neutron

Allow customer-specified per-subnet and per-host DNS entries

Bug #1112884 reported by Manu Sporny
32
This bug affects 7 people
Affects Status Importance Assigned to Milestone
neutron
Expired
Wishlist
Unassigned

Bug Description

We're running an operational OpenStack Folsom + Quantum cluster configured to host multiple tenants, each having their own subnet. It seems like you can only have one domain for all tenants, which seems like an artificial limitation since each dnsmasq process can take a different --domain argument. It also seems like only a translation of the VMs IP address is placed into the dnsmasq file. There is also no way to specify a DNS entry for the VM.

Allow dhcp_domain to be set on a per-subnet basis via quantum. It could be done as an optional parameter for each subnet tracked by quantum, much like 'start' and 'end' for the allocation_pools. Doing so would ensure that any DHCP address received by VMs started in that subnet would set their search domain to the per-subnet dhcp_domain. The hostname would thus be - VM_NAME + '.' + DHCP_DOMAIN

In addition to the feature above, the customer could specify an alternative hostname entry to place into the dnsmasq configuration.

For example, assume the dhcp_domain selected for the tenant was 'example.com'. They launch a named 'web-1' with an IP of 10.0.0.5. They specify that they also want this VM to be called 'web.blue.com', the following entries would be placed into the dnsmasq host file:

fa:16:3e:76:56:11,10-0-0-5.example.com,10.0.0.5
fa:16:3e:76:56:11,web-1.example.com,10.0.0.5
fa:16:3e:76:56:11,web.blue.com,10.0.0.5

Revision history for this message
yong sheng gong (gongysh) wrote :

Dns is very weak in current quantum now.

dan wendlandt (danwent)
Changed in quantum:
importance: Undecided → Wishlist
Revision history for this message
dan wendlandt (danwent) wrote :

Note: we talked about DNS as the Folsom summit, see: https://etherpad.openstack.org/openstack-dns

There were others planning on making a full DNS-as-a-service that could feed off of quantum notifications about the creation of ports and allocation of IPs. The reason for viewing this as being outside quantum (or at least outside core quantum) is that DNS-as-a-service as commonly implemented can be used to handle IPs whether or not those IPs are in the local openstack cloud.

Mark McClain (markmcclain)
tags: added: l3-ipam-dhcp
removed: dhcp subnet
Revision history for this message
nymous (d1pro) wrote :

DNSaaS is an option to keep names consistent, but dnsmasq agent injects it's dhcp-domain with dhclient into resolver config. So a VM can have proper DNS name for outside world, but internally thinks that it is attached to a different domain.

For example, you have configured your domain as example.com and specified your dhcp domain as test.com. A VM named "test-123" would be visible to others as test-123.example.com, but it's resolv.conf would contain:

domain test.com
search test.com

Revision history for this message
Manu Sporny (msporny) wrote :

@d1pro Your suggestion would require me to run two different DNS servers where I don't require anything that complicated. At the very least, I'd just like to set the domain on a per-tenant basis and dnsmasq has a simple command-line option to enable that. That option, however, is not surfaced via OpenStack.

The other issue is that I can't give a VM different DNS names. I don't know if dnsmasq supports this sort of functionality. If it doesn't, not a big deal, but if it does, then it would seem like a good idea to expose that functionality via OpenStack so that administrators don't have to run two different DNS systems.

Revision history for this message
nymous (d1pro) wrote :

All this stuff could be managed by one DNS server. Just several zones.

I meant that quantum currently lacks support of per network domain specification. I personally had a setup with 2 tenants.
I have root domain, let's say, example.com. And i have 2 tenants with subdomain dev.example.com and rel.example.com.

If I specify dhcp domain (within quantum config) as example.com, I should use vm-1.dev and vm-2.rel names even between same tenant's VMs.

I can't use dev.example.com or rel.example.com, as all my VMs, whatever tenant they belong, would search for names of others in that and only that domain.

Mark McClain (markmcclain)
Changed in neutron:
status: New → Triaged
Revision history for this message
Cedric Brandily (cbrandily) wrote :

This bug is > 365 days without activity. We are unsetting assignee and milestone and setting status to Incomplete in order to allow its expiry in 60 days.

If the bug is still valid, then update the bug status.

Changed in neutron:
status: Triaged → Incomplete
Revision history for this message
Ihar Hrachyshka (ihar-hrachyshka) wrote :

I believe the name of the instance is now used for dns_name, if domain name is different from default.

Revision history for this message
Launchpad Janitor (janitor) wrote :

[Expired for neutron because there has been no activity for 60 days.]

Changed in neutron:
status: Incomplete → Expired
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.