站长网 经验 用OpenStack Designate实现一个DNS即服务

用OpenStack Designate实现一个DNS即服务

副标题#e# 配置 bind(DNS 服务器) 1、生成 RNDC 文件: rndc-confgen -a -k designate -c /etc/rndc.key -r /dev/urandom catEOF etcrndc.conf include/etc/rndc.key; options { default-key designate; default-server {{ DNS_SERVER_IP }}; default-por

副标题#e#

配置 bind(DNS 服务器)

1、生成 RNDC 文件:

rndc-confgen -a -k designate -c /etc/rndc.key -r /dev/urandom

 

cat<<EOF> etcrndc.conf

include"/etc/rndc.key";

options {

default-key "designate";

default-server {{ DNS_SERVER_IP }};

default-port 953;

};

EOF

2、将下列配置添加到 named.conf:

include"/etc/rndc.key";

controls {

inet {{ DNS_SERVER_IP }} allow { localhost;{{ CONTROLLER_SERVER_IP }};} keys {"designate";};

};

在 option 节中,添加:

options {

allow-new-zones yes;

request-ixfr no;

listen-on port 53{ any;};

recursion no;

allow-query {127.0.0.1;{{ CONTROLLER_SERVER_IP }};};

};

添加正确的权限:

chown named:named /etc/rndc.key

chown named:named /etc/rndc.conf

chmod600/etc/rndc.key

chown-v root:named /etc/named.conf

chmod g+w/var/named

 

#systemctl restart named

# setsebool named_write_master_zones 1

3、把 rndc.key 和 rndc.conf 推入 OpenStack 控制节点:

#scp-r /etc/rndc*{{ CONTROLLER_SERVER_IP }}:/etc/

创建 OpenStack Designate 服务和端点

输入:

# openstack user create –domain default–password-prompt designate

# openstack role add –project services –user designate admin

# openstack service create –name designate –description "DNS" dns

 

# openstack endpoint create –region RegionOne dns public http://{{ CONTROLLER_SERVER_IP }}:9001/

# openstack endpoint create –region RegionOne dns internal http://{{ CONTROLLER_SERVER_IP }}:9001/

# openstack endpoint create –region RegionOne dns admin http://{{ CONTROLLER_SERVER_IP }}:9001/

配置 Designate 服务

1、编辑 /etc/designate/designate.conf:

在 [service:api] 节配置 auth_strategy:

[service:api]

listen =0.0.0.0:9001

auth_strategy = keystone

api_base_uri = http://{{ CONTROLLER_SERVER_IP }}:9001/

enable_api_v2 =True

enabled_extensions_v2 = quotas, reports

在 [keystone_authtoken] 节配置下列选项:

[keystone_authtoken]

auth_type = password

username = designate

password = rhlab123

project_name = service

project_domain_name =Default

user_domain_name =Default

www_authenticate_uri = http://{{ CONTROLLER_SERVER_IP }}:5000/

auth_url = http://{{ CONTROLLER_SERVER_IP }}:5000/

在 [service:worker] 节,启用 worker 模型:

enabled =True

notify =True

在 [storage:sqlalchemy] 节,配置数据库访问:

[storage:sqlalchemy]

connection = mysql+pymysql://designate:rhlab123@{{ CONTROLLER_SERVER_IP }}/designate

填充 Designate 数据库:

#p#副标题#e#

#su-s /bin/sh -c "designate-manage database sync" designate

2、 创建 Designate 的 pools.yaml 文件(包含 target 和 bind 细节):

编辑 /etc/designate/pools.yaml:

– name:default

#The name is immutable.There will be no option to change the name after

# creation and the only way will to change it will be to delete it

#(and all zones associated with it)and recreate it.

description:DefaultPool

 

attributes:{}

 

#List out the NS records for zones hosted within this pool

#This should be a record that is created outside of designate, that

# points to the public IP of the controller node.

ns_records:

-hostname:{{Controller_FQDN}}.#Thisis mDNS

priority:1

 

#List out the nameservers forthis pool.These are the actual BIND servers.

#Weuse these to verify changes have propagated to all nameservers.

nameservers:

– host:{{ DNS_SERVER_IP }}

port:53

 

#List out the targets forthis pool.For BIND there will be one

# entry for each BIND server,as we have to run rndc command on each server

targets:

– type: bind9

description: BIND9 Server1

 

#List out the designate-mdns servers from which BIND servers should

# request zone transfers (AXFRs)from.

#This should be the IP of the controller node.

#If you have multiple controllers you can add multiple masters

# by running designate-mdns on them,and adding them here.

masters:

– host:{{ CONTROLLER_SERVER_IP }}

port:5354

 

# BIND Configuration options

options:

host:{{ DNS_SERVER_IP }}

port:53

rndc_host:{{ DNS_SERVER_IP }}

rndc_port:953

rndc_key_file:/etc/rndc.key

rndc_config_file:/etc/rndc.conf

本文来自网络,不代表站长网立场,转载请注明出处:https://www.zwzz.com.cn/html/chuangye/jingyan/2021/0523/4304.html

作者: dawei

【声明】:站长网内容转载自互联网,其相关言论仅代表作者个人观点绝非权威,不代表本站立场。如您发现内容存在版权问题,请提交相关链接至邮箱:bqsm@foxmail.com,我们将及时予以处理。
联系我们

联系我们

0577-28828765

在线咨询: QQ交谈

邮箱: xwei067@foxmail.com

工作时间:周一至周五,9:00-17:30,节假日休息

返回顶部