Red Hat SummitQuesto contenuto non è disponibile nella lingua selezionata.
Chapter 4. Using an integrated DNS service
The Red Hat OpenStack Services on OpenShift (RHOSO) DNS service (designate) integrates with the Networking service (neutron) to provide automatic record set creation for ports and through the Compute service (nova), virtual machine instances.
Cloud administrators use the DNS service to create a zone which they associate to a network. Using this network provided by their cloud administrator, cloud users can create a virtual machine instance, port, or floating IP and the DNS service automatically creates the necessary DNS records.
During DNS service deployment, the Networking service (neutron) loads the extension, dns_domain_ports. This extension enables you to add the following DNS attributes to RHOSO ports, networks, and floating IPs.
For more information, see the optional step in Deploying the DNS service.
| Resource | DNS name | DNS domain (zone) |
|---|---|---|
| Ports | Yes | Yes |
| Networks | No | Yes |
| Floating IPs | Yes | Yes |
For DNS domains that are specified on both a network and a floating IP, the domain on the port of the floating IP takes precedence over the domain set on the network.
The topics included in this section are:
4.1. Setting up a project for DNS integration
Red Hat OpenStack Services on OpenShift (RHOSO) cloud administrators create the required zones, networks, and subnets that cloud users must specify when they create virtual machine instances, ports, or floating IPs. Because the RHOSO Networking service (neutron) is integrated with the DNS service (designate), when cloud users create these objects, they are automatically added to the DNS service.
Prerequisites
-
You have the
occommand line tool installed on your workstation. -
You are logged on to a workstation that has access to the RHOSO control plane as a user with
cluster-adminprivileges. -
The network used for ports and VMs cannot have the attribute
router:externalset toTrue. When creating the network, the--externaloption must not be specified. - The network must be one of the following types: FLAT, VLAN, GRE, VXLAN or GENEVE.
For VLAN, GRE, VXLAN, or GENEVE networks, the segmentation ID must be outside the ranges configured in the Networking service
ml2_conf.inifile.The
ml2_conf.inifile resides on the Controller node host in/etc/neutron/plugins/ml2/ml2_conf.ini. Use the following table for determining which section and option to consult for your network segmentation ID range:Expand Table 4.2. ml2_conf.ini options used to set network segmentation IDs Type of network Section Option GENEVE
[ml2_type_geneve]
vni_ranges
GRE
[ml2_type_gre]
tunnel_id_ranges
VLAN
[ml2_type_vlan]
network_vlan_ranges
VXLAN
[ml2_type_vxlan]
vni_ranges
If these prerequisites are not all met, the Networking service creates a DNS assignment in the internal resolvers using the default dns_domain value, openstacklocal..
Procedure
Access the remote shell for the OpenStackClient pod from your workstation:
$ oc rsh -n openstack openstackclientCreate the zone that you want users in a particular project to create DNS entries with.
- Example
In this example, the cloud administrator creates a zone called
example.com.and specifies that users in the project ID,f75ec24a-d361-ab86-54c0-dfe6093245a3, have permission to add record sets to the zone:$ openstack zone create --email example@example.com example.com. --sudo-project-id f75ec24a-d361-ab86-54c0-dfe6093245a3NoteThe DNS domain must always be a fully qualified domain name (FQDN), meaning it will always end with a period.
Create the network that you want users in a particular project to create DNS entries with.
- Example
In this example, the cloud administrator creates a network,
example-network, that uses the earlier created zone,example.com., and a segmentation ID,2017, that is outside of the range defined in ml2_conf.ini:$ openstack network create --dns-domain example.com. \ --provider-segment 2017 --provider-network-type geneve \ example-network
On the network, create a subnet.
- Example
In this example, the cloud administrator creates a subnet,
example-subnet, on the network,example-network:$ openstack subnet create \ --allocation-pool start=192.0.2.10,end=192.0.2.200 \ --network example-network \ --subnet-range 192.0.2.0/24 \ example-subnet
Instruct the cloud users in the project to use the zone and network you have created when they add instances, ports, and floating IPs.
WarningIf the user creating the instance, port, or floating IP does not have permission to create record sets in the zone, or if the zone does not exist in the DNS service, the Networking service does the following:
-
creates the port with the
dns_assignmentfield populated using thedns_domainprovided. - does not create a record set in the DNS service.
- logs the error, "Error publishing port data in external DNS service.".
-
creates the port with the
Verification
Confirm that the network you created exists.
- Example
$ openstack network show example-network- Sample output
+---------------------------+--------------------------------------+ | Field | Value | +---------------------------+--------------------------------------+ | admin_state_up | UP | | availability_zone_hints | | | availability_zones | | | created_at | 2022-09-07T19:03:32Z | | description | | | dns_domain | example.com. | | id | 9ae5b3d5-f12c-4a67-b0e5-655d53cd4f7c | | ipv4_address_scope | None | | ipv6_address_scope | None | | is_default | None | | is_vlan_transparent | None | | mtu | 1450 | | name | example-network | | port_security_enabled | True | | project_id | f75ec24a-d361-ab86-54c0-dfe6093245a3 | | provider:network_type | geneve | | provider:physical_network | None | | provider:segmentation_id | 2017 | | qos_policy_id | None | | revision_number | 3 | | router:external | Internal | | segments | None | | shared | False | | status | ACTIVE | | subnets | 15546c9d-6faf-43aa-83e7-b1e705eed060 | | tags | | | updated_at | 2022-09-07T19:03:43Z | +---------------------------+--------------------------------------+
4.2. Integrating virtual machine instances with DNS
Integration between the Networking service (neutron) and the DNS service (designate) enables you to automatically enable DNS whenever you create a virtual machine instance.
