 So for people who just coming in if you Hadn't heard if you're having trouble with any of the instructions here like getting vagran virtual box installed if it's not or Getting your VM up just raise your hand nice and high and then one of us will come around and help you awesome If you don't have a USB key also because you're gonna need that Real slow, I think it'd be slow We'll have to we'll have to benchmark Yeah, just to remind you if you guys are running Windows and make sure you have some sort of stage client To connect into your vagrant machine. So Remember if you're having any problems just take your hands up Or if you don't have a key or anything like that just any problems whatsoever Raise those hands up Raise the roof So this has everyone managed to run the vagrant SSH command. I think silence means yes Yes, it just to be clear like we're talking about once you have Got your USB key stuck it in your computer copied files over. That's awesome and not and done If you're on Windows, you have an SSH client of some sort We've copied the files over so wherever you copy the files over you're gonna open a terminal up If you've got virtual locks and vagrant installed and Then you can in a terminal change into the designate workshop folder You can do vagrant up and that'll start up a VM for you and then vagrant SSH And then you'll be on logged on to that machine. So if that Sounds super confusing or you're stuck on any one of those steps Just raise your hand and we'll come help you out and if you've already done that then That's great. That's good We're moving right along Let's try this one more one more way raise your hand if you are 100% ready to go your stand You're staring at the vagrant prompt Okay, put those hands down if you didn't raise your hand and you do want to participate in the workshop raise those hands now All right, that's how we do that. Okay, keep those hands up if you need help No, it's nobody needs help. All right, so maybe we give it a couple more minutes. Yeah, help him out. He's got a friend You're the winner If you're just coming in and you don't have a USB key Get it Kyle right there in the middle of the room And if you're having any problems raise that hand nice and high and somebody will come and help you out So is there anyone else who hasn't managed to vagraness his age yet? Okay, it's still a few so we'll give it a couple of minutes Eric behind you and hands up one more time because I wasn't paying attention Alright, so quick show of hands if you still need some help or a USB key or anything We got one we got raise those hands nice and high so the the folks walking around can see We'll probably just give it another minute here and then we're gonna get started We'll put a link to these slides in the Probably in like the feedback session like the feedback section on the app or something I don't know what we'll get you a we'll get to these slides if you need them But most of the stuff is is in the actual machine That you can keep in the back looks like there's someone can use Okay, so his nearly everyone or everyone ask a prompt at the in the VM Is anyone not that isn't being looked after Okay, I'll give a quick introduction then while the everyone else is catching up. My name is Graham Hayes I'm the PTL for the designate project and Thank you for coming to the workshop. It's always a great experience to show people how to install our software and how to use it so designate is a DNS as a service product inside of OpenStack it's a way you can enable end users to manage DNS entries a lot easier than trying to sync zone files or Or what a lot of other people have had to do in the past of write custom in-house solutions for managing DNS So designate is made up of a couple of components, which we'll show you how to install today We have an API service, which is how we interact with users Directly we have a desert the central service, which is where we keep all our business logic This has access to the database. It also enforces that people can't take over take over other people's DNS zones and ensures that everything is being done in accordance with the Rules set out in the policy file and in the configuration file We also have a few we also have a service called designate mini DNS, which is a DNS server Which we wrote in Python This allows us to interact very easily with a wide range of DNS servers So designate doesn't actually serve DNS directly to end users. We interact with other servers like pair DNS or bind or nsd and Because we use standard DNS for pushing out the information it means that it's a lot more reliable and we can Support a lot of DNS servers very quickly with very little code required So we have myself presented today We also have Kyle McGinnis who's walking around somewhere. He's down the back We both work in Hewlett-Packard Enterprise as part of the DNS as a service team From Rockspace we've Tim Tim Simmons and Eric Larson Eric is here Tim is sorry, he's right behind the lights and We have Miguel LaValle from IBM Who will be showing some of the integration between Nova and Neutron that designate as part of the install? So with that is if everyone's ready. I'll hand over to Eric who will be showing you How to install designate? all right, so We're gonna install this sucker. It's gonna be cool. Here's enjoy this. So here's a big Diagram that more or less goes over all the pieces that we're gonna get get up and running All right, so we know everybody's got our your vagrant image set up you can SSH into it So we're gonna go ahead and start so this is really simple We have vagrant SSH so you're into your machine and in their folder There's