Thursday, 2013-09-12

« Wednesday, 2013-09-11 Index Friday, 2013-09-13 »
*** nosnos has joined #openstack-dns01:22
*** nosnos has quit IRC02:57
*** nosnos has joined #openstack-dns02:58
*** nosnos has quit IRC06:17
*** nosnos has joined #openstack-dns06:24
*** cflmarques has joined #openstack-dns10:58
*** cflmarques has quit IRC12:15
*** betsy has joined #openstack-dns12:34
*** eankutse has joined #openstack-dns13:22
*** nosnos has quit IRC13:26
*** jmcbride has joined #openstack-dns13:34
*** msisk has joined #openstack-dns13:37
*** jmcbride1 has joined #openstack-dns14:01
*** jmcbride1 has quit IRC14:02
*** jmcbride1 has joined #openstack-dns14:02
*** jmcbride has quit IRC14:03
kialltedious is not the word for this.. 1268 insertions(+), 843 deletions(-)  -_-14:18
*** CaptTofu has quit IRC14:50
*** CaptTofu has joined #openstack-dns14:51
*** jmcbride has joined #openstack-dns14:55
*** artom has joined #openstack-dns14:55
*** jmcbride1 has quit IRC14:57
artomDoes anyone have experience/suggestions with/for using Designate with a mix of private and public zones?15:17
*** zane has joined #openstack-dns15:38
kiallartom: heya15:39
kiallartom: currently, we don't support restricting who can issues queries against a zone..15:39
kiallThough, there is nothing preventing you from creating "bla.local." style domains, if that's what you meant by "private"15:40
artomThat's what I meant, yes.15:41
*** zane has quit IRC15:41
*** zane has joined #openstack-dns15:41
artomBut I was talking more in the context of an organization (mine!) that has private zones while its clients have public zones.15:42
artomBut that's actually becoming irrelevant since you mentioned you don't restrict who can issue queries against a zone.15:43
artomI just sort of assumed the Keystone integration meant authorization was implemented.15:43
kiallAh - Wait :)15:47
kiallThat's a different kind of query!15:47
kiallThe API is restricted to the tenant which owns the zone..15:48
kiallBut, `dig bla.com` is not restricted15:48
artomAh, gotcha!15:48
artomWhich brings me back to my original question.15:54
artomHandling of private domains on the backend.15:55
artomIf Designate is handling both private and public zones, they should ideally end up on different DNS servers.15:56
artomI hacked together a quick prototype using the PowerDNS backend.15:57
artomUsing MySQL replication, the zones get send to slave DNS servers.15:57
artomAnd since PowerDNS allows you to play with the DB schemas and SQL queries it runs, I used that to tag zones as private in the database, so the public slaves only "sees" the public zones and the private slave only "sees" the private ones.15:59
kiallSorry - back and forth from IRC ;)16:02
artomHowever, my organization is opposed to MySQL-backed PowerDNS because the denial-of-service risk is greater (because of the MySQL backend).16:02
kiallSo - We're "real soon now" implementing something we've called "pools"16:02
artomEh, I'm ranting anyways.16:02
kiallWhere you can multiple distinct sets of DNS servers which zones can be assigned to16:02
artomThat looks exactly like what we would need.16:03
kiallOnce that's in (and we're only planning the very basics of it day 1, probably not enough for what you'll need), things will be easier for this kinda setup16:03
kiallBut - Once we've got the basics in, Supporting "private" pools etc should be easy enough to add16:04
kiallI had a conversation with tsimmons last night about this actually :)16:04
kiallhttp://eavesdrop.openstack.org/irclogs/%23openstack-dns/%23openstack-dns.2013-09-11.log16:04
kiall^ will give you some more background on the plans without me re-typing ;)16:05
artomIndeed :)16:05
artomAlso, I've been told that as part of this project I'm allowed contribute to Designate if there's a need/agreement.16:06
kiallFeel free to ping me if there are unanswered questions :)16:06
artomMy Python is very basic, but if there's interest from your end I can maybe work on the pools feature?16:06
kiallCool - We're open to anyone contributing :) We follow the "standard" OpenStack conventions .. e.g. assigned ownership of code etc to the OpenStack Foundation etc etc16:07
kiallmugsie will be getting a start on the basic parts I mentioned relatively soon, it's a blocker for another feature! Hopefully the bare min will be in over the next week or two..16:07
kiallIf you / your company is new to contributing to openstack projects: https://wiki.openstack.org/wiki/How_To_Contribute16:08
artomI'm new - my company very isn't.16:09
artomeNovance.16:09
kiallAh - So the company will have signed the CLA already :)16:10
artomMost likely, but I don't know the details.16:11
kiallI'm pretty sure I've seen code coming to some of the other projects from eNovance anyway :)16:13
artomI don't think they're contributed to Designate, but they work a lot on other OpenStack projects.16:13
kiallYea - That's want I meant :)16:13