Prerequisites
-
The administrator has created a project for you and has provided you with a
clouds.yamlfile for you to access the cloud. The
python-openstackclientpackage resides on your workstation.$ dnf list installed python-openstackclient- Your cloud administrator has provided you with the required network to use, when creating your DNS-enabled instances.
Procedure
Confirm that the system
OS_CLOUDvariable is set for your cloud:$ echo $OS_CLOUD my_cloudReset the variable if necessary:
$ export OS_CLOUD=my_other_cloudAs an alternative, you can specify the cloud name by adding the
--os-cloud <cloud_name>option each time you run anopenstackcommand.Using the network that your cloud administrator has provided, create an instance.
- Example
In this example, using the network created in the previous section, the cloud user creates an instance named
my_vm:$ openstack server create --image cirros-0.5.2-x86_64-disk --flavor m1.micro --nic net-id=example-network my_vm
Verification
Confirm that a record exists in the DNS service for the instance you created.
- Example
In this example, the DNS service is queried for the
example.com.zone:$ openstack recordset list --type A example.com.- Sample output
+---------------+---------------------+------+------------+--------+--------+ | id | name | type | records | status | action | +---------------+---------------------+------+------------+--------+--------+ | 7b8d1be6-1b23 | my_vm.example.com. | A | 192.0.2.44 | ACTIVE | NONE | | -478a-94d5-60 | | | | | | | b876dca2c8 | | | | | | +---------------+---------------------+------+------------+--------+--------+
4.3. Integrating ports with DNS
Integration between the Networking service (neutron) and the DNS service (designate) enables you to automatically add a DNS record set whenever you create a port.
Prerequisites
-
The administrator has created a project for you and has provided you with a
clouds.yamlfile for you to access the cloud. The
python-openstackclientpackage resides on your workstation.$ dnf list installed python-openstackclient- Your cloud administrator has provided you with the required network to use, when creating your DNS-enabled ports.
Procedure
Confirm that the system
OS_CLOUDvariable is set for your cloud:$ echo $OS_CLOUD my_cloudReset the variable if necessary:
$ export OS_CLOUD=my_other_cloudAs an alternative, you can specify the cloud name by adding the
--os-cloud <cloud_name>option each time you run anopenstackcommand.Using the zone and network that your cloud administrator has provided, create a port.
- Example
In this example, the cloud user creates a port,
my-port, with a DNS name ofexample-portin the network,example-network:$ openstack port create --network example-network \ --dns-name example-port \ my-port
Verification
Confirm that a record exists in the DNS service for the port that you created.
- Example
In this example, the DNS service is queried for the
example.com.zone:$ openstack recordset list --type A example.com.- Sample output
+---------------+---------------------------+------+-------------+--------+--------+ | id | name | type | records | status | action | +---------------+---------------------------+------+-------------+--------+--------+ | 9ebbe94f-2442 | example-port.example.com. | A | 192.0.2.149 | ACTIVE | NONE | | -4bb8-9cfa-6d | | | | | | | ca1daba73f | | | | | | +---------------+---------------------------+------+-------------+--------+--------+
4.4. Integrating floating IPs with DNS
Integration between the Networking service (neutron) and the DNS service (designate) enables you to automatically add a DNS record set whenever you create a floating IP.
Prerequisites
-
The administrator has created a project for you and has provided you with a
clouds.yamlfile for you to access the cloud. The
python-openstackclientpackage resides on your workstation.$ dnf list installed python-openstackclient- Your cloud administrator has provided you with the required external network to use, when creating your DNS-enabled floating IPs.
Procedure
Confirm that the system
OS_CLOUDvariable is set for your cloud:$ echo $OS_CLOUD my_cloudReset the variable if necessary:
$ export OS_CLOUD=my_other_cloudAs an alternative, you can specify the cloud name by adding the
--os-cloud <cloud_name>option each time you run anopenstackcommand.Using the zone and the external network that your cloud administrator has provided, create a floating IP.
- Example
In this example, the cloud user creates a floating IP with a DNS name,
example-fip, in the network,public:$ openstack floating ip create --dns-name example-fip \ --dns-domain example.com. \ public
Verification
Confirm that a record exists in the DNS service for the floating IP that you created.
- Example
In this example, the DNS service is queried for the
example.com.zone:$ openstack recordset list --type A example.com.- Sample output
+---------------+--------------------------+------+-------------+--------+--------+ | id | name | type | records | status | action | +---------------+--------------------------+------+-------------+--------+--------+ | e1eca823-169d | example-fip.example.com. | A | 192.0.2.106 | ACTIVE | NONE | | -4d0a-975e-91 | | | | | | | a9907ec0c1 | | | | | | +---------------+--------------------------+------+-------------+--------+--------+
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}