Re: What actually is required for DNS and Origin?

2016-07-21 Thread Scott Dodson 
If you're running the installer we deploy dnsmasq to all nodes and you can
supply an additional config file to add wildcard support. The only thing
preventing dnsmasq from being accessible outside of a node is the need to
manually open up port 53.

https://github.com/openshift/openshift-ansible/blob/master/inventory/byo/hosts.origin.example#L418-L420

On Jul 21, 2016 5:56 PM, "Josh Berkus"  wrote:

> On 07/21/2016 01:40 PM, Alex Wauck wrote:
> >
> >
> > On Thu, Jul 21, 2016 at 3:29 PM, Josh Berkus  > > wrote:
> >
> > There is no external DNS server, here.  I'm talking about a portable
> > microcluster, a stack of microboard computers, self-contained.  The
> idea
> > would be to run some kind of local DNS server so that, on directly
> > connected machines, we could point to that in DNS and it would expose
> > the services.
> >
> > I suppose I can just bootstrap that, maybe as a system container ...
> >
> >
> > If it's a bunch of microboard computers, I'd be tempted to just stick
> > one more in there and run BIND on it.  Are you running a DHCP server, or
> > are all IP addresses statically assigned?
>
> There's a DHCP server, but it's a cheap router, so it can't do DNS.
> Mind you, I've configured the router to assign specific addresses to all
> the cards.
>
> I'd rather not add another card to the stack, though, they're $200 each
> with the accessories.
>
> > I'm pretty sure using plain IPs will also work. question as I understand
> > is though where to put the automatic routes subdomain.
>
> Right.
>
> > If you have only one router node (which might be ok in your case), you
> > can use xip.io and configure the subdomain to something like:
> > apps.10.0.5.122.xip.io
> >
> > That would be easiest unless your local network blocks private IP
> > responses from external DNS servers.
>
> Well, the network is self-contained, pretty much.  Everything is behind
> a NAT router, so I can do whatever I want, I just need to build it.
>
>
> --
> --
> Josh Berkus
> Project Atomic
> Red Hat OSAS
>
> ___
> users mailing list
> users@lists.openshift.redhat.com
> http://lists.openshift.redhat.com/openshiftmm/listinfo/users
>
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Re: What actually is required for DNS and Origin?

2016-07-21 Thread Aleksandar Kostadinov 

Josh Berkus wrote on 07/22/16 00:21:

On 07/21/2016 02:07 PM, Aleksandar Kostadinov wrote:


Then use plain IPs for nodes and masters. Then use xip.io for automatic
generated DNS names pointing at your NAT router. Make sure NAT router
forwards 80 and 443 to OpenShift cluster 80 and 443 ports respectively
of working router node(s).


Thanks for that.  I didn't know about xip.io before.


Btw running the app DNS in OpenShift is not exactly catch 22. If you
know the subdomain name beforehand (which is easy), then you use that
subdomain in openshift configuration while installing. Then you start a
DNS pod (you'll have to use node ports feature to expose it to the
outside world) to serve that subdomain.


I might need to set this up, just because I need the cluster to work
even if it has no internet.


The router subdomain is non-mandatory. You just get faux DNS names when 
you create routes (aka expose services). You can still create routes 
with custom DNS. The main point here is to make it easy for client 
machines to access the exposed services.


That means you can add 'hosts' entries on the client machine to specific 
routes, point client machine at custom DNS server that will resolve 
things as usual but also resolve your special subdomain... actually 
these are the two options I can think about off the top of my head ... 
and xip.io of course (or some other external public DNS service under 
your control where you can dynamically create domains during environment 
provisioning; but then you again need internet).


___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Re: What actually is required for DNS and Origin?

2016-07-21 Thread Jonathan Yu 
This might help: https://github.com/peterhellberg/xip.name

I can't vouch for its quality as I haven't tried it yet, though.

