A talk I gave with Ron Rickard from eBay Inc. at the May 2014 OpenStack Summit in Atlanta. Video is here: https://www.youtube.com/watch?v=SdTf8OvHC60

1. Operators Deep Dive
Graham Hayes / HP
Ron Rickard / eBay Inc.

2. Graham Hayes - HP Cloud

3. Ron Rickard
Sr. Cloud Engineer, eBay Inc.
rrickard@ebaysf.com
irc.freenode.net: rjrjr

4. Agenda
Designate Overview
Designate REST API
Designate and Neutron
Designate Central
Designate Sink

5. Designate Overview

6. Designate Overview
● Designate is the DNS as-a-service component in OpenStack.
● Designate consists of: REST API, Central, and Sink.
● Internal and external Designate communication use the message queue.
● A designate client will allow you to manage servers, domains, and records.
○ More functionality is available in the REST API.
● Designate is the source of record for DNS records for the domains it manages.
● Domains are owned by tenants.
● Additional information:
○ http://designate.readthedocs.org

7. Designate Architecture
Database
DNS
Server
Backend
Central
API AMQP
Keystone
User

8. Designate REST API

9. Designate REST API
● Version 1 allows management of:
○ Servers
○ Domains
○ Records
● Experimental Version 2 adds:
○ Zone import/export
○ Top-Level Domains (TLDs)
○ Zone blacklists
○ Managed Floating IP PTR Records
● Additional information:
○ http://designate.readthedocs.org/en/latest/rest.html

10. Designate Client
● Provides a command-line interface (CLI) like Keystone and Nova CLIs.
● Functionality is a subset of entire Designate API:
○ Servers
○ Domains
○ Records

11. Zone Import/Export
GET/POST - /v2/zones/<id> - Content-Type text/dns
● Use the API to:
○ import zones in zonefile format
○ export zones in zonefile format
● A zoneextractor.py tool assists with generating the zonefile format for
imports

12. Top-Level Domains (TLDs)
GET/POST/PATCH - /v2/tlds/<id>
● Use the API to managed TLDs
● By default no TLDs exist and any domain name can be created
● Presence of TLDs causes domain creation checks:
○ last label in domain name must be a TLD
○ the entire domain name cannot be a TLD

13. Zone Blacklists
GET/POST/PATCH - /v2/blacklists/<id>
● Use the API to manage blacklists
● Blacklist are regular expressions used to block domains from being created
○ Example to prevent example.com. domain from being created:
■ ^example.com.$
○ Example to prevent example.com. and subdomains of example.com.
from being created:
■ ^([A-Za-z0-9_-]+.)*example.com.$

14. Designate and Neutron
Floating IP Reverse DNS

15. Floating IP Pointers
GET/PATCH - /v2/reverse/floatingips/<id>
● Manage reverse DNS (PTR records) for Neutron Floating IPs
● Allow Operators to delegate the *.in-addr.arpa zone to Designate
○ Users can manage their own DNS, without support
○ Users can only set PTRs for IPs currently associated with their tenant

19. Designate Central

20. Designate Central
● Contains the core code for Designate.
● Uses pluggable storage driver for persisting data:
○ SQLAlchemy
● Uses pluggable backend driver for DNS operations:
○ PowerDNS
○ NSD4
○ FreeIPA
○ DynECT
○ BIND (needs work)

21. Backend Drivers
● Currently, backend drivers need to implement functions for:
○ Create, update, delete TSIG keys
○ Create, update, delete domains
○ Create, update, delete record set
○ Create, update, delete records
● Coming is a mini-DNS in Designate. Mini-DNS will:
○ Pushes data using zone transfers (AXFR/IXFR)
○ Simplify backend drivers
● Additional Information:
○ http://designate.readthedocs.org/en/latest/backends.html

22. Backends - MiniDNS
Database Central MiniDNS
Customer Facing
DNS Server
Backend /
Manager
API

23. Designate Sink
Automatic Record Creation

24. Designate Sink
● Designate Sink consumes events from Nova, Neutron, and other services and
turns those events into DNS operations.
● What events and what DNS operations are performed are determined by
custom notification handlers.
● Designate ships with sample notification handlers:
○ Nova handler
○ Neutron handler

