openstack之Designate组件,入门级安装(快速)
@[TOC](文章目录)
## 前言
Designate 是一个开源 DNS 即服务实施,是用于运行云的 OpenStack 服务生态系统的一部分。
Designate 是 OpenStack 的多租户 DNSaaS 服务。它提供了一个带有集成 Keystone 身份验证的 REST API。它可以配置为根据 Nova 和 Neutron 操作自动生成记录。Designate 支持多种 DNS 服务器,包括 Bind9 和 PowerDNS 4。
<br>
## 架构
Designate 由几个不同的服务组成:API、Producer、Central、Worker 和 Mini DNS。它使用 oslo.db 兼容的数据库来存储状态和数据,并使用 oslo.messaging 兼容的消息队列来促进服务之间的通信。所有指定服务的多个副本可以串联运行以促进高可用性部署,API 进程通常位于负载均衡器之后。
### 前提准备
获取`admin`凭据以管理员权限访问
```bash
source admin-openrc
```
```bash
#创建designate用户
openstack user create --domain demo --password 000000 designate
#将admin角色添加到designate用户
openstack role add --project service --user designate admin
#创建指定服务实体
openstack service create --name designate --description "DNS" dns
```
#创建 DNS 服务 API 端点
```bash
openstack endpoint create --region RegionOne dns public http://controller:9001/
openstack endpoint create --region RegionOne dns internal http://controller:9001/
openstack endpoint create --region RegionOne dns admin http://controller:9001/
```
### 安装和配置组件
安装软件包
```bash
# yum install openstack-designate\*
```
创建用户`designate`可访问`designate` 的数据库
```bash
CREATE DATABASE designate CHARACTER SET utf8 COLLATE utf8_general_ci;
GRANT ALL PRIVILEGES ON designate.* TO 'designate'@'localhost' IDENTIFIED BY '000000';
GRANT ALL PRIVILEGES ON designate.* TO 'designate'@'%' IDENTIFIED BY '000000';
```
安装 BIND 包
```bash
yum install bind bind-utils
```
创建一个 RNDC 密钥
```bash
rndc-confgen -a -k designate -c /etc/designate/rndc.key -r /dev/urandom
```
在文件`/etc/named.conf`中添加以下选项
```bash
vim /etc/named.conf
...
include "/etc/designate/rndc.key";
options {
...
allow-new-zones yes;
request-ixfr no;
listen-on port 53 { 127.0.0.1; };
recursion no;
allow-query { 127.0.0.1; };
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "designate"; };
};
```
启动 DNS 服务
```bash
systemctl enable named
systemctl start named
```
编辑`/etc/designate/designate.conf`文件
```bash
[service:api]
listen = 0.0.0.0:9001
auth_strategy = keystone
enable_api_v2 = True
enable_api_admin = True
enable_host_header = True
enabled_extensions_admin = quotas, reports
[keystone_authtoken]
auth_type = password
username = designate
password = 000000
project_name = service
project_domain_name = demo
user_domain_name = demo
www_authenticate_uri = http://controller:5000/
auth_url = http://controller:5000/
memcached_servers = controller:11211
[DEFAULT]
# ...
transport_url = rabbit://openstack:000000@controller:5672/
[storage:sqlalchemy]
connection = mysql+pymysql://designate:000000@controller/designate
```
填充指定数据库
```bash
su -s /bin/sh -c "designate-manage database sync" designate
```
启动指定的中心和 API 服务
```bash
systemctl start designate-central designate-api
systemctl enable designate-central designate-api
```
在其中创建一个 pools.yaml 文件,`/etc/designate/pools.yaml`其中包含以下内容
```bash
- name: default
# The name is immutable. There will be no option to change the name after
# creation and the only way will to change it will be to delete it
# (and all zones associated with it) and recreate it.
description: Default Pool
attributes: {}
# List out the NS records for zones hosted within this pool
# This should be a record that is created outside of designate, that
# points to the public IP of the controller node.
ns_records:
- hostname: ns1-1.example.org.
priority: 1
# List out the nameservers for this pool. These are the actual BIND servers.
# We use these to verify changes have propagated to all nameservers.
nameservers:
- host: 127.0.0.1
port: 53
# List out the targets for this pool. For BIND there will be one
# entry for each BIND server, as we have to run rndc command on each server
targets:
- type: bind9
description: BIND9 Server 1
# List out the designate-mdns servers from which BIND servers should
# request zone transfers (AXFRs) from.
# This should be the IP of the controller node.
# If you have multiple controllers you can add multiple masters
# by running designate-mdns on them, and adding them here.
masters:
- host: 127.0.0.1
port: 5354
# BIND Configuration options
options:
host: 127.0.0.1
port: 53
rndc_host: 127.0.0.1
rndc_port: 953
rndc_key_file: /etc/designate/rndc.key
```
更新池:
```bash
# su -s /bin/sh -c "designate-manage pool update" designate
```
启动指定和 mDNS 服务
```bash
systemctl start designate-worker designate-producer designate-mdns
systemctl enable designate-worker designate-producer designate-mdns
```
### 验证操作
列出服务组件以验证每个进程的成功启动和注册:
```bash
$ . admin-openrc
$ ps -aux | grep designate
../usr/bin/python /usr/bin/designate-mdns --config-file /etc/designate/designate.conf
../usr/bin/python /usr/bin/designate-central --config-file /etc/designate/designate.conf
../usr/bin/python /usr/bin/designate-agent --config-file /etc/designate/designate.conf
../usr/bin/python /usr/bin/designate-api --config-file /etc/designate/designate.conf
../usr/bin/python /usr/bin/designate-worker --config-file /etc/designate/designate.conf
../usr/bin/python /usr/bin/designate-producer --config-file /etc/designate/designate.conf
$ openstack dns service list
+--------------------------------------+--------------------------+--------------+--------+-------+--------------+
| id | hostname | service_name | status | stats | capabilities |
+--------------------------------------+--------------------------+--------------+--------+-------+--------------+
| 918a8f6e-9e7e-453e-8583-cbefa7ae7f8f | vagrant-ubuntu-trusty-64 | central | UP | - | - |
| 982f78d5-525a-4c36-af26-a09aa39de5d7 | vagrant-ubuntu-trusty-64 | api | UP | - | - |
| eda2dc16-ad27-4ee1-b091-bb75b6ceaffe | vagrant-ubuntu-trusty-64 | mdns | UP | - | - |
| 00c5c372-e630-49b1-a6b6-17e3fa4544ea | vagrant-ubuntu-trusty-64 | worker | UP | - | - |
| 8cdaf2e9-accd-4665-8e9e-be26f1ccfe4a | vagrant-ubuntu-trusty-64 | producer | UP | - | - |
+--------------------------------------+--------------------------+--------------+--------+-------+--------------+
```
- 点赞
- 收藏
- 关注作者
评论(0)