副标题#e#
配置 bind(DNS 服务器)
1、生成 RNDC 文件:
rndc-confgen -a -k designate -c /etc/rndc.key -r /dev/urandom
cat<<EOF> etcrndc.conf
include"/etc/rndc.key";
options {
default-key "designate";
default-server {{ DNS_SERVER_IP }};
default-port 953;
};
EOF
2、将下列配置添加到 named.conf:
include"/etc/rndc.key";
controls {
inet {{ DNS_SERVER_IP }} allow { localhost;{{ CONTROLLER_SERVER_IP }};} keys {"designate";};
};
在 option 节中,添加:
options {
…
allow-new-zones yes;
request-ixfr no;
listen-on port 53{ any;};
recursion no;
allow-query {127.0.0.1;{{ CONTROLLER_SERVER_IP }};};
};
添加正确的权限:
chown named:named /etc/rndc.key
chown named:named /etc/rndc.conf
chmod600/etc/rndc.key
chown-v root:named /etc/named.conf
chmod g+w/var/named
#systemctl restart named
# setsebool named_write_master_zones 1
3、把 rndc.key 和 rndc.conf 推入 OpenStack 控制节点:
#scp-r /etc/rndc*{{ CONTROLLER_SERVER_IP }}:/etc/
创建 OpenStack Designate 服务和端点
输入:
# openstack user create –domain default–password-prompt designate
# openstack role add –project services –user designate admin
# openstack service create –name designate –description "DNS" dns
# openstack endpoint create –region RegionOne dns public http://{{ CONTROLLER_SERVER_IP }}:9001/
# openstack endpoint create –region RegionOne dns internal http://{{ CONTROLLER_SERVER_IP }}:9001/
# openstack endpoint create –region RegionOne dns admin http://{{ CONTROLLER_SERVER_IP }}:9001/
配置 Designate 服务
1、编辑 /etc/designate/designate.conf:
在 [service:api] 节配置 auth_strategy:
[service:api]
listen =0.0.0.0:9001
auth_strategy = keystone
api_base_uri = http://{{ CONTROLLER_SERVER_IP }}:9001/
enable_api_v2 =True
enabled_extensions_v2 = quotas, reports
在 [keystone_authtoken] 节配置下列选项:
[keystone_authtoken]
auth_type = password
username = designate
password = rhlab123
project_name = service
project_domain_name =Default
user_domain_name =Default
www_authenticate_uri = http://{{ CONTROLLER_SERVER_IP }}:5000/
auth_url = http://{{ CONTROLLER_SERVER_IP }}:5000/
在 [service:worker] 节,启用 worker 模型:
enabled =True
notify =True
在 [storage:sqlalchemy] 节,配置数据库访问:
[storage:sqlalchemy]
connection = mysql+pymysql://designate:rhlab123@{{ CONTROLLER_SERVER_IP }}/designate
填充 Designate 数据库:
#p#副标题#e#
#su-s /bin/sh -c "designate-manage database sync" designate
2、 创建 Designate 的 pools.yaml 文件(包含 target 和 bind 细节):
编辑 /etc/designate/pools.yaml:
– name:default
#The name is immutable.There will be no option to change the name after
# creation and the only way will to change it will be to delete it
#(and all zones associated with it)and recreate it.
description:DefaultPool
attributes:{}
#List out the NS records for zones hosted within this pool
#This should be a record that is created outside of designate, that
# points to the public IP of the controller node.
ns_records:
-hostname:{{Controller_FQDN}}.#Thisis mDNS
priority:1
#List out the nameservers forthis pool.These are the actual BIND servers.
#Weuse these to verify changes have propagated to all nameservers.
nameservers:
– host:{{ DNS_SERVER_IP }}
port:53
#List out the targets forthis pool.For BIND there will be one
# entry for each BIND server,as we have to run rndc command on each server
targets:
– type: bind9
description: BIND9 Server1
#List out the designate-mdns servers from which BIND servers should
# request zone transfers (AXFRs)from.
#This should be the IP of the controller node.
#If you have multiple controllers you can add multiple masters
# by running designate-mdns on them,and adding them here.
masters:
– host:{{ CONTROLLER_SERVER_IP }}
port:5354
# BIND Configuration options
options:
host:{{ DNS_SERVER_IP }}
port:53
rndc_host:{{ DNS_SERVER_IP }}
rndc_port:953
rndc_key_file:/etc/rndc.key
rndc_config_file:/etc/rndc.conf