From abb60c6175af435964028ce7c97bb4803aeab004 Mon Sep 17 00:00:00 2001 From: Jens Harbott Date: Wed, 7 Feb 2018 12:56:12 +0000 Subject: [PATCH] Update documentation for DNS integration - Split documentation for external DNS integration into a new document - Update configs to current standards - Remove use of old designate client Change-Id: I7a50ad72e35e2c01f874b872ddeff1aa8bfe3424 Closes-Bug: 1722367 Related-Bug: 1725630 (cherry picked from commit f305559292e6ecfd35740268e69b10cf99089fb2) --- doc/source/admin/config-dns-int-ext-serv.rst | 745 +++++++++++++++++++ doc/source/admin/config-dns-int.rst | 731 ------------------ doc/source/admin/config.rst | 1 + doc/source/admin/index.rst | 2 - 4 files changed, 746 insertions(+), 733 deletions(-) create mode 100644 doc/source/admin/config-dns-int-ext-serv.rst diff --git a/doc/source/admin/config-dns-int-ext-serv.rst b/doc/source/admin/config-dns-int-ext-serv.rst new file mode 100644 index 00000000000..315a144d0da --- /dev/null +++ b/doc/source/admin/config-dns-int-ext-serv.rst @@ -0,0 +1,745 @@ +.. _config-dns-int-ext-serv: + +======================================== +DNS integration with an external service +======================================== + +This page serves as a guide for how to use the DNS integration functionality of +the Networking service with an external DNSaaS (DNS-as-a-Service). + +As a prerequisite this needs the internal DNS functionality offered by the +Networking service to be enabled, see :ref:`config-dns-int`. + +Configuring OpenStack Networking for integration with an external DNS service +----------------------------------------------------------------------------- + +The first step to configure the integration with an external DNS service is to +enable the functionality described in :ref:`config-dns-int-dns-resolution`. +Once this is done, the user has to take the following steps and restart +``neutron-server``. + +#. Edit the ``[default]`` section of ``/etc/neutron/neutron.conf`` and specify + the external DNS service driver to be used in parameter + ``external_dns_driver``. The valid options are defined in namespace + ``neutron.services.external_dns_drivers``. The following example shows how + to set up the driver for the OpenStack DNS service: + + .. code-block:: console + + external_dns_driver = designate + +#. If the OpenStack DNS service is the target external DNS, the ``[designate]`` + section of ``/etc/neutron/neutron.conf`` must define the following + parameters: + + * ``url``: the OpenStack DNS service public endpoint URL. Note that + this must always be the versioned endpoint currently. + * ``auth_type``: the authorization plugin to use. + Usually this should be ``password``, see + https://docs.openstack.org/keystoneauth/latest/authentication-plugins.html + for other options. + * ``auth_url``: the Identity service authorization endpoint url. + This endpoint will be used by the Networking service to authenticate as an + user to create and update reverse lookup (PTR) zones. + * ``username``: the username to be used by the Networking service to + create and update reverse lookup (PTR) zones. + * ``password``: the password of the user to be used by the + Networking service to create and update reverse lookup (PTR) zones. + * ``project_name``: the name of the project to be used by the + Networking service to create and update reverse lookup (PTR) zones. + * ``project_domain_name``: the name of the domain for the project to be used by the + Networking service to create and update reverse lookup (PTR) zones. + * ``user_domain_name``: the name of the domain for the user to be used by the + Networking service to create and update reverse lookup (PTR) zones. + * ``region_name``: the name of the region to be used by the + Networking service to create and update reverse lookup (PTR) zones. + * ``allow_reverse_dns_lookup``: a boolean value specifying whether to enable + or not the creation of reverse lookup (PTR) records. + * ``ipv4_ptr_zone_prefix_size``: the size in bits of the prefix for the IPv4 + reverse lookup (PTR) zones. + * ``ipv6_ptr_zone_prefix_size``: the size in bits of the prefix for the IPv6 + reverse lookup (PTR) zones. + * ``ptr_zone_email``: the email address to use when creating new reverse + lookup (PTR) zones. The default is ``admin@`` where ```` + is the domain for the first record being created in that zone. + * ``insecure``: whether to disable SSL certificate validation. By default, certificates + are validated. + * ``cafile``: Path to a valid Certificate Authority (CA) certificate. + Optional, the system CAs are used as default. + * ``auth_uri``: the unversioned public endpoint of the Identity service. + + The following is an example: + + .. code-block:: console + + [designate] + url = http://192.0.2.240:9001/v2 + auth_type = password + auth_url = http://192.0.2.240:35357 + username = neutron + password = PASSWORD + project_name = service + project_domain_name = Default + user_domain_name = Default + allow_reverse_dns_lookup = True + ipv4_ptr_zone_prefix_size = 24 + ipv6_ptr_zone_prefix_size = 116 + ptr_zone_email = admin@example.org + cafile = /etc/ssl/certs/my_ca_cert + auth_uri = http://192.0.2.240:5000 + + +Once the ``neutron-server`` has been configured and restarted, users will have +functionality that covers three use cases, described in the following sections. +In each of the use cases described below: + +* The examples assume the OpenStack DNS service as the external DNS. +* A, AAAA and PTR records will be created in the DNS service. +* Before executing any of the use cases, the user must create in the DNS + service under his project a DNS zone where the A and AAAA records will be + created. For the description of the use cases below, it is assumed the zone + ``example.org.`` was created previously. +* The PTR records will be created in zones owned by the project specified + for ``project_name`` above. +* Despite officially being deprecated, using the neutron CLI is still necessary + for some of the tasks, as the corresponding features are not yet implemented + for the openstack client. + +Use case 1: Floating IPs are published with associated port DNS attributes +-------------------------------------------------------------------------- + +In this use case, the address of a floating IP is published in the external +DNS service in conjunction with the ``dns_name`` of its associated port and the +``dns_domain`` of the port's network. The steps to execute in this use case are +the following: + +#. Assign a valid domain name to the network's ``dns_domain`` attribute. This + name must end with a period (``.``). +#. Boot an instance or alternatively, create a port specifying a valid value to + its ``dns_name`` attribute. If the port is going to be used for an instance + boot, the value assigned to ``dns_name`` must be equal to the ``hostname`` + that the Compute service will assign to the instance. Otherwise, the boot + will fail. +#. Create a floating IP and associate it to the port. + +Following is an example of these steps: + +.. code-block:: console + + $ neutron net-update 38c5e950-b450-4c30-83d4-ee181c28aad3 --dns_domain example.org. + Updated network: 38c5e950-b450-4c30-83d4-ee181c28aad3 + + $ neutron net-show 38c5e950-b450-4c30-83d4-ee181c28aad3 + +-------------------------+--------------------------------------+ + | Field | Value | + +-------------------------+--------------------------------------+ + | admin_state_up | True | + | availability_zone_hints | | + | availability_zones | nova | + | dns_domain | example.org. | + | id | 38c5e950-b450-4c30-83d4-ee181c28aad3 | + | mtu | 1450 | + | name | private | + | port_security_enabled | True | + | revision_number | 1 | + | router:external | False | + | shared | False | + | status | ACTIVE | + | subnets | 43414c53-62ae-49bc-aa6c-c9dd7705818a | + | | 5b9282a1-0be1-4ade-b478-7868ad2a16ff | + | tags | [] | + | tenant_id | d5660cb1e6934612a01b4fb2fb630725 | + +-------------------------+--------------------------------------+ + + $ openstack server create --image cirros --flavor 42 \ + --nic net-id=38c5e950-b450-4c30-83d4-ee181c28aad3 my_vm + +--------------------------------------+----------------------------------------------------------------+ + | Field | Value | + +--------------------------------------+----------------------------------------------------------------+ + | OS-DCF:diskConfig | MANUAL | + | OS-EXT-AZ:availability_zone | | + | OS-EXT-STS:power_state | 0 | + | OS-EXT-STS:task_state | scheduling | + | OS-EXT-STS:vm_state | building | + | OS-SRV-USG:launched_at | - | + | OS-SRV-USG:terminated_at | - | + | accessIPv4 | | + | accessIPv6 | | + | adminPass | oTLQLR3Kezmt | + | config_drive | | + | created | 2016-02-15T19:27:34Z | + | flavor | m1.nano (42) | + | hostId | | + | id | 43f328bb-b2d1-4cf1-a36f-3b2593397cb1 | + | image | cirros-0.3.5-x86_64-uec (b9d981eb-d21c-4ce2-9dbc-dd38f3d9015f) | + | key_name | - | + | locked | False | + | metadata | {} | + | name | my_vm | + | os-extended-volumes:volumes_attached | [] | + | progress | 0 | + | security_groups | default | + | status | BUILD | + | tenant_id | d5660cb1e6934612a01b4fb2fb630725 | + | updated | 2016-02-15T19:27:34Z | + | user_id | 8bb6e578cba24e7db9d3810633124525 | + +--------------------------------------+----------------------------------------------------------------+ + + $ openstack server list + +--------------------------------------+-------+--------+------------+-------------+----------------------------------------------------------+------------+ + | ID | Name | Status | Task State | Power State | Networks | Image Name | + +--------------------------------------+-------+--------+------------+-------------+----------------------------------------------------------+------------+ + | 43f328bb-b2d1-4cf1-a36f-3b2593397cb1 | my_vm | ACTIVE | - | Running | private=fda4:653e:71b0:0:f816:3eff:fe16:b5f2, 192.0.2.15 | cirros | + +--------------------------------------+-------+--------+------------+-------------+----------------------------------------------------------+------------+ + + $ neutron port-list --device_id 43f328bb-b2d1-4cf1-a36f-3b2593397cb1 + +--------------------------------------+------+-------------------+-------------------------------------------------------------------------------------------------------------+ + | id | name | mac_address | fixed_ips | + +--------------------------------------+------+-------------------+-------------------------------------------------------------------------------------------------------------+ + | da0b1f75-c895-460f-9fc1-4d6ec84cf85f | | fa:16:3e:16:b5:f2 | {"subnet_id": "5b9282a1-0be1-4ade-b478-7868ad2a16ff", "ip_address": "192.0.2.15"} | + | | | | {"subnet_id": "43414c53-62ae-49bc-aa6c-c9dd7705818a", "ip_address": "fda4:653e:71b0:0:f816:3eff:fe16:b5f2"} | + +--------------------------------------+------+-------------------+-------------------------------------------------------------------------------------------------------------+ + + $ neutron port-show da0b1f75-c895-460f-9fc1-4d6ec84cf85f + +-----------------------+-------------------------------------------------------------------------------------------------------------+ + | Field | Value | + +-----------------------+-------------------------------------------------------------------------------------------------------------+ + | admin_state_up | True | + | allowed_address_pairs | | + | binding:vnic_type | normal | + | device_id | 43f328bb-b2d1-4cf1-a36f-3b2593397cb1 | + | device_owner | compute:None | + | dns_assignment | {"hostname": "my-vm", "ip_address": "192.0.2.15", "fqdn": "my-vm.example.org."