Red Hat Training
A Red Hat training course is available for Red Hat OpenStack Platform
Chapter 2. Manual DNSaaS installation
Your server must be registered to receive the OpenStack packages. For more information, see https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/8/html-single/director_installation_and_usage/#sect-Registering_your_System
1. Install the DNSaaS packages on the controller node:
# yum install openstack-designate-api openstack-designate-central openstack-designate-sink openstack-designate-pool-manager openstack-designate-mdns openstack-designate-common python-designate python-designateclient openstack-designate-agent
2. Create the DNSaaS and Pool Manager databases. Update the IDENTIFIED BY 'ComplexAlphanumericPassword'
value to suit your environment.
# mysql -u root << EOF CREATE DATABASE designate; GRANT ALL ON designate.* TO 'designate'@'%' IDENTIFIED BY 'ComplexAlphanumericPassword'; GRANT ALL ON designate.* TO 'designate'@'localhost' IDENTIFIED BY 'ComplexAlphanumericPassword'; CREATE DATABASE designate_pool_manager; GRANT ALL ON designate_pool_manager.* TO 'designate'@'%' IDENTIFIED BY 'ComplexAlphanumericPassword'; GRANT ALL ON designate_pool_manager.* TO 'designate'@'localhost' IDENTIFIED BY 'ComplexAlphanumericPassword'; FLUSH PRIVILEGES; quit EOF
3. Create the DNSaaS service accounts and endpoint in OpenStack Identity (keystone): This example uses the DNSaaS host IP address 192.168.100.20
. You will likely need to update these steps to suit your environment.
$ openstack user create designate --password ComplexAlphanumericPassword --email designate@localhost $ openstack role add --project service --user designate admin $ openstack service create dns --name designate --description "Designate DNS Service" $ openstack endpoint create --region RegionOne --publicurl http://192.168.100.20:9001 --internalurl http://192.168.100.20:9001 --adminurl http://192.168.100.20:9001 designate
4. Add firewall rules for DNSaaS:
$ sudo iptables -I INPUT -p tcp -m multiport --dports 9001 -m comment --comment "designate incoming" -j ACCEPT $ sudo iptables -I INPUT -p tcp -m multiport --dports 5354 -m comment --comment "Designate mdns incoming" -j ACCEPT
If hosting DNS locally, check that the required ports are open:
$ sudo iptables -I INPUT -p tcp -m multiport --dports 953 -m comment --comment "rndc incoming - bind only" -j ACCEPT $ sudo service iptables save; sudo service iptables restart
5. Configure the DNSaaS database connection: Be sure to enter your DNSaaS host IP address correctly in the steps below; replace ComplexAlphanumericPassword
with the value that aligns with your environment.
$ crudini --set /etc/designate/designate.conf storage:sqlalchemy connection mysql://designate:ComplexAlphanumericPassword@192.168.100.20/designate $ crudini --set /etc/designate/designate.conf storage:sqlalchemy max_retries -1 $ crudini --set /etc/designate/designate.conf pool_manager_cache:sqlalchemy connection mysql://designate:ComplexAlphanumericPassword@192.168.100.20/designate_pool_manager $ crudini --set /etc/designate/designate.conf pool_manager_cache:sqlalchemy max_retries -1
6. Configure authentication to the Identity Service (keystone): Make certain that the admin_password
option aligns with your environment.
$ crudini --set /etc/designate/designate.conf keystone_authtoken auth_uri http://192.168.100.20:5000/v2.0 $ crudini --set /etc/designate/designate.conf keystone_authtoken identity_uri http://192.168.100.20:35357/ $ crudini --set /etc/designate/designate.conf keystone_authtoken admin_tenant_name service $ crudini --set /etc/designate/designate.conf keystone_authtoken admin_user designate $ crudini --set /etc/designate/designate.conf keystone_authtoken admin_password ComplexAlphanumericPassword
7. Configure the DNSaaS connection to RabbitMQ:
Make certain the rabbit_userid
and rabbit_password
options align with your environment.