artomNot related, but would there be interest in an NSD backend?16:18
artom(Well, a bit related).16:18
artomAnd just to make sure I understand the pools plan correctly...16:22
artomThere would be a single pool manager?16:22
artomOr one manager per pool?16:23
kiallSo - Day 1, we're going to say only 1 pool is allowed, because we want to skip implementing the scheduler that allocates zones to a pool (this is where "private" pools would fit..)16:24
kiallAnd, each pool would have 1 active pool manager (We need to make some guarantees around first in, first out.. The simplest way to achieve that is to have 1 service instance responsible for a given zone.. e.g. all Nova instances belong to 1 "nova-compute" process..16:25
kiallWhen time allowes, we'll probably expand that to be Active/Active/..16:25
kiallBut today, we're getting the core concept in first..16:25
artomSo central would talk to the scheduler (once that's done), and then send the zone operation to the approriate pool manager... ?16:30
*** tsimmons has joined #openstack-dns16:30
kiallartom: we've not planned out how the scheduler would work .. If we can avoid a separate process for it, great!16:35
kiallBut.. yes, central will talk to the scheduler (be it something embedded in central, or a separate service) to determine which pool a zone will be allocated to, and will forward changes etc to the pool manager16:35
kiallAs I said, we're skipping the scheduler part of pools day 1, and restricting to a single pool, so there's no need for the scheduler yet ;)16:37
artomHey, for my selfish needs the scheduler can be "static" and user-configured ;)16:38
artomIe, here's a list of zones for pool A, here's for pool B.16:38
kiallHah - That could work :)16:39
artomMaybe with regexes to be a tiny bit more flexible ;)16:39
artomAnd going back to the plan, the pool managed would talk to the backends?16:40
kiallYea, it will change from central->backend to central->pool manager->backend16:41
kiallWith the central->pool manager piece being an async queue, so central doesn't need to wait for the change to be applied to your global pool of DNS servers ;)16:41
artomAh, hence the dependance on async.16:42
kiallYes :) The single active pool manager per pool (among other things) gives us the ability to ensure the first message to hit the queue gets processed first16:43
artomWhat would be the motivation for more than one manager per pool?16:43
kiall(with a low number of out of order messages, which we can handle as long as they are rare!)16:43
kiallActive/Active HA is always better than Active/Standby ;) And - for pools with a constant massive stream of changes, we want to be able to keep up.. We don't want the pool manager to become a bottleneck16:45
artomOk :)16:47
artomAnd that actually explains the FIFO bit you mentioned earlier - I'd forgotten it all goes through the MQ.16:47
artom(Uh, they, do, yes? Central -> pool manager is through the MQ?)16:49
kiallYea - That's though the MQ16:51
artomGotcha.16:51
artomThanks for your time so far :)16:51
kiallNo worries16:52
artomI'll probably lurk here in case I have more questions - but now, lunch!16:52
openstackgerritKiall Mac Innes proposed a change to stackforge/designate: WIP: Introduce the RecordSet concept  https://review.openstack.org/4609416:59
kiall^ going to have about 400 million test failures ;)16:59
*** eankutse has quit IRC16:59
*** zane has quit IRC17:00
*** zane has joined #openstack-dns17:03
*** tsimmons has quit IRC17:19
*** pasquier-s has quit IRC17:22
*** vipul is now known as vipul-away17:30
*** vipul-away is now known as vipul17:31
*** pasquier-s has joined #openstack-dns17:34
*** eankutse has joined #openstack-dns17:42
*** tsimmons has joined #openstack-dns17:52
*** eankutse has quit IRC17:58
*** eankutse has joined #openstack-dns18:10
*** eankutse has quit IRC18:10
*** eankutse has joined #openstack-dns18:10
*** tsimmons has quit IRC18:21
*** zane has quit IRC18:23
*** tsimmons has joined #openstack-dns18:29
*** tsimmons has left #openstack-dns18:30
*** vipul is now known as vipul-away18:30
*** jmcbride has quit IRC18:32
*** zane has joined #openstack-dns18:33
*** jmcbride has joined #openstack-dns18:35
*** vipul-away is now known as vipul18:37
*** vipul is now known as vipul-away19:23
*** vipul-away is now known as vipul19:23
*** vipul is now known as vipul-away19:38
artomDoes Designate use a module/library for writing zonefiles?20:13
artomAh, templates.20:16
*** vipul-away is now known as vipul20:42
*** jmcbride has quit IRC20:55
*** jmcbride has joined #openstack-dns21:08
*** eankutse1 has joined #openstack-dns21:21
*** eankutse1 has quit IRC21:21
*** eankutse has quit IRC21:23
*** msisk has quit IRC21:44
*** jmcbride has quit IRC22:08
*** jmcbride has joined #openstack-dns22:19
« Wednesday, 2013-09-11 Index Friday, 2013-09-13 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!