} | + | | {"hostname": "my-vm", "ip_address": "fda4:653e:71b0:0:f816:3eff:fe16:b5f2", "fqdn": "my-vm.example.org."} | + | dns_name | my-vm | + | extra_dhcp_opts | | + | fixed_ips | {"subnet_id": "5b9282a1-0be1-4ade-b478-7868ad2a16ff", "ip_address": "192.0.2.15"} | + | | {"subnet_id": "43414c53-62ae-49bc-aa6c-c9dd7705818a", "ip_address": "fda4:653e:71b0:0:f816:3eff:fe16:b5f2"} | + | id | da0b1f75-c895-460f-9fc1-4d6ec84cf85f | + | mac_address | fa:16:3e:16:b5:f2 | + | name | | + | network_id | 38c5e950-b450-4c30-83d4-ee181c28aad3 | + | port_security_enabled | True | + | revision_number | 1 | + | security_groups | 1f0ddd73-7e3c-48bd-a64c-7ded4fe0e635 | + | status | ACTIVE | + | tags | [] | + | tenant_id | d5660cb1e6934612a01b4fb2fb630725 | + +-----------------------+-------------------------------------------------------------------------------------------------------------+ + + $ openstack recordset list example.org. + +--------------------------------------+--------------------+------+-----------------------------------------------------------------------+--------+--------+ + | id | name | type | records | status | action | + +--------------------------------------+--------------------+------+-----------------------------------------------------------------------+--------+--------+ + | a5fe696d-203f-4018-b0d8-590221adb513 | example.org. | NS | ns1.devstack.org. | ACTIVE | NONE | + | e7c05a5d-83a0-4fe5-8bd5-ab058a3326aa | example.org. | SOA | ns1.devstack.org. malavall.us.ibm.com. 1513767794 3532 600 86400 3600 | ACTIVE | NONE | + +--------------------------------------+--------------------+------+-----------------------------------------------------------------------+--------+--------+ + + $ neutron floatingip-create 41fa3995-9e4a-4cd9-bb51-3e5424f2ff2a \ + --port_id da0b1f75-c895-460f-9fc1-4d6ec84cf85f + Created a new floatingip: + +---------------------+--------------------------------------+ + | Field | Value | + +---------------------+--------------------------------------+ + | dns_domain | | + | dns_name | | + | fixed_ip_address | 192.0.2.15 | + | floating_ip_address | 198.51.100.4 | + | floating_network_id | 41fa3995-9e4a-4cd9-bb51-3e5424f2ff2a | + | id | e78f6eb1-a35f-4a90-941d-87c888d5fcc7 | + | port_id | da0b1f75-c895-460f-9fc1-4d6ec84cf85f | + | revision_number | 1 | + | router_id | 970ebe83-c4a3-4642-810e-43ab7b0c2b5f | + | status | DOWN | + | tags | [] | + | tenant_id | d5660cb1e6934612a01b4fb2fb630725 | + +---------------------+--------------------------------------+ + + $ openstack recordset list example.org. + +--------------------------------------+--------------------+------+-----------------------------------------------------------------------+--------+--------+ + | id | name | type | records | status | action | + +--------------------------------------+--------------------+------+-----------------------------------------------------------------------+--------+--------+ + | a5fe696d-203f-4018-b0d8-590221adb513 | example.org. | NS | ns1.devstack.org. | ACTIVE | NONE | + | e7c05a5d-83a0-4fe5-8bd5-ab058a3326aa | example.org. | SOA | ns1.devstack.org. malavall.us.ibm.com. 1513768814 3532 600 86400 3600 | ACTIVE | NONE | + | 5ff53fd0-3746-48da-b9c9-77ed3004ec67 | my-vm.example.org. | A | 198.51.100.4 | ACTIVE | NONE | + +--------------------------------------+--------------------+------+-----------------------------------------------------------------------+--------+--------+ + +In this example, notice that the data is published in the DNS service when the +floating IP is associated to the port. + +Following are the PTR records created for this example. Note that for +IPv4, the value of ``ipv4_ptr_zone_prefix_size`` is 24. Also, since the zone +for the PTR records is created in the ``service`` project, you need to use +admin credentials in order to be able to view it. + + +.. code-block:: console + + $ openstack recordset list --all-projects 100.51.198.in-addr.arpa. + +--------------------------------------+----------------------------------+----------------------------+------+---------------------------------------------------------------------+--------+--------+ + | id | project_id | name | type | data | status | action | + +--------------------------------------+----------------------------------+-----------------------------------+---------------------------------------------------------------------+--------+--------+ + | 2dd0b894-25fa-4563-9d32-9f13bd67f329 | 07224d17d76d42499a38f00ba4339710 | 100.51.198.in-addr.arpa. | NS | ns1.devstack.org. | ACTIVE | NONE | + | 47b920f1-5eff-4dfa-9616-7cb5b7cb7ca6 | 07224d17d76d42499a38f00ba4339710 | 100.51.198.in-addr.arpa. | SOA | ns1.devstack.org. admin.example.org. 1455564862 3600 600 86400 3600 | ACTIVE | NONE | + | fb1edf42-abba-410c-8397-831f45fd0cd7 | 07224d17d76d42499a38f00ba4339710 | 4.100.51.198.in-addr.arpa. | PTR | my-vm.example.org. | ACTIVE | NONE | + +--------------------------------------+----------------------------------+----------------------------+------+---------------------------------------------------------------------+--------+--------+ + + +Use case 2: Floating IPs are published in the external DNS service +------------------------------------------------------------------ + +In this use case, the user assigns ``dns_name`` and ``dns_domain`` attributes +to a floating IP when it is created. The floating IP data becomes visible in +the external DNS service as soon as it is created. The floating IP can be +associated with a port on creation or later on. The following example shows a +user booting an instance and then creating a floating IP associated to the port +allocated for the instance: + +.. code-block:: console + + $ neutron net-show 38c5e950-b450-4c30-83d4-ee181c28aad3 + +-------------------------+--------------------------------------+ + | Field | Value | + +-------------------------+--------------------------------------+ + | admin_state_up | True | + | availability_zone_hints | | + | availability_zones | nova | + | dns_domain | example.org. | + | id | 38c5e950-b450-4c30-83d4-ee181c28aad3 | + | mtu | 1450 | + | name | private | + | port_security_enabled | True | + | revision_number | 1 | + | router:external | False | + | shared | False | + | status | ACTIVE | + | subnets | 43414c53-62ae-49bc-aa6c-c9dd7705818a | + | | 5b9282a1-0be1-4ade-b478-7868ad2a16ff | + | tags | [] | + | tenant_id | d5660cb1e6934612a01b4fb2fb630725 | + +-------------------------+--------------------------------------+ + + $ openstack server create --image cirros --flavor 42 \ + --nic net-id=38c5e950-b450-4c30-83d4-ee181c28aad3 my_vm + +--------------------------------------+----------------------------------------------------------------+ + | Field | Value | + +--------------------------------------+----------------------------------------------------------------+ + | OS-DCF:diskConfig | MANUAL | + | OS-EXT-AZ:availability_zone | | + | OS-EXT-STS:power_state | 0 | + | OS-EXT-STS:task_state | scheduling | + | OS-EXT-STS:vm_state | building | + | OS-SRV-USG:launched_at | - | + | OS-SRV-USG:terminated_at | - | + | accessIPv4 | | + | accessIPv6 | | + | adminPass | HLXGznYqXM4J | + | config_drive | | + | created | 2016-02-15T19:42:44Z | + | flavor | m1.nano (42) | + | hostId | | + | id | 71fb4ac8-eed8-4644-8113-0641962bb125 | + | image | cirros-0.3.5-x86_64-uec (b9d981eb-d21c-4ce2-9dbc-dd38f3d9015f) | + | key_name | - | + | locked | False | + | metadata | {} | + | name | my_vm | + | os-extended-volumes:volumes_attached | [] | + | progress | 0 | + | security_groups | default | + | status | BUILD | + | tenant_id | d5660cb1e6934612a01b4fb2fb630725 | + | updated | 2016-02-15T19:42:44Z | + | user_id | 8bb6e578cba24e7db9d3810633124525 | + +--------------------------------------+----------------------------------------------------------------+ + + $ openstack server list + +--------------------------------------+-------+--------+------------+-------------+----------------------------------------------------------+------------+ + | ID | Name | Status | Task State | Power State | Networks | Image Name | + +--------------------------------------+-------+--------+------------+-------------+----------------------------------------------------------+------------+ + | 71fb4ac8-eed8-4644-8113-0641962bb125 | my_vm | ACTIVE | - | Running | private=fda4:653e:71b0:0:f816:3eff:fe24:8614, 192.0.2.16 | cirros | + +--------------------------------------+-------+--------+------------+-------------+----------------------------------------------------------+------------+ + + $ neutron port-list --device_id 71fb4ac8-eed8-4644-8113-0641962bb125 + +--------------------------------------+------+-------------------+-------------------------------------------------------------------------------------------------------------+ + | id | name | mac_address | fixed_ips | + +--------------------------------------+------+-------------------+-------------------------------------------------------------------------------------------------------------+ + | 1e7033fb-8e9d-458b-89ed-8312cafcfdcb | | fa:16:3e:24:86:14 | {"subnet_id": "5b9282a1-0be1-4ade-b478-7868ad2a16ff", "ip_address": "192.0.2.16"} | + | | | | {"subnet_id": "43414c53-62ae-49bc-aa6c-c9dd7705818a", "ip_address": "fda4:653e:71b0:0:f816:3eff:fe24:8614"} | + +--------------------------------------+------+-------------------+-------------------------------------------------------------------------------------------------------------+ + + $ neutron port-show 1e7033fb-8e9d-458b-89ed-8312cafcfdcb + +-----------------------+-------------------------------------------------------------------------------------------------------------+ + | Field | Value | + +-----------------------+-------------------------------------------------------------------------------------------------------------+ + | admin_state_up | True | + | allowed_address_pairs | | + | binding:vnic_type | normal | + | device_id | 71fb4ac8-eed8-4644-8113-0641962bb125 | + | device_owner | compute:None | + | dns_assignment | {"hostname": "my-vm", "ip_address": "192.0.2.16", "fqdn": "my-vm.example.org."