neutron/doc/source/admin/config-dns-int.rst
Miguel Lavalle 94b961f179 Update dns_assignment attribute documentation
After the implementation of [1], the calculation of the port's
dns_assignment attribute changed for some use cases of the Neutron
integration with an external DNS service. This change updates the
documentation accordingly

[1] https://specs.openstack.org/openstack/neutron-specs/specs/victoria/port_dns_assignment.html

Partial-Bug: #1956632
Change-Id: I1c8c6850faa7741afabe31889cdad0228a366310
2022-01-26 18:22:50 -06:00

244 lines
18 KiB
ReStructuredText

.. _config-dns-int:
===============
DNS integration
===============
This page serves as a guide for how to use the DNS integration functionality of
the Networking service and its interaction with the Compute service.
The integration of the Networking service with an external DNSaaS
(DNS-as-a-Service) is described in :ref:`config-dns-int-ext-serv`.
Users can control the behavior of the Networking service in regards to DNS
using two attributes associated with ports, networks, and floating IPs. The
following table shows the attributes available for each one of these resources:
.. list-table::
:header-rows: 1
:widths: 30 30 30
* - Resource
- dns_name
- dns_domain
* - Ports
- Yes
- Yes
* - Networks
- No
- Yes
* - Floating IPs
- Yes
- Yes
.. note::
The ``DNS Integration`` extension enables all the attribute and resource
combinations shown in the previous table, except for ``dns_domain`` for
ports, which requires the ``dns_domain for ports`` extension.
.. note::
Since the ``DNS Integration`` extension is a subset of
``dns_domain for ports``, if ``dns_domain`` functionality for ports is
required, only the latter extension has to be configured.
.. note::
When the ``dns_domain for ports`` extension is configured, ``DNS
Integration`` is also included when the Neutron server responds to a request
to list the active API extensions. This preserves backwards API
compatibility.
.. _config-dns-int-dns-resolution:
The Networking service internal DNS resolution
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The Networking service enables users to control the name assigned to ports by
the internal DNS. To enable this functionality, do the following:
1. Edit the ``/etc/neutron/neutron.conf`` file and assign a value different to
``openstacklocal`` (its default value) to the ``dns_domain`` parameter in
the ``[default]`` section. As an example:
.. code-block:: ini
dns_domain = example.org.
2. Add ``dns`` (for the ``DNS Integration`` extension) or ``dns_domain_ports``
(for the ``dns_domain for ports`` extension) to ``extension_drivers`` in the
``[ml2]`` section of ``/etc/neutron/plugins/ml2/ml2_conf.ini``. The
following is an example:
.. code-block:: ini
[ml2]
extension_drivers = port_security,dns_domain_ports
After re-starting the ``neutron-server``, users will be able to assign a
``dns_name`` attribute to their ports.
.. note::
The enablement of this functionality is prerequisite for the enablement of
the Networking service integration with an external DNS service, which is
described in detail in :ref:`config-dns-int-ext-serv`.
The following illustrates the creation of a port with ``my-port``
in its ``dns_name`` attribute.
.. note::
The name assigned to the port by the Networking service internal DNS is now
visible in the response in the ``dns_assignment`` attribute.
.. code-block:: console
$ openstack port create --network my-net --dns-name my-port test
+-----------------------+-------------------------------------------------------------------------------+
| Field | Value |
+-----------------------+-------------------------------------------------------------------------------+
| admin_state_up | UP |
| allowed_address_pairs | |
| binding_host_id | |
| binding_profile | |
| binding_vif_details | |
| binding_vif_type | unbound |
| binding_vnic_type | normal |
| created_at | 2016-02-05T21:35:04Z |
| data_plane_status | None |
| description | |
| device_id | |
| device_owner | |
| dns_assignment | fqdn='my-port.example.org.', hostname='my-port', ip_address='192.0.2.67' |
| dns_domain | None |
| dns_name | my-port |
| extra_dhcp_opts | |
| fixed_ips | ip_address='192.0.2.67', subnet_id='6141b474-56cd-430f-b731-71660bb79b79' |
| id | fb3c10f4-017e-420c-9be1-8f8c557ae21f |
| mac_address | fa:16:3e:aa:9b:e1 |
| name | test |
| network_id | bf2802a0-99a0-4e8c-91e4-107d03f158ea |
| port_security_enabled | True |
| project_id | d5660cb1e6934612a01b4fb2fb630725 |
| qos_policy_id | None |
| revision_number | 1 |
| security_group_ids | 1f0ddd73-7e3c-48bd-a64c-7ded4fe0e635 |
| status | DOWN |
| tags | |
| trunk_details | None |
| updated_at | 2016-02-05T21:35:04Z |
+-----------------------+-------------------------------------------------------------------------------+
When this functionality is enabled, it is leveraged by the Compute service when
creating instances. When allocating ports for an instance during boot, the
Compute service populates the ``dns_name`` attributes of these ports with
the ``hostname`` attribute of the instance, which is a DNS sanitized version of
its display name. As a consequence, at the end of the boot process, the
allocated ports will be known in the dnsmasq associated to their networks by
their instance ``hostname``.
