Red Hat Training

A Red Hat training course is available for Red Hat OpenStack Platform

Chapter 2. Manual DNSaaS installation

1. Install the DNSaaS packages on the controller node:

# yum install openstack-designate-api openstack-designate-central openstack-designate-sink openstack-designate-pool-manager openstack-designate-mdns openstack-designate-common python-designate python-designateclient openstack-designate-agent

2. Create the DNSaaS and Pool Manager databases. Update the IDENTIFIED BY 'ComplexAlphanumericPassword' value to suit your environment.

# mysql -u root << EOF
GRANT ALL ON designate.* TO 'designate'@'%' IDENTIFIED BY 'ComplexAlphanumericPassword';
GRANT ALL ON designate.* TO 'designate'@'localhost' IDENTIFIED BY 'ComplexAlphanumericPassword';
CREATE DATABASE designate_pool_manager;
GRANT ALL ON designate_pool_manager.* TO 'designate'@'%' IDENTIFIED BY 'ComplexAlphanumericPassword';
GRANT ALL ON designate_pool_manager.* TO 'designate'@'localhost' IDENTIFIED BY 'ComplexAlphanumericPassword';

3. Create the DNSaaS service accounts and endpoint in OpenStack Identity (keystone): This example uses the DNSaaS host IP address You will likely need to update these steps to suit your environment.

$ openstack user create designate --password ComplexAlphanumericPassword --email designate@localhost
$ openstack role add --project service --user designate admin
$ openstack service create dns --name designate --description "Designate DNS Service"
$ openstack endpoint create --region RegionOne --publicurl --internalurl --adminurl designate

4. Add firewall rules for DNSaaS:

$ sudo iptables -I INPUT -p tcp -m multiport --dports 9001 -m comment --comment "designate incoming" -j ACCEPT
$ sudo iptables -I INPUT -p tcp -m multiport --dports 5354 -m comment --comment "Designate mdns incoming" -j ACCEPT

If hosting DNS locally, check that the required ports are open:

$ sudo iptables -I INPUT -p tcp -m multiport --dports 953 -m comment --comment "rndc incoming - bind only" -j ACCEPT
$ sudo service iptables save; sudo service iptables restart

5. Configure the DNSaaS database connection: Be sure to enter your DNSaaS host IP address correctly in the steps below; replace ComplexAlphanumericPassword with the value that aligns with your environment.

$ crudini --set /etc/designate/designate.conf storage:sqlalchemy connection mysql://designate:ComplexAlphanumericPassword@
$ crudini --set /etc/designate/designate.conf storage:sqlalchemy max_retries -1
$ crudini --set /etc/designate/designate.conf pool_manager_cache:sqlalchemy connection mysql://designate:ComplexAlphanumericPassword@
$ crudini --set /etc/designate/designate.conf pool_manager_cache:sqlalchemy max_retries -1

6. Configure authentication to the Identity Service (keystone): Make certain that the admin_password option aligns with your environment.

$ crudini --set /etc/designate/designate.conf keystone_authtoken auth_uri
$ crudini --set /etc/designate/designate.conf keystone_authtoken identity_uri
$ crudini --set /etc/designate/designate.conf keystone_authtoken admin_tenant_name service
$ crudini --set /etc/designate/designate.conf keystone_authtoken admin_user designate
$ crudini --set /etc/designate/designate.conf keystone_authtoken admin_password ComplexAlphanumericPassword

7. Configure the DNSaaS connection to RabbitMQ:

Make certain the rabbit_userid and rabbit_password options align with your environment.

$ crudini --set /etc/designate/designate.conf oslo_messaging_rabbit rabbit_hosts
$ crudini --set /etc/designate/designate.conf oslo_messaging_rabbit rabbit_ha_queues False
$ crudini --set /etc/designate/designate.conf oslo_messaging_rabbit rabbit_host
$ crudini --set /etc/designate/designate.conf oslo_messaging_rabbit rabbit_port 5672
$ crudini --set /etc/designate/designate.conf oslo_messaging_rabbit rabbit_userid amqp_user
$ crudini --set /etc/designate/designate.conf oslo_messaging_rabbit rabbit_password ComplexAlphanumericPassword
$ crudini --set /etc/designate/designate.conf oslo_messaging_rabbit rabbit_virtual_host /

