Openstack配置手册-Designate配置

2.1 将Designate注册到Keystone中，并配置Endpoint

[root@node1 ~(keystone)]# openstack user create --domain default --project service --password servicepassword designate +---------------------+----------------------------------+ | Field | Value | +---------------------+----------------------------------+ | default_project_id | 1be75e85ec9445ab9ff7dd7ec2f02b71 | | domain_id | default | | enabled | True | | id | 371759d7e46a444aa9509f02a87df145 | | name | designate | | options | {} | | password_expires_at | None | +---------------------+----------------------------------+ [root@node1 ~(keystone)]# openstack role add --project service --user designate admin [root@node1 ~(keystone)]# openstack service create --name designate --description "OpenStack DNS Service" dns +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | OpenStack DNS Service | | enabled | True | | id | 5d4645c0db6940e581a9c997aa428b07 | | name | designate | | type | dns | +-------------+----------------------------------+ [root@node1 ~(keystone)]# openstack endpoint create --region RegionOne dns public http://192.168.10.13:9001/ +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | f670829114724951aa4af63029969026 | | interface | public | | region | RegionOne | | region_id | RegionOne | | service_id | 5d4645c0db6940e581a9c997aa428b07 | | service_name | designate | | service_type | dns | | url | http://192.168.10.13:9001/ | +--------------+----------------------------------+ [root@node1 ~(keystone)]# openstack endpoint create --region RegionOne dns internal http://192.168.10.13:9001/ +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 0fe730eee8b64ab095d92269523248ae | | interface | internal | | region | RegionOne | | region_id | RegionOne | | service_id | 5d4645c0db6940e581a9c997aa428b07 | | service_name | designate | | service_type | dns | | url | http://192.168.10.13:9001/ | +--------------+----------------------------------+ [root@node1 ~(keystone)]# openstack endpoint create --region RegionOne dns admin http://192.168.10.13:9001/ +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 3c34215bc597495fa8deca179893f0aa | | interface | admin | | region | RegionOne | | region_id | RegionOne | | service_id | 5d4645c0db6940e581a9c997aa428b07 | | service_name | designate | | service_type | dns | | url | http://192.168.10.13:9001/ | +--------------+----------------------------------+

2.2 为Designate创建数据库

[root@node1 ~(keystone)]# mysql -u root -p Enter password: Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 47907 Server version: 10.1.20-MariaDB MariaDB Server Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [(none)]> create database designate; Query OK, 1 row affected (0.00 sec) MariaDB [(none)]> grant all privileges on designate.* to designate@'localhost' identified by 'password'; Query OK, 0 rows affected (0.01 sec) MariaDB [(none)]> grant all privileges on designate.* to designate@'%' identified by 'password'; Query OK, 0 rows affected (0.01 sec) MariaDB [(none)]> flush privileges; Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]> exit Bye

3.1 安装Designate

[root@node3 ~]# yum --enablerepo=centos-openstack-queens,epel install openstack-designate-api \ openstack-designate-central openstack-designate-worker openstack-designate-producer openstack-designate-mdns \ python-designateclient bind bind-utils -y

3.2 配置named

[root@node3 ~]# rndc-confgen -a -k designate -c /etc/designate.key -r /dev/urandom wrote key file "/etc/designate.key" [root@node3 ~]# chown named:designate /etc/designate.key [root@node3 ~]# chmod 640 /etc/designate.key [root@node3 ~]# mv /etc/named.conf /etc/named.conf.bak [root@node3 ~]# vim /etc/named.conf options { directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { localhost; 192.168.10.0/24; }; allow-new-zones yes; request-ixfr no; recursion no; bindkeys-file "/etc/named.iscdlv.key"; managed-keys-directory "/var/named/dynamic"; pid-file "/run/named/named.pid"; session-keyfile "/run/named/session.key"; }; include "/etc/designate.key"; controls { inet 0.0.0.0 port 953 allow { localhost; } keys { "designate"; }; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; zone "." IN { type hint; file "named.ca"; }; [root@node3 ~]# chmod 640 /etc/named.conf [root@node3 ~]# chgrp named /etc/named.conf [root@node3 ~]# chown -R named. /var/named [root@node3 ~]# systemctl enable --now named