The following is an example of an instance creation, showing how its
``hostname`` populates the ``dns_name`` attribute of the allocated port:
.. code-block:: console
$ openstack server create --image cirros --flavor 42 \
--nic net-id=37aaff3a-6047-45ac-bf4f-a825e56fd2b3 my_vm
+--------------------------------------+----------------------------------------------------------------+
| Field | Value |
+--------------------------------------+----------------------------------------------------------------+
| OS-DCF:diskConfig | MANUAL |
| OS-EXT-AZ:availability_zone | |
| OS-EXT-STS:power_state | 0 |
| OS-EXT-STS:task_state | scheduling |
| OS-EXT-STS:vm_state | building |
| OS-SRV-USG:launched_at | - |
| OS-SRV-USG:terminated_at | - |
| accessIPv4 | |
| accessIPv6 | |
| adminPass | dB45Zvo8Jpfe |
| config_drive | |
| created | 2016-02-05T21:35:04Z |
| flavor | m1.nano (42) |
| hostId | |
| id | 66c13cb4-3002-4ab3-8400-7efc2659c363 |
| image | cirros-0.3.5-x86_64-uec(b9d981eb-d21c-4ce2-9dbc-dd38f3d9015f) |
| key_name | - |
| locked | False |
| metadata | {} |
| name | my_vm |
| os-extended-volumes:volumes_attached | [] |
| progress | 0 |
| security_groups | default |
| status | BUILD |
| tenant_id | d5660cb1e6934612a01b4fb2fb630725 |
| updated | 2016-02-05T21:35:04Z |
| user_id | 8bb6e578cba24e7db9d3810633124525 |
+--------------------------------------+----------------------------------------------------------------+
$ openstack port list --device-id 66c13cb4-3002-4ab3-8400-7efc2659c363
+--------------------------------------+------+-------------------+---------------------------------------------------------------------------------------+--------+
| ID | Name | MAC Address | Fixed IP Addresses | Status |
+--------------------------------------+------+-------------------+---------------------------------------------------------------------------------------+--------+
| b3ecc464-1263-44a7-8c38-2d8a52751773 | | fa:16:3e:a8:ce:b8 | ip_address='203.0.113.8', subnet_id='277eca5d-9869-474b-960e-6da5951d09f7' | ACTIVE |
| | | | ip_address='2001:db8:10::8', subnet_id='eab47748-3f0a-4775-a09f-b0c24bb64bc4' | |
+--------------------------------------+------+-------------------+---------------------------------------------------------------------------------------+--------+
$ openstack port show b3ecc464-1263-44a7-8c38-2d8a52751773
+-----------------------+------------------------------------------------------------------------------------------------------------+
| Field | Value |
+-----------------------+------------------------------------------------------------------------------------------------------------+
| admin_state_up | UP |
| allowed_address_pairs | |
| binding_host_id | vultr.guest |
| binding_profile | |
| binding_vif_details | datapath_type='system', ovs_hybrid_plug='True', port_filter='True' |
| binding_vif_type | ovs |
| binding_vnic_type | normal |
| created_at | 2016-02-05T21:35:04Z |
| data_plane_status | None |
| description | |
| device_id | 66c13cb4-3002-4ab3-8400-7efc2659c363 |
| device_owner | compute:None |
| dns_assignment | fqdn='my-vm.example.org.', hostname='my-vm', ip_address='203.0.113.8' |
| | fqdn='my-vm.example.org.', hostname='my-vm', ip_address='2001:db8:10::8' |
| dns_domain | example.org. |
| dns_name | my-vm |
| extra_dhcp_opts | |
| fixed_ips | ip_address='203.0.113.8', subnet_id='277eca5d-9869-474b-960e-6da5951d09f7' |
| | ip_address='2001:db8:10::8', subnet_id='eab47748-3f0a-4775-a09f-b0c24bb64bc4' |
| id | b3ecc464-1263-44a7-8c38-2d8a52751773 |
| mac_address | fa:16:3e:a8:ce:b8 |
| name | |
| network_id | 37aaff3a-6047-45ac-bf4f-a825e56fd2b3 |
| port_security_enabled | True |
| project_id | d5660cb1e6934612a01b4fb2fb630725 |
| qos_policy_id | None |
| revision_number | 1 |
| security_group_ids | 1f0ddd73-7e3c-48bd-a64c-7ded4fe0e635 |
| status | ACTIVE |
| tags | |
| trunk_details | None |
| updated_at | 2016-02-05T21:35:04Z |
+-----------------------+------------------------------------------------------------------------------------------------------------+
In the above example notice that:
* The name given to the instance by the user, ``my_vm``, is sanitized by the
Compute service and becomes ``my-vm`` as the port's ``dns_name``.
* The port's ``dns_assignment`` attribute shows that its FQDN is
``my-vm.example.org.`` in the Networking service internal DNS, which is
the result of concatenating the port's ``dns_name`` with the value configured
in the ``dns_domain`` parameter in ``neutron.conf``, as explained previously.
* The ``dns_assignment`` attribute also shows that the port's ``hostname`` in
the Networking service internal DNS is ``my-vm``.
* Instead of having the Compute service create the port for the instance, the
user might have created it and assigned a value to its ``dns_name``
attribute. In this case, the value assigned to the ``dns_name`` attribute
must be equal to the value that Compute service will assign to the instance's
``hostname``, in this example ``my-vm``. Otherwise, the instance boot will
fail.
.. note::
When the Networking service integration with an external DNS service is
enabled, a port's FQDN in the ``dns_assignment`` attribute will not be
calculated as described above in some well defined cases. For a description
of these cases please see :ref:`config-dns-int-ext-dns-assignment`.