} | + | | {"hostname": "my-vm", "ip_address": "fda4:653e:71b0:0:f816:3eff:fe24:8614", "fqdn": "my-vm.example.org."} | + | dns_name | my-vm | + | extra_dhcp_opts | | + | fixed_ips | {"subnet_id": "5b9282a1-0be1-4ade-b478-7868ad2a16ff", "ip_address": "192.0.2.16"} | + | | {"subnet_id": "43414c53-62ae-49bc-aa6c-c9dd7705818a", "ip_address": "fda4:653e:71b0:0:f816:3eff:fe24:8614"} | + | id | 1e7033fb-8e9d-458b-89ed-8312cafcfdcb | + | mac_address | fa:16:3e:24:86:14 | + | name | | + | network_id | 38c5e950-b450-4c30-83d4-ee181c28aad3 | + | port_security_enabled | True | + | revision_number | 1 | + | security_groups | 1f0ddd73-7e3c-48bd-a64c-7ded4fe0e635 | + | status | ACTIVE | + | tags | [] | + | tenant_id | d5660cb1e6934612a01b4fb2fb630725 | + +-----------------------+-------------------------------------------------------------------------------------------------------------+ + + $ openstack recordset list example.org. + +--------------------------------------+--------------------+------+-----------------------------------------------------------------------+--------+--------+ + | id | name | type | records | status | action | + +--------------------------------------+--------------------+------+-----------------------------------------------------------------------+--------+--------+ + | 56ca0b88-e343-4c98-8faa-19746e169baf | example.org. | NS | ns1.devstack.org. | ACTIVE | NONE | + | 10a36008-6ecf-47c3-b321-05652a929b04 | example.org. | SOA | ns1.devstack.org. malavall.us.ibm.com. 1455565110 3532 600 86400 3600 | ACTIVE | NONE | + +--------------------------------------+--------------------+------+-----------------------------------------------------------------------+--------+--------+ + + $ neutron floatingip-create 41fa3995-9e4a-4cd9-bb51-3e5424f2ff2a \ + --dns_domain example.org. --dns_name my-floatingip + Created a new floatingip: + +---------------------+--------------------------------------+ + | Field | Value | + +---------------------+--------------------------------------+ + | dns_domain | example.org. | + | dns_name | my-floatingip | + | fixed_ip_address | | + | floating_ip_address | 198.51.100.5 | + | floating_network_id | 41fa3995-9e4a-4cd9-bb51-3e5424f2ff2a | + | id | 9f23a9c6-eceb-42eb-9f45-beb58c473728 | + | port_id | | + | revision_number | 1 | + | router_id | | + | status | DOWN | + | tags | [] | + | tenant_id | d5660cb1e6934612a01b4fb2fb630725 | + +---------------------+--------------------------------------+ + + $ openstack recordset list example.org. + +--------------------------------------+----------------------------+------+-----------------------------------------------------------------------+--------+--------+ + | id | name | type | records | status | action | + +--------------------------------------+----------------------------+------+-----------------------------------------------------------------------+--------+--------+ + | 56ca0b88-e343-4c98-8faa-19746e169baf | example.org. | NS | ns1.devstack.org. | ACTIVE | NONE | + | 10a36008-6ecf-47c3-b321-05652a929b04 | example.org. | SOA | ns1.devstack.org. malavall.us.ibm.com. 1455565110 3532 600 86400 3600 | ACTIVE | NONE | + | 8884c56f-3ef5-446e-ae4d-8053cc8bc2b4 | my-floatingip.example.org. | A | 198.51.100.53 | ACTIVE | NONE | + +--------------------------------------+----------------------------+------+-----------------------------------------------------------------------+--------+--------+ + +Note that in this use case: + +* The ``dns_name`` and ``dns_domain`` attributes of a floating IP must be + specified together on creation. They cannot be assigned to the floating IP + separately and they cannot be changed after the floating IP has been + created. +* The ``dns_name`` and ``dns_domain`` of a floating IP have precedence, for + purposes of being published in the external DNS service, over the + ``dns_name`` of its associated port and the ``dns_domain`` of the port's + network, whether they are specified or not. Only the ``dns_name`` and the + ``dns_domain`` of the floating IP are published in the external DNS service. + +Following are the PTR records created for this example. Note that for +IPv4, the value of ``ipv4_ptr_zone_prefix_size`` is 24. Also, since the zone +for the PTR records is created in the ``service`` project, you need to use +admin credentials in order to be able to view it. + + +.. code-block:: console + + $ openstack recordset list --all-projects 100.51.198.in-addr.arpa. + +--------------------------------------+----------------------------------+----------------------------+------+---------------------------------------------------------------------+--------+--------+ + | id | project_id | name | type | data | status | action | + +--------------------------------------+----------------------------------+-----------------------------------+---------------------------------------------------------------------+--------+--------+ + | 2dd0b894-25fa-4563-9d32-9f13bd67f329 | 07224d17d76d42499a38f00ba4339710 | 100.51.198.in-addr.arpa. | NS | ns1.devstack.org. | ACTIVE | NONE | + | 47b920f1-5eff-4dfa-9616-7cb5b7cb7ca6 | 07224d17d76d42499a38f00ba4339710 | 100.51.198.in-addr.arpa. | SOA | ns1.devstack.org. admin.example.org. 1455564862 3600 600 86400 3600 | ACTIVE | NONE | + | 589a0171-e77a-4ab6-ba6e-23114f2b9366 | 07224d17d76d42499a38f00ba4339710 | 5.100.51.198.in-addr.arpa. | PTR | my-floatingip.example.org. | ACTIVE | NONE | + +--------------------------------------+----------------------------------+----------------------------+------+---------------------------------------------------------------------+--------+--------+ + +.. _config-dns-use-case-3: + +Use case 3: Ports are published directly in the external DNS service +-------------------------------------------------------------------- + +In this case, the user is creating ports or booting instances on a network +that is accessible externally. If the user wants to publish a port in the +external DNS service in a zone specified by the ``dns_domain`` attribute of the +network, these are the steps to be taken: + +#. Assign a valid domain name to the network's ``dns_domain`` attribute. This + name must end with a period (``.``). +#. Boot an instance specifying the externally accessible network. + Alternatively, create a port on the externally accessible network specifying + a valid value to its ``dns_name`` attribute. If the port is going to be used + for an instance boot, the value assigned to ``dns_name`` must be equal to + the ``hostname`` that the Compute service will assign to the instance. + Otherwise, the boot will fail. + +Once these steps are executed, the port's DNS data will be published in the +external DNS service. This is an example: + +.. code-block:: console + + $ neutron net-list + +--------------------------------------+----------+----------------------------------------------------------+ + | id | name | subnets | + +--------------------------------------+----------+----------------------------------------------------------+ + | 41fa3995-9e4a-4cd9-bb51-3e5424f2ff2a | public | a67cfdf7-9d5d-406f-8a19-3f38e4fc3e74 | + | | | cbd8c6dc-ca81-457e-9c5d-f8ece7ef67f8 | + | 37aaff3a-6047-45ac-bf4f-a825e56fd2b3 | external | 277eca5d-9869-474b-960e-6da5951d09f7 203.0.113.0/24 | + | | | eab47748-3f0a-4775-a09f-b0c24bb64bc4 2001:db8:10::/64 | + | bf2802a0-99a0-4e8c-91e4-107d03f158ea | my-net | 6141b474-56cd-430f-b731-71660bb79b79 192.0.2.64/26 | + | 38c5e950-b450-4c30-83d4-ee181c28aad3 | private | 43414c53-62ae-49bc-aa6c-c9dd7705818a fda4:653e:71b0::/64 | + | | | 5b9282a1-0be1-4ade-b478-7868ad2a16ff 192.0.2.0/26 | + +--------------------------------------+----------+----------------------------------------------------------+ + + $ neutron net-update 37aaff3a-6047-45ac-bf4f-a825e56fd2b3 --dns_domain example.org. + Updated network: 37aaff3a-6047-45ac-bf4f-a825e56fd2b3 + + $ neutron net-show 37aaff3a-6047-45ac-bf4f-a825e56fd2b3 + +---------------------------+--------------------------------------+ + | Field | Value | + +---------------------------+--------------------------------------+ + | admin_state_up | True | + | availability_zone_hints | | + | availability_zones | nova | + | dns_domain | example.org. | + | id | 37aaff3a-6047-45ac-bf4f-a825e56fd2b3 | + | mtu | 1450 | + | name | external | + | port_security_enabled | True | + | provider:network_type | vlan | + | provider:physical_network | | + | provider:segmentation_id | 2016 | + | revision_number | 4 | + | router:external | False | + | shared | True | + | status | ACTIVE | + | subnets | eab47748-3f0a-4775-a09f-b0c24bb64bc4 | + | | 277eca5d-9869-474b-960e-6da5951d09f7 | + | tags | [] | + | tenant_id | 04fc2f83966245dba907efb783f8eab9 | + +---------------------------+--------------------------------------+ + + $ openstack recordset list example.org. + +--------------------------------------+--------------+------+-----------------------------------------------------------------------+--------+--------+ + | id | name | type | records | status | action | + +--------------------------------------+--------------+------+-----------------------------------------------------------------------+--------+--------+ + | a5fe696d-203f-4018-b0d8-590221adb513 | example.org. | NS | ns1.devstack.org. | ACTIVE | NONE | + | e7c05a5d-83a0-4fe5-8bd5-ab058a3326aa | example.org. | SOA | ns1.devstack.org. malavall.us.ibm.com. 1513767619 3532 600 86400 3600 | ACTIVE | NONE | + +--------------------------------------+--------------+------+-----------------------------------------------------------------------+--------+--------+ + + $ neutron port-create 37aaff3a-6047-45ac-bf4f-a825e56fd2b3 --dns_name my-vm + Created a new port: + +-----------------------+---------------------------------------------------------------------------------------+ + | Field | Value | + +-----------------------+---------------------------------------------------------------------------------------+ + | admin_state_up | True | + | allowed_address_pairs | | + | binding:vnic_type | normal | + | device_id | | + | device_owner | | + | dns_assignment | {"hostname": "my-vm", "ip_address": "203.0.113.9", "fqdn": "my-vm.example.org."