3.3 配置Designate

1) 配置Designate [root@node3 ~]# mv /etc/designate/designate.conf /etc/designate/designate.conf.bak [root@node3 ~]# vim /etc/designate/designate.conf [DEFAULT] log_dir = /var/log/designate transport_url = rabbit://openstack:password@192.168.10.11 root_helper = sudo designate-rootwrap /etc/designate/rootwrap.conf [database] connection = mysql+pymysql://designate:password@192.168.10.11/designate [service:api] listen = 0.0.0.0:9001 auth_strategy = keystone api_base_uri = http://192.168.10.13:9001 enable_api_v2 = True enabled_extensions_v2 = quotas, reports [keystone_authtoken] www_authenticate_uri = http://192.168.10.11:5000 auth_url = http://192.168.10.11:5000 memcached_servers = 192.168.10.11:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = designate password = servicepassword [service:worker] enabled = True notify = True [storage:sqlalchemy] connection = mysql+pymysql://designate:password@192.168.10.11/designate [root@node3 ~]# chmod 640 /etc/designate/designate.conf [root@node3 ~]# chgrp designate /etc/designate/designate.conf [root@node3 ~]# su -s /bin/sh -c "designate-manage database sync" designate [root@node3 ~]# systemctl enable --now designate-central designate-api 2) 配置Designate pool [root@node3 ~]# vim /etc/designate/pools.yaml - name: default description: Default Pool attributes: {} ns_records: - hostname: node3.1000cc.net. priority: 1 nameservers: - host: 192.168.10.13 port: 53 targets: - type: bind9 description: BIND9 Server masters: - host: 192.168.10.13 port: 5354 options: host: 192.168.10.13 port: 53 rndc_host: 192.168.10.13 rndc_port: 953 rndc_key_file: /etc/designate.key [root@node3 ~]# chmod 640 /etc/designate/pools.yaml [root@node3 ~]# chgrp designate /etc/designate/pools.yaml [root@node3 ~]# su -s /bin/sh -c "designate-manage pool update" designate Updating Pools Configuration **************************** [root@node3 ~]# systemctl enable --now designate-worker designate-producer designate-mdns 3) SELinux及防火墙设定 [root@node3 ~]# setsebool -P named_write_master_zones on [root@node3 ~]# firewall-cmd --add-service=dns --permanent [root@node3 ~]# firewall-cmd --add-port={5354/tcp,9001/tcp} --permanent success [root@node3 ~]# firewall-cmd --reload success 4) 验证Designate服务状态 [root@node1 ~(keystone)]# openstack dns service list +-------------+------------------+--------------+--------+-------+--------------+ | id | hostname | service_name | status | stats | capabilities | +-------------+------------------+--------------+--------+-------+--------------+ | 4a5fdc88... | node3.1000cc.net | api | UP | - | - | | 6888abb2... | node3.1000cc.net | central | UP | - | - | | 06af1cdd... | node3.1000cc.net | producer | UP | - | - | | 3cd924f2... | node3.1000cc.net | mdns | UP | - | - | | 4b5adde1... | node3.1000cc.net | worker | UP | - | - | +-------------+------------------+--------------+--------+-------+--------------+

4.1 创建正解zone及A资源记录

1) 创建正解zone [root@node1 ~(keystone)]# su - snow [snow@node1 ~(keystone)]$ openstack zone create --email snow@1000cc.net 1000cc.net. +----------------+--------------------------------------+ | Field | Value | +----------------+--------------------------------------+ | action | CREATE | | attributes | | | created_at | 2020-02-07T14:42:08.000000 | | description | None | | email | snow@1000cc.net | | id | 7ac23b93-0cc2-43bc-bf25-6580102f2c19 | | masters | | | name | 1000cc.net. | | pool_id | 794ccc2c-d751-44fe-b57f-8894c9f5c842 | | project_id | 7146a34d5b744320b2ed45af5b2e761b | | serial | 1581086528 | | status | PENDING | | transferred_at | None | | ttl | 3600 | | type | PRIMARY | | updated_at | None | | version | 1 | +----------------+--------------------------------------+ [snow@node1 ~(keystone)]$ openstack zone list +--------------------------------------+-------------+---------+------------+--------+--------+ | id | name | type | serial | status | action | +--------------------------------------+-------------+---------+------------+--------+--------+ | 7ac23b93-0cc2-43bc-bf25-6580102f2c19 | 1000cc.net. | PRIMARY | 1581086528 | ACTIVE | NONE | +--------------------------------------+-------------+---------+------------+--------+--------+ 2) 创建A资源记录 [snow@node1 ~(keystone)]$ openstack recordset create --record '192.168.10.221' --type A 1000cc.net. www +-------------+--------------------------------------+ | Field | Value | +-------------+--------------------------------------+ | action | CREATE | | created_at | 2020-02-07T14:44:39.000000 | | description | None | | id | 9ba56a51-19bc-4f21-bcc9-1dd30a04ec08 | | name | www.1000cc.net. | | project_id | 7146a34d5b744320b2ed45af5b2e761b | | records | 192.168.10.221 | | status | PENDING | | ttl | None | | type | A | | updated_at | None | | version | 1 | | zone_id | 7ac23b93-0cc2-43bc-bf25-6580102f2c19 | | zone_name | 1000cc.net. | +-------------+--------------------------------------+ # 查看资源记录是否为Active状态 [snow@node1 ~(keystone)]$ openstack recordset list 1000cc.net. +--------------------------------------+-----------------+------+--------------------- | id | name | type | +--------------------------------------+-----------------+------+--------------------- | 12970ed1-f1fa-41d6-81d6-351f4109faf8 | 1000cc.net. | NS | | 7246371b-8502-428e-87c6-6b355a50f76a | 1000cc.net. | SOA | | 9ba56a51-19bc-4f21-bcc9-1dd30a04ec08 | www.1000cc.net. | A | +--------------------------------------+-----------------+------+--------------------- -------------------------------------------------------------------+--------+--------+ records | status | action | -------------------------------------------------------------------+--------+--------+ node3.1000cc.net. | ACTIVE | NONE | node3.1000cc.net. snow.1000cc.net. 1581086679 3523 600 86400 3600 | ACTIVE | NONE | 192.168.10.221 | ACTIVE | NONE | -------------------------------------------------------------------+--------+--------+ 3) 解析测试 [snow@node1 ~(keystone)]$ dig -p 5354 @node3.1000cc.net www.1000cc.net. # 参数解释: -p 端口 @dns_server_name/ip ; <<>> DiG 9.11.4-P2-RedHat-9.11.4-9.P2.el7 <<>> -p 5354 @node3.1000cc.net www.niliu.edu. ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40556 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 8192 ;; QUESTION SECTION: ;www.1000cc.net. IN A ;; ANSWER SECTION: www.1000cc.net. 3600 IN A 192.168.10.221 ;; Query time: 55 msec ;; SERVER: 192.168.10.13#5354(192.168.10.13) ;; WHEN: Fri Feb 07 23:01:21 CST 2020 ;; MSG SIZE rcvd: 59

