Open Stack

On 09/05/2016 21:48, Mike Spreitzer wrote:
> "Hayes, Graham" <graham.hayes at hpe.com> wrote on 05/09/2016 04:08:07 PM:
>
>  > ...
>  > On 09/05/2016 20:55, Mike Spreitzer wrote:
>  > ...
>  > > Oh, right, the network gets to specify the rest of the FQDN.  In my
> case
>  > > I am interested in Neutron Ports on tenant networks.  So with a
> per-port
>  > > "hostname" (first label) and per-network "domain" (rest of the labels),
>  > > I would get separation between tenants --- at least in the sense that
>  > > there is no overlap in FQDNs.  Will this work for private tenant
> networks?
>  >
>  > Yes, you could publish the records to Designate for this, or using the
>  > internal dns resolution side of the integration.
>  >
>  > Pushing the records to designate would make them viewable globally
>  > (anywhere the DNS servers are accessible)
>  >
>  >
>  > > The other part of separation is that I do not want one tenant to
> even be
>  > > able to look up FQDNs that belong to another tenant.  Is this
>  > > prohibition possible today?  If not, is anyone else interested in it?
>  >
>  > Do you want to limit this to inside the tenant private network? if so,
>  > just allowing users to set the dns_domain on a network, and not enabling
>  > the external DNS plugin will work fine.
>
> Ah, that may be what I want.  BTW, I am not planning to use Nova.  I am
> planning to use Swarm and Kubernetes to create containers attached to
> Neutron private tenant networks.  What DNS server would I configure
> those containers to use?

Not sure what happened with that last reply - it seems to have dropped
my content.

The DNSMasq instance running on the neutron network would have these 
records - they should be sent as part of the DHCP lease, so leaving the
DNS set to automatic should pick them up.

-- Graham

> Thanks,
> Mike
>
>
>