前言
Designate 是一个开源 DNS 即服务实施,是用于运行云的 OpenStack 服务生态系统的一部分。
Designate 是 OpenStack 的多租户 DNSaaS 服务。它提供了一个带有集成 Keystone 身份验证的 REST API。它可以配置为根据 Nova 和 Neutron 操作自动生成记录。Designate 支持多种 DNS 服务器,包括 Bind9 和 PowerDNS 4。
架构
Designate 由几个不同的服务组成:API、Producer、Central、Worker 和 Mini DNS。它使用 oslo.db 兼容的数据库来存储状态和数据,并使用 oslo.messaging 兼容的消息队列来促进服务之间的通信。所有指定服务的多个副本可以串联运行以促进高可用性部署,API 进程通常位于负载均衡器之后。
前提准备
获取admin凭据以管理员权限访问
source admin-openrc
#创建designate用户 openstack user create --domain demo --password 000000 designate #将admin角色添加到designate用户 openstack role add --project service --user designate admin #创建指定服务实体 openstack service create --name designate --description "DNS" dns
#创建 DNS 服务 API 端点
openstack endpoint create --region RegionOne dns public http://controller:9001/ openstack endpoint create --region RegionOne dns internal http://controller:9001/ openstack endpoint create --region RegionOne dns admin http://controller:9001/
安装和配置组件
安装软件包
# yum install openstack-designate\*
创建用户designate可访问designate 的数据库
CREATE DATABASE designate CHARACTER SET utf8 COLLATE utf8_general_ci; GRANT ALL PRIVILEGES ON designate.* TO 'designate'@'localhost' IDENTIFIED BY '000000'; GRANT ALL PRIVILEGES ON designate.* TO 'designate'@'%' IDENTIFIED BY '000000';
安装 BIND 包
yum install bind bind-utils
创建一个 RNDC 密钥
rndc-confgen -a -k designate -c /etc/designate/rndc.key -r /dev/urandom
在文件/etc/named.conf中添加以下选项
vim /etc/named.conf ... include "/etc/designate/rndc.key"; options { ... allow-new-zones yes; request-ixfr no; listen-on port 53 { 127.0.0.1; }; recursion no; allow-query { 127.0.0.1; }; }; controls { inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "designate"; }; };
启动 DNS 服务
systemctl enable named systemctl start named
编辑/etc/designate/designate.conf文件
[service:api] listen = 0.0.0.0:9001 auth_strategy = keystone enable_api_v2 = True enable_api_admin = True enable_host_header = True enabled_extensions_admin = quotas, reports [keystone_authtoken] auth_type = password username = designate password = 000000 project_name = service project_domain_name = demo user_domain_name = demo www_authenticate_uri = http://controller:5000/ auth_url = http://controller:5000/ memcached_servers = controller:11211 [DEFAULT] # ... transport_url = rabbit://openstack:000000@controller:5672/ [storage:sqlalchemy] connection = mysql+pymysql://designate:000000@controller/designate
填充指定数据库
su -s /bin/sh -c "designate-manage database sync" designate
启动指定的中心和 API 服务
systemctl start designate-central designate-api systemctl enable designate-central designate-api
在其中创建一个 pools.yaml 文件,/etc/designate/pools.yaml其中包含以下内容
- name: default # The name is immutable. There will be no option to change the name after # creation and the only way will to change it will be to delete it # (and all zones associated with it) and recreate it. description: Default Pool attributes: {} # List out the NS records for zones hosted within this pool # This should be a record that is created outside of designate, that # points to the public IP of the controller node. ns_records: - hostname: ns1-1.example.org. priority: 1 # List out the nameservers for this pool. These are the actual BIND servers. # We use these to verify changes have propagated to all nameservers. nameservers: - host: 127.0.0.1 port: 53 # List out the targets for this pool. For BIND there will be one # entry for each BIND server, as we have to run rndc command on each server targets: - type: bind9 description: BIND9 Server 1 # List out the designate-mdns servers from which BIND servers should # request zone transfers (AXFRs) from. # This should be the IP of the controller node. # If you have multiple controllers you can add multiple masters # by running designate-mdns on them, and adding them here. masters: - host: 127.0.0.1 port: 5354 # BIND Configuration options options: host: 127.0.0.1 port: 53 rndc_host: 127.0.0.1 rndc_port: 953 rndc_key_file: /etc/designate/rndc.key
更新池:
# su -s /bin/sh -c "designate-manage pool update" designate
启动指定和 mDNS 服务
systemctl start designate-worker designate-producer designate-mdns systemctl enable designate-worker designate-producer designate-mdns
验证操作
列出服务组件以验证每个进程的成功启动和注册:
$ . admin-openrc $ ps -aux | grep designate ../usr/bin/python /usr/bin/designate-mdns --config-file /etc/designate/designate.conf ../usr/bin/python /usr/bin/designate-central --config-file /etc/designate/designate.conf ../usr/bin/python /usr/bin/designate-agent --config-file /etc/designate/designate.conf ../usr/bin/python /usr/bin/designate-api --config-file /etc/designate/designate.conf ../usr/bin/python /usr/bin/designate-worker --config-file /etc/designate/designate.conf ../usr/bin/python /usr/bin/designate-producer --config-file /etc/designate/designate.conf $ openstack dns service list +--------------------------------------+--------------------------+--------------+--------+-------+--------------+ | id | hostname | service_name | status | stats | capabilities | +--------------------------------------+--------------------------+--------------+--------+-------+--------------+ | 918a8f6e-9e7e-453e-8583-cbefa7ae7f8f | vagrant-ubuntu-trusty-64 | central | UP | - | - | | 982f78d5-525a-4c36-af26-a09aa39de5d7 | vagrant-ubuntu-trusty-64 | api | UP | - | - | | eda2dc16-ad27-4ee1-b091-bb75b6ceaffe | vagrant-ubuntu-trusty-64 | mdns | UP | - | - | | 00c5c372-e630-49b1-a6b6-17e3fa4544ea | vagrant-ubuntu-trusty-64 | worker | UP | - | - | | 8cdaf2e9-accd-4665-8e9e-be26f1ccfe4a | vagrant-ubuntu-trusty-64 | producer | UP | - | - | +--------------------------------------+--------------------------+--------------+--------+-------+--------------+
