diff --git a/install-guide/source/common_prerequisites.rst b/install-guide/source/common_prerequisites.rst new file mode 100644 index 000000000..af2705a78 --- /dev/null +++ b/install-guide/source/common_prerequisites.rst @@ -0,0 +1,39 @@ +Prerequisites +------------- + +Before you install and configure the DNS service, +you must create service credentials and API endpoints. + +#. Source the ``admin`` credentials to gain access to + admin-only CLI commands: + + .. code-block:: console + + $ source admin-openrc + +#. To create the service credentials, complete these steps: + + * Create the ``designate`` user: + + .. code-block:: console + + $ openstack user create --domain default --password-prompt designate + + * Add the ``admin`` role to the ``designate`` user: + + .. code-block:: console + + $ openstack role add --project service --user designate admin + + * Create the designate service entities: + + .. code-block:: console + + $ openstack service create --name designate --description "DNS" dns + +#. Create the DNS service API endpoint: + + .. code-block:: console + + $ openstack endpoint create --region RegionOne \ + dns public http://controller:9001/ \ No newline at end of file diff --git a/install-guide/source/conf.py b/install-guide/source/conf.py new file mode 100644 index 000000000..4f77a5b86 --- /dev/null +++ b/install-guide/source/conf.py @@ -0,0 +1,302 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This file is execfile()d with the current directory set to its +# containing dir. +# +# Note that not all possible configuration values are present in this +# autogenerated file. +# +# All configuration values have a default; values that are commented out +# serve to show the default. + +import os +# import sys + + +import openstackdocstheme + +# If extensions (or modules to document with autodoc) are in another directory, +# add these directories to sys.path here. If the directory is relative to the +# documentation root, use os.path.abspath to make it absolute, like shown here. +# sys.path.insert(0, os.path.abspath('.')) + +# -- General configuration ------------------------------------------------ + +# If your documentation needs a minimal Sphinx version, state it here. +# needs_sphinx = '1.0' + +# Add any Sphinx extension module names here, as strings. They can be +# extensions coming with Sphinx (named 'sphinx.ext.*') or your custom +# ones. +# TODO(ajaeger): enable PDF building, for example add 'rst2pdf.pdfbuilder' +# extensions = + +# Add any paths that contain templates here, relative to this directory. +# templates_path = ['_templates'] + +# The suffix of source filenames. +source_suffix = '.rst' + +# The encoding of source files. +# source_encoding = 'utf-8-sig' + +# The master toctree document. +master_doc = 'index' + +# General information about the project. +project = u'Installation Guide for DNS Service' +bug_tag = u'install-guide' +copyright = u'2016, OpenStack contributors' + +# The version info for the project you're documenting, acts as replacement for +# |version| and |release|, also used in various other places throughout the +# built documents. +# +# The short X.Y version. +version = '0.1' +# The full version, including alpha/beta/rc tags. +release = '0.1' + +# A few variables have to be set for the log-a-bug feature. +# giturl: The location of conf.py on Git. Must be set manually. +# gitsha: The SHA checksum of the bug description. Automatically extracted +# from git log. +# bug_tag: Tag for categorizing the bug. Must be set manually. +# These variables are passed to the logabug code via html_context. +giturl = u'http://git.openstack.org/cgit/openstack/designate/tree/'\ + u'install-guide/source' +git_cmd = "/usr/bin/git log | head -n1 | cut -f2 -d' '" +gitsha = os.popen(git_cmd).read().strip('\n') +html_context = {"gitsha": gitsha, "bug_tag": bug_tag, + "giturl": giturl, + "bug_project": "designate"} + +# The language for content autogenerated by Sphinx. Refer to documentation +# for a list of supported languages. +# language = None + +# There are two options for replacing |today|: either, you set today to some +# non-false value, then it is used: +# today = '' +# Else, today_fmt is used as the format for a strftime call. +# today_fmt = '%B %d, %Y' + +# List of patterns, relative to source