Get your instance by name integration of nova, neutron and designate

Get your instance by name: integration
of Nova, Neutron and Designate
@CarlNBaldwin carl.baldwin@hpe.com
Kiall Mac Innes kiall@hpe.com
Miguel Lavalle malavall@us.ibm.com

Agenda
● Background and motivation to integrate Neutron, Nova and Designate
○ DNS in Neutron in Kilo version
● Designate overview
● How was the integration accomplished
● Demo
● Experience in cross project collaboration

Background and Motivation
● The error that started it all (I still see this everywhere)
● Floated the idea around in Atlanta and found that there was a lot of interest
○ “I'm mostly so in love with where this is going that I want to marry it.”
■ … a prominent spec reviewer
● So, why did it get stalled for so long?
ubuntu@docker20140518: ~ $ sudo id
sudo: unable to resolve host docker20140518
uid=0(root) gid=0(root) groups=0(root)

Other DNS anomalies in VM’s
● In following VM:
$ hostname
my-vm
● Other commands don’t work:
$ hostname -f
hostname: my-vm: Unknown host
$ nslookup my-vm
Server: 10.0.0.2
Address 1: 10.0.0.2 host-10-0-0-2.openstacklocal
nslookup: can't resolve 'my-vm'

Neutron’s internal DNS
$ neutron port-create ...
ReST API RPCNeutron
Server
DHCP
Agent
dnsmasq
{“port”:
“fixed_ips”: [
{“subnet_id”: ...
“ip_address”: “10.0.0.4”
}
],
“mac_address”: “fa:16:3e:c9:cb:f0”
}
SIGHUP
fa:16:3e:c9:cb:f0
10.0.0.4
host-10-0-0-4
host-10-0-0-4.openstacklocal.

Agenda
● Background and motivation to integrate Neutron, Nova and Designate
● Designate overview
○ A 10,000ft view
○ Architecture
○ The Basics
○ So, what can you use Designate for?
○ What’s this “Sink” thing?
● How was the integration accomplished
● Demo
● Experience in cross project collaboration

Designate, a 10,000ft view
● OpenStack REST API for managing DNS
● Architecturally similar to Nova/Trove/etc - We’re not a DNS server, we just
manage them
● Support for two deployment models:
○ On premise - You manage and maintain the DNS servers (PowerDNS or BIND)
○ 3rd party - Support for pushing zone contents to Akamai or DynECT

Designate Architecture
CentralSink DB
Pool
Manager
Mini DNS
Customer
Facing DNS
Servers
Backend
Nova /
Neutron
Zone
Manager
API
(Old)(New)

Designate Components
Since this isn't a Designate talk, we're going to gloss over most components
● Central - The workhorse, all DB interactions (okay, most) and business logic
● API - End user facing API, a shim to Central that understands REST
● Mini DNS - A pure python DNS server, used exclusively interact with other
DNS servers - i.e. to push content to the end user facing DNS servers
● Sink - An old Nova/Neutron event listener, with plugins to act upon
notifications like "compute.instance.create" - more on this later
● Customer Facing DNS Servers - BIND, PowerDNS, Akamai, DynECT etc

So, what can you use Designate for?
● At its most basic, a REST API to manage DNS zones on a per tenant/project
basis
● Acts as a gateway to the DNS server or 3rd parties, making “single tenant”
DNS servers multi-tenant
● Slave zones from customer nameservers - i.e. “federate” zones from a
customer’s corp NS to the providers pool of NS’s
● Most importantly, it lets you integrate DNS into your cloud provisioning
workflow, using the same style of API as Compute, Networking, and so on

What’s this “Sink” thing?
● Designate Sink provided some really basic Nova/Neutron integration
● Listens in on the notification events, usually used for ceilometer
● Dispatches the events to registered plugins, which have access to Designate’
s internal RPC APIs
● It was fundamentally flawed as RabbitMQ / oslo.messaging notifications
come with no real delivery guarantees, though the trade off was acceptable to
some deployments

Neutron’s internal DNS: Liberty
$ neutron port-create …
--dns_name my-name
ReST API RPCNeutron
Server
DHCP
Agent
dnsmasq
{“port”:
“fixed_ips”: [
“ip_address”: “10.0.0.4”
}
],
“mac_address”: “fa:16:3e:c9:cb:f0”,
“dns_name”: “my-name”,
“dns_assignment”: {
“hostname”: “my-name”,
“ip_address”: “10.0.0.4”,
“fqdn”: “my-name.my-domain.org.”
}
}
SIGHUP
fa:16:3e:c9:cb:f0
10.0.0.4
my-name
my-name.my-domain.org.
dns_domain = my-domain.org.
neutron.conf

Neutron’s internal DNS with Nova: Mitaka
--dns_name instance.hostname
ReST API RPCNeutron
Server
DHCP
Agent
dnsmasq
{“port”:
“fixed_ips”: [
“ip_address”: “10.0.0.4”
}
],
“mac_address”: “fa:16:3e:c9:cb:f0”,
“dns_name”: “my-vm”,
“hostname”: “my-vm”,
“ip_address”: “10.0.0.4”,
“fqdn”: “my-vm.my-domain.org.”
}
}
SIGHUP
fa:16:3e:c9:cb:f0
10.0.0.4
my-vm
my-vm.my-domain.org.
dns_domain = my-domain.org.
neutron.conf
Nova compute manager
creating instance my_vm

