Red Hat Summit Red Hat SummitSupportoConsoleSviluppatoriInizia una provaContatti

Questo contenuto non è disponibile nella lingua selezionata.

Chapter 3. Deploying the DNS service in an existing environment

To deploy the DNS service (designate) in an existing Red Hat OpenStack Services on OpenShift (RHOSO) environment, enable the Redis instance and then deploy the DNS service in the RHOSO control plane.

Note

When your RHOSO environment was installed, the networks required for the DNS service were configured and added to the control plane. For more information, see Preparing networks for Red Hat OpenStack Services on OpenShift in Deploying Red Hat OpenStack Services on OpenShift.

3.1. Overview
Copia collegamento

To deploy the RHOSO DNS service, perform the steps in the following procedures:

  1. Enable the Redis instance.
  2. Deploy the DNS service.
Important

The steps in these procedures provide sample values that you add to the required CRs. The actual values that you provide will depend on your particular hardware configuration and local networking policies.

3.2. Enabling the Redis instance
Copia collegamento

The Red Hat OpenStack Services on OpenShift (RHOSO) DNS service (designate) uses Redis to coordinate tasks. You enable Redis by editing the OpenStackControlPlane custom resource (CR).

Prerequisites

  • You have the oc command line tool installed on your workstation.
  • You are logged on to a workstation that has access to the RHOSO control plane as a user with cluster-admin privileges.

Procedure

  1. Open your OpenStackControlPlane CR file on your workstation, and enable Redis and add the designate-redis instance to the templates parameter by adding the following: 

    ...
  redis:
    enabled: true
    templates:
      designate-redis:
        replicas: 1
    Note

    It is not necessary to remove any other Redis instances that are already defined.

  2. Update the OpenStackControlPlane custom resource with the required values for the DNS service.

    Example
    $ oc apply -f openstack_control_plane.yaml -n openstack

Verification

  1. Wait until RHOCP creates the DNS service resources related to the OpenStackControlPlane CR. Run the following command to check the status:

    Example
    $ oc get openstackcontrolplane -n openstack
    Sample output
    NAME                      STATUS    MESSAGE
openstack-control-plane 	Unknown 	Setup started

    The OpenStackControlPlane resources are created when the status is "Setup complete".

    Tip

    Append the -w option to the end of the get command to track deployment progress.

  2. Confirm that the Redis instance is running before continuing.

    Example
    $ oc wait --for=condition=ready --timeout=10s \
pod/designate-redis-redis-0
    Sample output
    pod/designate-redis-redis-0 condition met

Next step

3.3. Deploying the DNS service
Copia collegamento

To deploy the Red Hat OpenStack Services on OpenShift (RHOSO) DNS service (designate), you do the following:

  1. In the OpenStackControlPlane custom resource (CR) file, enable the DNS service and add the desired designate service configurations and customizations.
  2. Update the OpenStackControlPlane CR with the required values for the DNS service.

Prerequisites

  • You have the oc command line tool installed on your workstation.
  • You are logged on to a workstation that has access to the RHOSO control plane as a user with cluster-admin privileges.

Procedure

  1. Open your OpenStackControlPlane CR file on your workstation, and enable the DNS service (designate) by adding the following: 

    designate:
  apiOverride:
    route: {}
  enabled: true
  template:
    nsRecords:
      - hostname: ns1.example.org.
        priority: 1
      - hostname: ns2.example.org.
        priority: 2
...

  2. Also in the OpenStackControlPlane CR file, add the following designate services configurations:

    designateAPI
    ...
    designateAPI:
      networkAttachments:
      - internalapi
      override:
        service:
          internal:
            metadata:
              annotations:
                metallb.universe.tf/address-pool: internalapi
                metallb.universe.tf/allow-shared-ip: internalapi
                metallb.universe.tf/loadBalancerIPs: 172.17.0.80
            spec:
              type: LoadBalancer
...
    Note

    Ensure that the annotation values for designateAPI match the annotation values used for the other API services in the current OpenstackControlPlane CR.