directory, that match files and +# directories to ignore when looking for source files. +exclude_patterns = ["common_prerequisites.rst", "common_configure.rst"] + +# The reST default role (used for this markup: `text`) to use for all +# documents. +# default_role = None + +# If true, '()' will be appended to :func: etc. cross-reference text. +# add_function_parentheses = True + +# If true, the current module name will be prepended to all description +# unit titles (such as .. function::). +# add_module_names = True + +# If true, sectionauthor and moduleauthor directives will be shown in the +# output. They are ignored by default. +# show_authors = False + +# The name of the Pygments (syntax highlighting) style to use. +pygments_style = 'sphinx' + +# A list of ignored prefixes for module index sorting. +# modindex_common_prefix = [] + +# If true, keep warnings as "system message" paragraphs in the built documents. +# keep_warnings = False + + +# -- Options for HTML output ---------------------------------------------- + +# The theme to use for HTML and HTML Help pages. See the documentation for +# a list of builtin themes. +html_theme = 'openstackdocs' + +# Theme options are theme-specific and customize the look and feel of a theme +# further. For a list of options available for each theme, see the +# documentation. +# html_theme_options = {} + +# Add any paths that contain custom themes here, relative to this directory. +html_theme_path = [openstackdocstheme.get_html_theme_path()] + +# The name for this set of Sphinx documents. If None, it defaults to +# " v documentation". +# html_title = None + +# A shorter title for the navigation bar. Default is the same as html_title. +# html_short_title = None + +# The name of an image file (relative to this directory) to place at the top +# of the sidebar. +# html_logo = None + +# The name of an image file (within the static path) to use as favicon of the +# docs. This file should be a Windows icon file (.ico) being 16x16 or 32x32 +# pixels large. +# html_favicon = None + +# Add any paths that contain custom static files (such as style sheets) here, +# relative to this directory. They are copied after the builtin static files, +# so a file named "default.css" will overwrite the builtin "default.css". +# html_static_path = [] + +# Add any extra paths that contain custom files (such as robots.txt or +# .htaccess) here, relative to this directory. These files are copied +# directly to the root of the documentation. +# html_extra_path = [] + +# If not '', a 'Last updated on:' timestamp is inserted at every page bottom, +# using the given strftime format. +# So that we can enable "log-a-bug" links from each output HTML page, this +# variable must be set to a format that includes year, month, day, hours and +# minutes. +html_last_updated_fmt = '%Y-%m-%d %H:%M' + + +# If true, SmartyPants will be used to convert quotes and dashes to +# typographically correct entities. +# html_use_smartypants = True + +# Custom sidebar templates, maps document names to template names. +# html_sidebars = {} + +# Additional templates that should be rendered to pages, maps page names to +# template names. +# html_additional_pages = {} + +# If false, no module index is generated. +# html_domain_indices = True + +# If false, no index is generated. +html_use_index = False + +# If true, the index is split into individual pages for each letter. +# html_split_index = False + +# If true, links to the reST sources are added to the pages. +html_show_sourcelink = False + +# If true, "Created using Sphinx" is shown in the HTML footer. Default is True. +# html_show_sphinx = True + +# If true, "(C) Copyright ..." is shown in the HTML footer. Default is True. +# html_show_copyright = True + +# If true, an OpenSearch description file will be output, and all pages will +# contain a tag referring to it. The value of this option must be the +# base URL from which the finished HTML is served. +# html_use_opensearch = '' + +# This is the file name suffix for HTML files (e.g. ".xhtml"). +# html_file_suffix = None + +# Output file base name for HTML help builder. +htmlhelp_basename = 'install-guide' + +# If true, publish source files +html_copy_source = False + +# -- Options for LaTeX output --------------------------------------------- + +latex_elements = { + # The paper size ('letterpaper' or 'a4paper'). + # 'papersize': 'letterpaper', + + # The font size ('10pt', '11pt' or '12pt'). + # 'pointsize': '10pt', + + # Additional stuff for the LaTeX preamble. + # 'preamble': '', +} + +# Grouping the document tree into LaTeX files. List of tuples +# (source start file, target name, title, +# author, documentclass [howto, manual, or own class]). +latex_documents = [ + ('index', 'InstallGuide.tex', u'Install Guide', + u'OpenStack contributors', 'manual'), +] + +# The name of an image file (relative to this directory) to place at the top of +# the title page. +# latex_logo = None + +# For "manual" documents, if this is true, then toplevel headings are parts, +# not chapters. +# latex_use_parts = False + +# If true, show page references after internal links. +# latex_show_pagerefs = False + +# If true, show URL addresses after external links. +# latex_show_urls = False + +# Documents to append as an appendix to all manuals. +# latex_appendices = [] + +# If false, no module index is generated. +# latex_domain_indices = True + + +# -- Options for manual page output --------------------------------------- + +# One entry per manual page. List of tuples +# (source start file, name, description, authors, manual section). +man_pages = [ + ('index', 'installguide', u'Install Guide', + [u'OpenStack contributors'], 1) +] + +# If true, show URL addresses after external links. +# man_show_urls = False + + +# -- Options for Texinfo output ------------------------------------------- + +# Grouping the document tree into Texinfo files. List of tuples +# (source start file, target name, title, author, +# dir menu entry, description, category) +texinfo_documents = [ + ('index', 'InstallGuide', u'Install Guide', + u'OpenStack contributors', 'InstallGuide', + 'This guide shows OpenStack end users how to install ' + 'an OpenStack cloud.', 'Miscellaneous'), +] + +# Documents to append as an appendix to all manuals. +# texinfo_appendices = [] + +# If false, no module index is generated. +# texinfo_domain_indices = True + +# How to display URL addresses: 'footnote', 'no', or 'inline'. +# texinfo_show_urls = 'footnote' + +# If true, do not generate a @detailmenu in the "Top" node's menu. +# texinfo_no_detailmenu = False + +# -- Options for Internationalization output ------------------------------ +locale_dirs = ['locale/'] + +# -- Options for PDF output -------------------------------------------------- + +pdf_documents = [ + ('index', u'InstallGuide', u'Install Guide', + u'OpenStack contributors') +] diff --git a/install-guide/source/create-zone.rst b/install-guide/source/create-zone.rst new file mode 100644 index 000000000..01af1e48d --- /dev/null +++ b/install-guide/source/create-zone.rst @@ -0,0 +1,81 @@ +.. _create-zone: + +Create a Zone +~~~~~~~~~~~~~ + +In environments that include the DNS service, you can create a DNS Zone. + +#. Source the ``demo`` credentials to perform + the following steps as a non-administrative project: + + .. code-block:: console + + $ . demo-openrc + +#. Create a Zone called ``example.com.``: + + .. code-block:: console + + $ openstack zone create --email dnsmaster@example.com. example.com. + +----------------+--------------------------------------+ + | Field | Value | + +----------------+--------------------------------------+ + | action | CREATE | + | attributes | {} | + | created_at | 2016-07-13T14:54:16.000000 | + | description | None | + | email | dnsmaster@example.com | + | id | 14093115-0f0f-497a-ac69-42235e46c26f | + | masters | | + | name | example.com. | + | pool_id | 794ccc2c-d751-44fe-b57f-8894c9f5c842 | + | project_id | 656bc359067844fba6005d400f19df76 | + | serial | 1468421656 | + | status | PENDING | + | transferred_at | None | + | ttl | 3600 | + | type | PRIMARY | + | updated_at | None | + | version | 1 | + +----------------+--------------------------------------+ + +#. After a short time, verify successful creation of the zone + + .. code-block:: console + + $ openstack zone list + +--------------------------------------+--------------+---------+------------+--------+--------+ + | id | name | type | serial | status | action | + +--------------------------------------+--------------+---------+------------+--------+--------+ + | 14093115-0f0f-497a-ac69-42235e46c26f | example.com. | PRIMARY | 1468421656 | ACTIVE | NONE | + +--------------------------------------+--------------+---------+------------+--------+--------+ + +#. We can now create RecordSets in this zone + + .. code-block:: console + + $ openstack recordset create --records '10.0.0.1' --type A example.com. www + +-------------+--------------------------------------+ + | Field | Value | + +-------------+--------------------------------------+ + | action | CREATE | + | created_at | 2016-07-13T14:59:32.000000 | + | description | None | + | id | 07e6f5af-783e-481f-b8df-5972a6174c94 | + | name | www.example.com. | + | project_id | 656bc359067844fba6005d400f19df76 | + | records | 10.0.0.1 | + | status | PENDING | + | ttl | None | + | type | A | + | updated_at | None | + | version | 1 | + | zone_id | 14093115-0f0f-497a-ac69-42235e46c26f | + | zone_name | example.com. | + +-------------+--------------------------------------+ + +#. Delete the zone. + + .. code-block:: console + + $ openstack zone delete example.com. diff --git a/install-guide/source/get_started.rst b/install-guide/source/get_started.rst new file mode 100644 index 000000000..ac7c0e247 --- /dev/null +++ b/install-guide/source/get_started.rst @@ -0,0 +1,48 @@ +==================== +DNS service overview +==================== + +The DNS service provides DNS Zone and RecordSet management for OpenStack +clouds. The DNS Service includes a REST API, a command-line client, and a +Horizon Dashboard plugin. + +The DNS service consists of the following components: + +``openstack`` command-line client plugin + A plugin for the OpenStack Client CLI that communicates with the REST API + +``designate-api`` component + An OpenStack-native REST API that processes API requests by sending + them to the ``designate-central`` over Remote Procedure Call (RPC). + +``designate-central`` component + Orchestrates the creation, deletion and update of Zones and RecordSets, and + delegates work to ``designate-pool-manager`` for interaction with the DNS + servers + +``designate-producer`` component + Orchestrates periodic tasks that are run by designate. + +``designate-worker`` component + Is a generic task runner, that runs both zone create / update and deletes, + and periodic tasks, from ``designate-producer`` + +``designate-mdns`` component + A small DNS Server that is responsible for pushing DNS Zone information to + the customer facing DNS Servers. Can also pull in DNS information about + DNS Zones hosted outside of the Designate infrastructure + +``designate-agent`` component + A small python daemon that can be used for a limited sub set of DNS Servers + Some DNS Servers requrire commands be run locally, and to do this we use + this component. + + .. note:: The majority of Designate installs will not need this component. + +``Customer Facing DNS Servers`` + Serves DNS requests to end users. They are orchestreated by the + ``designate-worker``, and the supported list is maintained `here`_ + + + .. _here: http://docs.openstack.org/developer/designate/support-matrix.html + diff --git a/install-guide/source/index.rst b/install-guide/source/index.rst new file mode 100644 index 000000000..8965541c2 --- /dev/null +++ b/install-guide/source/index.rst @@ -0,0 +1,16 @@ +=========== +DNS service +=========== + +.. toctree:: + :maxdepth: 2 + + get_started + install + verify + create-zone + next-steps + +This chapter assumes a working setup of OpenStack following the +`OpenStack Installation Tutorial `_. + diff --git a/install-guide/source/install-ubuntu.rst b/install-guide/source/install-ubuntu.rst new file mode 100644 index 000000000..43a870eef --- /dev/null +++ b/install-guide/source/install-ubuntu.rst @@ -0,0 +1,224 @@ +.. _install-ubuntu: + +Install and configure for Ubuntu +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +This section describes how to install and configure the DNS +service for Ubuntu 14.04 (LTS). + +.. include:: common_prerequisites.rst + +Install and configure components +-------------------------------- + +.. note:: + + Default configuration files vary by distribution. You might need + to add these sections and options rather than modifying existing + sections and options. Also, an ellipsis (``...