$ crudini --set /etc/designate/designate.conf oslo_messaging_rabbit rabbit_hosts 192.168.100.20:5672 $ crudini --set /etc/designate/designate.conf oslo_messaging_rabbit rabbit_ha_queues False $ crudini --set /etc/designate/designate.conf oslo_messaging_rabbit rabbit_host 192.168.100.20 $ crudini --set /etc/designate/designate.conf oslo_messaging_rabbit rabbit_port 5672 $ crudini --set /etc/designate/designate.conf oslo_messaging_rabbit rabbit_userid amqp_user $ crudini --set /etc/designate/designate.conf oslo_messaging_rabbit rabbit_password ComplexAlphanumericPassword $ crudini --set /etc/designate/designate.conf oslo_messaging_rabbit rabbit_virtual_host /
8. Add the initial DNSaaS configuration:
$ crudini --set /etc/designate/designate.conf DEFAULT notification_driver nova.openstack.common.notifier.rpc_notifier $ crudini --set /etc/designate/designate.conf DEFAULT notification_driver messaging $ crudini --set /etc/designate/designate.conf DEFAULT notification_topics notifications_designate $ crudini --set /etc/designate/designate.conf service:api api_host 0.0.0.0 $ crudini --set /etc/designate/designate.conf service:api api_port 9001 $ crudini --set /etc/designate/designate.conf service:api auth_strategy keystone $ crudini --set /etc/designate/designate.conf service:api enable_api_v1 True $ crudini --set /etc/designate/designate.conf service:api enabled_extensions_v1 "diagnostics, quotas, reports, sync, touch" $ crudini --set /etc/designate/designate.conf service:api enable_api_v2 True $ crudini --set /etc/designate/designate.conf service:api enabled_extensions_v2 "quotas, reports"
9. Configure the pool manager:
At present, you will not yet configure a pool target as you have not selected a backend. That occurs later in this procedure.
The pool_id
is hardcoded, so use the UUID
shown below:
# pool_id=794ccc2c-d751-44fe-b57f-8894c9f5c842 # nameserver_id=$(uuidgen) # target_id=$(uuidgen) $ crudini --set /etc/designate/designate.conf service:pool_manager pool_id $pool_id $ crudini --set /etc/designate/designate.conf pool:$pool_id nameservers $nameserver_id $ crudini --set /etc/designate/designate.conf pool:$pool_id targets $target_id $ crudini --set /etc/designate/designate.conf pool_nameserver:$nameserver_id port 53 $ crudini --set /etc/designate/designate.conf pool_nameserver:$nameserver_id host 192.168.100.20
10. Configure the DNSaaS Sink:
For now, you will not configure the domain used by sink (as it does not exist yet).
$ crudini --set /etc/designate/designate.conf service:sink enabled_notification_handlers "nova_fixed, neutron_floatingip" $ crudini --set /etc/designate/designate.conf handler:nova_fixed notification_topics notifications_designate $ crudini --set /etc/designate/designate.conf handler:nova_fixed control_exchange nova $ crudini --set /etc/designate/designate.conf handler:nova_fixed format "%(display_name)s.%(domain)s" $ crudini --set /etc/designate/designate.conf handler:neutron_floatingip notification_topics notifications_designate $ crudini --set /etc/designate/designate.conf handler:neutron_floatingip control_exchange neutron $ crudini --set /etc/designate/designate.conf handler:neutron_floatingip format "%(octet0)s-%(octet1)s-%(octet2)s-%(octet3)s.%(domain)s"
11. Configure Compute and OpenStack Networking to send notifications
Ceilometer’s agent also listens and consumes notifications. Create a specific Designate
notifications queue (as shown below) so they don’t conflict.
OpenStack Compute in the Kilo release switched to messaging
as its notification driver; previously it was nova.openstack.common.notifier.rpc_notifier
$ crudini --set /etc/nova/nova.conf DEFAULT notification_topics notifications,notifications_designate $ crudini --set /etc/nova/nova.conf DEFAULT notify_on_state_change vm_and_task_state $ crudini --set /etc/nova/nova.conf DEFAULT instance_usage_audit_period hour $ crudini --set /etc/nova/nova.conf DEFAULT instance_usage_audit true $ crudini --set /etc/neutron/neutron.conf DEFAULT notification_driver neutron.openstack.common.notifier.rpc_notifier $ crudini --set /etc/neutron/neutron.conf DEFAULT notification_topics notifications,notifications_designate $ sudo systemctl restart nova.service $ sudo systemctl restart neutron.service
12. Manually verify the notification_driver
in nova.conf:
Due to the possibility of multiple notification_drivers
in nova.conf, the crudini command might cause problems. Check in the DEFAULT
section to ensure you have these two entries:
notification_driver=ceilometer.compute.nova_notifier notification_driver=messaging
If using a separate Compute node, it will need the following settings in nova.conf:
notification_driver =nova.openstack.common.notifier.rabbit_notifier,ceilometer.compute.nova_notifier notification_driver =messaging notification_topics=notifications,notifications_designate
13. Sync the DNSaaS and Pool Manager cache:
# designate-manage database sync # designate-manage pool-manager-cache sync
14. Enable and start the DNSaaS services:
# systemctl enable designate-central # systemctl enable designate-api # systemctl enable designate-mdns # systemctl enable designate-pool-manager # systemctl start designate-central # systemctl start designate-api # systemctl start designate-mdns # systemctl start designate-pool-manager
At this point you have not created a DNS target for your pool, so don’t expect a functioning DNSaaS deployment yet.