Chapter 2. Manual DNSaaS installation
Your server must be registered to receive the OpenStack packages. For more information, see https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/8/html-single/director_installation_and_usage/#sect-Registering_your_System
1. Install the DNSaaS packages on the controller node:
# yum install openstack-designate-api openstack-designate-central openstack-designate-sink openstack-designate-pool-manager openstack-designate-mdns openstack-designate-common python-designate python-designateclient openstack-designate-agent
2. Create the DNSaaS and Pool Manager databases. Update the IDENTIFIED BY 'ComplexAlphanumericPassword'
value to suit your environment.
# mysql -u root << EOF CREATE DATABASE designate; GRANT ALL ON designate.* TO 'designate'@'%' IDENTIFIED BY 'ComplexAlphanumericPassword'; GRANT ALL ON designate.* TO 'designate'@'localhost' IDENTIFIED BY 'ComplexAlphanumericPassword'; CREATE DATABASE designate_pool_manager; GRANT ALL ON designate_pool_manager.* TO 'designate'@'%' IDENTIFIED BY 'ComplexAlphanumericPassword'; GRANT ALL ON designate_pool_manager.* TO 'designate'@'localhost' IDENTIFIED BY 'ComplexAlphanumericPassword'; FLUSH PRIVILEGES; quit EOF
3. Create the DNSaaS service accounts and endpoint in OpenStack Identity (keystone): This example uses the DNSaaS host IP address 192.168.100.20
. You will likely need to update these steps to suit your environment.
$ openstack user create designate --password ComplexAlphanumericPassword --email designate@localhost $ openstack role add --project service --user designate admin $ openstack service create dns --name designate --description "Designate DNS Service" $ openstack endpoint create --region RegionOne --publicurl http://192.168.100.20:9001 --internalurl http://192.168.100.20:9001 --adminurl http://192.168.100.20:9001 designate
4. Add firewall rules for DNSaaS:
$ sudo iptables -I INPUT -p tcp -m multiport --dports 9001 -m comment --comment "designate incoming" -j ACCEPT $ sudo iptables -I INPUT -p tcp -m multiport --dports 5354 -m comment --comment "Designate mdns incoming" -j ACCEPT
If hosting DNS locally, check that the required ports are open:
$ sudo iptables -I INPUT -p tcp -m multiport --dports 953 -m comment --comment "rndc incoming - bind only" -j ACCEPT $ sudo service iptables save; sudo service iptables restart
5. Configure the DNSaaS database connection: Be sure to enter your DNSaaS host IP address correctly in the steps below; replace ComplexAlphanumericPassword
with the value that aligns with your environment.
$ crudini --set /etc/designate/designate.conf storage:sqlalchemy connection mysql://designate:ComplexAlphanumericPassword@192.168.100.20/designate $ crudini --set /etc/designate/designate.conf storage:sqlalchemy max_retries -1 $ crudini --set /etc/designate/designate.conf pool_manager_cache:sqlalchemy connection mysql://designate:ComplexAlphanumericPassword@192.168.100.20/designate_pool_manager $ crudini --set /etc/designate/designate.conf pool_manager_cache:sqlalchemy max_retries -1
6. Configure authentication to the Identity Service (keystone): Make certain that the admin_password
option aligns with your environment.
$ crudini --set /etc/designate/designate.conf keystone_authtoken auth_uri http://192.168.100.20:5000/v2.0 $ crudini --set /etc/designate/designate.conf keystone_authtoken identity_uri http://192.168.100.20:35357/ $ crudini --set /etc/designate/designate.conf keystone_authtoken admin_tenant_name service $ crudini --set /etc/designate/designate.conf keystone_authtoken admin_user designate $ crudini --set /etc/designate/designate.conf keystone_authtoken admin_password ComplexAlphanumericPassword
7. Configure the DNSaaS connection to RabbitMQ:
Make certain the rabbit_userid
and rabbit_password
options align with your environment.
