Digital Ocean recently released private networking support in their NYC2 Data center.
They also published a blog post on how to setup a new droplet with private networking. But one thing the post doesn't do is tell you how to scale your private network for many boxes. One approach is obviously to edit /etc/hosts (but this gets annoying when you add a new box). A better way is to create an internal DNS zone (via the digital ocean web interface) and have your droplets use it:
- Login to digital ocean
- Click "DNS" on the right hand menu
- Click "Add Domain"
- Name it "in.example.com" (obviously use whatever TLD you want).
- Click "Create Domain"
- For each droplet you want resolved by name, add an
A
record with the droplet hostname and private IP.
Using doctl
& jq
:
-
Get a list of each droplet (assuming their name contains the domain) and it's private ip:
doctl d l | grep example.com | awk '{print $2 }' | xargs -L 1 -P 5 doctl -f json d f | jq -r '.name as $host_name | .networks.v4[] | select(.type == "private") | "\($host_name) \(.ip_address)"'
Explanation: this uses
xargs
with the-L
flag to parse each incoming line and-P
to send parallel requests,jq
is used to store the hostname in a variable and filter the ipv4 networks down to private types and only return the raw (-r)ip_address
-
create a domain
doctl dns c in.example.com <droplet-name>
-
Add records for each droplet with their private ip (from above listing)
doctl dns add --name <droplet-name> --data <private-ip> in.example.com
configure droplets (ref: private dns tutorial)
On each Ubuntu/Debian Droplet you create the head
file, which is prepended to resolv.conf
on boot to use the IP addresses of digital ocean nameserves (ns1.digitalocean.com, ns2.digitalocean.com, ns3.digitalocean.com (note these may change)) as well as google nameservers
sudo vi /etc/resolvconf/resolv.conf.d/head
search in.example.com
nameserver 8.8.8.8
nameserver 8.8.4.4
nameserver 173.245.58.51
nameserver 173.245.59.41
nameserver 198.41.222.173
More info on search option, you may overwrite the search
option from resolv conf using LOCALDOMAIN=test.com ping host1
this will try to resolve host1.test.com
with the nameservers provided.
Now run resolvconf to generate a new resolv.conf file:
sudo resolvconf -u
Now all of your droplets can ping one another by hostname over the private network. And when you add a new droplet, just add it to the internal DNS zone and it will be visible by other droplets.