Injecting records into micro-BOSH powerDNS
196 views
Skip to first unread message
james....@opencredo.com
Oct 2, 2013, 5:22:21 AM10/2/13
to bosh-...@cloudfoundry.org
Hi List,
We're deploying Cloud-Foundry on vSphere, and trying to keep the install as self-contained and compact as possible.
As such, we're using the built-in powerDNS on the micro-BOSH to serve the CF DNS records. CF normally uses route 53 on AWS to host these records, and as far as I know these are automatically created at deploy time.
We've manually inserted the records into the powerDNS postgres DB for now, but now we're looking at automating this.
It's likely simple to do this with some Ruby code, but it would be useful to know if there's anything existing that would inject arbitrary DNS records from the deployment manifest into powerDNS.
Anyone heard of such a feature? Should I request it?
thanks
James M
Dr Nic Williams
Oct 2, 2013, 11:46:11 AM10/2/13
to bosh-...@cloudfoundry.org
At OpenStack-on-Ales I learned about https://launchpad.net/designate which is a DNSaaS, or more usefully put, it is a REST API in front of powerdns. If you have a chance to try it out, let me know how it goes.
To unsubscribe from this group and stop receiving emails from it, send an email to bosh-users+...@cloudfoundry.org.
james....@opencredo.com
Oct 3, 2013, 5:26:58 AM10/3/13
to bosh-...@cloudfoundry.org
For now, we've gone with the automated talk-to-postgres option, but the aim is eventually to have the necessary DNS records listed in the deployment manifest, for the Director to inject into powerDNS/postgres.
It looks like a lot of the code for doing that already exists in the Director.
But it's a matter of triggering those functions on demand from a deployment manifest.
James M
Dr Nic Williams
Oct 3, 2013, 10:58:46 AM10/3/13
to bosh-users
What are some example DNS entries that you are needing to manually add to the bosh DNS?
BTW, It might be "cleaner" to run an upstream powerdns outside of microbosh. I feel awkward about the idea that microbosh isn't controlling 100% of its powerdns's records.
James Masson
Oct 4, 2013, 5:32:12 AM10/4/13
to bosh-...@cloudfoundry.org
I'm adding records to support Cloud Foundry itself.
eg. - adding a domain for "pivotal.local"
- and a wildcard address "*.pivotal.local", pointing to the IP address
of the CF router - to allow the CF vhosting to work.
insert into domains(name,type) values('pivotal.local','NATIVE');
insert into records(name,type,content,ttl,domain_id)
values('pivotal.local','SOA','localhost hostmaster@localhost 0 10800
604800 30',14400,4)
insert into records(name,type,content,ttl,domain_id,change_date)
values('*.pivotal.local','A','1.2.3.4',300,4,1380122312);
CF is generally targeted at AWS, and so it has Route53 automatically set
these records - but there is no equivalent functionality on vSphere, as
far as I know.
We're building ultra-compact BOSH deployed CI systems for developing CF
Services - and it seems wasteful to deploy/manage another DNS server for
3 records! The micro-BOSH powerDNS has the raw capabilities to do what
we want, but it's not an elegant solution yet.
Is there a reason you'd advise against using the micro-BOSH to host
these records? There is no namespace overlap, so the dns_helper code has
no reason to touch those records. We've used this kind of setup in the
past, and had no ill effects, the only difference here is we're looking
at ways to automate it.
James M
eg. - adding a domain for "pivotal.local"
- and a wildcard address "*.pivotal.local", pointing to the IP address
of the CF router - to allow the CF vhosting to work.
insert into domains(name,type) values('pivotal.local','NATIVE');
insert into records(name,type,content,ttl,domain_id)
values('pivotal.local','SOA','localhost hostmaster@localhost 0 10800
604800 30',14400,4)
insert into records(name,type,content,ttl,domain_id,change_date)
values('*.pivotal.local','A','1.2.3.4',300,4,1380122312);
CF is generally targeted at AWS, and so it has Route53 automatically set
these records - but there is no equivalent functionality on vSphere, as
far as I know.
We're building ultra-compact BOSH deployed CI systems for developing CF
Services - and it seems wasteful to deploy/manage another DNS server for
3 records! The micro-BOSH powerDNS has the raw capabilities to do what
we want, but it's not an elegant solution yet.
Is there a reason you'd advise against using the micro-BOSH to host
these records? There is no namespace overlap, so the dns_helper code has
no reason to touch those records. We've used this kind of setup in the
past, and had no ill effects, the only difference here is we're looking
at ways to automate it.
James M
Dr Nic Williams
Oct 4, 2013, 11:09:36 AM10/4/13
to bosh-...@cloudfoundry.org, bosh-...@cloudfoundry.org
Powerdns isn't a big thing to run (there is a bosh job in bosh/release/jobs/powerdns to do it :) and to have your own "external" DNS for user-facing DNS provides both security/isolation; but also it means the bosh-devs never have to wonder "how else might people be using this DNS DB"?
Currently bosh core team nor CF core teams don't personally use the DNS feature of bosh; except Ferdy. This lack of self-use, combined with the lack of stable releases in 2013 (we're all forced to use assets from a continuous deployment pipeline) means that I worry for you - that an untested bug in bosh might screw up your manually added DNS records.
Keep your own DNS records in your own DB and you'll be safe. Treat it like route53 - your own public dedicated DNSaaS for your users.
These are just some thoughts.
Reply all
Reply to author
Forward
0 new messages