a script and the script is install dash designate dot shell and here we are So we have this this workshop here and we have this script and I'm just gonna you can go ahead and run the script Yes, in your vagrant environment after you SSH and you can just go and and run run the script I Already started hitting the cap lock you all right So and as you guys run this script, we're gonna go ahead and look at look at it So you guys can see all the stuff that that's happening. So basically Some of the script is here to make sure you guys can run it and rerun it So there's gonna be some things that'll delete the stuff that would have been created and it will recreate it So we're gonna I'm gonna kind of ignore those sorts of things and just go through the basics So basically it starts off. We change it to a directory This is a checkout of the designate source code and we do a pip install And so we install based on the requirements out text and then we install the that local environment into your System Python environment next up we we copy over some config files So when you check out designate, there's a bunch of config files in the Etsy directory And those those files are what you'd want to start with so that's effectively what we're doing here You go and you can list the files. They have a dot sample So we're just lopping off that dot sample and putting them in the Etsy directory for you so Next up we're actually gonna go and use a preset Set of values that we've written for you So we're gonna copy over a designate.conf.workshop to designate.conf So that if you guys need a reference as you guys are going home and you're on your plane or what have you traveling home You said man, I want to look at that config file again. That's the one That's the one you can take a look at and check it out the other file that you're gonna be you might be interested in This is pools.yaml. We'll talk about that a little bit later as once we configure the pools So there's a couple bookkeeping things that happen there that are not terribly important But something you might need later next up. We're gonna go and create our database pretty simple stuff and then the important part here is we call Designate manage so designate manage is a command line tool that help you manage your designate instance So this will go and sync your database. It'll go and create create your tables It'll perform migrations on it and all that sort of stuff so to get to get your tables and your database up to up to par so After we have our databases in place and everything's looking good and we have designate installed into our system Python environment We're gonna start the services. So this is starting up the services Graham mentioned So we have designate central that's gonna do stuff like talking to the database for us. We have designate API That's gonna handle our web traffic Designate MDNS or mini DNS as we say that's the the service that Graham was talking about as far as like this is gonna accept DNS traffic to get changes out and The pool manager so again remember a minute ago. I said we copy over pools.yaml We're gonna talk about the pool manager and that pools.yaml and finally there's the designate zone manager And that's another service that does things like periodic tasks So if something fails or you want to do something special like an alias record or something interesting That isn't quite supported just yet. That would be happening in the zone manager. So Now that we've started up all the services, we're gonna populate our pools database So again, we're using the designate manage command and we're gonna update our pools based off of that pools.yaml And I'm gonna show you guys that pools.yaml after after this So what's that? What's that? What does that do? The pools is gonna go and when you have a set of DNS servers You can you call those set of DNS servers a pool And so this pools contains a configuration for those DNS servers So this says oh, I have three instances of power DNS someplace that I want to run and when I want to create a new Zone, I'm gonna push out that zone to those three instances. So all that is listed in the pool So we'll look at that file. So here here's some stuff just created to meant for power DNS so This just syncs some some information with our power DNS information. So we have one running a local a local DNS server We restart power DNS just to pick up changes And then you can see here that we're restarting the pool manager to pick up changes of our pool So we updated our pools to say oh here We have a local pool that's running power DNS now we're gonna restart it to pick up those changes and then we're gonna do some fun stuff by using the open stack client so we're Gonna go and oh I keep scrolling the wrong way. So we're gonna source the open RC dot admin so in that File is is a bash bash script just export some environment variables. So you guys can have some admin credentials So first off we'll go and it's gonna delete it our designate service It's already there just in case you guys run this twice, but more importantly We're gonna create the designate service in Keystone So that will go and make it so when you log into Keystone you'll get a DNS entry for your service You will get a service entry for your DNS service. So you can go and have an endpoint to talk to You can see we create the endpoint and create the different admin URLs public URL internal URL and Region and then next up with that in place. We're gonna install a designate client So this just changes into a different directory Python designate client and what that does is it's a plug-in for the open stack command line client