openstack之Designate組件,入門級安裝(快速)
Designate 是一個開源 DNS 即服務實施,是用于運行云的 OpenStack 服務生態系統的一部分。
Designate 是 OpenStack 的多租戶 DNSaaS 服務。它提供了一個帶有集成 Keystone 身份驗證的 REST API。它可以配置為根據 Nova 和 Neutron 操作自動生成記錄。Designate 支持多種 DNS 服務器,包括 Bind9 和 PowerDNS 4。
@
前言
Designate 是一個開源 DNS 即服務實施,是用于運行云的 OpenStack 服務生態系統的一部分。
Designate 是 OpenStack 的多租戶 DNSaaS 服務。它提供了一個帶有集成 Keystone 身份驗證的 REST API。它可以配置為根據 Nova 和 Neutron 操作自動生成記錄。Designate 支持多種 DNS 服務器,包括 Bind9 和 PowerDNS 4。
架構
Designate 由幾個不同的服務組成:API、Producer、Central、Worker 和 Mini DNS。它使用 oslo.db 兼容的數據庫來存儲狀態和數據,并使用 oslo.messaging 兼容的消息隊列來促進服務之間的通信。所有指定服務的多個副本可以串聯運行以促進高可用性部署,API 進程通常位于負載均衡器之后。
前提準備
獲取admin憑據以管理員權限訪問
source admin-openrc
#創建designate用戶
openstack user create --domain demo --password 000000 designate
#將admin角色添加到designate用戶
openstack role add --project service --user designate admin
#創建指定服務實體
openstack service create --name designate --description "DNS" dns
創建 DNS 服務 API 端點
openstack endpoint create --region RegionOne dns public http://controller:9001/
openstack endpoint create --region RegionOne dns internal http://controller:9001/
openstack endpoint create --region RegionOne dns admin http://controller:9001/
安裝和配置組件
安裝軟件包
# yum install openstack-designate\*
創建用戶designate可訪問designate 的數據庫
CREATE DATABASE designate CHARACTER SET utf8 COLLATE utf8_general_ci;
GRANT ALL PRIVILEGES ON designate.* TO 'designate'@'localhost' IDENTIFIED BY '000000';
GRANT ALL PRIVILEGES ON designate.* TO 'designate'@'%' IDENTIFIED BY '000000';
安裝 BIND 包
yum install bind bind-utils
創建一個 RNDC 密鑰
rndc-confgen -a -k designate -c /etc/designate/rndc.key -r /dev/urandom
在文件/etc/named.conf中添加以下選項
vim /etc/named.conf
...
include "/etc/designate/rndc.key";
options {
...
allow-new-zones yes;
request-ixfr no;
listen-on port 53 { 127.0.0.1; };
recursion no;
allow-query { 127.0.0.1; };
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "designate"; };
};
啟動 DNS 服務
systemctl enable named
systemctl start named
編輯/etc/designate/designate.conf文件
[service:api]
listen = 0.0.0.0:9001
auth_strategy = keystone
enable_api_v2 = True
enable_api_admin = True
enable_host_header = True
enabled_extensions_admin = quotas, reports
[keystone_authtoken]
auth_type = password
username = designate
password = 000000
project_name = service
project_domain_name = demo
user_domain_name = demo
www_authenticate_uri = http://controller:5000/
auth_url = http://controller:5000/
memcached_servers = controller:11211
[DEFAULT]
# ...
transport_url = rabbit://openstack:000000@controller:5672/
[storage:sqlalchemy]
connection = mysql+pymysql://designate:000000@controller/designate
填充指定數據庫
su -s /bin/sh -c "designate-manage database sync" designate
啟動指定的中心和 API 服務
systemctl start designate-central designate-api
systemctl enable designate-central designate-api
在其中創建一個 pools.yaml 文件,/etc/designate/pools.yaml其中包含以下內容
- name: default
# The name is immutable. There will be no option to change the name after
# creation and the only way will to change it will be to delete it
# (and all zones associated with it) and recreate it.
description: Default Pool
attributes: {}
# List out the NS records for zones hosted within this pool
# This should be a record that is created outside of designate, that
# points to the public IP of the controller node.
ns_records:
- hostname: ns1-1.example.org.
priority: 1
# List out the nameservers for this pool. These are the actual BIND servers.
# We use these to verify changes have propagated to all nameservers.
nameservers:
- host: 127.0.0.1
port: 53
# List out the targets for this pool. For BIND there will be one
# entry for each BIND server, as we have to run rndc command on each server
targets:
- type: bind9
description: BIND9 Server 1
# List out the designate-mdns servers from which BIND servers should
# request zone transfers (AXFRs) from.
# This should be the IP of the controller node.
# If you have multiple controllers you can add multiple masters
# by running designate-mdns on them, and adding them here.
masters:
- host: 127.0.0.1
port: 5354
# BIND Configuration options
options:
host: 127.0.0.1
port: 53
rndc_host: 127.0.0.1
rndc_port: 953
rndc_key_file: /etc/designate/rndc.key
更新池:
# su -s /bin/sh -c "designate-manage pool update" designate
啟動指定和 mDNS 服務
systemctl start designate-worker designate-producer designate-mdns
systemctl enable designate-worker designate-producer designate-mdns
驗證操作
列出服務組件以驗證每個進程的成功啟動和注冊:
$ . admin-openrc
$ ps -aux | grep designate
../usr/bin/python /usr/bin/designate-mdns --config-file /etc/designate/designate.conf
../usr/bin/python /usr/bin/designate-central --config-file /etc/designate/designate.conf
../usr/bin/python /usr/bin/designate-agent --config-file /etc/designate/designate.conf
../usr/bin/python /usr/bin/designate-api --config-file /etc/designate/designate.conf
../usr/bin/python /usr/bin/designate-worker --config-file /etc/designate/designate.conf
../usr/bin/python /usr/bin/designate-producer --config-file /etc/designate/designate.conf
$ openstack dns service list
+--------------------------------------+--------------------------+--------------+--------+-------+--------------+
| id | hostname | service_name | status | stats | capabilities |
+--------------------------------------+--------------------------+--------------+--------+-------+--------------+
| 918a8f6e-9e7e-453e-8583-cbefa7ae7f8f | vagrant-ubuntu-trusty-64 | central | UP | - | - |
| 982f78d5-525a-4c36-af26-a09aa39de5d7 | vagrant-ubuntu-trusty-64 | api | UP | - | - |
| eda2dc16-ad27-4ee1-b091-bb75b6ceaffe | vagrant-ubuntu-trusty-64 | mdns | UP | - | - |
| 00c5c372-e630-49b1-a6b6-17e3fa4544ea | vagrant-ubuntu-trusty-64 | worker | UP | - | - |
| 8cdaf2e9-accd-4665-8e9e-be26f1ccfe4a | vagrant-ubuntu-trusty-64 | producer | UP | - | - |
+--------------------------------------+--------------------------+--------------+--------+-------+--------------+
浙公網安備 33010602011771號