25. Events
compute.instance.create.start/.error/. end
compute.instance.delete.start/.end
compute.instance.update
compute.instance.rebuild.start/.end
orchestration.stack.create.start/.error/.end
orchestration.stack.update.start/.error/.end
orchestration.stack.delete.start/.error/.end
network.create
network.delete
network.port.create
network.port.delete
floatingip.update.end
floatingip.delete.start
trove.instance.create
trove.instance.delete

26. Payload
{"state_description": "", "availability_zone": null, "terminated_at": "",
"ephemeral_gb": 0, "instance_type_id": 2, "message": "Success",
"deleted_at": "", "reservation_id": "r-0fhyl6wq", "instance_id": "192c1697-bc90-483f-bffc-6f461dd793cc",
"user_id": "7101d930ff084aab9136db2b359719e2",
"fixed_ips": [{"floating_ips": [], "label": "private", "version": 4,
"meta": {}, "address": "10.0.0.2", "type": "fixed"}],
"hostname": "rontest", "state": "active", "launched_at": "2014-02-24T23:16:43.058572",
"metadata": [], "node": "frodo", "ramdisk_id": "",
"access_ip_v6": null, "disk_gb": 1, "access_ip_v4": null,
"kernel_id": "", "image_name": "cirros-0.3.0-x86_64-disk", "host": "frodo",
"display_name": "rontest",
"image_ref_url": "http://192.168.56.35:9292/images/afd10e78-d2e2-41cf-b1f7-573d7c89ac18",
"root_gb": 1, "tenant_id": "c8344a592b574589b531fe8956ef7ec1",
"created_at": "2014-02-24T23:16:37.000000",
"memory_mb": 512, "instance_type": "m1.tiny", "vcpus": 1,
"image_meta": {"min_disk": "1", "container_format": "bare",
"min_ram": "0", "disk_format": "qcow2",
"base_image_ref": "afd10e78-d2e2-41cf-b1f7-573d7c89ac18"},
"architecture": null, "os_type": null, "instance_flavor_id": "1"}

27. Notification Handler Code
class NotificationHandler(ExtensionPlugin):
…
@abc.abstractmethod
def get_exchange_topics(self):
"""
Returns a tuple of (exchange, list(topics)) this handler wishes
to receive notifications from.
"""

28. Notification Handler Code (continued)
@abc.abstractmethod
def get_event_types(self):
"""
Returns a list of event types this handler is capable of processing
"""
@abc.abstractmethod
def process_notification(self, context, event_type, payload):
""" Processes a given notification """
...

29. Designate Sink at eBay Inc.
Evolving custom notification handler:
○ Initial design:
■ Granular with a single forward and reverse zone per tenant
■ Context (user, tenant, token) taken from notification message
○ Final design:
■ VPC - Virtual Private Cloud (dev, prod, ext)
■ VPCs are implemented as special tenant (not seen by user):
● admin_extcos
● admin_devcos
● admin_prodcos
■ tenants grouped into VPCs
■ many forward and reverse zones associated with VPC tenants

30. Designate Sink at eBay Inc. (continued)
○ Final design (continued):
■ Nova instance metadata:
● zone - forward zone for A record
● hostname - hostname portion of FQDN for A record
● VPC name
■ VPC name is mapped to VPC tenant in designate.conf:
● network_host_tenants = ext:admin_extcos,dev:admin_devcos,prod:
admin_prodcos
■ service account is member of VPC tenants and used to add A and PTR records to
Designate

31. def process_notification(self, context, event_type, payload):
domain_id = self.central_api.find_option(context, “default_domain”)
recordset = self.central_api.create_recordset(context, domain_id,
{'name': name, 'type': type, 'ttl': ttl,})
address = {'version': 4, 'address': payload['floatingip']['floating_ip_address']}
record_values = {'data': address['address']}
self.central_api.create_record(context, domain_id, recordset['id'], record_values)

32. Workshop
B314 @ 13:30
Make sure you have installed:
VirtualBox (4.x)
Vagrant (Latest)