openstack之Designate组件,入门级安装(快速)

举报
秋意零 发表于 2022/04/29 22:23:44 2022/04/29
【摘要】 Designate 是一个开源 DNS 即服务实施,是用于运行云的 OpenStack 服务生态系统的一部分。 Designate 是 OpenStack 的多租户 DNSaaS 服务。它提供了一个带有集成 Keystone 身份验证的 REST API。它可以配置为根据 Nova 和 Neutron 操作自动生成记录。Designate 支持多种 DNS 服务器,包括 Bind9 和 Power

@[TOC](文章目录)
## 前言
Designate 是一个开源 DNS 即服务实施,是用于运行云的 OpenStack 服务生态系统的一部分。
Designate 是 OpenStack 的多租户 DNSaaS 服务。它提供了一个带有集成 Keystone 身份验证的 REST API。它可以配置为根据 Nova 和 Neutron 操作自动生成记录。Designate 支持多种 DNS 服务器,包括 Bind9 和 PowerDNS 4。
<br>
## 架构
Designate 由几个不同的服务组成:API、Producer、Central、Worker 和 Mini DNS。它使用 oslo.db 兼容的数据库来存储状态和数据,并使用 oslo.messaging 兼容的消息队列来促进服务之间的通信。所有指定服务的多个副本可以串联运行以促进高可用性部署,API 进程通常位于负载均衡器之后。
![在这里插入图片描述](https://img-blog.csdnimg.cn/d1841fd411064be58054c3e5e2a83c45.png)

### 前提准备

获取`admin`凭据以管理员权限访问
```bash
source admin-openrc
```

```bash
#创建designate用户
openstack user create --domain demo  --password 000000 designate 
#将admin角色添加到designate用户
openstack role add --project service --user designate admin 
 #创建指定服务实体
openstack service create --name designate --description "DNS" dns 
```
 #创建 DNS 服务 API 端点
```bash
openstack endpoint create --region RegionOne dns public http://controller:9001/
openstack endpoint create --region RegionOne dns internal http://controller:9001/
openstack endpoint create --region RegionOne dns admin http://controller:9001/
```


### 安装和配置组件
安装软件包
```bash
# yum install openstack-designate\*  
```

创建用户`designate`可访问`designate` 的数据库

```bash
CREATE DATABASE designate CHARACTER SET utf8 COLLATE utf8_general_ci;
GRANT ALL PRIVILEGES ON designate.* TO 'designate'@'localhost' IDENTIFIED BY '000000';
GRANT ALL PRIVILEGES ON designate.* TO 'designate'@'%' IDENTIFIED BY '000000';
```
安装 BIND 包
```bash
yum install bind bind-utils  
```
创建一个 RNDC 密钥
```bash
rndc-confgen -a -k designate -c /etc/designate/rndc.key -r /dev/urandom 
```

在文件`/etc/named.conf`中添加以下选项

```bash
vim /etc/named.conf
...
include "/etc/designate/rndc.key";

options {
    ...
    allow-new-zones yes;
    request-ixfr no;
    listen-on port 53 { 127.0.0.1; };
    recursion no;
    allow-query { 127.0.0.1; };
};

controls {
  inet 127.0.0.1 port 953
    allow { 127.0.0.1; } keys { "designate"; };
};
```

启动 DNS 服务

```bash
systemctl enable named  
systemctl start named
```

编辑`/etc/designate/designate.conf`文件

```bash
[service:api]
listen = 0.0.0.0:9001
auth_strategy = keystone
enable_api_v2 = True
enable_api_admin = True
enable_host_header = True
enabled_extensions_admin = quotas, reports

[keystone_authtoken]
auth_type = password
username = designate
password = 000000
project_name = service
project_domain_name = demo
user_domain_name = demo
www_authenticate_uri = http://controller:5000/
auth_url = http://controller:5000/
memcached_servers = controller:11211

[DEFAULT]
# ...
transport_url = rabbit://openstack:000000@controller:5672/

[storage:sqlalchemy]
connection = mysql+pymysql://designate:000000@controller/designate
```

填充指定数据库

```bash
su -s /bin/sh -c "designate-manage database sync" designate
```

启动指定的中心和 API 服务

```bash
systemctl start designate-central designate-api
systemctl enable designate-central designate-api
```

