| Sylvain Desbureaux | 43f527e | 2017-11-15 17:42:15 +0100 | [diff] [blame] | 1 | .. This work is licensed under a Creative Commons Attribution 4.0 International License. |
| 2 | http://creativecommons.org/licenses/by/4.0 |
| 3 | Copyright 2017 ONAP |
| 4 | |
| 5 | |
| 6 | .. contents:: |
| 7 | :depth: 2 |
| 8 | .. |
| 9 | |
| 10 | ===================================== |
| 11 | **Setting Up Designate on Openstack** |
| 12 | ===================================== |
| 13 | |
| Determe, Sebastien (sd378r) | 4c83298 | 2017-12-05 18:46:51 +0100 | [diff] [blame] | 14 | .. tip:: |
| 15 | - `Openstack Designate documentation (LATEST) <https://docs.openstack.org/designate/latest/index.html>`_ is an important starting point for configuring Designate. Here, the focus will be on designate for ONAP. |
| 16 | - Notice the documentation version mentioned in the URL, e.g. ocata/, pike/, latest/ ... |
| Sylvain Desbureaux | 43f527e | 2017-11-15 17:42:15 +0100 | [diff] [blame] | 17 | |
| 18 | **Designate Overview** |
| 19 | ====================== |
| 20 | Designate is a *DNS as a Service* components. It allows API based interaction with a DNS server. |
| Eric Debeau | c0095d1 | 2017-11-15 23:58:49 +0000 | [diff] [blame] | 21 | |
| Sylvain Desbureaux | 43f527e | 2017-11-15 17:42:15 +0100 | [diff] [blame] | 22 | This DNS server can be any *well configured* DNS server. |
| Eric Debeau | c0095d1 | 2017-11-15 23:58:49 +0000 | [diff] [blame] | 23 | |
| Sylvain Desbureaux | 43f527e | 2017-11-15 17:42:15 +0100 | [diff] [blame] | 24 | Designate allows to create **any** entries in the DNS and thus has to be used wisely (see `Designate Production Guidelines <https://docs.openstack.org/designate/latest/admin/production-guidelines.html>` to have a complete explanation). |
| Eric Debeau | c0095d1 | 2017-11-15 23:58:49 +0000 | [diff] [blame] | 25 | |
| Sylvain Desbureaux | 43f527e | 2017-11-15 17:42:15 +0100 | [diff] [blame] | 26 | In order to be valuable, Designate must be plugged with a DNS Server that will be used: |
| Eric Debeau | c0095d1 | 2017-11-15 23:58:49 +0000 | [diff] [blame] | 27 | |
| 28 | - your global (pool of) DNS Server(s). Every entries put by Designate will be seen by everybody. It may then be very dangerous. |
| 29 | - a specific (pool of) DNS Server(s) for your openstack deployment. DNS resolution will work only for your VM. **This is the one that has been tested**. |
| 30 | - a specific (pool of) DNS Server(s) for an openstack tenant. Not a lot of doc is available for that so this part won't be explained here. |
| Sylvain Desbureaux | 43f527e | 2017-11-15 17:42:15 +0100 | [diff] [blame] | 31 | |
| 32 | **Designate usage in ONAP** |
| 33 | =========================== |
| 34 | |
| 35 | Currently, only DCAE Gen2 deployment needs designate to work. |
| Eric Debeau | c0095d1 | 2017-11-15 23:58:49 +0000 | [diff] [blame] | 36 | |
| Sylvain Desbureaux | 43f527e | 2017-11-15 17:42:15 +0100 | [diff] [blame] | 37 | DCAE deployment use cloudify with openstack plugin to start the needed VM for DCAE. In particular, Designate is used to give the IP address of consul server. Thus, the others VMs needs to access the DNS server where Designate push records. |
| Eric Debeau | c0095d1 | 2017-11-15 23:58:49 +0000 | [diff] [blame] | 38 | |
| Sylvain Desbureaux | 43f527e | 2017-11-15 17:42:15 +0100 | [diff] [blame] | 39 | In order to do that, we'll have to deploy DNS Server(s), configure them to accept dns updates and configure our networks to point to this DNS. |
| Mars Toktonaliev | ae2d2a3 | 2018-03-08 17:02:22 -0600 | [diff] [blame] | 40 | This How-To will use bind but you can change to any of the `proposed backends <https://docs.openstack.org/designate/latest/contributor/support-matrix.html>`. |