} | + | | {"hostname": "my-vm", "ip_address": "2001:db8:10::9", "fqdn": "my-vm.example.org."} | + | dns_name | my-vm | + | fixed_ips | {"subnet_id": "277eca5d-9869-474b-960e-6da5951d09f7", "ip_address": "203.0.113.9"} | + | | {"subnet_id": "eab47748-3f0a-4775-a09f-b0c24bb64bc4", "ip_address": "2001:db8:10::9"} | + | id | 04be331b-dc5e-410a-9103-9c8983aeb186 | + | mac_address | fa:16:3e:0f:4b:e4 | + | name | | + | network_id | 37aaff3a-6047-45ac-bf4f-a825e56fd2b3 | + | port_security_enabled | True | + | revision_number | 1 | + | security_groups | 1f0ddd73-7e3c-48bd-a64c-7ded4fe0e635 | + | status | DOWN | + | tags | [] | + | tenant_id | d5660cb1e6934612a01b4fb2fb630725 | + +-----------------------+---------------------------------------------------------------------------------------+ + + $ openstack recordset list example.org. + +--------------------------------------+--------------------+------+-----------------------------------------------------------------------+--------+--------+ + | id | name | type | records | status | action | + +--------------------------------------+--------------------+------+-----------------------------------------------------------------------+--------+--------+ + | a5fe696d-203f-4018-b0d8-590221adb513 | example.org. | NS | ns1.devstack.org. | ACTIVE | NONE | + | e7c05a5d-83a0-4fe5-8bd5-ab058a3326aa | example.org. | SOA | ns1.devstack.org. malavall.us.ibm.com. 1513767794 3532 600 86400 3600 | ACTIVE | NONE | + | fa753ab8-bffa-400d-9ef8-d4a3b1a7ffbf | my-vm.example.org. | A | 203.0.113.9 | ACTIVE | NONE | + | 04abf9f8-c7a3-43f6-9a55-95cee9b144a9 | my-vm.example.org. | AAAA | 2001:db8:10::9 | ACTIVE | NONE | + +--------------------------------------+--------------------+------+-----------------------------------------------------------------------+--------+--------+ + + $ openstack server create --image cirros --flavor 42 \ + --nic port-id=04be331b-dc5e-410a-9103-9c8983aeb186 my_vm + +--------------------------------------+----------------------------------------------------------------+ + | Field | Value | + +--------------------------------------+----------------------------------------------------------------+ + | OS-DCF:diskConfig | MANUAL | + | OS-EXT-AZ:availability_zone | | + | OS-EXT-STS:power_state | 0 | + | OS-EXT-STS:task_state | scheduling | + | OS-EXT-STS:vm_state | building | + | OS-SRV-USG:launched_at | - | + | OS-SRV-USG:terminated_at | - | + | accessIPv4 | | + | accessIPv6 | | + | adminPass | TDc9EpBT3B9W | + | config_drive | | + | created | 2016-02-15T19:10:43Z | + | flavor | m1.nano (42) | + | hostId | | + | id | 62c19691-d1c7-4d7b-a88e-9cc4d95d4f41 | + | image | cirros-0.3.5-x86_64-uec (b9d981eb-d21c-4ce2-9dbc-dd38f3d9015f) | + | key_name | - | + | locked | False | + | metadata | {} | + | name | my_vm | + | os-extended-volumes:volumes_attached | [] | + | progress | 0 | + | security_groups | default | + | status | BUILD | + | tenant_id | d5660cb1e6934612a01b4fb2fb630725 | + | updated | 2016-02-15T19:10:43Z | + | user_id | 8bb6e578cba24e7db9d3810633124525 | + +--------------------------------------+----------------------------------------------------------------+ + + $ openstack server list + +--------------------------------------+-------+--------+------------+-------------+--------------------------------------+------------+ + | ID | Name | Status | Task State | Power State | Networks | Image Name | + +--------------------------------------+-------+--------+------------+-------------+--------------------------------------+------------+ + | 62c19691-d1c7-4d7b-a88e-9cc4d95d4f41 | my_vm | ACTIVE | - | Running | external=203.0.113.9, 2001:db8:10::9 | cirros | + +--------------------------------------+-------+--------+------------+-------------+--------------------------------------+------------+ + +In this example the port is created manually by the user and then used to boot +an instance. Notice that: + +* The port's data was visible in the DNS service as soon as it was created. +* See :ref:`config-dns-performance-considerations` for an explanation of + the potential performance impact associated with this use case. + +Following are the PTR records created for this example. Note that for +IPv4, the value of ipv4_ptr_zone_prefix_size is 24. In the case of IPv6, the +value of ipv6_ptr_zone_prefix_size is 116. + +.. code-block:: console + + $ openstack recordset list --all-projects 113.0.203.in-addr.arpa. + +--------------------------------------+----------------------------------+---------------------------+------+---------------------------------------------------------------------+--------+--------+ + | id | project_id | name | type | records | status | action | + +--------------------------------------+----------------------------------+---------------------------+------+---------------------------------------------------------------------+--------+--------+ + | 32f1c05b-7c5d-4230-9088-961a0a462d28 | 07224d17d76d42499a38f00ba4339710 | 113.0.203.in-addr.arpa. | SOA | ns1.devstack.org. admin.example.org. 1455563035 3600 600 86400 3600 | ACTIVE | NONE | + | 3d402c43-b215-4a75-a730-51cbb8999cb8 | 07224d17d76d42499a38f00ba4339710 | 113.0.203.in-addr.arpa. | NS | ns1.devstack.org. | ACTIVE | NONE | + | 8e4e618c-24b0-43db-ab06-91b741a91c10 | 07224d17d76d42499a38f00ba4339710 | 9.113.0.203.in-addr.arpa. | PTR | my-vm.example.org. | ACTIVE | NONE | + +--------------------------------------+----------------------------------+---------------------------+------+---------------------------------------------------------------------+--------+--------+ + + $ openstack recordset list --all-projects 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.0.0.8.b.d.0.1.0.0.2.ip6.arpa. + +--------------------------------------+----------------------------------+---------------------------------------------------------------------------+------+---------------------------------------------------------------------+--------+--------+ + | id | project_id | name | type | records | status | action | + +--------------------------------------+----------------------------------+---------------------------------------------------------------------------+------+---------------------------------------------------------------------+--------+--------+ + | d8923354-13eb-4bd9-914a-0a2ae5f95989 | 07224d17d76d42499a38f00ba4339710 | 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.0.0.8.b.d.0.1.0.0.2.ip6.arpa. | SOA | ns1.devstack.org. admin.example.org. 1455563036 3600 600 86400 3600 | ACTIVE | NONE | + | 72e60acd-098d-41ea-9771-5b6546c9c06f | 07224d17d76d42499a38f00ba4339710 | 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.0.0.8.b.d.0.1.0.0.2.ip6.arpa. | NS | ns1.devstack.org. | ACTIVE | NONE | + | 877e0215-2ddf-4d01-a7da-47f1092dfd56 | 07224d17d76d42499a38f00ba4339710 | 9.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.0.0.8.b.d.0.1.0.0.2.ip6.arpa. | PTR | my-vm.example.org. | ACTIVE | NONE | + +--------------------------------------+----------------------------------+---------------------------------------------------------------------------+------+---------------------------------------------------------------------+--------+--------+ + +See :ref:`config-dns-int-ext-serv-net` for detailed instructions on how +to create the externally accessible network. + +Alternatively, if the ``dns_domain for ports`` extension has been configured, +the user can create a port specifying a non-blank value in its +``dns_domain`` attribute, as shown here: + +.. code-block:: console + + $ neutron port-create 37aaff3a-6047-45ac-bf4f-a825e56fd2b3 \ + --dns-name my-vm --dns_domain port-domain.org. + Created a new port: + +-----------------------+---------------------------------------------------------------------------------------+ + | Field | Value | + +-----------------------+---------------------------------------------------------------------------------------+ + | admin_state_up | True | + | allowed_address_pairs | | + | binding:vnic_type | normal | + | created_at | 2017-08-16T22:05:57Z | + | description | | + | device_id | | + | device_owner | | + | dns_assignment | {"hostname": "my-vm", "ip_address": "203.0.113.9", "fqdn": "my-vm.example.org."} | + | | {"hostname": "my-vm", "ip_address": "2001:db8:10::9", "fqdn": "my-vm.example.org."} | + | dns_domain | port-domain.org. | + | dns_name | my-vm | + | extra_dhcp_opts | | + | fixed_ips | {"subnet_id": "277eca5d-9869-474b-960e-6da5951d09f7", "ip_address": "203.0.113.9"} | + | | {"subnet_id": "eab47748-3f0a-4775-a09f-b0c24bb64bc4", "ip_address": "2001:db8:10::9"} | + | id | 422134a8-1088-458d-adbd-880863d8c07c | + | ip_allocation | immediate | + | mac_address | fa:16:3e:fb:d6:24 | + | name | | + | network_id | 37aaff3a-6047-45ac-bf4f-a825e56fd2b3 | + | port_security_enabled | True | + | project_id | d5660cb1e6934612a01b4fb2fb630725 | + | revision_number | 5 | + | security_groups | 07b21ad4-edb6-420b-bd76-9bb4aab0d135 | + | status | DOWN | + | tags | | + | tenant_id | d5660cb1e6934612a01b4fb2fb630725 | + | updated_at | 2017-08-16T22:05:58Z | + +-----------------------+---------------------------------------------------------------------------------------+ + +In this case, the port's ``dns_name`` (``my-vm``) will be published in the +``port-domain.org.`` zone, as shown here: + +.. code-block:: console + + $ openstack recordset list port-domain.org. + +--------------------------------------+-------------------------+------+-----------------------------------------------------------------------+--------+--------+ + | id | name | type | records | status | action | + +--------------------------------------+-------------------------+------+-----------------------------------------------------------------------+--------+--------+ + | 03e5a35b-d984-4d10-942a-2de8ccb9b941 | port-domain.org. | SOA | ns1.devstack.org. malavall.us.ibm.com. 1503272259 3549 600 86400 3600 | ACTIVE | NONE | + | d2dd1dfe-531d-4fea-8c0e-f5b559942ac5 | port-domain.org. | NS | ns1.devstack.org. | ACTIVE | NONE | + | 67a8e83d-7e3c-4fb1-9261-0481318bb7b5 | my-vm.port-domain.org. | A | 203.0.113.9 | ACTIVE | NONE | + | 5a4f671c-9969-47aa-82e1-e05754021852 | my-vm.port-domain.org. | AAAA | 2001:db8:10::9 | ACTIVE | NONE | + +--------------------------------------+-------------------------+------+-----------------------------------------------------------------------+--------+--------+ + +.. note:: + If both the port and its network have a valid non-blank string assigned to + their ``dns_domain`` attributes, the port's ``dns_domain`` takes precedence + over the network's. + +.. note:: + The name assigned to the port's ``dns_domain`` attribute must end with a + period (``.