``) in the configuration + snippets indicates potential default configuration options that you + should retain. + +#. Install the packages: + + .. code-block:: console + + # apt-get install designate + +#. Create the databases: + + .. code-block:: console + + # mysql + + .. code-block:: sql + + CREATE DATABASE `designate` + GRANT ALL PRIVILEGES ON designate.* TO 'designate'@'localhost' \ + IDENTIFIED BY 'DESIGNATE_DBPASS'; + + +#. Install the BIND9 packages: + + .. code-block:: console + + # apt-get install bind9 + +#. Add the following options in the ``/etc/bind/named.conf.options`` file: + + .. code-block:: none + + options { + ... + allow-new-zones yes; + request-ixfr no; + recursion no; + }; + +#. Create an RNDC Key: + + .. code-block:: console + + # rndc-confgen -a -k designate -c /etc/designate/rndc.key + +#. Add the key to ``/etc/bind/named.conf`` + + .. code-block:: none + + ... + # This should be the contents of ``/etc/designate/rndc.key`` + key "designate" { + algorithm hmac-md5; + secret "OAkHNQy0m6UPcv55fiVAPw=="; + }; + # End of content from ``/etc/designate/rndc.key`` + + controls { + inet 127.0.0.1 port 953 + allow { 127.0.0.1; } keys { "designate"; }; + }; + + +#. Restart the DNS service: + + .. code-block:: console + + # service bind9 restart + +#. Edit the ``/etc/designate/designate.conf`` file and + complete the following actions: + + * In the ``[service:api]`` section, configure ``auth_strategy``: + + .. code-block:: ini + + [service:api] + api_host = 0.0.0.0 + api_port = 9001 + auth_strategy = keystone + enable_api_v1 = True + enabled_extensions_v1 = quotas, reports + enable_api_v2 = True + + * In the ``[keystone_authtoken]`` section, configure the following options: + + .. code-block:: ini + + [keystone_authtoken] + auth_host = controller + auth_port = 35357 + auth_protocol = http + admin_tenant_name = service + admin_user = designate + admin_password = DESIGNATE_PASS + + Replace DESIGNATE_PASS with the password you chose for the ``designate`` + user in the Identity service. + + * In the ``[service:worker]`` section, enable the worker model: + + .. code-block:: ini + + enabled = True + notify = True + + * In the ``[storage:sqlalchemy]`` section, configure database access: + + .. code-block:: ini + + [storage:sqlalchemy] + connection = mysql+pymysql://designate:DESIGNATE_DBPASS@controller/designate + + ``DESIGNATE_DBPASS`` is automatically set to the password + you chose for the Designate database. + + * Populate the designate database + + .. code-block:: console + + # su -s /bin/sh -c "designate-manage database sync" designate + + +#. Restart the Designate central and API services: + + .. code-block:: console + + # service designate-central restart + # service designate-api restart + +#. Create a pools.yaml file in ``/etc/designate/pools.yaml`` + + .. code-block:: console + + # editor /etc/designate/pools.yaml + + .. code-block:: yaml + + - name: default + # The name is immutable. There will be no option to change the name after + # creation and the only way will to change it will be to delete it + # (and all zones associated with it) and recreate it. + description: Default Pool + + attributes: {} + + # List out the NS records for zones hosted within this pool + # This should be a record that is created outside of designate, that + # points to the public IP of the controller node. + ns_records: + - hostname: ns1-1.example.org. + priority: 1 + + # List out the nameservers for this pool. These are the actual BIND servers. + # We use these to verify changes have propagated to all nameservers. + nameservers: + - host: 127.0.0.1 + port: 53 + + # List out the targets for this pool. For BIND there will be one + # entry for each BIND server, as we have to run rndc command on each server + targets: + - type: bind + description: BIND9 Server 1 + + # List out the designate-mdns servers from which BIND servers should + # request zone transfers (AXFRs) from. + # This should be the IP of the controller node. + # If you have multiple controllers you can add multiple masters + # by running designate-mdns on them, and adding them here. + masters: + - host: 127.0.0.1 + port: 5354 + + # BIND Configuration options + options: + host: 127.0.0.1 + port: 53 + rndc_host: 127.0.0.1 + rndc_port: 953 + rndc_key_file: /etc/designate/rndc.key + + +#. Ensure the output file is correct (reference sample file