| Sylvain Desbureaux | 43f527e | 2017-11-15 17:42:15 +0100 | [diff] [blame] | 41 | |
| Eric Debeau | c0095d1 | 2017-11-15 23:58:49 +0000 | [diff] [blame] | 42 | Limitations with Heat automated deployment |
| Sylvain Desbureaux | 43f527e | 2017-11-15 17:42:15 +0100 | [diff] [blame] | 43 | ------------------------------------------ |
| Eric Debeau | c0095d1 | 2017-11-15 23:58:49 +0000 | [diff] [blame] | 44 | The current design of Heat installer installs DCAE needed VM into the same tenant of the same openstack of the other ONAP components. Thus, this openstack tenant must support Designate. |
| Sylvain Desbureaux | 43f527e | 2017-11-15 17:42:15 +0100 | [diff] [blame] | 45 | |
| Eric Debeau | c0095d1 | 2017-11-15 23:58:49 +0000 | [diff] [blame] | 46 | Limitations with Kubernetes automated deployment |
| Sylvain Desbureaux | 43f527e | 2017-11-15 17:42:15 +0100 | [diff] [blame] | 47 | ------------------------------------------------ |
| Mars Toktonaliev | ae2d2a3 | 2018-03-08 17:02:22 -0600 | [diff] [blame] | 48 | The current design of kubernetes deployment installs DCAE into any openstack instances in any tenant. It still mandates designate on the tenant. |
| Sylvain Desbureaux | 43f527e | 2017-11-15 17:42:15 +0100 | [diff] [blame] | 49 | |
| 50 | **Quick Install Guide** |
| 51 | ======================= |
| 52 | |
| 53 | Few steps have to be performed. The detail of each steps are in `the config guide of Openstack Designate <https://docs.openstack.org/designate/latest/install/index.html>`: |
| 54 | |
| 55 | 1. Install bind9 nameserver |
| Mars Toktonaliev | 843c149 | 2018-03-17 12:50:58 -0500 | [diff] [blame] | 56 | 2. Configure it to accept dns updates and forward to your master DNS Server. Example configuration is below: |
| Mars Toktonaliev | 58dacee | 2018-03-28 15:13:16 -0500 | [diff] [blame] | 57 | |
| Mars Toktonaliev | 843c149 | 2018-03-17 12:50:58 -0500 | [diff] [blame] | 58 | .. code:: bash |
| Mars Toktonaliev | 58dacee | 2018-03-28 15:13:16 -0500 | [diff] [blame] | 59 | |
| Mars Toktonaliev | 843c149 | 2018-03-17 12:50:58 -0500 | [diff] [blame] | 60 | root@designate:~# cat /etc/bind/named.conf.options |
| 61 | include "/etc/bind/rndc.key"; |
| 62 | options { |
| 63 | directory "/var/cache/bind"; |
| 64 | allow-new-zones yes; |
| 65 | dnssec-validation auto; |
| 66 | listen-on port 53 { 10.203.157.79; }; |
| 67 | forwarders { |
| 68 | 8.8.8.8; |
| 69 | 8.8.4.4; |
| 70 | }; |
| 71 | forward only; |
| 72 | allow-query { any; }; |
| 73 | recursion yes; |
| 74 | minimal-responses yes; |
| 75 | }; |
| 76 | controls { |
| 77 | inet 10.203.157.79 port 953 allow { 10.203.157.79; } keys { "rndc-key"; }; |
| 78 | }; |
| Mars Toktonaliev | 58dacee | 2018-03-28 15:13:16 -0500 | [diff] [blame] | 79 | root@designate:~# |
| 80 | |
| Mars Toktonaliev | ae2d2a3 | 2018-03-08 17:02:22 -0600 | [diff] [blame] | 81 | 3. Configure Designate in openstack. Please see `this guide <https://docs.openstack.org/mitaka/networking-guide/config-dns-int.html>` for more details. |
| Sylvain Desbureaux | 43f527e | 2017-11-15 17:42:15 +0100 | [diff] [blame] | 82 | 4. Create a pool pointing to your nameserver |
| 83 | |
| Eric Debeau | c0095d1 | 2017-11-15 23:58:49 +0000 | [diff] [blame] | 84 | Now, when starting the Heat Deployment, use this nameserver. When the stack heat has started, retrieve the random string (XXX in the example) and create the zone XXX.yourdomain (yourdomain is what you have filled in `dcae_domain` in onap_openstack.env). |
| 85 | For OOM, use the DNS on the container host so it can give it to the relevant VM. |