On Thu, Jul 21, 2016 at 2:21 PM, Josh Berkus  wrote:

> On 07/21/2016 02:07 PM, Aleksandar Kostadinov wrote:
>
> > Then use plain IPs for nodes and masters. Then use xip.io for automatic
> > generated DNS names pointing at your NAT router. Make sure NAT router
> > forwards 80 and 443 to OpenShift cluster 80 and 443 ports respectively
> > of working router node(s).
>
> Thanks for that.  I didn't know about xip.io before.
>
> > Btw running the app DNS in OpenShift is not exactly catch 22. If you
> > know the subdomain name beforehand (which is easy), then you use that
> > subdomain in openshift configuration while installing. Then you start a
> > DNS pod (you'll have to use node ports feature to expose it to the
> > outside world) to serve that subdomain.
>
> I might need to set this up, just because I need the cluster to work
> even if it has no internet.
>
> --
> --
> Josh Berkus
> Project Atomic
> Red Hat OSAS
>
> ___
> users mailing list
> users@lists.openshift.redhat.com
> http://lists.openshift.redhat.com/openshiftmm/listinfo/users
>



-- 
Jonathan Yu, P.Eng. / Software Engineer, OpenShift by Red Hat / Twitter
(@jawnsy) is the quickest way to my heart 

*“A master in the art of living draws no sharp distinction between his work
and his play; his labor and his leisure; his mind and his body; his
education and his recreation. He hardly knows which is which. He simply
pursues his vision of excellence through whatever he is doing, and leaves
others to determine whether he is working or playing. To himself, he always
appears to be doing both.”* — L. P. Jacks, Education through Recreation
(1932), p. 1
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Re: What actually is required for DNS and Origin?

2016-07-21 Thread Aleksandar Kostadinov 

Josh Berkus wrote on 07/21/16 23:54:

On 07/21/2016 01:40 PM, Alex Wauck wrote:



On Thu, Jul 21, 2016 at 3:29 PM, Josh Berkus mailto:jber...@redhat.com>> wrote:

There is no external DNS server, here.  I'm talking about a portable
microcluster, a stack of microboard computers, self-contained.  The idea
would be to run some kind of local DNS server so that, on directly
connected machines, we could point to that in DNS and it would expose
the services.

I suppose I can just bootstrap that, maybe as a system container ...


If it's a bunch of microboard computers, I'd be tempted to just stick
one more in there and run BIND on it.  Are you running a DHCP server, or
are all IP addresses statically assigned?


There's a DHCP server, but it's a cheap router, so it can't do DNS.
Mind you, I've configured the router to assign specific addresses to all
the cards.

I'd rather not add another card to the stack, though, they're $200 each
with the accessories.


I'm pretty sure using plain IPs will also work. question as I understand
is though where to put the automatic routes subdomain.


Right.


If you have only one router node (which might be ok in your case), you
can use xip.io and configure the subdomain to something like:
apps.10.0.5.122.xip.io

That would be easiest unless your local network blocks private IP
responses from external DNS servers.


Well, the network is self-contained, pretty much.  Everything is behind
a NAT router, so I can do whatever I want, I just need to build it.


Then use plain IPs for nodes and masters. Then use xip.io for automatic 
generated DNS names pointing at your NAT router. Make sure NAT router 
forwards 80 and 443 to OpenShift cluster 80 and 443 ports respectively

of working router node(s).

Above has highest chance to work nice OOB.

Alternatively buy a router that can have OpenWRT installed. Or run DNS 
in container as you pointed out earlier.


Btw running the app DNS in OpenShift is not exactly catch 22. If you 
know the subdomain name beforehand (which is easy), then you use that 
subdomain in openshift configuration while installing. Then you start a 
DNS pod (you'll have to use node ports feature to expose it to the 
outside world) to serve that subdomain.


But using xip.io is better as it will not require client computers DNS 
reconfiguration.


HTH

___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Re: What actually is required for DNS and Origin?

2016-07-21 Thread Josh Berkus 
On 07/21/2016 01:40 PM, Alex Wauck wrote:
> 
> 
> On Thu, Jul 21, 2016 at 3:29 PM, Josh Berkus  > wrote:
> 
> There is no external DNS server, here.  I'm talking about a portable
> microcluster, a stack of microboard computers, self-contained.  The idea
> would be to run some kind of local DNS server so that, on directly
> connected machines, we could point to that in DNS and it would expose
> the services.
> 
> I suppose I can just bootstrap that, maybe as a system container ...
> 
> 
> If it's a bunch of microboard computers, I'd be tempted to just stick
> one more in there and run BIND on it.  Are you running a DHCP server, or
> are all IP addresses statically assigned?

There's a DHCP server, but it's a cheap router, so it can't do DNS.
Mind you, I've configured the router to assign specific addresses to all
the cards.

I'd rather not add another card to the stack, though, they're $200 each
with the accessories.

> I'm pretty sure using plain IPs will also work. question as I understand
> is though where to put the automatic routes subdomain.

