6. Designate Overview
● Designate is the DNS as-a-service component in OpenStack.
● Designate consists of: REST API, Central, and Sink.
● Internal and external Designate communication use the message queue.
● A designate client will allow you to manage servers, domains, and records.
○ More functionality is available in the REST API.
● Designate is the source of record for DNS records for the domains it manages.
● Domains are owned by tenants.
● Additional information:
○ http://designate.readthedocs.org
9. Designate REST API
● Version 1 allows management of:
○ Servers
○ Domains
○ Records
● Experimental Version 2 adds:
○ Zone import/export
○ Top-Level Domains (TLDs)
○ Zone blacklists
○ Managed Floating IP PTR Records
● Additional information:
○ http://designate.readthedocs.org/en/latest/rest.html
10. Designate Client
● Provides a command-line interface (CLI) like Keystone and Nova CLIs.
● Functionality is a subset of entire Designate API:
○ Servers
○ Domains
○ Records
11. Zone Import/Export
GET/POST - /v2/zones/<id> - Content-Type text/dns
● Use the API to:
○ import zones in zonefile format
○ export zones in zonefile format
● A zoneextractor.py tool assists with generating the zonefile format for
imports
12. Top-Level Domains (TLDs)
GET/POST/PATCH - /v2/tlds/<id>
● Use the API to managed TLDs
● By default no TLDs exist and any domain name can be created
● Presence of TLDs causes domain creation checks:
○ last label in domain name must be a TLD
○ the entire domain name cannot be a TLD
13. Zone Blacklists
GET/POST/PATCH - /v2/blacklists/<id>
● Use the API to manage blacklists
● Blacklist are regular expressions used to block domains from being created
○ Example to prevent example.com. domain from being created:
■ ^example.com.$
○ Example to prevent example.com. and subdomains of example.com.
from being created:
■ ^([A-Za-z0-9_-]+.)*example.com.$
15. Floating IP Pointers
GET/PATCH - /v2/reverse/floatingips/<id>
● Manage reverse DNS (PTR records) for Neutron Floating IPs
● Allow Operators to delegate the *.in-addr.arpa zone to Designate
○ Users can manage their own DNS, without support
○ Users can only set PTRs for IPs currently associated with their tenant
24. Designate Sink
● Designate Sink consumes events from Nova, Neutron, and other services and
turns those events into DNS operations.
● What events and what DNS operations are performed are determined by
custom notification handlers.
● Designate ships with sample notification handlers:
○ Nova handler
○ Neutron handler
27. Notification Handler Code
class NotificationHandler(ExtensionPlugin):
…
@abc.abstractmethod
def get_exchange_topics(self):
"""
Returns a tuple of (exchange, list(topics)) this handler wishes
to receive notifications from.
"""
28. Notification Handler Code (continued)
@abc.abstractmethod
def get_event_types(self):
"""
Returns a list of event types this handler is capable of processing
"""
@abc.abstractmethod
def process_notification(self, context, event_type, payload):
""" Processes a given notification """
...
29. Designate Sink at eBay Inc.
Evolving custom notification handler:
○ Initial design:
■ Granular with a single forward and reverse zone per tenant
■ Context (user, tenant, token) taken from notification message
○ Final design:
■ VPC - Virtual Private Cloud (dev, prod, ext)
■ VPCs are implemented as special tenant (not seen by user):
● admin_extcos
● admin_devcos
● admin_prodcos
■ tenants grouped into VPCs
■ many forward and reverse zones associated with VPC tenants
30. Designate Sink at eBay Inc. (continued)
○ Final design (continued):
■ Nova instance metadata:
● zone - forward zone for A record
● hostname - hostname portion of FQDN for A record
● VPC name
■ VPC name is mapped to VPC tenant in designate.conf:
● network_host_tenants = ext:admin_extcos,dev:admin_devcos,prod:
admin_prodcos
■ service account is member of VPC tenants and used to add A and PTR records to
Designate