Merge "Blueprint: external-dns-ntp-support"
This commit is contained in:
commit
f9d6d5f31d
215
specs/6.1/external-dns-ntp-support.rst
Normal file
215
specs/6.1/external-dns-ntp-support.rst
Normal file
@ -0,0 +1,215 @@
|
||||
..
|
||||
This work is licensed under a Creative Commons Attribution 3.0 Unported
|
||||
License.
|
||||
|
||||
http://creativecommons.org/licenses/by/3.0/legalcode
|
||||
|
||||
==========================================
|
||||
Support user-defined DNS and NTP
|
||||
==========================================
|
||||
|
||||
https://blueprints.launchpad.net/fuel/+spec/external-dns-ntp-support
|
||||
|
||||
Nodes that deployed by Fuel should support user-defined DNS and NTP settings.
|
||||
|
||||
Problem description
|
||||
===================
|
||||
|
||||
After deployment today we have hard-coded DNS and NTP fields on all nodes that
|
||||
referred to master node. So if master node will not have internet access to NTP
|
||||
servers that ships by default with ISO or if master node will disabled after
|
||||
deployment then all nodes can have wrong time. It's right for DNS also.
|
||||
Moreover, usually companies have internal NTP servers to sync over and internal
|
||||
DNS to work over, but now user can't provide them to Fuel for slave nodes.
|
||||
|
||||
Proposed change
|
||||
===============
|
||||
|
||||
Provide ability to change NTP and DNS servers for controllers through Fuel UI.
|
||||
We can do it relatively simply by adding appropriate fields for external
|
||||
DNS and NTP servers, then forward data from that fields to astute.yaml,
|
||||
transfer it to nodes and apply data on nodes.
|
||||
It is important to note that slave nodes /etc/resolve.conf files will be
|
||||
pointed to controller DNS and controllers will resolve all clients queries by
|
||||
next logic:
|
||||
|
||||
#. All local queries will be forwarded to Fuel Master node.
|
||||
|
||||
#. All external queries will be forwarded to external DNS servers.
|
||||
|
||||
Scheme how it works today:
|
||||
|
||||
::
|
||||
|
||||
Fuel Master
|
||||
|
||||
+----------+
|
||||
|NTP Client|
|
||||
Custom +----------+ Slave node
|
||||
^
|
||||
+----------+ +-----+----+ +----------+
|
||||
|NTP Server+---------->|NTP Server+---------->|NTP Client|
|
||||
+----------+ +----------+ +----------+
|
||||
|
||||
+----------+ +----------+ +----------+
|
||||
|DNS server+---------->|DNS server+---------->|DNS Client|
|
||||
+----------+ +-----+----+ +----------+
|
||||
v
|
||||
+----------+
|
||||
|DNS Client|
|
||||
+----------+
|
||||
|
||||
Scheme how it can work after:
|
||||
|
||||
::
|
||||
|
||||
Fuel Master
|
||||
+----------+
|
||||
|NTP Client|
|
||||
+----------+ Custom
|
||||
^
|
||||
+-----+----+ +----------+
|
||||
|NTP Server|<-----+NTP Server+--+
|
||||
+----------+ +----------+ | external queries
|
||||
+------------+
|
||||
+----------+ +----------+ | |
|
||||
+----|DNS server|<-----+DNS server+--+ |
|
||||
| +-----+----+ +----------+ |
|
||||
| v |
|
||||
| +----------+ |
|
||||
| |DNS Client| |
|
||||
| +----------+ |
|
||||
| |
|
||||
| Controllers |
|
||||
| +-----------+----------+-----v-----+
|
||||
| Slave node | |Controller| |
|
||||
| +----------+ | | | |
|
||||
| |NTP Client|<-+ | |NTP Server| |
|
||||
| +----------+ | |VIP-Router | | VIP-Router|
|
||||
| +-+Management | | Public |
|
||||
| +----------+ | | | | |
|
||||
| |DNS Client|<-+ | |DNS server| |
|
||||
| +----------+ | | | |
|
||||
| | | | |
|
||||
| +-----------+----------+-----------+
|
||||
| ^
|
||||
+--------------------------+
|
||||
local DNS queries
|
||||
|
||||
Alternatives
|
||||
------------
|
||||
|
||||
User can do all stuff about adding NTP and DNS records on all nodes
|
||||
himself (manually).
