neutron/doc/source/admin/config-dns-int.rst
Jens Harbott 57bc6d167b Allow to select subnets to publish DNS records
As described in [0] a new attribute ``dns_publish_fixed_ip`` is added
to subnets, allowing to specify directly whether DNS records should be
published for this subnet. This overrides the previous behaviour that
makes this decision based on various properties of the network that
the subnet is contained in, see [1].

[0] https://launchpad.net/bugs/1784879
[1] https://docs.openstack.org/neutron/latest/admin/config-dns-int-ext-serv.html

Change-Id: I14605ead2694d9e9422b3d7b519aed2e3c340e2a
Partial-Bug: 1784879
2019-12-14 13:36:09 +00:00

18 KiB

DNS integration

This page serves as a guide for how to use the DNS integration functionality of the Networking service and its interaction with the Compute service.

The integration of the Networking service with an external DNSaaS (DNS-as-a-Service) is described in config-dns-int-ext-serv.

Users can control the behavior of the Networking service in regards to DNS using two attributes associated with ports, networks, and floating IPs. The following table shows the attributes available for each one of these resources:

Resource dns_name dns_domain
Ports Yes Yes
Networks No Yes
Floating IPs Yes Yes

Note

The DNS Integration extension enables all the attribute and resource combinations shown in the previous table, except for dns_domain for ports, which requires the dns_domain for ports extension.

Note

Since the DNS Integration extension is a subset of dns_domain for ports, if dns_domain functionality for ports is required, only the latter extension has to be configured.

Note

When the dns_domain for ports extension is configured, DNS Integration is also included when the Neutron server responds to a request to list the active API extensions. This preserves backwards API compatibility.

The Networking service internal DNS resolution

The Networking service enables users to control the name assigned to ports by the internal DNS. To enable this functionality, do the following:

  1. Edit the /etc/neutron/neutron.conf file and assign a value different to openstacklocal (its default value) to the dns_domain parameter in the [default] section. As an example:

    dns_domain = example.org.
  2. Add dns (for the DNS Integration extension) or dns_domain_ports (for the dns_domain for ports extension) to extension_drivers in the [ml2] section of /etc/neutron/plugins/ml2/ml2_conf.ini. The following is an example:

    [ml2]
    extension_drivers = port_security,dns_domain_ports

After re-starting the neutron-server, users will be able to assign a dns_name attribute to their ports.

Note

The enablement of this functionality is prerequisite for the enablement of the Networking service integration with an external DNS service, which is described in detail in config-dns-int-ext-serv.

The following illustrates the creation of a port with my-port in its dns_name attribute.

Note

The name assigned to the port by the Networking service internal DNS is now visible in the response in the dns_assignment attribute.

$ openstack port create --network my-net --dns-name my-port test
+-----------------------+-------------------------------------------------------------------------------+
| Field                 | Value                                                                         |
+-----------------------+-------------------------------------------------------------------------------+
| admin_state_up        | UP                                                                            |
| allowed_address_pairs |                                                                               |
| binding_host_id       |                                                                               |
| binding_profile       |                                                                               |
| binding_vif_details   |                                                                               |
| binding_vif_type      | unbound                                                                       |
| binding_vnic_type     | normal                                                                        |
| created_at            | 2016-02-05T21:35:04Z                                                          |
| data_plane_status     | None                                                                          |
| description           |                                                                               |
| device_id             |                                                                               |
| device_owner          |                                                                               |
| dns_assignment        | fqdn='my-port.example.org.', hostname='my-port', ip_address='192.0.2.67'      |
| dns_domain            | None                                                                          |
| dns_name              | my-port                                                                       |
| extra_dhcp_opts       |                                                                               |
| fixed_ips             | ip_address='192.0.2.67', subnet_id='6141b474-56cd-430f-b731-71660bb79b79'     |
| id                    | fb3c10f4-017e-420c-9be1-8f8c557ae21f                                          |
| mac_address           | fa:16:3e:aa:9b:e1                                                             |
| name                  | test                                                                          |
| network_id            | bf2802a0-99a0-4e8c-91e4-107d03f158ea                                          |
| port_security_enabled | True                                                                          |
| project_id            | d5660cb1e6934612a01b4fb2fb630725                                              |
| qos_policy_id         | None                                                                          |
| revision_number       | 1                                                                             |
| security_group_ids    | 1f0ddd73-7e3c-48bd-a64c-7ded4fe0e635                                          |
| status                | DOWN                                                                          |
| tags                  |                                                                               |
| trunk_details         | None                                                                          |
| updated_at            | 2016-02-05T21:35:04Z                                                          |
+-----------------------+-------------------------------------------------------------------------------+

When this functionality is enabled, it is leveraged by the Compute service when creating instances. When allocating ports for an instance during boot, the Compute service populates the dns_name attributes of these ports with the hostname attribute of the instance, which is a DNS sanitized version of its display name. As a consequence, at the end of the boot process, the allocated ports will be known in the dnsmasq associated to their networks by their instance hostname.