That will install the designate client plug-in so you can go and use the normal open stack commands Which we'll show you guys a little bit later And then last up We install the designate dashboard. So this is a horizon. So you'll also get to see a nice UI Okay, so we just went through the Install script so let's take a quick peek at our Let's take a quick peek at the config file So here a lot of this should be somewhat Similar to other open stack projects. I'm hoping So let me know if not but more or less it's just some some things that we're setting here's some general configuration This is all annotated so you guys can look back and hopefully understand what's going on So I'm just scrolling down to where we get something interesting So one thing to notice is we have a sudo helper here And I only mention it because a lot of times bind servers want to be run in sudo So this lets you go and for example if you were running bind We you interact with bind via a tool called R and DC and so this does that sort of set up for you And then here's some exciting bits which networking API to use so we're gonna use neutron So Miguel is gonna show you some awesome stuff about that later Yeah Okay, so here's the interesting bit. So here we have the service configuration So this is where you're configuring our different services here. We have a central service you can do things You can see max domain name length max record name length things like that Minimum TTLs for for records and things like that There's a manage resource settings just to let you guys know what that is Designate will go and create records and resources for you and these can be considered managed in which case Designate owns these things you don't get to play with them anymore. So this allows you to go and For example make sure that so our records are only managed by designate and some user doesn't come in and clobber those where that would be a problem API service, this is just basic. Hey, where what host port are you gonna bind to those sorts of things? We have authentication track strategy. If you are testing this locally You can just use no often then you don't have to authenticate So that's a nice nice tidbit or if you're running into production. You don't want to do that We have some enabled extensions. So an important one here is quotas. So quotas lets you go and enable It allows you to limit what how many for example zones a user can create how many Records sets a user can create or how many records a user can create So those are good things to make sure that you don't just have someone unboundedly creating as much stuff as they they want And there's some admin things that you can also enable Here's some information on the Keystone middleware There's a sync service that I don't think we're gonna keep talking about Then here mini DNS service. So again, this is just This is where you would have things like your bind server talking back to your mini DNS to go and pick up changes And let's get pushed back out to your main server Agent So one thing I'll mention about the agent since since it's coming up here The agent allows you to go and have if for example You run some other sort of DNS server that we don't know about you can potentially write like a plug-in and use the agent to Talk to that DNS server And this thing can be helpful if you have also sort of esoteric set up for your DNS system So if you're doing something really complicated your agent the agent's probably a friend. Otherwise, you probably don't need to worry about Here's our pool manager service. You can see here. We have a pool ID. That's saying. Hey, we have a pool That's called this and we're gonna scroll down and skip the neutron stuff real quick Keep scrolling down to skip the neutron stuff. Oh Never mind that's on the pools. Yeah, so I'm gonna let you guys take a look at this later because there's a lot of stuff in there and there's it's pretty well documented So finally you saw in the when we just looked at the config you saw About the pools the pools are configured this way So this is where we're actually telling designate. These are the pools that you're going to be talking to and updating so Here we have the default pool You can set attributes So this lets you do things like you can see in the comments here service tier gold Capabilities any cast true things like that that will go and help you discern What sorts of things you want to pull to go to so eventually you'll be able to sort of like schedule things to happen at different pools You could just add hawk example Say I work at rack space and I want to update a rack space Domain and I want to add a subdomain or something like that I might go and have that as as a oh that's gonna go to this pool over here versus some generic pool We have name servers and one thing I do want to clarify There's name servers and there's targets. So basically a name server is Sorry a target is where you're pushing out the changes to and a name server is where you're verifying So for example if you had two name servers, and then those name servers had ten slaves You might make your targets the two name servers But then if you want to verify that it was written on those you check for the name servers those little slaves So that's kind of the concept there So that is it for that so now Yes Yeah, so everybody's ran the script right I've rambled on for a while just in hopes that nobody had any problems running this script But did anybody have any problems running the script? I have one hand right there That it to okay. I will take a quick pause a week check these okay Well, good job right good job way to get