8. Add the initial DNSaaS configuration:

$ crudini --set /etc/designate/designate.conf DEFAULT notification_driver nova.openstack.common.notifier.rpc_notifier
$ crudini --set /etc/designate/designate.conf DEFAULT notification_driver messaging
$ crudini --set /etc/designate/designate.conf DEFAULT notification_topics notifications_designate
$ crudini --set /etc/designate/designate.conf service:api api_host
$ crudini --set /etc/designate/designate.conf service:api api_port 9001
$ crudini --set /etc/designate/designate.conf service:api auth_strategy keystone
$ crudini --set /etc/designate/designate.conf service:api enable_api_v1 True
$ crudini --set /etc/designate/designate.conf service:api enabled_extensions_v1 "diagnostics, quotas, reports, sync, touch"
$ crudini --set /etc/designate/designate.conf service:api enable_api_v2 True
$ crudini --set /etc/designate/designate.conf service:api enabled_extensions_v2 "quotas, reports"

9. Configure the pool manager:


At present, you will not yet configure a pool target as you have not selected a backend. That occurs later in this procedure.

The pool_id is hardcoded, so use the UUID shown below:

# pool_id=794ccc2c-d751-44fe-b57f-8894c9f5c842
# nameserver_id=$(uuidgen)
# target_id=$(uuidgen)
$ crudini --set /etc/designate/designate.conf service:pool_manager pool_id $pool_id
$ crudini --set /etc/designate/designate.conf pool:$pool_id nameservers $nameserver_id
$ crudini --set /etc/designate/designate.conf pool:$pool_id targets $target_id
$ crudini --set /etc/designate/designate.conf pool_nameserver:$nameserver_id port 53
$ crudini --set /etc/designate/designate.conf pool_nameserver:$nameserver_id host

10. Configure the DNSaaS Sink:


For now, you will not configure the domain used by sink (as it does not exist yet).

$ crudini --set /etc/designate/designate.conf service:sink enabled_notification_handlers "nova_fixed, neutron_floatingip"
$ crudini --set /etc/designate/designate.conf handler:nova_fixed notification_topics notifications_designate
$ crudini --set /etc/designate/designate.conf handler:nova_fixed control_exchange nova
$ crudini --set /etc/designate/designate.conf handler:nova_fixed format "%(display_name)s.%(domain)s"
$ crudini --set /etc/designate/designate.conf handler:neutron_floatingip notification_topics notifications_designate
$ crudini --set /etc/designate/designate.conf handler:neutron_floatingip control_exchange neutron
$ crudini --set /etc/designate/designate.conf handler:neutron_floatingip format "%(octet0)s-%(octet1)s-%(octet2)s-%(octet3)s.%(domain)s"

11. Configure Compute and OpenStack Networking to send notifications


Ceilometer’s agent also listens and consumes notifications. Create a specific Designate notifications queue (as shown below) so they don’t conflict.

OpenStack Compute in the Kilo release switched to messaging as its notification driver; previously it was nova.openstack.common.notifier.rpc_notifier

$ crudini --set /etc/nova/nova.conf DEFAULT notification_topics notifications,notifications_designate
$ crudini --set /etc/nova/nova.conf DEFAULT notify_on_state_change vm_and_task_state
$ crudini --set /etc/nova/nova.conf DEFAULT instance_usage_audit_period hour
$ crudini --set /etc/nova/nova.conf DEFAULT instance_usage_audit true
$ crudini --set /etc/neutron/neutron.conf DEFAULT notification_driver neutron.openstack.common.notifier.rpc_notifier
$ crudini --set /etc/neutron/neutron.conf DEFAULT notification_topics notifications,notifications_designate
$ sudo systemctl restart nova.service
$ sudo systemctl restart neutron.service

12. Manually verify the notification_driver in nova.conf:


Due to the possibility of multiple notification_drivers in nova.conf, the crudini command might cause problems. Check in the DEFAULT section to ensure you have these two entries:


If using a separate Compute node, it will need the following settings in nova.conf:

notification_driver =nova.openstack.common.notifier.rabbit_notifier,ceilometer.compute.nova_notifier
notification_driver =messaging

13. Sync the DNSaaS and Pool Manager cache:

# designate-manage database sync
# designate-manage pool-manager-cache sync

14. Enable and start the DNSaaS services:

# systemctl enable designate-central
# systemctl enable designate-api
# systemctl enable designate-mdns
# systemctl enable designate-pool-manager
# systemctl start designate-central
# systemctl start designate-api
# systemctl start designate-mdns
# systemctl start designate-pool-manager

At this point you have not created a DNS target for your pool, so don’t expect a functioning DNSaaS deployment yet.