-enabled floating IPs.
Procedure
Source your credentials file.
Example
$ source ~/overcloudrc
Using the zone and the external network that your cloud administrator has provided, create a floating IP.
Example
In this example, the cloud user creates a floating IP with a DNS name,
example-fip, in the network,public:$ openstack floating ip create --dns-name example-fip \ --dns-domain example.com. \ public
Verification
Confirm that a record exists in the DNS service for the floating IP that you created.
Example
In this example, the DNS service is queried for the
example.com.zone:$ openstack recordset list --type A example.com.
Sample output
+---------------+--------------------------+------+-------------+--------+--------+ | id | name | type | records | status | action | +---------------+--------------------------+------+-------------+--------+--------+ | e1eca823-169d | example-fip.example.com. | A | 192.0.2.106 | ACTIVE | NONE | | -4d0a-975e-91 | | | | | | | a9907ec0c1 | | | | | | +---------------+--------------------------+------+-------------+--------+--------+
Additional resources
- floating ip create in the Command line interface reference
