Eucalyptus - Use external DNS

Follow

Description

In a cloud environment, all is done to be non-static. Instead of using fixed IP addresses, it is much easier to manage DNS names which are going to refer to your resources and services.

Plus, you probably want to increase reliability and security. Here we are going to see how to use DNS services in Eucalyptus to allow you to have the most reliable setup and configuration.

 

Pre-requisites

A good Linux/UNIX, IP addresses and DNS knowledge is preferable. Your eucalyptus cloud must be operational and DNS services Enabled.

In this article, we are going to follow this example:

Here we have all Eucalyptus services Up and Running, DNS services enabled. The main DNS Server is the one we want to use for all our IT resources. We want these IT resources to be able to resolve a DNS name that only the CLC knows. 

 

To realize this, we are going to use bind9 DNS (also known as named) and configure it to make names resolution possible.

Install DNS Server
apt-get update ; apt-get install bind9 dnsutils -y
yum update ; yum install bind bind-utils -y

We will use the domain name "somewhere.net". In Debian, the config files are in /etc/bind and in RedHat the files are in /etc and /etc/named/. As ever, I do advice you to backup it somewhere to roll-back.

We will also find db. files, which are default or examples configuration files. We're going to copythe db.empty do db.<domain_name> => db.somewhere.net.

Example:

 

; db for somewhere.net
;
$TTL    86400
@            IN    SOA       ns1.somewhere.net. root.somewhere.net. (
                             1         ; Serial
                             604800         ; Refresh
                             86400         ; Retry
                             2419200         ; Expire
                             86400 )       ; Negative Cache TTL
;
; Here we define the nameservers of the domain.
@            IN    NS        ns1.somewhere.net.
@            IN    NS        ns2.somewhere.net.
;
;Here we set the MX records for our domain
@            IN    MX    10  smtp.somewhere.net.
;
; Now we set the IP of the nameservers - Use yours
ns1          IN    A         192.168.1.1


clc IN A 172.16.1.1

; ; Now, we set some zones www IN A 192.168.1.10 smtp IN A 192.168.1.2

You now have to active this zone in your main configuration file

zone "somewhere.net"
{
     type master;
     file "/etc/bind/db.somewhere.net";
};

As we also want to resolve foreign domains address, we are going to make this DNS server a forwarder : when our DNS server doesn't know the domain name, it is going to forward requests to the public DNS

forwarders { 8.8.8.8; }; # Allow Forward
allow-query { any; }; # Allows clients to make requests
allow-query-cache { localnet; }; # allows to keep queries in cache


Now our DNS server is ready, we want to manage zones like "compute.somewhere.net" or "lb.somewhere.net" which are the address of our managed services in Eucalyptus.

We are simply going to add in our main config file, 2 new zones :

zone "lb.somewhere.net"
{
     type forward;
     forward only;
     forwarders { <CLC_IP>; };
};
Then, go back into the db.somewhere.net configuration file and add these 2 lines


lb.somewhere.net IN NS clc.somewhere.net.
This line indicates that the subzone is managed by another server.

Indicate Eucalyptus that it uses delegation
In eucalyptus, there are a lot of different properties. We are now going to focus on the dns ones.

euca-describe-properties | grep dns
PROPERTY bootstrap.webservices.use_dns_delegation false # Change to true
PROPERTY bootstrap.webservices.use_instance_dns false # Change to true
PROPERTY dns.dns_listener_address {}
PROPERTY dns.enabled true
PROPERTY dns.instancedata.enabled true
PROPERTY dns.ns.enabled true
PROPERTY dns.recursive.enabled true
PROPERTY dns.services.enabled true
PROPERTY dns.split_horizon.enabled true
PROPERTY dns.spoof_regions.enabled false
PROPERTY dns.spoof_regions.region_name {}
PROPERTY dns.spoof_regions.spoof_aws_default_regions false
PROPERTY dns.spoof_regions.spoof_aws_regions false
PROPERTY dns.tcp.timeout_seconds 30
PROPERTY loadbalancing.loadbalancer_dns_subdomain lb # Sudbdomain name for ELB
PROPERTY system.dns.dnsdomain localhost # your domain name, here, somewhere.net
PROPERTY system.dns.nameserver nshost.localhost # Use master DNS Server name
PROPERTY system.dns.nameserveraddress 127.0.0.1 # Use master DNS server address

You can see here the dns properties, and highlighted, the values you have to change by your own.


Conclusion
Now our server is ready to forward requests to Eucalyptus.
Have more questions? Submit a request

Comments

Powered by Zendesk