yeah, that's pretty impressive. All right We'll help you guys out So raise those hands up again if you have problems So once more raise your hand if you have any problems so that we can come around and get you set All right, we're gonna Keep it on going here. So super quick I just want to do like a little poll here. It's if everybody could do what I'm doing here Just change directory designate and get branch Give everybody a second. So CD designate get branch How should it be even bigger? So if yours does not say stable metaka, could you just raise your hand really quick? Okay? So maybe it was literally just that one guy All right. No big deal. No big deal. It's fine carry on All right, so we're gonna show you how to use the open stack CLI so that we can so we can actually interact with this baby right here So the first thing we're gonna do is open stack zone list. Just kidding. The first thing we're gonna do is we're gonna source some user credentials So and before I go too far Lest you think this is all coming from the top of my head There's a file called client dot sh in the home directory where all the other stuff has been that we're that we've done so far This is what I'm working from so I'm gonna kind of go through this with you and Explain what's going on So if you get lost or you didn't see a command you can look and it's just client dot sh So so the first thing we want to get there's some There's some user credentials in here So if you just there's a there's two users and some admin credentials So we're just gonna source the use the first user so source open RC user one This is just getting some basic credentials so that we can interact with Keystone and designate You can see it's just literally exporting a couple of Variables that open stack uses so with that let's do a quick open stack zone list You didn't you didn't run the installs Eric was so intent on showing you all the cool stuff that was installing that he literally did not install it So hopefully you guys all did this Awesome awesome So Here we go. We're almost done This better work now Eric. Are you're in big trouble? Open stack zone list Boom, no, no, there's nothing there. It's because we haven't created anything yet. So I'm gonna go ahead and type own stack zone create Zones require an email address if you've ever seen a zone file You'll know why We're gonna do let's follow the example So one common mistake you might have seen might have not I typed open stack org as the domain and put a trailing dot on There because that's necessary for it to be a valid DNS name So that trip that trips a lot of people up as if you if you leave off that trailing dot you can be In some trouble. So what you saw here is the zone object get created Action create here's our name open stack org and you can see a status pending. So designates an asynchronous API So when you just like Nova if you create an instance when you create a zone and designate It goes from pending to active when the zone actually propagates to the to the name servers that you Larson there mentioned When those get pulled you can go in a get that happen. You want to see the command again? Bam open stags don't remember. This is in Client dot sh. Well, you know what I tried Open stag zone create Yeah, so it might be better to just copy and paste these rather than Doing them by hand like I'm gonna do As you'll see because I'm probably gonna flub quite a few of them So now that we can now that we've given it a minute We can look and see that hopefully yes Our zone has gone from a status of pending to a status of active So What that means is that the zone successfully propagated to and was seen as Active on the various name servers that were in that pools.yaml file that Eric mentioned So That in and of itself is not a huge Accomplishment because it's not there's not really much you can see but we can prove to you that That power DNS locally we just did a dig command and we got a status back That wasn't bad so we can see that the zone actually did make it out there and there's an SOA record there So let's go and actually create an a record So again, this is gonna be a long one So I would go ahead and type it out or copy it from the file remember client dot sh So I'm gonna create an a record set A record set is a logical grouping of DNS resource records that Are gonna make it into power DNS TTL what did I do wrong? Dash dash record set wait Thank you All right, so I didn't give an actual name So now you can see there's there's gonna be a record food out open stack dot org And it's gonna resolve to a local host, which is totally unhelpful, but it's very helpful as demo, so Let's give that a second and BAM we can see That the record set went active so now if we dig For open stack org. Oh my goodness. There's the IP that we put in Please clap So let's so this is obviously a very simplistic example, but you can imagine if this was the IP of your Nova instance you'd be super excited right now Because now you're now your instance has a name and you didn't have to send a support ticket you had a command line client to do that and We're gonna show you you don't even have to do this so Miguel's gonna show that a little later, but so It was great open stack org, but now we're gonna we're gonna kill you so open stack org zone open stack zone delete Own stack org you can see we're gonna delete the zone just as just as swiftly as we created it But don't worry because we're gonna do something really awesome now. I have a DNS zone file It's just import demo dot text sitting in your home directory And this is this is the RFC defined DNS master Format for zone files, and this is a thing