The following is an example of an instance creation, showing how its hostname populates the dns_name attribute of the allocated port:

$ openstack server create --image cirros --flavor 42 \
  --nic net-id=37aaff3a-6047-45ac-bf4f-a825e56fd2b3 my_vm
+--------------------------------------+----------------------------------------------------------------+
| Field                                | Value                                                          |
+--------------------------------------+----------------------------------------------------------------+
| OS-DCF:diskConfig                    | MANUAL                                                         |
| OS-EXT-AZ:availability_zone          |                                                                |
| OS-EXT-STS:power_state               | 0                                                              |
| OS-EXT-STS:task_state                | scheduling                                                     |
| OS-EXT-STS:vm_state                  | building                                                       |
| OS-SRV-USG:launched_at               | -                                                              |
| OS-SRV-USG:terminated_at             | -                                                              |
| accessIPv4                           |                                                                |
| accessIPv6                           |                                                                |
| adminPass                            | dB45Zvo8Jpfe                                                   |
| config_drive                         |                                                                |
| created                              | 2016-02-05T21:35:04Z                                           |
| flavor                               | m1.nano (42)                                                   |
| hostId                               |                                                                |
| id                                   | 66c13cb4-3002-4ab3-8400-7efc2659c363                           |
| image                                | cirros-0.3.5-x86_64-uec(b9d981eb-d21c-4ce2-9dbc-dd38f3d9015f)  |
| key_name                             | -                                                              |
| locked                               | False                                                          |
| metadata                             | {}                                                             |
| name                                 | my_vm                                                          |
| os-extended-volumes:volumes_attached | []                                                             |
| progress                             | 0                                                              |
| security_groups                      | default                                                        |
| status                               | BUILD                                                          |
| tenant_id                            | d5660cb1e6934612a01b4fb2fb630725                               |
| updated                              | 2016-02-05T21:35:04Z                                           |
| user_id                              | 8bb6e578cba24e7db9d3810633124525                               |
+--------------------------------------+----------------------------------------------------------------+

$ openstack port list --device-id 66c13cb4-3002-4ab3-8400-7efc2659c363
+--------------------------------------+------+-------------------+---------------------------------------------------------------------------------------+--------+
| ID                                   | Name | MAC Address       | Fixed IP Addresses                                                                    | Status |
+--------------------------------------+------+-------------------+---------------------------------------------------------------------------------------+--------+
| b3ecc464-1263-44a7-8c38-2d8a52751773 |      | fa:16:3e:a8:ce:b8 | ip_address='203.0.113.8', subnet_id='277eca5d-9869-474b-960e-6da5951d09f7'            | ACTIVE |
|                                      |      |                   | ip_address='2001:db8:10::8', subnet_id='eab47748-3f0a-4775-a09f-b0c24bb64bc4'         |        |
+--------------------------------------+------+-------------------+---------------------------------------------------------------------------------------+--------+

$ openstack port show b3ecc464-1263-44a7-8c38-2d8a52751773
+-----------------------+------------------------------------------------------------------------------------------------------------+
| Field                 | Value                                                                                                      |
+-----------------------+------------------------------------------------------------------------------------------------------------+
| admin_state_up        | UP                                                                                                         |
| allowed_address_pairs |                                                                                                            |
| binding_host_id       | vultr.guest                                                                                                |
| binding_profile       |                                                                                                            |
| binding_vif_details   | datapath_type='system', ovs_hybrid_plug='True', port_filter='True'                                         |
| binding_vif_type      | ovs                                                                                                        |
| binding_vnic_type     | normal                                                                                                     |
| created_at            | 2016-02-05T21:35:04Z                                                                                       |
| data_plane_status     | None                                                                                                       |
| description           |                                                                                                            |
| device_id             | 66c13cb4-3002-4ab3-8400-7efc2659c363                                                                       |
| device_owner          | compute:None                                                                                               |
| dns_assignment        | fqdn='my-vm.example.org.', hostname='my-vm', ip_address='203.0.113.8'                                      |
|                       | fqdn='my-vm.example.org.', hostname='my-vm', ip_address='2001:db8:10::8'                                   |
| dns_domain            | example.org.                                                                                               |
| dns_name              | my-vm                                                                                                      |
| extra_dhcp_opts       |                                                                                                            |
| fixed_ips             | ip_address='203.0.113.8', subnet_id='277eca5d-9869-474b-960e-6da5951d09f7'                                 |
|                       | ip_address='2001:db8:10::8', subnet_id='eab47748-3f0a-4775-a09f-b0c24bb64bc4'                              |
| id                    | b3ecc464-1263-44a7-8c38-2d8a52751773                                                                       |
| mac_address           | fa:16:3e:a8:ce:b8                                                                                          |
| name                  |                                                                                                            |
| network_id            | 37aaff3a-6047-45ac-bf4f-a825e56fd2b3                                                                       |
| port_security_enabled | True                                                                                                       |
| project_id            | d5660cb1e6934612a01b4fb2fb630725                                                                           |
| qos_policy_id         | None                                                                                                       |
| revision_number       | 1                                                                                                          |
| security_group_ids    | 1f0ddd73-7e3c-48bd-a64c-7ded4fe0e635                                                                       |
| status                | ACTIVE                                                                                                     |
| tags                  |                                                                                                            |
| trunk_details         | None                                                                                                       |
| updated_at            | 2016-02-05T21:35:04Z                                                                                       |
+-----------------------+------------------------------------------------------------------------------------------------------------+

In the above example notice that:

  • The name given to the instance by the user, my_vm, is sanitized by the Compute service and becomes my-vm as the port's dns_name.
  • The port's dns_assignment attribute shows that its FQDN is my-vm.example.org. in the Networking service internal DNS, which is the result of concatenating the port's dns_name with the value configured in the dns_domain parameter in neutron.conf, as explained previously.
  • The dns_assignment attribute also shows that the port's hostname in the Networking service internal DNS is my-vm.
  • Instead of having the Compute service create the port for the instance, the user might have created it and assigned a value to its dns_name attribute. In this case, the value assigned to the dns_name attribute must be equal to the value that Compute service will assign to the instance's hostname, in this example my-vm. Otherwise, the instance boot will fail.