Configure DNS server for Helion Eucalyptus

Helion Eucalyptus has come a long way since its inception in 2007. Now it comes with more services than ever with more features to make your Eucalyptus cloud robust and more scalable. However, it’s now at a point where configuring DNS has become a fundamental requirement, like they say, “With great power comes great responsibility.”

HPE Helion Logo

Eucalyptus services like Loadbalancing, Imaging and most importantly when you want to use multiple User Facing Services, configuring DNS is not optional anymore. Even though the title of the post is Configure DNS server for Helion Eucalyptus, but this DNS server can be used as a basic DNS server for other purposes in your data center, as well as usable with multiple Eucalyptus clouds at the same time.

Install packages for DNS sever:

yum install bind bind-utils

After installation we need to edit the file in /etc/named.conf to add zone specific information for forward and reverse lookup.

In this example, we have a forward zone called euca.example.net:

zone "euca.example.net" IN {
        type master;
        file "fwd.euca.example.net";
        allow-update { any; };
};

For this example, we allow dynamic updates from any hosts, the default is deny all.

And since we have hosts in 10.17.198.x and in 10.17.199.x, for simplicity we will use the first two octet for reverse dns,

zone "17.10.in-addr.arpa" IN {
        type master;
        file "rev.euca.example.net";
        allow-update { any; };
};

For this example, we disabled the DNS authentication,

dnssec-enable no;
dnssec-validation no;

The entire named.conf file should looks like below:

In the example above, 10.17.198.5 is the host where DNS server is being configured.

Now that we have zones configured, we will need to configure the forward and reverse DNS records for the DNS server:

Here is an example what’s the forward DNS configuration for the DNS server (aoe-08-5) should looks like:

$ORIGIN .
$TTL 86400	; 1 day
euca.example.net		IN SOA	aoe-08-5.euca.example.net. root.euca.example.net. (
				2011071306 ; serial
				3600       ; refresh (1 hour)
				1800       ; retry (30 minutes)
				604800     ; expire (1 week)
				86400      ; minimum (1 day)
				)
			NS	aoe-5.euca.example.net.

Now configure reverse lookup for the DNS server:

$ORIGIN .
$TTL 86400	; 1 day
17.10.in-addr.arpa	IN SOA	aoe-08-5.euca.example.net. root.euca.example.net. (
				2011071301 ; serial
				3600       ; refresh (1 hour)
				1800       ; retry (30 minutes)
				604800     ; expire (1 week)
				86400      ; minimum (1 day)
				)
			NS	aoe-08-5.euca.example.net.

Start/Restart named service:

service named start

At this point the DNS server should be ready to add records of other hosts.

We can update forward zone records for any host in the network with subdomain euca.example.net using the following command,

nsupdate -d
> zone euca.example.net
> server 10.17.198.5
> update add aoe-08-11.euca.example.net 86400 A 10.17.198.11
> send

Here is a small script that can be used on all the hosts to update forward DNS records, the script below also updates the hosts existing DNS configuration and adds the new DNS server in network script:

For adding reverse DNS records:

nsupdate -d
> zone 17.10.in-addr.arpa
> server 10.17.198.5
> update add 11.198.17.10 86400 IN PTR aoe-08-11.euca.example.net.
> send

Another snippet to update reverse DNS record or PTR record for all the hosts in the same network:

Finally restarting named service on the DNS server is not required to add/remove DNS records dynamically with nsupdate, but it doesn’t write the changes to the zone specific files until the service is reloaded.

Example reverse zone file after adding reloading named service:

Now since we want our DNS server to work for multiple Eucalyptus clouds, we will need to forward requests to specific Eucalyptus DNS services. So, basically add NS records for User Facing Services’ (UFS) hostnames with custom subdomain to forward all the requests to UFS for Eucalyptus to resolve service endpoints.
Example:

nsupdate -d
> zone euca.example.net
> server 10.17.198.5
> > update add aoe-08-10.euca.example.net 8600 NS aoe-08-10.super.euca.example.net
> send

In this example above, host aoe-08-10.euca.example.net has Eucalyptus DNS service running, so any request to aoe-08-10.super.euca.example.net will be forwarded to aoe-08-10.euca.example.net to get appropriate response.

After adding NS records for hosts running Eucalyptus DNS service (currently User Facing Services comes with Eucalyptus DNS service) and reloading named service on DNS server (10.17.198.5), the forward zone file should like this:

Finally, configure Eucalyptus system properties to DNS on Eucalyptus:

euctl bootstrap.webservices.use_dns_delegation=true
euctl bootstrap.webservices.use_instance_dns=true
euctl system.dns.dnsdomain=aoe-08-10.super.euca.example.net

Check out our documentation or more information about Helion Eucalyptus: http://docs.hpcloud.com/eucalyptus/
Find us on irc: (freenode) #eucalyptus #eucalyptus-qa
Raise issues: https://eucalyptus.atlassian.net

Advertisements