``). + +.. note:: + In the above example, the ``port-domain.org.`` zone must be created before + Neutron can publish any port data to it. + +.. _config-dns-performance-considerations: + +Performance considerations +-------------------------- + +Only for :ref:`config-dns-use-case-3`, if the port binding extension is +enabled in the Networking service, the Compute service will execute one +additional port update operation when allocating the port for the instance +during the boot process. This may have a noticeable adverse effect in the +performance of the boot process that should be evaluated before adoption of this +use case. + +.. _config-dns-int-ext-serv-net: + +Configuration of the externally accessible network for use case 3 +----------------------------------------------------------------- + +In :ref:`config-dns-use-case-3`, the externally accessible network must +meet the following requirements: + +* The network may not have attribute ``router:external`` set to ``True``. +* The network type can be FLAT, VLAN, GRE, VXLAN or GENEVE. +* For network types VLAN, GRE, VXLAN or GENEVE, the segmentation ID must be + outside the ranges assigned to project networks. + +This usually implies that this use case only works for networks specifically +created for this purpose by an admin, it does not work for networks +which tenants can create. diff --git a/doc/source/admin/config-dns-int.rst b/doc/source/admin/config-dns-int.rst index 7e559cec872..0521db8418b 100644 --- a/doc/source/admin/config-dns-int.rst +++ b/doc/source/admin/config-dns-int.rst @@ -215,734 +215,3 @@ In the above example notice that: must be equal to the value that Compute service will assign to the instance's ``hostname``, in this example ``my-vm``. Otherwise, the instance boot will fail. - -Integration with an external DNS service -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -Users can also integrate the Networking and Compute services with an external -DNS. To accomplish this, the users have to: - -#. Enable the functionality described in - :ref:`config-dns-int-dns-resolution`. -#. Configure an external DNS driver. The Networking service provides a driver - reference implementation based on the OpenStack DNS service. It is expected - that third party vendors will provide other implementations in the future. - For detailed configuration instructions, see - :ref:`config-dns-int-ext-serv`. - -Once the ``neutron-server`` has been configured and restarted, users will have -functionality that covers three use cases, described in the following sections. -In each of the use cases described below: - -* The examples assume the OpenStack DNS service as the external DNS. -* A, AAAA and PTR records will be created in the DNS service. -* Before executing any of the use cases, the user must create in the DNS - service under his project a DNS zone where the A and AAAA records will be - created. For the description of the use cases below, it is assumed the zone - ``example.org.`` was created previously. -* The PTR records will be created in zones owned by a project with admin - privileges. See :ref:`config-dns-int-ext-serv` for more details. - -.. _config-dns-use-case-1: - -Use case 1: Ports are published directly in the external DNS service --------------------------------------------------------------------- - -In this case, the user is creating ports or booting instances on a network -that is accessible externally. If the user wants to publish a port in the -external DNS service in a zone specified by the ``dns_domain`` attribute of the -network, these are the steps to be taken: - -#. Assign a valid domain name to the network's ``dns_domain`` attribute. This - name must end with a period (``.``). -#. Boot an instance specifying the externally accessible network. - Alternatively, create a port on the externally accessible network specifying - a valid value to its ``dns_name`` attribute. If the port is going to be used - for an instance boot, the value assigned to ``dns_name`` must be equal to - the ``hostname`` that the Compute service will assign to the instance. - Otherwise, the boot will fail. - -Once these steps are executed, the port's DNS data will be published in the -external DNS service. This is an example: - -.. code-block:: console - - $ neutron net-list - +--------------------------------------+----------+----------------------------------------------------------+ - | id | name | subnets | - +--------------------------------------+----------+----------------------------------------------------------+ - | 41fa3995-9e4a-4cd9-bb51-3e5424f2ff2a | public | a67cfdf7-9d5d-406f-8a19-3f38e4fc3e74 | - | | | cbd8c6dc-ca81-457e-9c5d-f8ece7ef67f8 | - | 37aaff3a-6047-45ac-bf4f-a825e56fd2b3 | external | 277eca5d-9869-474b-960e-6da5951d09f7 203.0.113.0/24 | - | | | eab47748-3f0a-4775-a09f-b0c24bb64bc4 2001:db8:10::/64 | - | bf2802a0-99a0-4e8c-91e4-107d03f158ea | my-net | 6141b474-56cd-430f-b731-71660bb79b79 192.0.2.64/26 | - | 38c5e950-b450-4c30-83d4-ee181c28aad3 | private | 43414c53-62ae-49bc-aa6c-c9dd7705818a fda4:653e:71b0::/64 | - | | | 5b9282a1-0be1-4ade-b478-7868ad2a16ff 192.0.2.0/26 | - +--------------------------------------+----------+----------------------------------------------------------+ - - $ neutron net-update 37aaff3a-6047-45ac-bf4f-a825e56fd2b3 --dns_domain example.org. - Updated network: 37aaff3a-6047-45ac-bf4f-a825e56fd2b3 - - $ neutron net-show 37aaff3a-6047-45ac-bf4f-a825e56fd2b3 - +---------------------------+--------------------------------------+ - | Field | Value | - +---------------------------+--------------------------------------+ - | admin_state_up | True | - | availability_zone_hints | | - | availability_zones | nova | - | dns_domain | example.org. | - | id | 37aaff3a-6047-45ac-bf4f-a825e56fd2b3 | - | mtu | 1450 | - | name | external | - | port_security_enabled | True | - | provider:network_type | vlan | - | provider:physical_network | | - | provider:segmentation_id | 2016 | - | revision_number | 4 | - | router:external | False | - | shared | True | - | status | ACTIVE | - | subnets | eab47748-3f0a-4775-a09f-b0c24bb64bc4 | - | | 277eca5d-9869-474b-960e-6da5951d09f7 | - | tags | [] | - | tenant_id | 04fc2f83966245dba907efb783f8eab9 | - +---------------------------+--------------------------------------+ - - $ designate record-list example.org. - +--------------------------------------+------+--------------+-----------------------------------------------------------------------+ - | id | type | name | data | - +--------------------------------------+------+--------------+-----------------------------------------------------------------------+ - | 10a36008-6ecf-47c3-b321-05652a929b04 | SOA | example.org. | ns1.devstack.org. malavall.us.ibm.com. 1454729414 3600 600 86400 3600 | - | 56ca0b88-e343-4c98-8faa-19746e169baf | NS | example.org. | ns1.devstack.org. | - +--------------------------------------+------+--------------+-----------------------------------------------------------------------+ - - $ neutron port-create 37aaff3a-6047-45ac-bf4f-a825e56fd2b3 --dns_name my-vm - Created a new port: - +-----------------------+---------------------------------------------------------------------------------------+ - | Field | Value | - +-----------------------+---------------------------------------------------------------------------------------+ - | admin_state_up | True | - | allowed_address_pairs | | - | binding:vnic_type | normal | - | device_id | | - | device_owner | | - | dns_assignment | {"hostname": "my-vm", "ip_address": "203.0.113.9", "fqdn": "my-vm.example.org."} | - | | {"hostname": "my-vm", "ip_address": "2001:db8:10::9", "fqdn": "my-vm.example.org."} | - | dns_name | my-vm | - | fixed_ips | {"subnet_id": "277eca5d-9869-474b-960e-6da5951d09f7", "ip_address": "203.0.113.9"} | - | | {"subnet_id": "eab47748-3f0a-4775-a09f-b0c24bb64bc4", "ip_address": "2001:db8:10::9"} | - | id | 04be331b-dc5e-410a-9103-9c8983aeb186 | - | mac_address | fa:16:3e:0f:4b:e4 | - | name | | - | network_id | 37aaff3a-6047-45ac-bf4f-a825e56fd2b3 | - | port_security_enabled | True | - | revision_number | 1 | - | security_groups | 1f0ddd73-7e3c-48bd-a64c-7ded4fe0e635 | - | status | DOWN | - | tags | [] | - | tenant_id | d5660cb1e6934612a01b4fb2fb630725 | - +-----------------------+---------------------------------------------------------------------------------------+ - - $ designate record-list example.org. - +--------------------------------------+------+--------------------+-----------------------------------------------------------------------+ - | id | type | name | data | - +--------------------------------------+------+--------------------+-----------------------------------------------------------------------+ - | 10a36008-6ecf-47c3-b321-05652a929b04 | SOA | example.org. | ns1.devstack.org. malavall.us.ibm.com. 1455563035 3600 600 86400 3600 | - | 56ca0b88-e343-4c98-8faa-19746e169baf | NS | example.org. | ns1.devstack.org. | - | 3593591b-181f-4beb-9ab7-67fad7413b37 | A | my-vm.example.org. | 203.0.113.9 | - | 5649c68f-7a88-48f5-9f87-ccb1f6ae67ca | AAAA | my-vm.example.org. | 2001:db8:10::9 | - +--------------------------------------+------+--------------------+-----------------------------------------------------------------------+ - - $ openstack server create --image cirros --flavor 42 \ - --nic port-id=04be331b-dc5e-410a-9103-9c8983aeb186 my_vm - +--------------------------------------+----------------------------------------------------------------+ - | Field | Value | - +--------------------------------------+----------------------------------------------------------------+ - | OS-DCF:diskConfig | MANUAL | - | OS-EXT-AZ:availability_zone | | - | OS-EXT-STS:power_state | 0 | - | OS-EXT-STS:task_state | scheduling | - | OS-EXT-STS:vm_state | building | - | OS-SRV-USG:launched_at | - | - | OS-SRV-USG:terminated_at | - | - | accessIPv4 | | - | accessIPv6 | | - | adminPass | TDc9EpBT3B9W | - | config_drive | | - | created | 2016-02-15T19:10:43Z | - | flavor | m1.nano (42) | - | hostId | | - | id | 62c19691-d1c7-4d7b-a88e-9cc4d95d4f41 | - | image | cirros-0.3.5-x86_64-uec (b9d981eb-d21c-4ce2-9dbc-dd38f3d9015f) | - | key_name | - | - | locked | False | - | metadata | {} | - | name | my_vm | - | os-extended-volumes:volumes_attached | [] | - | progress | 0 | - | security_groups | default | - | status | BUILD | - | tenant_id | d5660cb1e6934612a01b4fb2fb630725 | - | updated | 2016-02-15T19:10:43Z | - | user_id | 8bb6e578cba24e7db9d3810633124525 | - +--------------------------------------+----------------------------------------------------------------+ - - $ openstack server list - +--------------------------------------+-------+--------+------------+-------------+--------------------------------------+------------+ - | ID | Name | Status | Task State | Power State | Networks | Image Name | - +--------------------------------------+-------+--------+------------+-------------+--------------------------------------+------------+ - | 62c19691-d1c7-4d7b-a88e-9cc4d95d4f41 | my_vm | ACTIVE | - | Running | external=203.0.113.9, 2001:db8:10::9 | cirros | - +--------------------------------------+-------+--------+------------+-------------+--------------------------------------+------------+ - -In this example the port is created manually by the user and then used to boot -an instance. Notice that: - -* The port's data was visible in the DNS service as soon as it was created. -* See :ref:`config-dns-performance-considerations` for an explanation of - the potential performance impact associated with this use case. - -Following are the PTR records created for this example. Note that for -IPv4, the value of ipv4_ptr_zone_prefix_size is 24. In the case of IPv6, the -value of ipv6_ptr_zone_prefix_size is 116. For more details, see -:ref:`config-dns-int-ext-serv`: - -.. code-block:: console - - $ designate record-list 113.0.203.in-addr.arpa. - +--------------------------------------+------+---------------------------+---------------------------------------------------------------------+ - | id | type | name | data | - +--------------------------------------+------+---------------------------+---------------------------------------------------------------------+ - | ab7ada72-7e64-4bed-913e-04718a80fafc | NS | 113.0.203.in-addr.arpa. | ns1.devstack.org. | - | 28346a94-790c-4ae1-9f7b-069d98d9efbd | SOA | 113.0.203.in-addr.arpa. | ns1.devstack.org. admin.example.org. 1455563035 3600 600 86400 3600 | - | cfcaf537-844a-4c1b-9b5f-464ff07dca33 | PTR | 9.113.0.203.in-addr.arpa. | my-vm.example.org. | - +--------------------------------------+------+---------------------------+---------------------------------------------------------------------+ - - $ designate record-list 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.0.0.8.b.d.0.1.0.0.2.ip6.arpa. - +--------------------------------------+------+---------------------------------------------------------------------------+---------------------------------------------------------------------+ - | id | type | name | data | - +--------------------------------------+------+---------------------------------------------------------------------------+---------------------------------------------------------------------+ - | d8923354-13eb-4bd9-914a-0a2ae5f95989 | SOA | 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.0.0.8.b.d.0.1.0.0.2.ip6.arpa. | ns1.devstack.org. admin.example.org. 1455563036 3600 600 86400 3600 | - | 72e60acd-098d-41ea-9771-5b6546c9c06f | NS | 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.0.0.8.b.d.0.1.0.0.2.ip6.arpa. | ns1.devstack.org. | - | 877e0215-2ddf-4d01-a7da-47f1092dfd56 | PTR | 9.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.0.0.8.b.d.0.1.0.0.2.ip6.arpa. | my-vm.example.org. | - +--------------------------------------+------+---------------------------------------------------------------------------+---------------------------------------------------------------------+ - -See :ref:`config-dns-int-ext-serv` for detailed instructions on how -to create the externally accessible network. - -Alternatively, if the ``dns_domain for ports`` extension has been configured, -the user can create a port specifying a non-blank value in its -``dns_domain`` attribute, as shown here: - -.. code-block:: console - - $ neutron port-create 37aaff3a-6047-45ac-bf4f-a825e56fd2b3 \ - --dns-name my-vm --dns_domain port-domain.org. - Created a new port: - +-----------------------+---------------------------------------------------------------------------------------+ - | Field | Value | - +-----------------------+---------------------------------------------------------------------------------------+ - | admin_state_up | True | - | allowed_address_pairs | | - | binding:vnic_type | normal | - | created_at | 2017-08-16T22:05:57Z | - | description | | - | device_id | | - | device_owner | | - | dns_assignment | {"hostname": "my-vm", "ip_address": "203.0.113.9", "fqdn": "my-vm.example.org."} | - | | {"hostname": "my-vm", "ip_address": "2001:db8:10::9", "fqdn": "my-vm.example.org."} | - | dns_domain | port-domain.org. | - | dns_name | my-vm | - | extra_dhcp_opts | | - | fixed_ips | {"subnet_id": "277eca5d-9869-474b-960e-6da5951d09f7", "ip_address": "203.0.113.9"} | - | | {"subnet_id": "eab47748-3f0a-4775-a09f-b0c24bb64bc4", "ip_address": "2001:db8:10::9"} | - | id | 422134a8-1088-458d-adbd-880863d8c07c | - | ip_allocation | immediate | - | mac_address | fa:16:3e:fb:d6:24 | - | name | | - | network_id | 37aaff3a-6047-45ac-bf4f-a825e56fd2b3 | - | port_security_enabled | True | - | project_id | d5660cb1e6934612a01b4fb2fb630725 | - | revision_number | 5 | - | security_groups | 07b21ad4-edb6-420b-bd76-9bb4aab0d135 | - | status | DOWN | - | tags | | - | tenant_id | d5660cb1e6934612a01b4fb2fb630725 | - | updated_at | 2017-08-16T22:05:58Z | - +-----------------------+---------------------------------------------------------------------------------------+ - -In this case, the port's ``dns_name`` (``my-vm``) will be published in the -``port-domain.org.`` zone, as shown here: - -.. code-block:: console - - $ designate record-list port-domain.org. - +--------------------------------------+------+-------------------------+-----------------------------------------------------------------------+ - | id | type | name | data | - +--------------------------------------+------+-------------------------+-----------------------------------------------------------------------+ - | 03e5a35b-d984-4d10-942a-2de8ccb9b941 | SOA | port-domain.org. | ns1.devstack.org. malavall.us.ibm.com. 1503272259 3549 600 86400 3600 | - | d2dd1dfe-531d-4fea-8c0e-f5b559942ac5 | NS | port-domain.org. | ns1.devstack.org. | - | 67a8e83d-7e3c-4fb1-9261-0481318bb7b5 | A | my-vm.port-domain.org. | 203.0.113.9 | - | 5a4f671c-9969-47aa-82e1-e05754021852 | AAAA | my-vm.port-domain.org. | 2001:db8:10::9 | - +--------------------------------------+------+-------------------------+-----------------------------------------------------------------------+ - -.. note:: - If both the port and its network have a valid non-blank string assigned to - their ``dns_domain`` attributes, the port's ``dns_domain`` takes precedence - over the network's. - -.. note:: - The name assigned to the port's ``dns_domain`` attribute must end with a - period (``.``). - -.. note:: - In the above example, the ``port-domain.org.`` zone must be created before - Neutron can publish any port data to it. - -Use case 2: Floating IPs are published with associated port DNS attributes --------------------------------------------------------------------------- - -In this use case, the address of a floating IP is published in the external -DNS service in conjunction with the ``dns_name`` of its associated port and the -``dns_domain`` of the port's network. The steps to execute in this use case are -the following: - -#. Assign a valid domain name to the network's ``dns_domain`` attribute. This - name must end with a period (``.``). -#. Boot an instance or alternatively, create a port specifying a valid value to - its ``dns_name`` attribute. If the port is going to be used for an instance - boot, the value assigned to ``dns_name`` must be equal to the ``hostname`` - that the Compute service will assign to the instance. Otherwise, the boot - will fail. -#. Create a floating IP and associate it to the port. - -Following is an example of these steps: - -.. code-block:: console - - $ neutron net-update 38c5e950-b450-4c30-83d4-ee181c28aad3 --dns_domain example.org. - Updated network: 38c5e950-b450-4c30-83d4-ee181c28aad3 - - $ neutron net-show 38c5e950-b450-4c30-83d4-ee181c28aad3 - +-------------------------+--------------------------------------+ - | Field | Value | - +-------------------------+--------------------------------------+ - | admin_state_up | True | - | availability_zone_hints | | - | availability_zones | nova | - | dns_domain | example.org. | - | id | 38c5e950-b450-4c30-83d4-ee181c28aad3 | - | mtu | 1450 | - | name | private | - | port_security_enabled | True | - | revision_number | 1 | - | router:external | False | - | shared | False | - | status | ACTIVE | - | subnets | 43414c53-62ae-49bc-aa6c-c9dd7705818a | - | | 5b9282a1-0be1-4ade-b478-7868ad2a16ff | - | tags | [] | - | tenant_id | d5660cb1e6934612a01b4fb2fb630725 | - +-------------------------+--------------------------------------+ - - $ openstack server create --image cirros --flavor 42 \ - --nic net-id=38c5e950-b450-4c30-83d4-ee181c28aad3 my_vm - +--------------------------------------+----------------------------------------------------------------+ - | Field | Value | - +--------------------------------------+----------------------------------------------------------------+ - | OS-DCF:diskConfig | MANUAL | - | OS-EXT-AZ:availability_zone | | - | OS-EXT-STS:power_state | 0 | - | OS-EXT-STS:task_state | scheduling | - | OS-EXT-STS:vm_state | building | - | OS-SRV-USG:launched_at | - | - | OS-SRV-USG:terminated_at | - | - | accessIPv4 | | - | accessIPv6 | | - | adminPass | oTLQLR3Kezmt | - | config_drive | | - | created | 2016-02-15T19:27:34Z | - | flavor | m1.nano (42) | - | hostId | | - | id | 43f328bb-b2d1-4cf1-a36f-3b2593397cb1 | - | image | cirros-0.3.5-x86_64-uec (b9d981eb-d21c-4ce2-9dbc-dd38f3d9015f) | - | key_name | - | - | locked | False | - | metadata | {} | - | name | my_vm | - | os-extended-volumes:volumes_attached | [] | - | progress | 0 | - | security_groups | default | - | status | BUILD | - | tenant_id | d5660cb1e6934612a01b4fb2fb630725 | - | updated | 2016-02-15T19:27:34Z | - | user_id | 8bb6e578cba24e7db9d3810633124525 | - +--------------------------------------+----------------------------------------------------------------+ - - $ openstack server list - +--------------------------------------+-------+--------+------------+-------------+----------------------------------------------------------+------------+ - | ID | Name | Status | Task State | Power State | Networks | Image Name | - +--------------------------------------+-------+--------+------------+-------------+----------------------------------------------------------+------------+ - | 43f328bb-b2d1-4cf1-a36f-3b2593397cb1 | my_vm | ACTIVE | - | Running | private=fda4:653e:71b0:0:f816:3eff:fe16:b5f2, 192.0.2.15 | cirros | - +--------------------------------------+-------+--------+------------+-------------+----------------------------------------------------------+------------+ - - $ neutron port-list --device_id 43f328bb-b2d1-4cf1-a36f-3b2593397cb1 - +--------------------------------------+------+-------------------+-------------------------------------------------------------------------------------------------------------+ - | id | name | mac_address | fixed_ips | - +--------------------------------------+------+-------------------+-------------------------------------------------------------------------------------------------------------+ - | da0b1f75-c895-460f-9fc1-4d6ec84cf85f | | fa:16:3e:16:b5:f2 | {"subnet_id": "5b9282a1-0be1-4ade-b478-7868ad2a16ff", "ip_address": "192.0.2.15"} | - | | | | {"subnet_id": "43414c53-62ae-49bc-aa6c-c9dd7705818a", "ip_address": "fda4:653e:71b0:0:f816:3eff:fe16:b5f2"} | - +--------------------------------------+------+-------------------+-------------------------------------------------------------------------------------------------------------+ - - $ neutron port-show da0b1f75-c895-460f-9fc1-4d6ec84cf85f - +-----------------------+-------------------------------------------------------------------------------------------------------------+ - | Field | Value | - +-----------------------+-------------------------------------------------------------------------------------------------------------+ - | admin_state_up | True | - | allowed_address_pairs | | - | binding:vnic_type | normal | - | device_id | 43f328bb-b2d1-4cf1-a36f-3b2593397cb1 | - | device_owner | compute:None | - | dns_assignment | {"hostname": "my-vm", "ip_address": "192.0.2.15", "fqdn": "my-vm.example.org."} | - | | {"hostname": "my-vm", "ip_address": "fda4:653e:71b0:0:f816:3eff:fe16:b5f2", "fqdn": "my-vm.example.org."} | - | dns_name | my-vm | - | extra_dhcp_opts | | - | fixed_ips | {"subnet_id": "5b9282a1-0be1-4ade-b478-7868ad2a16ff", "ip_address": "192.0.2.15"} | - | | {"subnet_id": "43414c53-62ae-49bc-aa6c-c9dd7705818a", "ip_address": "fda4:653e:71b0:0:f816:3eff:fe16:b5f2"} | - | id | da0b1f75-c895-460f-9fc1-4d6ec84cf85f | - | mac_address | fa:16:3e:16:b5:f2 | - | name | | - | network_id | 38c5e950-b450-4c30-83d4-ee181c28aad3 | - | port_security_enabled | True | - | revision_number | 1 | - | security_groups | 1f0ddd73-7e3c-48bd-a64c-7ded4fe0e635 | - | status | ACTIVE | - | tags | [] | - | tenant_id | d5660cb1e6934612a01b4fb2fb630725 | - +-----------------------+-------------------------------------------------------------------------------------------------------------+ - - $ designate record-list example.org. - +--------------------------------------+------+--------------+-----------------------------------------------------------------------+ - | id | type | name | data | - +--------------------------------------+------+--------------+-----------------------------------------------------------------------+ - | 10a36008-6ecf-47c3-b321-05652a929b04 | SOA | example.org. | ns1.devstack.org. malavall.us.ibm.com. 1455563783 3600 600 86400 3600 | - | 56ca0b88-e343-4c98-8faa-19746e169baf | NS | example.org. | ns1.devstack.org. | - +--------------------------------------+------+--------------+-----------------------------------------------------------------------+ - - $ neutron floatingip-create 41fa3995-9e4a-4cd9-bb51-3e5424f2ff2a \ - --port_id da0b1f75-c895-460f-9fc1-4d6ec84cf85f - Created a new floatingip: - +---------------------+--------------------------------------+ - | Field | Value | - +---------------------+--------------------------------------+ - | dns_domain | | - | dns_name | | - | fixed_ip_address | 192.0.2.15 | - | floating_ip_address | 198.51.100.4 | - | floating_network_id | 41fa3995-9e4a-4cd9-bb51-3e5424f2ff2a | - | id | e78f6eb1-a35f-4a90-941d-87c888d5fcc7 | - | port_id | da0b1f75-c895-460f-9fc1-4d6ec84cf85f | - | revision_number | 1 | - | router_id | 970ebe83-c4a3-4642-810e-43ab7b0c2b5f | - | status | DOWN | - | tags | [] | - | tenant_id | d5660cb1e6934612a01b4fb2fb630725 | - +---------------------+--------------------------------------+ - - $ designate record-list example.org. - +--------------------------------------+------+--------------------+-----------------------------------------------------------------------+ - | id | type | name | data | - +--------------------------------------+------+--------------------+-----------------------------------------------------------------------+ - | 10a36008-6ecf-47c3-b321-05652a929b04 | SOA | example.org. | ns1.devstack.org. malavall.us.ibm.com. 1455564861 3600 600 86400 3600 | - | 56ca0b88-e343-4c98-8faa-19746e169baf | NS | example.org. | ns1.devstack.org. | - | 5ff53fd0-3746-48da-b9c9-77ed3004ec67 | A | my-vm.example.org. | 198.51.100.4 | - +--------------------------------------+------+--------------------+-----------------------------------------------------------------------+ - -In this example, notice that the data is published in the DNS service when the -floating IP is associated to the port. - -Following are the PTR records created for this example. Note that for -IPv4, the value of ``ipv4_ptr_zone_prefix_size`` is 24. For more details, see -:ref:`config-dns-int-ext-serv`: - -.. code-block:: console - - $ designate record-list 100.51.198.in-addr.arpa. - +--------------------------------------+------+----------------------------+---------------------------------------------------------------------+ - | id | type | name | data | - +--------------------------------------+------+----------------------------+---------------------------------------------------------------------+ - | 2dd0b894-25fa-4563-9d32-9f13bd67f329 | NS | 100.51.198.in-addr.arpa. | ns1.devstack.org. | - | 47b920f1-5eff-4dfa-9616-7cb5b7cb7ca6 | SOA | 100.51.198.in-addr.arpa. | ns1.devstack.org. admin.example.org. 1455564862 3600 600 86400 3600 | - | fb1edf42-abba-410c-8397-831f45fd0cd7 | PTR | 4.100.51.198.in-addr.arpa. | my-vm.example.org. | - +--------------------------------------+------+----------------------------+---------------------------------------------------------------------+ - - -Use case 3: Floating IPs are published in the external DNS service ------------------------------------------------------------------- - -In this use case, the user assigns ``dns_name`` and ``dns_domain`` attributes -to a floating IP when it is created. The floating IP data becomes visible in -the external DNS service as soon as it is created. The floating IP can be -associated with a port on creation or later on. The following example shows a -user booting an instance and then creating a floating IP associated to the port -allocated for the instance: - -.. code-block:: console - - $ neutron net-show 38c5e950-b450-4c30-83d4-ee181c28aad3 - +-------------------------+--------------------------------------+ - | Field | Value | - +-------------------------+--------------------------------------+ - | admin_state_up | True | - | availability_zone_hints | | - | availability_zones | nova | - | dns_domain | example.org. | - | id | 38c5e950-b450-4c30-83d4-ee181c28aad3 | - | mtu | 1450 | - | name | private | - | port_security_enabled | True | - | revision_number | 1 | - | router:external | False | - | shared | False | - | status | ACTIVE | - | subnets | 43414c53-62ae-49bc-aa6c-c9dd7705818a | - | | 5b9282a1-0be1-4ade-b478-7868ad2a16ff | - | tags | [] | - | tenant_id | d5660cb1e6934612a01b4fb2fb630725 | - +-------------------------+--------------------------------------+ - - $ openstack server create --image cirros --flavor 42 \ - --nic net-id=38c5e950-b450-4c30-83d4-ee181c28aad3 my_vm - +--------------------------------------+----------------------------------------------------------------+ - | Field | Value | - +--------------------------------------+----------------------------------------------------------------+ - | OS-DCF:diskConfig | MANUAL | - | OS-EXT-AZ:availability_zone | | - | OS-EXT-STS:power_state | 0 | - | OS-EXT-STS:task_state | scheduling | - | OS-EXT-STS:vm_state | building | - | OS-SRV-USG:launched_at | - | - | OS-SRV-USG:terminated_at | - | - | accessIPv4 | | - | accessIPv6 | | - | adminPass | HLXGznYqXM4J | - | config_drive | | - | created | 2016-02-15T19:42:44Z | - | flavor | m1.nano (42) | - | hostId | | - | id | 71fb4ac8-eed8-4644-8113-0641962bb125 | - | image | cirros-0.3.5-x86_64-uec (b9d981eb-d21c-4ce2-9dbc-dd38f3d9015f) | - | key_name | - | - | locked | False | - | metadata | {} | - | name | my_vm | - | os-extended-volumes:volumes_attached | [] | - | progress | 0 | - | security_groups | default | - | status | BUILD | - | tenant_id | d5660cb1e6934612a01b4fb2fb630725 | - | updated | 2016-02-15T19:42:44Z | - | user_id | 8bb6e578cba24e7db9d3810633124525 | - +--------------------------------------+----------------------------------------------------------------+ - - $ openstack server list - +--------------------------------------+-------+--------+------------+-------------+----------------------------------------------------------+------------+ - | ID | Name | Status | Task State | Power State | Networks | Image Name | - +--------------------------------------+-------+--------+------------+-------------+----------------------------------------------------------+------------+ - | 71fb4ac8-eed8-4644-8113-0641962bb125 | my_vm | ACTIVE | - | Running | private=fda4:653e:71b0:0:f816:3eff:fe24:8614, 192.0.2.16 | cirros | - +--------------------------------------+-------+--------+------------+-------------+----------------------------------------------------------+------------+ - - $ neutron port-list --device_id 71fb4ac8-eed8-4644-8113-0641962bb125 - +--------------------------------------+------+-------------------+-------------------------------------------------------------------------------------------------------------+ - | id | name | mac_address | fixed_ips | - +--------------------------------------+------+-------------------+-------------------------------------------------------------------------------------------------------------+ - | 1e7033fb-8e9d-458b-89ed-8312cafcfdcb | | fa:16:3e:24:86:14 | {"subnet_id": "5b9282a1-0be1-4ade-b478-7868ad2a16ff", "ip_address": "192.0.2.16"} | - | | | | {"subnet_id": "43414c53-62ae-49bc-aa6c-c9dd7705818a", "ip_address": "fda4:653e:71b0:0:f816:3eff:fe24:8614"} | - +--------------------------------------+------+-------------------+-------------------------------------------------------------------------------------------------------------+ - - $ neutron port-show 1e7033fb-8e9d-458b-89ed-8312cafcfdcb - +-----------------------+-------------------------------------------------------------------------------------------------------------+ - | Field | Value | - +-----------------------+-------------------------------------------------------------------------------------------------------------+ - | admin_state_up | True | - | allowed_address_pairs | | - | binding:vnic_type | normal | - | device_id | 71fb4ac8-eed8-4644-8113-0641962bb125 | - | device_owner | compute:None | - | dns_assignment | {"hostname": "my-vm", "ip_address": "192.0.2.16", "fqdn": "my-vm.example.org."