Designate DNS as a Service in OpenStack
Overview Designate
Designate is an Open Source DNS-as-a-Service implementation and a part of the OpenStack ecosystem of services for running clouds. It allows users and operators to manage DNS records, names and zones via a REST API and can configure existing DNS name servers to contain those records. Designate can also be configured by an operator to integrate with both the OpenStack Network Service (Neutron) and the Compute Service (Nova) so that records are automatically created when floating IPs and compute instances are created respectively, and uses the OpenStack Identity Service (Keystone) for user management. Designate can be thought of as similar to AWS Route 53.
Designate provides DNSaaS services for OpenStack:
- REST API for domain/record management
- Multi-tenant
- Integrated with Keystone for authentication
- Framework in place to integrate with Nova and Neutron notifications (for auto-generated records)
- Support for Bind9 and Infoblox out of the box
Designate Architecture
Designate is comprised of several different services: the API, Producer, Central, Worker and Mini DNS. It uses an oslo.db compatible database to store state and data, and an oslo.messaging compatible message queue to facilitate communication between services. Multiple copies of all Designate services can be run in tandem to facilitate high availability deployments, with the API process often sitting behind load balancers.
More about designate: https://docs.openstack.org/designate/latest/intro/index.html
Prerequisites:
- OpenStack Environment Installed,
Look here for OpenStack Deployment reference Deploy Multinode OpenStack - Interface used by
dns_interfacemust be reachable from public network
Setup Designate on Kolla deployment:
Let’s take a look at the steps required to configure designate on Kolla deployment. The steps look something like the following:
1. Configuration designate service
Enable and configure designate service in /etc/kolla/globals.yml
...
enable_designate: "yes"
dns_interface: "ens8"
designate_ns_record:
- "ns1.sample.kinton.org"
designate_backend: "bind9"Designate MDNS node requires interface
ens8to be reachable from public network.
2. Install required python clients
pip3 install python-openstackclient python-designateclient3. Enable designate service
Ensure the environment is ready with prechecks process.
Then start deploy to enable designate
### Do pre-deployment checks for hosts
kolla-ansible -i multinode prechecks
### Finally proceed to deploy
kolla-ansible -i multinode deployCheck designate service was already enabled
openstack service list; openstack endpoint list --service designate
4. Neutron and Nova Integration
Create default designate Zone, in this case is sample.kinton.org.
openstack zone create --email admin@sample.kinton.org sample.kinton.org.
openstack zone list
+--------------------------------------+--------------------+---------+------------+--------+--------+
| id | name | type | serial | status | action |
+--------------------------------------+--------------------+---------+------------+--------+--------+
| d11f8186-a09c-4ef6-90d7-d5c1a709fa71 | sample.kinton.org. | PRIMARY | 1703834168 | ACTIVE | NONE |
+--------------------------------------+--------------------+---------+------------+--------+--------+
openstack recordset list sample.kinton.org.
Create designate-sink custom configuration folder
mkdir -p /etc/kolla/config/designate/Append designate ZONE_ID in /etc/kolla/config/designate/designate-sink.conf
zone_id must be manually filled an ID from openstack zone list, check in file
kolla-ansible/ansible/roles/designate/templates/designate.conf.j2
### cat /etc/kolla/config/designate/designate-sink.conf
[handler:nova_fixed]
zone_id = d11f8186-a09c-4ef6-90d7-d5c1a709fa71
[handler:neutron_floatingip]
zone_id = d11f8186-a09c-4ef6-90d7-d5c1a709fa71Reconfigure Designate:
kolla-ansible -i multinode reconfigure --tags designate,neutron,nova5. Verify operation
List available networks and then associate withdns domain
### List available network
openstack network list
### Associate a domain to a network
openstack network set <NETWORK_ID> --dns-domain sample.kinton.org.Check detail of network, change <NETWORK_ID> with actual value
openstack network show <NETWORK_ID> --fit
Create a new instance
openstack server create \
--image cirros \
--flavor m1.tiny \
--key-name mykey \
--nic net-id=<NETWORK_ID> \
vm-cirros
openstack server list
Check DNS records in Designate
openstack recordset list sample.kinton.org.
+--------------------------------------+------------------------------------+------+-------------------------------------------+--------+--------+
| id | name | type | records | status | action |
+--------------------------------------+------------------------------------+------+-------------------------------------------+--------+--------+
| ceec5fb2-5ffe-4b4c-b42b-94e1424a94ca | sample.kinton.org. | NS | ns1.sample.kinton.org. | ACTIVE | NONE |
| eb1cf5f2-edf4-475c-9fa4-0c23b263ea3e | sample.kinton.org. | SOA | ns1.sample.kinton.org. | ACTIVE | NONE |
| | | | admin.sample.kinton.org. 1703838070 3558 | | |
| | | | 600 86400 3600 | | |
| 5e1b92ab-450c-4fb2-a690-0d5ce6dd040b | vm-cirros.admin.sample.kinton.org. | A | 10.8.60.83 | ACTIVE | NONE |
| b4787cce-70aa-4cd5-9e17-3959b7d2e666 | vm-cirros.sample.kinton.org. | A | 10.8.60.83 | ACTIVE | NONE |
| ec9cad6d-01e2-40e1-9979-cfc041b1692e | 10-8-60-83.sample.kinton.org. | A | 10.8.60.83 | ACTIVE | NONE |
+--------------------------------------+------------------------------------+------+-------------------------------------------+--------+--------+
Query instance DNS information to Designate dns_interface IP address. Validate that designate resolves the DNS record.
dig +short @<DNS_INTERFACE_IP> vm-cirros.sample.kinton.org. A
more information about how designate works, see Designate, a DNSaaS component for OpenStack.
References :
