openstack之Designate组件,入门级安装(快速)
原创openstack之Designate组件,入门级安装(快速)
原创
秋意零
发布于 2022-04-29 22:22:23
发布于 2022-04-29 22:22:23
@TOC
前言
Designate 是一个开源 DNS 即服务实施,是用于运行云的 OpenStack 服务生态系统的一部分。
Designate 是 OpenStack 的多租户 DNSaaS 服务。它提供了一个带有集成 Keystone 身份验证的 REST API。它可以配置为根据 Nova 和 Neutron 操作自动生成记录。Designate 支持多种 DNS 服务器,包括 Bind9 和 PowerDNS 4。
架构
Designate 由几个不同的服务组成:API、Producer、Central、Worker 和 Mini DNS。它使用 oslo.db 兼容的数据库来存储状态和数据,并使用 oslo.messaging 兼容的消息队列来促进服务之间的通信。所有指定服务的多个副本可以串联运行以促进高可用性部署,API 进程通常位于负载均衡器之后。
在这里插入图片描述
前提准备
获取admin凭据以管理员权限访问
source admin-openrc#创建designate用户
openstack user create --domain demo --password 000000 designate
#将admin角色添加到designate用户
openstack role add --project service --user designate admin
#创建指定服务实体
openstack service create --name designate --description "DNS" dns #创建 DNS 服务 API 端点
openstack endpoint create --region RegionOne dns public http://controller:9001/
openstack endpoint create --region RegionOne dns internal http://controller:9001/
openstack endpoint create --region RegionOne dns admin http://controller:9001/安装和配置组件
安装软件包
# yum install openstack-designate\\* 创建用户designate可访问designate 的数据库
CREATE DATABASE designate CHARACTER SET utf8 COLLATE utf8\_general\_ci;
GRANT ALL PRIVILEGES ON designate.\* TO 'designate'@'localhost' IDENTIFIED BY '000000';
GRANT ALL PRIVILEGES ON designate.\* TO 'designate'@'%' IDENTIFIED BY '000000';安装 BIND 包
yum install bind bind-utils 创建一个 RNDC 密钥
rndc-confgen -a -k designate -c /etc/designate/rndc.key -r /dev/urandom 在文件/etc/named.conf中添加以下选项
vim /etc/named.conf
...
include "/etc/designate/rndc.key";
options {
...
allow-new-zones yes;
request-ixfr no;
listen-on port 53 { 127.0.0.1; };
recursion no;
allow-query { 127.0.0.1; };
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "designate"; };
};启动 DNS 服务
systemctl enable named
systemctl start named编辑/etc/designate/designate.conf文件
[service:api]
listen = 0.0.0.0:9001
auth\_strategy = keystone
enable\_api\_v2 = True
enable\_api\_admin = True
enable\_host\_header = True
enabled\_extensions\_admin = quotas, reports
[keystone\_authtoken]
auth\_type = password
username = designate
password = 000000
project\_name = service
project\_domain\_name = demo
user\_domain\_name = demo
www\_authenticate\_uri = http://controller:5000/
auth\_url = http://controller:5000/
memcached\_servers = controller:11211
[DEFAULT]
# ...
transport\_url = rabbit://openstack:000000@controller:5672/
[storage:sqlalchemy]
connection = mysql+pymysql://designate:000000@controller/designate填充指定数据库
su -s /bin/sh -c "designate-manage database sync" designate启动指定的中心和 API 服务
systemctl start designate-central designate-api
systemctl enable designate-central designate-api在其中创建一个 pools.yaml 文件,/etc/designate/pools.yaml其中包含以下内容
- name: default
# The name is immutable. There will be no option to change the name afte
# creation and the only way will to change it will be to delete it
# (and all zones associated with it) and recreate it.
description: Default Pool
attributes: {}
# List out the NS records for zones hosted within this pool
# This should be a record that is created outside of designate, that
# points to the public IP of the controller node.
ns\_records:
- hostname: ns1-1.example.org.
priority: 1
# List out the nameservers for this pool. These are the actual BIND servers.
# We use these to verify changes have propagated to all nameservers.
nameservers:
- host: 127.0.0.1
port: 53
# List out the targets for this pool. For BIND there will be one
# entry for each BIND server, as we have to run rndc command on each serve
targets:
- type: bind9
description: BIND9 Server 1
# List out the designate-mdns servers from which BIND servers should
# request zone transfers (AXFRs) from.
# This should be the IP of the controller node.
# If you have multiple controllers you can add multiple masters
# by running designate-mdns on them, and adding them here.
masters:
- host: 127.0.0.1
port: 5354
# BIND Configuration options
options:
host: 127.0.0.1
port: 53
rndc\_host: 127.0.0.1
rndc\_port: 953
rndc\_key\_file: /etc/designate/rndc.key更新池:
# su -s /bin/sh -c "designate-manage pool update" designate启动指定和 mDNS 服务
systemctl start designate-worker designate-producer designate-mdns
systemctl enable designate-worker designate-producer designate-mdns验证操作
列出服务组件以验证每个进程的成功启动和注册:
$ . admin-openrc
$ ps -aux | grep designate
../usr/bin/python /usr/bin/designate-mdns --config-file /etc/designate/designate.conf
../usr/bin/python /usr/bin/designate-central --config-file /etc/designate/designate.conf
../usr/bin/python /usr/bin/designate-agent --config-file /etc/designate/designate.conf
../usr/bin/python /usr/bin/designate-api --config-file /etc/designate/designate.conf
../usr/bin/python /usr/bin/designate-worker --config-file /etc/designate/designate.conf
../usr/bin/python /usr/bin/designate-producer --config-file /etc/designate/designate.conf
$ openstack dns service list
+--------------------------------------+--------------------------+--------------+--------+-------+--------------+
| id | hostname | service\_name | status | stats | capabilities |
+--------------------------------------+--------------------------+--------------+--------+-------+--------------+
| 918a8f6e-9e7e-453e-8583-cbefa7ae7f8f | vagrant-ubuntu-trusty-64 | central | UP | - | - |
| 982f78d5-525a-4c36-af26-a09aa39de5d7 | vagrant-ubuntu-trusty-64 | api | UP | - | - |
| eda2dc16-ad27-4ee1-b091-bb75b6ceaffe | vagrant-ubuntu-trusty-64 | mdns | UP | - | - |
| 00c5c372-e630-49b1-a6b6-17e3fa4544ea | vagrant-ubuntu-trusty-64 | worker | UP | - | - |
| 8cdaf2e9-accd-4665-8e9e-be26f1ccfe4a | vagrant-ubuntu-trusty-64 | producer | UP | - | - |
+--------------------------------------+--------------------------+--------------+--------+-------+--------------+原创声明:本文系作者授权腾讯云开发者社区发表,未经许可,不得转载。
如有侵权,请联系 cloudcommunity@tencent.com 删除。
原创声明:本文系作者授权腾讯云开发者社区发表,未经许可,不得转载。
如有侵权,请联系 cloudcommunity@tencent.com 删除。
评论
登录后参与评论
推荐阅读