for each value) +#. Run + + .. code-block:: console + + sudo su -s /bin/sh -c "designate-manage pools update" designate + + +#. Install Designate Worker, producer and mini-dns + + .. code-block:: console + + # apt install designate-worker + # apt install designate-producer + # apt install designate-mdns + +#. Restart Designate services and mDNS services: + + .. code-block:: console + + # service designate-worker restart + # service designate-producer restart + # service designate-mdns restart diff --git a/install-guide/source/install.rst b/install-guide/source/install.rst new file mode 100644 index 000000000..684ca6ed4 --- /dev/null +++ b/install-guide/source/install.rst @@ -0,0 +1,18 @@ +.. _install: + +Install and configure +~~~~~~~~~~~~~~~~~~~~~ + +This section describes how to install and configure the +DNS service, code-named designate, on the controller node. + +This section assumes that you already have a working OpenStack +environment with at least the following components installed: +.. (add the appropriate services here and further notes) + +Note that installation and configuration vary by distribution. + +.. toctree:: + :maxdepth: 2 + + install-ubuntu.rst diff --git a/install-guide/source/next-steps.rst b/install-guide/source/next-steps.rst new file mode 100644 index 000000000..5c398cf9b --- /dev/null +++ b/install-guide/source/next-steps.rst @@ -0,0 +1,12 @@ +.. _next-steps: + +Next steps +~~~~~~~~~~ + +Your OpenStack environment now includes the designate service. + +To add additional services, see +docs.openstack.org/install-guides/index.html . + +To learn more about the designate service, read the `Designate developer documentation +`__. diff --git a/install-guide/source/verify.rst b/install-guide/source/verify.rst new file mode 100644 index 000000000..440e813d2 --- /dev/null +++ b/install-guide/source/verify.rst @@ -0,0 +1,38 @@ +.. _verify: + +Verify operation +~~~~~~~~~~~~~~~~ + +Verify operation of the DNS service. + +.. note:: + + Perform these commands on the controller node. + +#. Source the ``admin`` tenant credentials: + + .. code-block:: console + + $ . admin-openrc + +#. List service components to verify successful launch and + registration of each process: + + .. code-block:: console + + $ openstack dns service list + +--------------------------------------+--------------------------+--------------+--------+-------+--------------+ + | id | hostname | service_name | status | stats | capabilities | + +--------------------------------------+--------------------------+--------------+--------+-------+--------------+ + | 14283849-ff64-4467-9cbb-d9050ffa08c0 | vagrant-ubuntu-trusty-64 | central | UP | - | - | + | eb7d938f-5b24-4c9b-b4f7-05b9a8ea45f2 | vagrant-ubuntu-trusty-64 | api | UP | - | - | + | 5dca293e-5fa2-4a3d-b486-4debad920da3 | vagrant-ubuntu-trusty-64 | zone_manager | UP | - | - | + | 487e7215-6f61-495d-87b3-86be09406750 | vagrant-ubuntu-trusty-64 | mdns | UP | - | - | + | 6b1d1de6-c820-4843-993b-663fca73f905 | vagrant-ubuntu-trusty-64 | pool_manager | UP | - | - | + +--------------------------------------+--------------------------+--------------+--------+-------+--------------+ + + .. note:: + + This output should indicate at least one of each of the ``central``, + ``api``, ``zone_manager``, ``mdns`` and ``pool_manager`` components + on the controller node. diff --git a/test-requirements.txt b/test-requirements.txt index 87f32c82d..8889a2ee4 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -23,3 +23,4 @@ reno>=1.8.0 # Apache-2.0 bandit>=1.1.0 # Apache-2.0 os-api-ref>=1.0.0 # Apache-2.0 zake>=0.1.6 # Apache-2.0 +openstackdocstheme>=1.5.0 # Apache-2.0 diff --git a/tox.ini b/tox.ini index 0365d7b34..974505e25 100644 --- a/tox.ini +++ b/tox.ini @@ -112,6 +112,13 @@ commands = [testenv:releasenotes] commands = sphinx-build -a -E -d releasenotes/build/doctrees -b html releasenotes/source releasenotes/build/html +[testenv:install-guide] +# NOTE(jaegerandi): this target does not use constraints because +# upstream infra does not yet support it. Once that's fixed, we can +# drop the install_command. +install_command = pip install {opts} {packages} +commands = sphinx-build -a -E -d install-guide/build/doctrees -b html install-guide/source install-guide/build/html + [testenv:venv] commands = {posargs}