Right.

> If you have only one router node (which might be ok in your case), you
> can use xip.io and configure the subdomain to something like:
> apps.10.0.5.122.xip.io
>
> That would be easiest unless your local network blocks private IP
> responses from external DNS servers.

Well, the network is self-contained, pretty much.  Everything is behind
a NAT router, so I can do whatever I want, I just need to build it.


-- 
--
Josh Berkus
Project Atomic
Red Hat OSAS

___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Re: What actually is required for DNS and Origin?

2016-07-21 Thread Alex Wauck 
On Thu, Jul 21, 2016 at 3:29 PM, Josh Berkus  wrote:

> There is no external DNS server, here.  I'm talking about a portable
> microcluster, a stack of microboard computers, self-contained.  The idea
> would be to run some kind of local DNS server so that, on directly
> connected machines, we could point to that in DNS and it would expose
> the services.
>
> I suppose I can just bootstrap that, maybe as a system container ...
>

If it's a bunch of microboard computers, I'd be tempted to just stick one
more in there and run BIND on it.  Are you running a DHCP server, or are
all IP addresses statically assigned?

-- 

Alex Wauck // DevOps Engineer

*E X O S I T E*
*www.exosite.com *

Making Machines More Human.
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Re: What actually is required for DNS and Origin?

2016-07-21 Thread Josh Berkus 
On 07/21/2016 02:07 PM, Aleksandar Kostadinov wrote:

> Then use plain IPs for nodes and masters. Then use xip.io for automatic
> generated DNS names pointing at your NAT router. Make sure NAT router
> forwards 80 and 443 to OpenShift cluster 80 and 443 ports respectively
> of working router node(s).

Thanks for that.  I didn't know about xip.io before.

> Btw running the app DNS in OpenShift is not exactly catch 22. If you
> know the subdomain name beforehand (which is easy), then you use that
> subdomain in openshift configuration while installing. Then you start a
> DNS pod (you'll have to use node ports feature to expose it to the
> outside world) to serve that subdomain.

I might need to set this up, just because I need the cluster to work
even if it has no internet.

-- 
--
Josh Berkus
Project Atomic
Red Hat OSAS

___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Re: What actually is required for DNS and Origin?

2016-07-21 Thread Aleksandar Kostadinov 

Alex Wauck wrote on 07/21/16 23:40:



On Thu, Jul 21, 2016 at 3:29 PM, Josh Berkus mailto:jber...@redhat.com>> wrote:

There is no external DNS server, here.  I'm talking about a portable
microcluster, a stack of microboard computers, self-contained.  The idea
would be to run some kind of local DNS server so that, on directly
connected machines, we could point to that in DNS and it would expose
the services.

I suppose I can just bootstrap that, maybe as a system container ...


If it's a bunch of microboard computers, I'd be tempted to just stick
one more in there and run BIND on it.  Are you running a DHCP server, or
are all IP addresses statically assigned?


I'm pretty sure using plain IPs will also work. question as I understand 
is though where to put the automatic routes subdomain.


If you have only one router node (which might be ok in your case), you 
can use xip.io and configure the subdomain to something like:

apps.10.0.5.122.xip.io

That would be easiest unless your local network blocks private IP 
responses from external DNS servers.


Otherwise you'd need custom DNS server and point client machines at it.

___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Re: What actually is required for DNS and Origin?

2016-07-21 Thread Josh Berkus 
On 07/21/2016 01:03 PM, Aleksandar Kostadinov wrote:
> Could you explain what kind of DNS are you talking about here? For the
> exposed services?
> Presently you just create wildcard A records pointing at your "router"
> nodes and put the subdomain name in configuration. That you can do once
> (or whenever nodes are added/removed) in your general DNS infrastructure
> whatever it is.

There is no external DNS server, here.  I'm talking about a portable
microcluster, a stack of microboard computers, self-contained.  The idea
would be to run some kind of local DNS server so that, on directly
connected machines, we could point to that in DNS and it would expose
the services.

I suppose I can just bootstrap that, maybe as a system container ...

-- 
--
Josh Berkus
Project Atomic
Red Hat OSAS

___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Re: What actually is required for DNS and Origin?

2016-07-21 Thread Aleksandar Kostadinov 

Josh Berkus wrote on 07/21/16 22:59:
...

Just testing, for now, so the AWS DNS will work.