that you can get Out of basically any DNS provider you can say give me give me my zone file. This is kind of the standard format You can see you know roughly the same kind of Information that we put in when we created the record set is here So we're actually going to import this zone file So rather than having to go and make API calls or CLI calls to create all those record sets Designate can do it all for us so we're gonna do open stack zone import create and give it this file name and Here we have This is also this is another asynchronous resource because it's got to go this zone file could be ridiculously huge So we we give it a status as well So if you take a look open stack zone import list You can see that it was complete. So now if we take a look at our open stack zone list Bam we have designate demo comm So and then we can look for some of those record sets that were in the zone file also You may be Have completely not noticed this but you can type give me the record set list and then type the name of the zone If you think about how a rest API works, which is what's actually happening under the covers That's not what you would do you'd be going and getting an ID. So that's just a nice little thing that's happening inside The CLI for you. What is it shell? No value So you can see now There's roughly in a slightly different format that's in the designate database those records that we created Via the zone import. So those are the same things that's in the zone file Please clap I'm kidding. I'm kidding. Don't clap for that So just to prove to you how awesome Designate is now we're gonna take that same zone and we're gonna export it So we can do open stack zone export Create and then just pass that same name another asynchronous resource Hopefully next cycle will make this so that the the zone files will end up in your swift bucket Which would be pretty awesome But the way it works now See bam. We are complete I'm gonna grab this ID real quick and Open stack zone export show file And then pop the ID That's not helpful If you do dash f value on the end of your open stack CLI commands, it gives you a really helpful It kind of takes away the default pretty table effects. So for these own files, that's actually really nice. So If you take a look here I'm gonna put the zone import in a file Well, they're roughly the same so the the the output from that The zone import or the zone export is Roughly the exact same thing as was in the import So you can export and then import your zone and then export it again and import it again I don't know why you'd want to do that, but you totally can't so the next thing I'm gonna show you is the Python bindings, which is kind of an extension of the CLI So that you can actually program in Python with this the same type of goodness here So I'm gonna just create an example zone real quick that's gonna be used by some of these So I have example comm here. So if you take a look, there's a couple of dot pi files in this directory The first one being example dot pi. So this is this is ludicrously simple All it does is grab a keystone session Using the environment variables that are sourced from the user and it creates a record for me example comm so let's just run that really quick Python example not by really quick Bam done open stack zone record set list For example comm and we're gonna see that there was indeed a record set created using that Python stuff so You don't have to use too much of your imagination to imagine how that might be really useful Building, you know small Python scripts that you might use to automate any sort of DNS related deployment That's obviously a really powerful tool Being able to just you know as a developer who only knows Python using in not so sure about all this DNS stuff It's super simple. So just in case you didn't actually see how simple that was You just get the client Which is just the designate client client dot record sets dot create Doesn't get much more simple than that So I'm gonna give you a little bit of a more complicated example here This is just a little script that we have here And all it does is give you you know like a URL shortener like bitly like we used earlier you can use this to Create like a random short URL. So if I do a short URL example comm is my zone and I want to put open stack org as a as a C name record and get a See I didn't do a DNS name So now if we take a look open stack list now you can see there's a Random kind of short URL C name record for open stack dot org. So just obviously the really simple Explanation please clap that you could that you could see could be a good use case here anything if you can dream it you can do it So one of the next things I want to show you is I want to show you Horizon So let's go here That's a 127.0.0 about one 8080 and then horizon So I don't remember the creds So we're using user one It's the user So username it's gonna be user one password is password super secure We're gonna log in here go to the DNS panel and Oh my goodness those look familiar Would you we just created those earlier using the CLI so you can see that these these two clients the you know The Python bindings the open stack CLI horizon. They're all using the same API. So all your stuff is Unified so really quick you can go to like example.com here and click manage records We could edit the records that we created Or we could create a new one so you can see there's a lot of different types of records here that you can create Maybe you can't really see that A records quad a C named sps sps of the txt all the all the good stuff that you actually want to create And that's smart so