|
||||
|
||||
Pros:
|
||||
* We don't need to change any code at all.
|
||||
Cons:
|
||||
* It inconvinient, can lead to typo errors and, as result, to
|
||||
delay in work of all system.
|
||||
* If customer's ntp server will N/A for long time, time synchronization
|
||||
between controllers and computes will be lost. After this Nova will
|
||||
mark nodes with different time as failed. Openstack env starts spoiling
|
||||
|
||||
Data model impact
|
||||
-----------------
|
||||
|
||||
Support to store external DNS and NTP fields in database required.
|
||||
|
||||
REST API impact
|
||||
---------------
|
||||
|
||||
None
|
||||
|
||||
Upgrade impact
|
||||
--------------
|
||||
|
||||
So as we don't have any implementation of major environments upgrade, we will
|
||||
not support upgrade from old environments where we hadn't vrouter [1] for
|
||||
external DNS and NTP to new environment where we have one. Downgrade also will
|
||||
not support.
|
||||
|
||||
Security impact
|
||||
---------------
|
||||
|
||||
None
|
||||
|
||||
Notifications impact
|
||||
--------------------
|
||||
|
||||
None
|
||||
|
||||
Other end user impact
|
||||
---------------------
|
||||
|
||||
Impact on fuel_health. If user define some external dns current ostf test
|
||||
for dns will fail.
|
||||
|
||||
Performance Impact
|
||||
------------------
|
||||
|
||||
All DNS and NTP queries may be addressed to external servers, so how long they
|
||||
will do right answer to that queries will depend from this servers settings.
|
||||
|
||||
Other deployer impact
|
||||
---------------------
|
||||
|
||||
None
|
||||
|
||||
Developer impact
|
||||
----------------
|
||||
|
||||
UI team will be affected, cause new UI options needed.
|
||||
Maybe nailgun-related team is going to be affected to correctly put new values
|
||||
from UI to database and from database to yaml
|
||||
|
||||
Implementation
|
||||
==============
|
||||
|
||||
Assignee(s)
|
||||
-----------
|
||||
|
||||
Primary assignee:
|
||||
sbogatkin
|
||||
|
||||
Work Items
|
||||
----------
|
||||
|
||||
#. Sync upstream puppet-ntp module
|
||||
|
||||
#. Adapt upstream module to Fuel
|
||||
|
||||
#. Write puppet manifest to provide ability change NTP and DNS adresses on
|
||||
controllers
|
||||
|
||||
#. Write puppet manifest to provide ability change NTP and DNS adresses on
|
||||
nodes
|
||||
|
||||
#. Add changes to UI and database
|
||||
|
||||
Dependencies
|
||||
============
|
||||
|
||||
* https://blueprints.launchpad.net/fuel/+spec/virtual-router-for-env-nodes
|
||||
|
||||
Testing
|
||||
=======
|
||||
|
||||
#. We need to build new fuel ISO and test if deployment work as expected.
|
||||
|
||||
#. We need to test how DNS&NTP will work with upstream external DNS&NTP
|
||||
servers.
|
||||
|
||||
#. We need to test how NTP will work when upstream external NTP will disabled.
|
||||
Nodes should sync with controller NTP anyway in that case.
|
||||
|
||||
Documentation Impact
|
||||
====================
|
||||
|
||||
It should be described how to change DNS and NTP servers on controllers to
|
||||
external and what exactly will be changed by this settings.
|
||||
|
||||
References
|
||||
==========
|
||||
|
||||
[1] Virtual router blueprint: https://review.openstack.org/#/c/122123/
|
Loading…
Reference in New Issue
Block a user