I'll have to give some thought as to how I'll handle DNS on the hardware
microcluster.  Anyone have suggestions for a minimalist solution?  I'd
love to just run BIND on a container, but there's a bit of a catch-22 there.



Could you explain what kind of DNS are you talking about here? For the 
exposed services?
Presently you just create wildcard A records pointing at your "router" 
nodes and put the subdomain name in configuration. That you can do once 
(or whenever nodes are added/removed) in your general DNS infrastructure 
whatever it is.


There might be other solutions possible in the future though. You can 
also create "routes" with custom DNS names instead of auto-generated 
which might be preferable in many cases.


___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Re: What actually is required for DNS and Origin?

2016-07-21 Thread Josh Berkus 
On 07/21/2016 12:46 PM, Alex Wauck wrote:
> 
> On Thu, Jul 21, 2016 at 2:32 PM, Aleksandar Kostadinov
> mailto:akost...@redhat.com>> wrote:
> 
> Two things as listed in the doc. One is to have hostnames of masters
> and slaves resolvable over the configured DNS servers.
> 
> 
> If you're on AWS, this is taken care of for you.  Your masters and
> slaves and whatnot will all be referred to by their internal DNS names
> (e.g. ip-172-31-33-101.us-west-1.compute.internal), so this aspect will
> just work, even if you set up the EC2 instances yourself and use the BYO
> playbooks.
>  
> 
> The other thing listed as "optional" is having a wildcard record(s)
> for the routes exposed to services in OpenShift. This subdomain also
> needs to be configured in master's config file.
> 
> 
> I highly recommend this.  It makes it very quick and easy to set up new
> services with valid DNS records.  Also, get a wildcard SSL certificate
> if you can afford it.  You can configure the router to automatically use
> that certificate for any service that doesn't specify one.

Just testing, for now, so the AWS DNS will work.

I'll have to give some thought as to how I'll handle DNS on the hardware
microcluster.  Anyone have suggestions for a minimalist solution?  I'd
love to just run BIND on a container, but there's a bit of a catch-22 there.

-- 
--
Josh Berkus
Project Atomic
Red Hat OSAS

___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Re: What actually is required for DNS and Origin?

2016-07-21 Thread Alex Wauck 
On Thu, Jul 21, 2016 at 2:32 PM, Aleksandar Kostadinov 
wrote:

> Two things as listed in the doc. One is to have hostnames of masters and
> slaves resolvable over the configured DNS servers.
>

If you're on AWS, this is taken care of for you.  Your masters and slaves
and whatnot will all be referred to by their internal DNS names (e.g.
ip-172-31-33-101.us-west-1.compute.internal), so this aspect will just
work, even if you set up the EC2 instances yourself and use the BYO
playbooks.


> The other thing listed as "optional" is having a wildcard record(s) for
> the routes exposed to services in OpenShift. This subdomain also needs to
> be configured in master's config file.
>

I highly recommend this.  It makes it very quick and easy to set up new
services with valid DNS records.  Also, get a wildcard SSL certificate if
you can afford it.  You can configure the router to automatically use that
certificate for any service that doesn't specify one.

-- 

Alex Wauck // DevOps Engineer

*E X O S I T E*
*www.exosite.com *

Making Machines More Human.
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Re: What actually is required for DNS and Origin?

2016-07-21 Thread Aleksandar Kostadinov 

Josh Berkus wrote on 07/21/16 22:17:

Folks:

https://docs.openshift.org/latest/install_config/install/prerequisites.html#install-config-install-prerequisites

This goes on a bit about DNS requirements, but what's *actually*
required is a bit unclear.  Do I just need DNS support for the
hostnames?  Or do I need external DNS which supports routing for containers?

Can anyone clarify?


Two things as listed in the doc. One is to have hostnames of masters and 
slaves resolvable over the configured DNS servers.


The other thing listed as "optional" is having a wildcard record(s) for 
the routes exposed to services in OpenShift. This subdomain also needs 
to be configured in master's config file.


HTH

___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

What actually is required for DNS and Origin?

2016-07-21 Thread Josh Berkus 
Folks:

https://docs.openshift.org/latest/install_config/install/prerequisites.html#install-config-install-prerequisites

This goes on a bit about DNS requirements, but what's *actually*
required is a bit unclear.  Do I just need DNS support for the
hostnames?  Or do I need external DNS which supports routing for containers?

Can anyone clarify?

-- 
--
Josh Berkus
Project Atomic
Red Hat OSAS

___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users