Provision Fleet Service Points in GCP - BlueCat DNS Edge

DNS Edge User Guide (Fleet Service Point)

Locale
English
Product name
BlueCat DNS Edge

This section gives detailed instructions for provisioning the Fleet Service Point in GCP.

Before you begin:

You must have a valid GCP account with the correct permissions to deploy VMs. You must also first register the Fleet Service Point image to GCP from the GCP public disk storage before you can provision the Fleet Service Point on GCP. For more information, refer to Registering the Fleet Service Point image on GCP.

Configuring Fleet Service Point configuration details:

  1. Log in to the Edge Cloud Instance.
  2. In the top navigation bar, click and select Fleet Service Points.
  3. To add a new Fleet Service Point click on the Fleet Service Points page.
  4. Under Setup, enter the following information:
    • Name: enter the name of the new Fleet Service Point.
    • Description: add a description. This is optional.
  5. Under Type, select AWS / Azure / GCP from the drop-down menu.
  6. Under Network, enter the following information:
    • Enter the hostname of the Fleet Service Point.
    • (Optional) Enter the IP address or FQDN of any NTP servers that the Fleet Service Point will use. If you do not configure any NTP servers, the Fleet Service Point will use the following default Debian NTP servers:
      • 0.debian.pool.ntp.org
      • 1.debian.pool.ntp.org
      • 2.debian.pool.ntp.org
      • 3.debian.pool.ntp.org
  7. Under Access, enter the following information:
    Note:
    • The SSH Public Key and VM Console Password fields are mandatory and must be filled out to provision the Fleet Service Point.
    • The SSH Public Key and VM Console Password are applied to the operations user account.
    • SSH Public Key: Enter the SSH public key of the Fleet Service Point. This adds the public key to the .ssh directory of the Fleet Service Point and allows you to SSH into the Fleet Service Point.
    • VM Console Password: Enter the console password for the Fleet Service Point. The password must meet the following requirements:
      • It must contain lowercase characters.
      • It must contain uppercase characters.
      • It must contain numbers.
      • It must contain symbols.
      • It must not contain spaces.
      • It must contain at least 12 characters.
    • Confirm Password: Confirm the console password for the Fleet Service Point entered in the VM Console Password field.
  8. (Optional) Under HTTP Proxy, enter the following information:
    • Enter the hostname of the proxy that the Fleet Service Point will use.
    • (Optional) Add the port number used to connect to the proxy server. By default, the value is 443.
    • (Optional) Enter the username and password that will be used to authenticate against the proxy server.
  9. Click Save and Download. A window appears where you can download the configuration file.
  10. Click Download Configuration to download the configuration file.
    Attention: The configuration file of the Fleet Service Point can only be downloaded once and cannot be recovered later. The configuration file is a base64 encoded text file and can contain sensitive information such as HTTP proxy credentials.

    BlueCat strongly recommends storing the configuration file in a secure location and only storing the configuration file for as long as required. The configuration file should be securely destroyed when it is no longer in use.

Registering the Fleet Service Point image on GCP:
  1. Log in to your GCP account.
  2. In the GCP portal, select the GCP project that will be used to provision a Fleet Service Point.
  3. Navigate to the GCP public disk storage. The public disk storage contains all available versions of the Fleet Service Point image that can be provisioned.
    Note: You must be logged in to GCP to access the link.
  4. Select the version that you would like to provision and click the object to navigate to the Object Details page.
  5. Within the gsutil URI field, copy the name of the Fleet Service Point image that you would like to provision without the gs:// prefix. The value of the field is in the following format:
    gs://bluecat-dns-edge-fleet-service-point/service-layer-image-v<VERSION>.vmdk
    Where the <VERSION> is the version of the Fleet Service Point image.
    Note: Save the value of this field, as it will be used in a later step.
  6. Navigate back to the GCP portal and search for Compute Engine.
  7. Within the Compute Engine page, select Images > Create Image.
  8. Enter the name of the image. The name must start with a lowercase letter followed by up to 62 lowercase letters, numbers, or hyphens. The name cannot end with a hyphen.
  9. Under Source, select Virtual disk (VMDK, VHD).
  10. Paste the value that was previously copied from the gsutil URI field without the gs:// prefix. For example, the value should look similar to the following:
    bluecat-dns-edge-fleet-service-point/service-layer-image-v<VERSION>.vmdk
  11. Select Debian Bullseye as the Operating system on virtual disk.
  12. Disable the Install guest packages checkbox.
  13. Press Create.

GCP imports the selected Fleet Service Point image. The import can take approximately 15 minutes.

Provisioning the Fleet Service Point on GCP:
  1. Once the image has been created in GCP, click the image and select Create Instance.
  2. Within the Basic section, enter the following information:
    • Enter the Name of the virtual machine.
    • Select a Region and Zone in which the virtual machine will be deployed.
    • Select the Machine Family to use for the virtual machine. BlueCat recommends selecting E2 Custom (4CPUs/8GB).
  3. Within the Networking section, enter the following information:
    • (Optional): If you have firewall rules based on network tags, add them within this page.
      Attention: Ensure that your network is configured for the following ports and protocols to be opened on the Fleet Service Point Instance in GCP:
      • Port 22 (TCP)—used for SSH connections.
      • Port 53 (TCP and UDP)—used for DNS service.
      • Port 2021 (TCP)—used for DNS resolver service diagnostics.
      • Port 8083 (TCP)—used for Fleet Service Point diagnostics.
  4. Within the Management section, enter the following information:
    • Add a Metadata field with the key set as user-data. Within the value, paste the contents of the configuration file that you downloaded from the Fleet Service Point configuration page.
    • Add a Metadata field with the key set as user-data-encoding and value set as base64.
    • Add a Metadata field with the key set as serial-port-enable and value set as TRUE.
  5. Click Create.

Once you have provisioned the Fleet Service Point VM, you can deploy DNS resolver service. For more information, refer to DNS Resolver Services.

Attention: You can use the Fleet Service Point diagnostics API to verify that the Fleet Service Point has successfully registered. The registrationStatus field within the Fleet Service Point diagnostics API response returns a value of REGISTERED when the Fleet Service Point has successfully registered with the DNS Edge Cloud. If the value is not REGISTERED, this may indicate that there is an issue with the Fleet Service Point provisioning and the service point may not operate as intended.

For more information on the Fleet Service Point diagnostics APIs, refer to Fleet Service Point status and diagnostics APIs.