    designateBackendbind9
    ...
    designateBackendbind9:
      controlNetworkName: designate
      networkAttachments:
        - designate
      override:
        services:
          - metadata:
              annotations:
                metallb.universe.tf/address-pool: designateext
                metallb.universe.tf/allow-shared-ip: designateext
                metallb.universe.tf/loadBalancerIPs: 172.34.0.80
            spec:
              type: LoadBalancer
          - metadata:
              annotations:
                metallb.universe.tf/address-pool: designateext
                metallb.universe.tf/allow-shared-ip: designateext
                metallb.universe.tf/loadBalancerIPs: 172.34.0.81
            spec:
              type: LoadBalancer
          - metadata:
              annotations:
                metallb.universe.tf/address-pool: designateext
                metallb.universe.tf/allow-shared-ip: designateext
                metallb.universe.tf/loadBalancerIPs: 172.34.0.82
            spec:
              type: LoadBalancer
      replicas: 3
      resources: {}
      serviceUser: designate
      storageClass: local-storage
      storageRequest: 10G
...
    Note

    Use a services override for each replica. In the above example, the replica count is 3 so there are 3 services defined. The network attachments might differ in a production system if an additional dedicated network is used to reach the BIND 9 servers.

    designateCentral
    ...
    designateCentral:
      replicas: 3
...
    designateMdns
    ...
    designateMdns:
      networkAttachments:
        - designate
      replicas: 3
...
    designateProducer
    ...
    designateProducer:
      replicas: 3
...
    designateUnbound
    ...
    designateUnbound:
      defaultConfigOverwrite:
        forwarders.conf: |
          forward-zone:
            name: "."
            forward-addr: 172.11.5.155
            forward-addr: 172.12.5.155
      networkAttachments:
        - designate
      override:
        services:
          - metadata:
              annotations:
                metallb.universe.tf/address-pool: designateext
                metallb.universe.tf/allow-shared-ip: designateext
                metallb.universe.tf/loadBalancerIPs: 172.34.0.90
            spec:
              type: LoadBalancer
          - metadata:
              annotations:
                metallb.universe.tf/address-pool: designateext
                metallb.universe.tf/allow-shared-ip: designateext
                metallb.universe.tf/loadBalancerIPs: 172.34.0.91
            spec:
              type: LoadBalancer
          - metadata:
              annotations:
                metallb.universe.tf/address-pool: designateext
                metallb.universe.tf/allow-shared-ip: designateext
                metallb.universe.tf/loadBalancerIPs: 172.34.0.93
            spec:
              type: LoadBalancer
      replicas: 3
      resources: {}
      stubZones:
        - name: example.org
        - name: anotherexample.org
...
    • name: Name of the forward zone. This is the full domain name of the zone.
    • forward-addr: <IP_address>: The IP address of the server to forward to. You can use an IP address in either IPv4 or IPv6 format. To use a non-default port for DNS communication, append an @ followed by the port number.
    • replicas - Use a services override for each replica. In the earlier example, the replica count is 3 so there are 3 services defined. The network attachments might differ in a production system if an additional dedicated network is used to reach the Unbound servers.
    • stubZones - An optional section in which you add zone names for the OpenStack Operator to automatically create stub zone records.
    designateWorker
    ...
    designateWorker:
      databaseAccount: designate
      networkAttachments:
        - designate
      replicas: 3
...

  3. Optional: if you want to configure integration between the Networking service (neutron) and the DNS service, perform the following steps.

    For more information, see Using an integrated DNS service.

    1. Locate the service definition for neutron, and add a customServiceConfig section: 

        neutron:
    customServiceConfig: |

    2. Under the customServiceConfig section, add a [DEFAULT] sub-section where you add the domain for your site.

      Example

      In this example, the DNS domain is example.org.. Change this value to the domain appropriate for your site. The value for external_dns_driver in most cases is designate: 

        neutron:
    customServiceConfig: |
      [DEFAULT]
      dns_domain = example.org.
      external_dns_driver = designate

    3. Add an [ml2] sub-section and include dns_domain_keywords to the list of neutron extension drivers: 

        neutron:
    customServiceConfig: |
      [DEFAULT]
      dns_domain = example.org.
      external_dns_driver = designate
      [ml2]
      extension_drivers=qos,port_security,dns_domain_keywords