you yeah, obviously you can go through and create some records and they'll show up for you so this is pretty cool and We're working on new panels. So if this wasn't awesome enough for you We're gonna get some of the the new horizon goodness in this cycle. So What's up? Oh sure Yeah, here. This is this is gonna be a lot bigger horizon and then the same credentials that are in the the user one file that we used So then they use you'll want the username so just user one and the password the NS record So, okay, sure. So if you look at the pools.yaml file Right down here in this name server right here So you can see we have an NS record of NS one example net So for you know if you were if you were setting up some private thing This would be NS one your private thing You know net and then the actual name server that people would be resolving against would be this right here the name server External network internal network wherever you want You know the the clients to be able to resolve DNS against so we've got power DNS installed locally So we're able to just resolve against local hosts But you know in a real scenario you would have you know many name servers that you might be pushing out to that could be You know just behind You know you might also set You know ns1.example.net to to point to you know, whatever that name server was But the the DNS service can be wherever you need them to be so if you have Existing DNS infrastructure you can go and point it at that existing DNS infrastructure Whether that's in open stack or whether you have Somebody with the DNS server under their desk or something like that it does that you know saying But it also there's also other back ends So there's things like there's like a dine dinect back gang So if you wanted to point it at dine DNS or something like that you could do that too Come chat with Safer words. Yeah, we'll be around So we're gonna kick it to Miguel who's gonna show you some of the awesome work to integrate designate with Nova and neutron Can you hear me? Yeah, you can All right What we are going to show you is the work we did during this past Metacacycle to integrate neutron with designate and essentially the idea here is that we wanted all those commands That the team has been showing to be done for you as much as as much as possible and So so what we had what we did was to add new DNS related attributes to ports Net to neutron ports Neutron networks and neutron floating IPs. So let's So let's do a little help Port create and let's grab DNS And as you can see now since Mitaka you can assign a DNS name to to a to a port resource in neutron in a similar way In the case of networks You can assign a DNS domain attribute to to a neutron network and finally for floating IPs You can see that for floating IPs You can assign both a DNS domain a DNS name and a DNS domain attribute the floating IPs And the idea here is that when you create these resources Depending on the way you have configured the integration between neutron and designate The once you create the resource those attributes are going to be pushed To the to designate and therefore they are going to be pushed to the to the to the external DNS service Okay, is that is that is that clear? so far clear and So the other thing that we did Was to integrate all these with Nova so so Here's the here's the here's the general picture So here's the general picture that That little person on the on the left-hand side of the of the slide You can think of that as as being Nova and when you create when when that with that that's let's say That's that's Nova when you create a an instance Essentially what happens is that that when when Nova is allocating the ports for your instance It's going to attach the instance host name To the DNS at DNS name attribute of the port that Nova is creating for you And therefore that that that gives gives us the foundation for To push that information for you automatically to the to the external DNS service the Essential paradigm here is that that if your port has a DNS name The port that that was used to to create that the Nova instance has a DNS name and the Network of that port has a DNS domain Neutron is going to attempt to push That DNS name under that DNS domain to the to the to the external DNS service And therefore once you create that once you type the Nova boot command automatically that information at the end of the of the of the Boot command is going to be pushed to the to the external DNS service. Does that make sense so far? Not only we did that we also Maybe of you. I'm pretty sure maybe many of you know that that Neutron has its own internal DNS DNS service each network in Neutron creates gets a DHCP server So we integrated also that with that with Nova and essentially prior to mitaka All your ports got an automatic name host name and the IP address of of of of the of the port In the in the internal DNS a neutral internal DNS service. We changed that in mitaka essentially if you if you configure in neutron.com a Parameter name DNS domain with a With a name with that with a value that it's not open stack local open stack local is the Default value for DNS domain in neutron in the internal DNS service if you if you change that to anything anything else other than open stack local from that point on the The name of your port in the DNS name is going to be pushed to also to the to the internal DNS service in in each in each Neutral network and essentially what you say what you see there in the in the in that port dictionary is the result of creating a Port from from from from Nova as you can see that the the the the Nova is the user is creating a