$ crudini --set /etc/designate/designate.conf oslo_messaging_rabbit rabbit_hosts 192.168.100.20:5672 $ crudini --set /etc/designate/designate.conf oslo_messaging_rabbit rabbit_ha_queues False $ crudini --set /etc/designate/designate.conf oslo_messaging_rabbit rabbit_host 192.168.100.20 $ crudini --set /etc/designate/designate.conf oslo_messaging_rabbit rabbit_port 5672 $ crudini --set /etc/designate/designate.conf oslo_messaging_rabbit rabbit_userid amqp_user $ crudini --set /etc/designate/designate.conf oslo_messaging_rabbit rabbit_password ComplexAlphanumericPassword $ crudini --set /etc/designate/designate.conf oslo_messaging_rabbit rabbit_virtual_host /
8. Add the initial DNSaaS configuration:
$ crudini --set /etc/designate/designate.conf DEFAULT notification_driver nova.openstack.common.notifier.rpc_notifier $ crudini --set /etc/designate/designate.conf DEFAULT notification_driver messaging $ crudini --set /etc/designate/designate.conf DEFAULT notification_topics notifications_designate $ crudini --set /etc/designate/designate.conf service:api api_host 0.0.0.0 $ crudini --set /etc/designate/designate.conf service:api api_port 9001 $ crudini --set /etc/designate/designate.conf service:api auth_strategy keystone $ crudini --set /etc/designate/designate.conf service:api enable_api_v1 True $ crudini --set /etc/designate/designate.conf service:api enabled_extensions_v1 "diagnostics, quotas, reports, sync, touch" $ crudini --set /etc/designate/designate.conf service:api enable_api_v2 True $ crudini --set /etc/designate/designate.conf service:api enabled_extensions_v2 "quotas, reports"
9. Configure the pool manager:
At present, you will not yet configure a pool target as you have not selected a backend. That occurs later in this procedure.
The pool_id
is hardcoded, so use the UUID
shown below:
# pool_id=794ccc2c-d751-44fe-b57f-8894c9f5c842 # nameserver_id=$(uuidgen) # target_id=$(uuidgen) $ crudini --set /etc/designate/designate.conf service:pool_manager pool_id $pool_id $ crudini --set /etc/designate/designate.conf pool:$pool_id nameservers $nameserver_id $ crudini --set /etc/designate/designate.conf pool:$pool_id targets $target_id $ crudini --set /etc/designate/designate.conf pool_nameserver:$nameserver_id port 53 $ crudini --set /etc/designate/designate.conf pool_nameserver:$nameserver_id host 192.168.100.20
10. Configure the DNSaaS Sink:
For now, you will not configure the domain used by sink (as it does not exist yet).
$ crudini --set /etc/designate/designate.conf service:sink enabled_notification_handlers "nova_fixed, neutron_floatingip" $ crudini --set /etc/designate/designate.conf handler:nova_fixed notification_topics notifications_designate $ crudini --set /etc/designate/designate.conf handler:nova_fixed control_exchange nova $ crudini --set /etc/designate/designate.conf handler:nova_fixed format "%(display_name)s.%(domain)s" $ crudini --set /etc/designate/designate.conf handler:neutron_floatingip notification_topics notifications_designate $ crudini --set /etc/designate/designate.conf handler:neutron_floatingip control_exchange neutron $ crudini --set /etc/designate/designate.conf handler:neutron_floatingip format "%(octet0)s-%(octet1)s-%(octet2)s-%(octet3)s.%(domain)s"
11. Configure Compute and OpenStack Networking to send notifications
Ceilometer’s agent also listens and consumes notifications. Create a specific Designate
notifications queue (as shown below) so they don’t conflict.
OpenStack Compute in the Kilo release switched to messaging
as its notification driver; previously it was nova.openstack.common.notifier.rpc_notifier
$ crudini --set /etc/nova/nova.conf DEFAULT notification_topics notifications,notifications_designate $ crudini --set /etc/nova/nova.conf DEFAULT notify_on_state_change vm_and_task_state $ crudini --set /etc/nova/nova.conf DEFAULT instance_usage_audit_period hour $ crudini --set /etc/nova/nova.conf DEFAULT instance_usage_audit true $ crudini --set /etc/neutron/neutron.conf DEFAULT notification_driver neutron.openstack.common.notifier.rpc_notifier $ crudini --set /etc/neutron/neutron.conf DEFAULT notification_topics notifications,notifications_designate $ sudo systemctl restart nova.service $ sudo systemctl restart neutron.service
12. Manually verify the notification_driver
in nova.conf:
Due to the possibility of multiple notification_drivers
in nova.conf, the crudini command might cause problems. Check in the DEFAULT
section to ensure you have these two entries:
notification_driver=ceilometer.compute.nova_notifier notification_driver=messaging
If using a separate Compute node, it will need the following settings in nova.conf:
notification_driver =nova.openstack.common.notifier.rabbit_notifier,ceilometer.compute.nova_notifier notification_driver =messaging notification_topics=notifications,notifications_designate
13. Sync the DNSaaS and Pool Manager cache:
# designate-manage database sync # designate-manage pool-manager-cache sync
14. Enable and start the DNSaaS services:
# systemctl enable designate-central # systemctl enable designate-api # systemctl enable designate-mdns # systemctl enable designate-pool-manager # systemctl start designate-central # systemctl start designate-api # systemctl start designate-mdns # systemctl start designate-pool-manager
At this point you have not created a DNS target for your pool, so don’t expect a functioning DNSaaS deployment yet.