    4. Add a [designate] sub-section to customServiceConfig section.

      Example
        neutron:
    customServiceConfig: |
      [DEFAULT]
      dns_domain = example.org.
      external_dns_driver = designate
      [ml2]
      extension_drivers=subnet_dns_publish_fixed_ip
      [designate]
      url = https://designate-internal.openstack.svc:9001/v2
      auth_type = password
      auth_url = {{ .KeystoneInternalURL }}
      username = {{ .ServiceUser }}
      password = {{ .ServicePassword }}
      project_name = service
      project_domain_name = Default
      user_domain_name = Default
      allow_reverse_dns_lookup = true
      ipv4_ptr_zone_prefix_size = 24
      ipv6_ptr_zone_prefix_size = 116
      ptr_zone_email = admin@example.org
      • url: the OpenStack DNS service public endpoint URL with the current version, v2.
      • auth_type: the authorization plug-in to use, either password or token.
      • auth_url: the Identity service (keystone) authorization endpoint URL. The Networking service uses this endpoint to authenticate as a user to create and update reverse lookup zones.
      • username: the username the Networking service uses to create and update reverse lookup zones.
      • password: the password of the user that the Networking service uses to create and update reverse lookup zones.
      • project_name: the name of the project that the Networking service uses to create and update reverse lookup zones.
      • project_domain_name: the name of the domain for the project that the Networking service uses to create and update reverse lookup zones.
      • user_domain_name: the name of the domain for the user that the Networking service uses to create and update reverse lookup zones.
      • allow_reverse_dns_lookup: when true, enables the creation of reverse lookup records.
      • ipv4_ptr_zone_prefix_size: the size in bits of the prefix for the IPv4 reverse lookup zones.
      • ipv6_ptr_zone_prefix_size: the size in bits of the prefix for the IPv6 reverse lookup zones.
      • ptr_zone_email: the email address that the DNS service uses when creating new reverse lookup zones. The default is admin@<dns_domain> where <dns_domain> is the domain for the first record being created in that zone.

  4. Update the OpenStackControlPlane custom resource with the required values for the DNS service.

    Example
    $ oc apply -f openstack_control_plane.yaml -n openstack

Verification

  1. Wait until RHOCP creates the DNS service resources. Run the following command to check the status: 

    $ oc wait designate designate --for condition=Ready
    Sample output
    designate.designate.openstack.org/designate condition met

  2. Confirm that the DNS service pods are running: 

    $ oc -n openstack get pods | grep -iE "(designate)"
    Sample output

    You should see output similar to the following: 

    designate-api-7d8447bc98-cfl22           1/1     Running     0          10s
designate-backendbind9-0                 1/1     Running     0          15s
designate-backendbind9-1                 1/1     Running     0          20s
designate-backendbind9-2                 1/1     Running     0          22s
designate-central-86c558fb98-82bn2       1/1     Running     0          12s
designate-central-86c558fb98-0cxz1       1/1     Running     0          19s
designate-central-86c558fb98-vkj72       1/1     Running     0          12s
designate-mdns-0                         1/1     Running     0          13s
designate-mdns-1                         1/1     Running     0          11s
designate-mdns-2                         1/1     Running     0          15s
designate-producer-7f69498d75-6wlr8      1/1     Running     0          12s
designate-producer-7f69498d75-3sd55      1/1     Running     0          10s
designate-producer-7f69498d75-tvmr9      1/1     Running     0          12s
designate-redis-redis-0                  2/2     Running     0          11d
designate-unbound-0                      1/1     Running     0          18d
designate-unbound-1                      1/1     Running     0          11d
designate-unbound-2                      1/1     Running     0          16d
designate-worker-85596d67b6-7sbgw        1/1     Running     0          14d
designate-worker-85596d67b6-xkg49        1/1     Running     0          12d
designate-worker-85596d67b6-5ckje        1/1     Running     0          10d
Red Hat logoGithubredditYoutubeTwitter

Formazione

Prova, acquista e vendi

Community

Informazioni sulla documentazione di Red Hat

Aiutiamo gli utenti Red Hat a innovarsi e raggiungere i propri obiettivi con i nostri prodotti e servizi grazie a contenuti di cui possono fidarsi. Esplora i nostri ultimi aggiornamenti.

Rendiamo l’open source più inclusivo

Red Hat si impegna a sostituire il linguaggio problematico nel codice, nella documentazione e nelle proprietà web. Per maggiori dettagli, visita il Blog di Red Hat.

Informazioni su Red Hat

Forniamo soluzioni consolidate che rendono più semplice per le aziende lavorare su piattaforme e ambienti diversi, dal datacenter centrale all'edge della rete.

Theme

© 2026 Red HatTorna in cima