An instance name my underscore VM What we do is we? We Clean up that name to make it acceptable for for for DNS So essentially that that gets trans gets transferred to my dash VM Which is an acceptable acceptable DNS label Okay, and it's attached to whatever you have Configuring DNS domain in the internal DNS service So this this DNS domain parameter in neutron.com only applies to to To to the internal neutron neutron DNS service, okay? but on top of that if the network of that Port also has a DNS domain whatever whatever name was assigned to it that that DNS name my dash VM is going to be pushed to the external DNS service to to the signal does that make sense so far? Okay, so here's the general plan that that we are going to do in our in our little VMs. We are going to We are going to sort the open RC user one We are going to we are going to Do neutron net list to see the the the networks that that that user has created for it We are going to see the the the flavors available in Nova We are going to see the images available in Nova and with that information. We are going to spin up an instance, okay? So let's just do that neutron net list And as you can see that that ten and one user has the network six three eight Something else assigned to it. So let's let's create a variable here So I'm not not that good with the oh, yeah, I know what I know how to do it. Okay Okay So we we assigned the a variable there. Let's do a Nova image list and we're going to use that image to boot our Instance, so we are going to create another variable and finally. Let's do a Nova flavor list And we're going to use the flavor two or two. So without information. We are going to say Nova boot image flavor 202 Nick Net ID and we are going to call our little VM my underscore VM So it should become active pretty soon No, and it's active. So now let's let's use the neutron client to find out what what support for that VM neutron port list the device ID equal This VM you you ID and we can see that that support assigned to the that Nova assigned to To the instance and with that information. Let's do a neutron port show So if we go up we can see that the DNS name assigned to that port was my dash VM and You got a DNS assignment attribute that has a host name of my dash VM The IP address and a fully qualified domain name of my dash VM my domain door or the origin. Does that make sense? So the next the next thing we are going to do is we are going to we're going to assign to that network We are going to update that network that we used to boot the the instance With a DNS domain So let's call that my domain Dot or a G The network was was updated. So now neutron Net show That same network And as you can see now The network has a DNS domain of my domain dot dot or a G Okay Let's assign that that port you you ID also to a to a variable So it's easy to Manipulate and what we are going to do is we're going to create now a floating IP And we are going to sign that floating IP to the port neutron foreign IP. Oh No before that Let's create the song The only thing that that needs to exist prior to To a pushing the information to the the sound needs to exist. Okay So let's let's create the song song create And we're going to call that that's on my domain Dot or a G So now we have a we have our little sound. So prior to Prior to creating the floating IP. Let's let's see the Record set list My domain Dot or a G So as you can see, there's there's really not nothing that use there's no useful information in that in that song So now let's let's assign that let's create a floating IP and we're going to use external network That that user has access to So neutron Floating IP Create port ID the port of the of the of the VM Which I assigned to to a variable and the floating IP was created now. Let's see what we find in the in our in our zone my domain dot or a G And as you can see now The the floating IP assigned to the VM is known in in the zone And and the name assigned to that thing is my VM my domain dot or a G Does that make sense? So there are essentially we have three use cases for this integral integration between neutron and designate We can create a floating IP and the floating IP is going to be it's going to be it's going to if that floating IP has a port with a DNS name and its network has a DNS domain attribute those the that DNS name and that DNS domain is going to be pushed To the external DNS service under the floating IP. So that's that's use case number one. Let's create. Let's create another Use case number two is is also based on floating IP is floating IP create But in this case the DNS name and the DNS domain are going to be long to the floating IP Doesn't come from the port associated to the to the floating IP, okay? So let's say DNS DNS domain is going to be also my domain Dot or a G but the DNS name is going to be Moxie so as you can see we created the floating IP and now now let's see what we find under our zone now we have a That that name Moxie dot dot my domain dot or a G was also pushed to the So that's that's that's case number that's case number use case number two essentially what we said is okay We want we want one use case where Where the DNS attributes belong to the instance and the port associated to that instance? So that's use case number one use case number two is where we want that the DNS attributes to be long to the floating IP and You can you can create an instance associate an instance to that floating IP Turn down that instance create another instance and associate that instance to that floating IP And you are not changing the DNS information for that floating IP and use case number