} | - | | {"hostname": "my-vm", "ip_address": "fda4:653e:71b0:0:f816:3eff:fe24:8614", "fqdn": "my-vm.example.org."} | - | dns_name | my-vm | - | extra_dhcp_opts | | - | fixed_ips | {"subnet_id": "5b9282a1-0be1-4ade-b478-7868ad2a16ff", "ip_address": "192.0.2.16"} | - | | {"subnet_id": "43414c53-62ae-49bc-aa6c-c9dd7705818a", "ip_address": "fda4:653e:71b0:0:f816:3eff:fe24:8614"} | - | id | 1e7033fb-8e9d-458b-89ed-8312cafcfdcb | - | mac_address | fa:16:3e:24:86:14 | - | name | | - | network_id | 38c5e950-b450-4c30-83d4-ee181c28aad3 | - | port_security_enabled | True | - | revision_number | 1 | - | security_groups | 1f0ddd73-7e3c-48bd-a64c-7ded4fe0e635 | - | status | ACTIVE | - | tags | [] | - | tenant_id | d5660cb1e6934612a01b4fb2fb630725 | - +-----------------------+-------------------------------------------------------------------------------------------------------------+ - - $ designate record-list example.org. - +--------------------------------------+------+--------------+-----------------------------------------------------------------------+ - | id | type | name | data | - +--------------------------------------+------+--------------+-----------------------------------------------------------------------+ - | 10a36008-6ecf-47c3-b321-05652a929b04 | SOA | example.org. | ns1.devstack.org. malavall.us.ibm.com. 1455565110 3600 600 86400 3600 | - | 56ca0b88-e343-4c98-8faa-19746e169baf | NS | example.org. | ns1.devstack.org. | - +--------------------------------------+------+--------------+-----------------------------------------------------------------------+ - - $ neutron floatingip-create 41fa3995-9e4a-4cd9-bb51-3e5424f2ff2a \ - --dns_domain example.org. --dns_name my-floatingip - Created a new floatingip: - +---------------------+--------------------------------------+ - | Field | Value | - +---------------------+--------------------------------------+ - | dns_domain | example.org. | - | dns_name | my-floatingip | - | fixed_ip_address | | - | floating_ip_address | 198.51.100.5 | - | floating_network_id | 41fa3995-9e4a-4cd9-bb51-3e5424f2ff2a | - | id | 9f23a9c6-eceb-42eb-9f45-beb58c473728 | - | port_id | | - | revision_number | 1 | - | router_id | | - | status | DOWN | - | tags | [] | - | tenant_id | d5660cb1e6934612a01b4fb2fb630725 | - +---------------------+--------------------------------------+ - - $ designate record-list example.org. - +--------------------------------------+------+----------------------------+-----------------------------------------------------------------------+ - | id | type | name | data | - +--------------------------------------+------+----------------------------+-----------------------------------------------------------------------+ - | 10a36008-6ecf-47c3-b321-05652a929b04 | SOA | example.org. | ns1.devstack.org. malavall.us.ibm.com. 1455566486 3600 600 86400 3600 | - | 56ca0b88-e343-4c98-8faa-19746e169baf | NS | example.org. | ns1.devstack.org. | - | 8884c56f-3ef5-446e-ae4d-8053cc8bc2b4 | A | my-floatingip.example.org. | 198.51.100.53 | - +--------------------------------------+------+----------------------------+-----------------------------------------------------------------------+ - -Note that in this use case: - -* The ``dns_name`` and ``dns_domain`` attributes of a floating IP must be - specified together on creation. They cannot be assigned to the floating IP - separately. -* The ``dns_name`` and ``dns_domain`` of a floating IP have precedence, for - purposes of being published in the external DNS service, over the - ``dns_name`` of its associated port and the ``dns_domain`` of the port's - network, whether they are specified or not. Only the ``dns_name`` and the - ``dns_domain`` of the floating IP are published in the external DNS service. - -Following are the PTR records created for this example. Note that for -IPv4, the value of ipv4_ptr_zone_prefix_size is 24. For more details, see -:ref:`config-dns-int-ext-serv`: - -.. code-block:: console - - $ designate record-list 100.51.198.in-addr.arpa. - +--------------------------------------+------+----------------------------+---------------------------------------------------------------------+ - | id | type | name | data | - +--------------------------------------+------+----------------------------+---------------------------------------------------------------------+ - | 2dd0b894-25fa-4563-9d32-9f13bd67f329 | NS | 100.51.198.in-addr.arpa. | ns1.devstack.org. | - | 47b920f1-5eff-4dfa-9616-7cb5b7cb7ca6 | SOA | 100.51.198.in-addr.arpa. | ns1.devstack.org. admin.example.org. 1455566487 3600 600 86400 3600 | - | 589a0171-e77a-4ab6-ba6e-23114f2b9366 | PTR | 5.100.51.198.in-addr.arpa. | my-floatingip.example.org. | - +--------------------------------------+------+----------------------------+---------------------------------------------------------------------+ - -.. _config-dns-performance-considerations: - -Performance considerations --------------------------- - -Only for :ref:`config-dns-use-case-1`, if the port binding extension is -enabled in the Networking service, the Compute service will execute one -additional port update operation when allocating the port for the instance -during the boot process. This may have a noticeable adverse effect in the -performance of the boot process that must be evaluated before adoption of this -use case. - -.. _config-dns-int-ext-serv: - -Configuring OpenStack Networking for integration with an external DNS service ------------------------------------------------------------------------------ - -The first step to configure the integration with an external DNS service is to -enable the functionality described in :ref:`config-dns-int-dns-resolution`. -Once this is done, the user has to take the following steps and restart -``neutron-server``. - -#. Edit the ``[default]`` section of ``/etc/neutron/neutron.conf`` and specify - the external DNS service driver to be used in parameter - ``external_dns_driver``. The valid options are defined in namespace - ``neutron.services.external_dns_drivers``. The following example shows how - to set up the driver for the OpenStack DNS service: - - .. code-block:: console - - external_dns_driver = designate - -#. If the OpenStack DNS service is the target external DNS, the ``[designate]`` - section of ``/etc/neutron/neutron.conf`` must define the following - parameters: - - * ``url``: the OpenStack DNS service public endpoint URL. - * ``allow_reverse_dns_lookup``: a boolean value specifying whether to enable - or not the creation of reverse lookup (PTR) records. - * ``admin_auth_url``: the Identity service admin authorization endpoint url. - This endpoint will be used by the Networking service to authenticate as an - admin user to create and update reverse lookup (PTR) zones. - * ``admin_username``: the admin user to be used by the Networking service to - create and update reverse lookup (PTR) zones. - * ``admin_password``: the password of the admin user to be used by - Networking service to create and update reverse lookup (PTR) zones. - * ``admin_tenant_name``: the project of the admin user to be used by the - Networking service to create and update reverse lookup (PTR) zones. - * ``ipv4_ptr_zone_prefix_size``: the size in bits of the prefix for the IPv4 - reverse lookup (PTR) zones. - * ``ipv6_ptr_zone_prefix_size``: the size in bits of the prefix for the IPv6 - reverse lookup (PTR) zones. - * ``insecure``: Disable SSL certificate validation. By default, certificates - are validated. - * ``cafile``: Path to a valid Certificate Authority (CA) certificate. - * ``auth_uri``: the unversioned public endpoint of the Identity service. - * ``project_domain_id``: the domain ID of the admin user's project. - * ``user_domain_id``: the domain ID of the admin user to be used by the - Networking service. - * ``project_name``: the project of the admin user to be used by the - Networking service. - * ``username``: the admin user to be used by the Networking service to - create and update reverse lookup (PTR) zones. - * ``password``: the password of the admin user to be used by - Networking service. - - The following is an example: - - .. code-block:: console - - [designate] - url = http://192.0.2.240:9001/v2 - auth_uri = http://192.0.2.240:5000 - admin_auth_url = http://192.0.2.240:35357 - admin_username = neutron - admin_password = PASSWORD - admin_tenant_name = service - project_domain_id = default - user_domain_id = default - project_name = service - username = neutron - password = PASSWORD - allow_reverse_dns_lookup = True - ipv4_ptr_zone_prefix_size = 24 - ipv6_ptr_zone_prefix_size = 116 - cafile = /etc/ssl/certs/my_ca_cert - -Configuration of the externally accessible network for use case 1 ------------------------------------------------------------------ - -In :ref:`config-dns-use-case-1`, the externally accessible network must -meet the following requirements: - -* The network cannot have attribute ``router:external`` set to ``True``. -* The network type can be FLAT, VLAN, GRE, VXLAN or GENEVE. -* For network types VLAN, GRE, VXLAN or GENEVE, the segmentation ID must be - outside the ranges assigned to project networks. diff --git a/doc/source/admin/config.rst b/doc/source/admin/config.rst index f3a02285747..d188a0806b3 100644 --- a/doc/source/admin/config.rst +++ b/doc/source/admin/config.rst @@ -15,6 +15,7 @@ Configuration config-bgp-dynamic-routing config-dhcp-ha config-dns-int + config-dns-int-ext-serv config-dns-res config-dvr-ha-snat config-ipam diff --git a/doc/source/admin/index.rst b/doc/source/admin/index.rst index a739c84f102..3df52894fc8 100644 --- a/doc/source/admin/index.rst +++ b/doc/source/admin/index.rst @@ -10,8 +10,6 @@ OpenStack Networking Guide This guide targets OpenStack administrators seeking to deploy and manage OpenStack Networking (neutron). -This guide documents the OpenStack Ocata release. - .. toctree:: :maxdepth: 2