Hi Jaime, What you want to do should be possible, but will require some custom code to investigate.
See inline for a few suggestions. On 27/07/15 16:32, Jaime Fernández wrote: > I would like to register DNS records with the following format: > <name>.<interface>.<projectName>.<baseDomain> > to avoid collision between IP addresses for the same host but on > different interfaces, and to reserve a domain per project. However, it's > not an easy task. In keystone you can set up notifications (like nova), so when a project (or tenant) is created / deleted you can get a similar event. (http://docs.openstack.org/developer/keystone/event_notifications.html) It does not look like it gives back out the project name though - you might need to call the keystone API to get it. You could use this to trigger a Designate domain create / delete, using the "X-Auth-Sudo-Project-ID" Header to impersonate the project (which would make the new project the owner of the domain) There may be issues with users creating a domain that is a subdomain of another designate managed domain (e.g. <baseDomain>). If you do not need to have Designate manage this domain you could set <baseDomain> to be a tld (blocking all users from creating this domain in designate). With the v2 client bindings there is also "zone transfer requests" which allows domains to be moved between tenants / projects. If you need the <baseDomain> to be managed as part of Designate you could do the following: Create Domain (in Admin Project) | V Create a Zone Transfer Request (in Admin Project) | V Accept the Zone Transfer Request (in newly created project, using the X-Auth-Sudo-Project-ID header) It is a bit long winded, but should work. > The notifications received by designate-sink report the tenant-id (but > not project name) apart from other valuable information to register a > virtual machine. > > After reading nova (see > https://github.com/openstack/designate/blob/master/designate/notification_handler/nova.py) > and neutron handlers, these handlers register the IP addresses as > "managed" records, associating the resource_id (i.e. host instance_id). > It simplifies the process of removing the records when the host is removed. > > I would like to register (via designate-api) a domain per project (or > tenant) using the project name, and to assign the tenant_id when > registering the domain. When a host is created, designate-sink receives > a notification with its tenant_id, and we could search the domain by > tenant_id in order to register the host record. However, I'm afraid that > these "managed" attributes are not available via REST API (only by > Python API). You can edit managed records with the "edit_managed_records" URL parameter, or the "X-Designate-Edit-Managed-Records" HTTP Header (http://docs.openstack.org/developer/designate/rest.html#http-headers) The newer versions of the client support this as a flag as well. Unfortunately this will not allow you to set the managed_* fields, just edit the record data. > It would be nice to have the possibility to register or access these > managed attributes via REST API. Otherwise, I don't know how to proceed > with registered hosts. I don't think it's feasible to request for > reinstalling these virtual hosts. I would prefer to register manually, > via designate-api, those hosts that were already registered but with the > "managed" attribute "resource_id" so that when designate-sink receives > the notification about VM destruction, it is capable to unregister the > host entry searching by its resource_id. As a one off, starter you could write a script that uses the internal RPCAPI to create these, but that could prove problematic to maintain, and could end up being a significant amount of work. > Do you have any suggestion about how to proceed to configure a subdomain > for each project? I hope this helps! - Graham _______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : [email protected] Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