three Which I'm not going to show tonight is where we publish we publish the port DNS name and the Network DNS domain attributes directly to the to the external DNS service Without requiring a floating IP though. That's for use cases where you are routing Your ports directly to the outside without using floating IPs So that's going to be use case number three Okay There's a follow-up session That is going to take place This coming Thursday at 1 3 p.m. Where we are going to see in depth the the Three use cases and we are going also to see to review in depth the way to Configure the integration between neutron and designate all the files that you need to configure for this to happen But as you can see pretty much we can create an instance and get that instances information push to the external DNS service Okay, but another minute So I noticed a few people got lost a little bit through there It can be hard sometimes to try and fit enough into the hour. So apologies for that All right, so if you're interested in contributing contributing to designate We're absolutely open to anybody and everybody coming along give us a hand. So that can be anything from Code itself the most obvious one through to documentation fixes filing bugs when you you find our mistakes All of these kind of things are really quite valuable to us So I've included a whole bunch of links here at the end. There'll be a link to the slides themselves with the most part General open stack stuff. So if you're contributing to any open stack project They kind of apply and you've got some specific links for designate itself So things like the bug tracker how we do specs or documentation and so on All right, so if you are interested in getting involved The way we mostly communicate in the designate team is RSE So we've got an RSE channel called hash open stack DNS on free node. We also hold weekly RSE meetings at 1700 at UTC in the one of the open stack meeting rooms So if you're interested in contributing a feature or or helping out in any way you can drop by And other than that it is Questions time so if anybody has questions All the way at the back, right, so the the question is there are designate resources in heat The will the neutron designate integration be usable via heat today I believe the answer there is no you can't set the DNS name or DNS domain attributes on the Nova or neutron resources in heat yet Yeah, it's not a hundred percent sure but I don't believe it can be entirely done It's possible if you preset up some of it and that's actually adding the end Yes, yeah, we'll we'll go make sure that's done Okay, so the question is how easy or hard is this to run designate behind a load balancer? So I'm going to assume what you mean there is ha multiple copies of everything So every designate component you can run multiple copies of it Some of them behave slightly differently. So for example the API you can just scale that out as far as you want Some other services like the pool manager service will Sort of go into an active passive mode and fail over between themselves if you hit issues So for the most part, yes, you can just run as many as everything as you like and it will Recover when any individual component fails So we have HP have always used parody in us Face yo is by involved in bind So there's also a couple of other Dinect and Akamai if you want to upload it to a professional DNS hosting company to actually manage the servers But there's those two of the main ones Today, no, you can delegate sub zones so for example if you have my company calm and you have a Finance department you can delegate finance across But you can't currently share them. It is something we've talked about but we've never come up with an elegant implementation for So the question is does destroying and deleting resources like the floating IPs and VMs actually clean up the resources. Yes. Yes, it will. Yes Yes, and actually one thing that I didn't mention is that we not only create eight records for IP before we created records for IPv6 and we also create PTR records for your Reverse lookups, which I didn't show but I should have yeah, but but it was created actually doing the demo Any plans for Ansible modules? Is this for things like the sort of OS nova instance and so on? Honestly, I personally haven't thought of it, but I'm sure somebody has I Shade is the underlying library that all of the Ansible modules all of the open-snack Ansible modules used to talk to Open-snack components and there is a review to our designated components to shade Which would be the first step towards getting them into Ansible? What DNS servers are we supporting right now this question? So sorry So right now we support bind power DNS third-party hosting through Akamai third-party hosting through Dinect nsd I Think that's it at the moment. There is reviews up to add not which is Sorry, not DNS. There's also one in progress for a djb tiny DNS as well Those haven't merged yet though So yes, you can either decide the question is can you manage multiple different DNS servers? Maybe bind over here a parody in us over here. So yes, you can in the pools Configuration file like Amal you can define a pool that is made up of mixed DNS servers For the most part you don't want to do that though because different DNS servers will behave differently And you actually get into weirdness But if you have two different pools, you might have a bind pool and an Akamai pool So bind might be for your internal stuff Akamai for your external stuff And so that was sort of two ways of doing it any other questions or All right, so thank you guys for presenting and Three cheers