在其中创建一个 pools.yaml 文件,`/etc/designate/pools.yaml`其中包含以下内容

```bash
- name: default
  # The name is immutable. There will be no option to change the name after
  # creation and the only way will to change it will be to delete it
  # (and all zones associated with it) and recreate it.
  description: Default Pool

  attributes: {}

  # List out the NS records for zones hosted within this pool
  # This should be a record that is created outside of designate, that
  # points to the public IP of the controller node.
  ns_records:
    - hostname: ns1-1.example.org.
      priority: 1

  # List out the nameservers for this pool. These are the actual BIND servers.
  # We use these to verify changes have propagated to all nameservers.
  nameservers:
    - host: 127.0.0.1
      port: 53

  # List out the targets for this pool. For BIND there will be one
  # entry for each BIND server, as we have to run rndc command on each server
  targets:
    - type: bind9
      description: BIND9 Server 1

      # List out the designate-mdns servers from which BIND servers should
      # request zone transfers (AXFRs) from.
      # This should be the IP of the controller node.
      # If you have multiple controllers you can add multiple masters
      # by running designate-mdns on them, and adding them here.
      masters:
        - host: 127.0.0.1
          port: 5354

      # BIND Configuration options
      options:
        host: 127.0.0.1
        port: 53
        rndc_host: 127.0.0.1
        rndc_port: 953
        rndc_key_file: /etc/designate/rndc.key
```

更新池:

```bash
# su -s /bin/sh -c "designate-manage pool update" designate
```

启动指定和 mDNS 服务

```bash
systemctl start designate-worker designate-producer designate-mdns
systemctl enable designate-worker designate-producer designate-mdns
```


### 验证操作

列出服务组件以验证每个进程的成功启动和注册:

```bash
$ . admin-openrc
$ ps -aux | grep designate

../usr/bin/python /usr/bin/designate-mdns --config-file /etc/designate/designate.conf
../usr/bin/python /usr/bin/designate-central --config-file /etc/designate/designate.conf
../usr/bin/python /usr/bin/designate-agent --config-file /etc/designate/designate.conf
../usr/bin/python /usr/bin/designate-api --config-file /etc/designate/designate.conf
../usr/bin/python /usr/bin/designate-worker --config-file /etc/designate/designate.conf
../usr/bin/python /usr/bin/designate-producer --config-file /etc/designate/designate.conf

$ openstack dns service list
+--------------------------------------+--------------------------+--------------+--------+-------+--------------+
| id                                   | hostname                 | service_name | status | stats | capabilities |
+--------------------------------------+--------------------------+--------------+--------+-------+--------------+
| 918a8f6e-9e7e-453e-8583-cbefa7ae7f8f | vagrant-ubuntu-trusty-64 | central      | UP     | -     | -            |
| 982f78d5-525a-4c36-af26-a09aa39de5d7 | vagrant-ubuntu-trusty-64 | api          | UP     | -     | -            |
| eda2dc16-ad27-4ee1-b091-bb75b6ceaffe | vagrant-ubuntu-trusty-64 | mdns         | UP     | -     | -            |
| 00c5c372-e630-49b1-a6b6-17e3fa4544ea | vagrant-ubuntu-trusty-64 | worker       | UP     | -     | -            |
| 8cdaf2e9-accd-4665-8e9e-be26f1ccfe4a | vagrant-ubuntu-trusty-64 | producer     | UP     | -     | -            |
+--------------------------------------+--------------------------+--------------+--------+-------+--------------+
```

【版权声明】本文为华为云社区用户原创内容,转载时必须标注文章的来源(华为云社区)、文章链接、文章作者等基本信息, 否则作者和本社区有权追究责任。如果您发现本社区中有涉嫌抄袭的内容,欢迎发送邮件进行举报,并提供相关证据,一经查实,本社区将立刻删除涉嫌侵权内容,举报邮箱: cloudbbs@huaweicloud.com
  • 点赞
  • 收藏
  • 关注作者

评论(0

0/1000
抱歉,系统识别当前为高风险访问,暂不支持该操作

全部回复

上滑加载中

设置昵称

在此一键设置昵称,即可参与社区互动!

*长度不超过10个汉字或20个英文字符,设置后3个月内不可修改。

*长度不超过10个汉字或20个英文字符,设置后3个月内不可修改。