DNS anomalies in VM’s solved
● In following VM:
$ hostname
my-vm
● Commands work correctly:
$ sudo id
uid=0(root) gid=0(root) groups=0(root),10(wheel)
$ hostname -f
my-vm
$ nslookup my-vm
nslookup my-vm
Server: 10.0.0.2
Address 1: 10.0.0.2 host-10-0-0-2.my-domain.org
Name: my-vm
Address 1: fdfa:152b:bc96:0:f816:3eff:fedc:1780 my-vm.my-domain.org
Address 2: 10.0.0.4 my-vm.my-domain.org

Neutron and Designate integration
Use case 1: name and domain belong to instance / port
$ neutron net-create my-net
--dns_domain my-domain.org.
ReST API
Neutron Designate
{“network”:
...
“name”: “my-net”,
“dns_domain”: “my-domain.org.”,
“id”: “b06b4967-ba73-4567-b060-cf6a9d7ecac6:
...
}
ReST API

ReST API
Neutron Designate
ReST API
--dns_name instance.hostname
Nova compute manager
creating instance my_vm
{“port”:
“fixed_ips”: [
“ip_address”: “10.0.0.4”
}
],
“id”: “b9a82377-a89f-4b02-93ec-3573333f70c6”,
“dns_name”: “my-vm”,
“hostname”: “my-vm”,
“ip_address”: “10.0.0.4”,
“fqdn”: “my-vm.my-domain.org.”
}
}

ReST API
Neutron Designate
ReST API
$ neutron floatingip-create …
--port_id b9a82377-a89f-4b02-93ec-3573333f70c6
{“floatingip”:
“dns_domain”: “”,
“dns_name”: “”,
“fixed_ip_address”: “10.0.0.4”,
“floating_ip_address”: “172.24.4.3”,
...
}
In zone my-domain.org.:
record type: A
name: my-vm.my-domain.org.
data: 172.24.4.3
In zone 4.24.172.in-addr.arpa.
record type: PTR
name: 3.4.24.172.in-addr.arpa.
data: my-vm.my-domain.org.

ReST API
Neutron Designate
ReST API
$ neutron floatingip-create …
--port_id b9a82377-a89f-4b02-93ec-3573333f70c6
--dns_name my-fip
--dns_domain my-other-domain.org.
{“floatingip”:
“dns_domain”: “my-other-domain.org”,
“dns_name”: “my-fip”,
“fixed_ip_address”: “10.0.0.4”,
“floating_ip_address”: “172.24.4.4”,
...
}
In zone my-other-domain.org.:
record type: A
name: my-fip.my-domain.org.
data: 172.24.4.4
In zone 4.24.172.in-addr.arpa.
record type: PTR
name: 4.4.24.172.in-addr.arpa.
data: my-fip.my-domain.org.
Use case 2: name and domain belong to floating ip

Implementation
Neutron server
ExternalDNSService
get_instance
create_record_set
delete_record_set
Designate
create_record_set
delete_record_set
● Design allows the implementation of
different external DNS services drivers.
The reference implementation is with
Designate
● get_instance loads the driver configured in
neutron.conf
● Designate driver uses the Designate
python client v2.0 to send requests and
receive responses
● create_record_set and delete_record_set
in Designate driver instantiate two
Designate clients (V2.0):
○ One with the token present in the
user request. This client is used to
create A and AAAA records
○ The second with admin privileges to

Configuration
● All the configuration is done in neutron.conf
● The external DNS service driver is configured in the [default] section
○ Parameter external_dns_driver
○ The Designate driver is: neutron.services.externaldns.drivers.designate.driver.Designate
● The [designate] section contains the following parameters
○ url: the Designate end point, for example http://23.253.217.34:9001/v2
○ For the admin user / tenant used for the client that handles PTR records:
■ admin_auth_url: the Keystone end point for admin users authentication, for example
http://23.253.217.34:35357/v2.0
■ admin_username
■ admin_password
■ admin_tenant_id
■ admin_tenant_name
○ allow_reverse_dns_lookup to enable (True) or disable (False) the creation of PTR records

Get your instance by name integration of nova, neutron and designate

Two stages
● Divided the work into two stages to avoid coupling three projects together
● Stage One
○ Getting Nova and Neutron to agree on the instance’s name
○ The IP address hangs off the port. It made sense to us the port as the integration point.
● Stage Two
○ Getting Neutron and Designate to talk
■ Could be any DNS service. It can work along with pluggable IPAM.
○ Neutron Network is associated with the Designate domain

Working with Nova
● Nova is a very large project, as is Neutron
● Uncertainty around Nova-net and Neutron
● Nova may have bad bigger fish to fry
○ DNS integration spec, being relatively small, “fell through the cracks” during Liberty

Working with Designate
● “Why haven’t we just done this yet?” - Paraphrased from Kiall in Vancouver
● Smaller team looking to grow traction
● DNS is what they do. They were naturally interested.
● From the Neutron developer who wrote the integration with Designate:
○ Designate always available and ready to answer questions and provide guidance
○ The Designate team created a fixed topic in their weekly IRC meeting to track progress, which
was very helpful to maintain coordination

Working with Neutron
● Who in their right mind… ;)
● Miguel and Carl have been excellent!
● Miguel consistently dropped by the weekly Designate IRC meeting to update
the Designate team on progress

Get your instance by name integration of nova, neutron and designate

More Related Content

What's hot (20)

Similar to Get your instance by name integration of nova, neutron and designate (20)

Recently uploaded (20)

Get your instance by name integration of nova, neutron and designate