4.2 创建反解zone及PTR资源记录

1) 创建反解zone [snow@node1 ~(keystone)]$ openstack zone create --email snow@1000cc.net 10.168.192.in-addr.arpa. +----------------+--------------------------------------+ | Field | Value | +----------------+--------------------------------------+ | action | CREATE | | attributes | | | created_at | 2020-02-07T15:06:24.000000 | | description | None | | email | snow@1000cc.net | | id | 82511206-47a4-4638-94d7-829e18c278d4 | | masters | | | name | 10.168.192.in-addr.arpa. | | pool_id | 794ccc2c-d751-44fe-b57f-8894c9f5c842 | | project_id | 7146a34d5b744320b2ed45af5b2e761b | | serial | 1581087984 | | status | PENDING | | transferred_at | None | | ttl | 3600 | | type | PRIMARY | | updated_at | None | | version | 1 | +----------------+--------------------------------------+ [snow@node1 ~(keystone)]$ openstack zone list +------------+--------------------------+---------+------------+--------+--------+ | id | name | type | serial | status | action | +------------+--------------------------+---------+------------+--------+--------+ | 7ac23b93.. | 1000cc.net. | PRIMARY | 1581086679 | ACTIVE | NONE | | 82511206.. | 10.168.192.in-addr.arpa. | PRIMARY | 1581087984 | ACTIVE | NONE | +------------+--------------------------+---------+------------+--------+--------+ 2) 创建PTR资源记录 [snow@node1 ~(keystone)]$ openstack recordset create --record 'www.1000cc.net.' --type PTR 10.168.192.in-addr.arpa. 221 +-------------+--------------------------------------+ | Field | Value | +-------------+--------------------------------------+ | action | CREATE | | created_at | 2020-02-07T15:08:32.000000 | | description | None | | id | 5559a024-f28b-41fb-85cc-aa470f6cda06 | | name | 221.10.168.192.in-addr.arpa. | | project_id | 7146a34d5b744320b2ed45af5b2e761b | | records | www.1000cc.net. | | status | PENDING | | ttl | None | | type | PTR | | updated_at | None | | version | 1 | | zone_id | 82511206-47a4-4638-94d7-829e18c278d4 | | zone_name | 10.168.192.in-addr.arpa. | +-------------+--------------------------------------+ # 查看资源记录是否为Active状态 [snow@node1 ~(keystone)]$ openstack recordset list 10.168.192.in-addr.arpa. +--------------------------------------+------------------------------+------+-------- | id | name | type | +--------------------------------------+------------------------------+------+-------- | 1881f92c-6ece-4750-8c2b-676bfde8a090 | 10.168.192.in-addr.arpa. | NS | | 65e7db5c-1f0f-49ac-801f-db733301a983 | 10.168.192.in-addr.arpa. | SOA | | 5559a024-f28b-41fb-85cc-aa470f6cda06 | 221.10.168.192.in-addr.arpa. | PTR | +--------------------------------------+------------------------------+------+-------- -------------------------------------------------------------------+--------+--------+ records | status | action | -------------------------------------------------------------------+--------+--------+ node3.1000cc.net. | ACTIVE | NONE | node3.1000cc.net. snow.1000cc.net. 1581088112 3520 600 86400 3600 | ACTIVE | NONE | www.niliu.edu. | ACTIVE | NONE | --------------------------------------------------------------------+--------+--------+ 3) 测试 [snow@node1 ~(keystone)]$ dig -p 5354 @node3.1000cc.net -x 192.168.10.221 ; <<>> DiG 9.11.4-P2-RedHat-9.11.4-9.P2.el7 <<>> -p 5354 @node3.1000cc.net -x 192.168.10.221 ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59828 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 8192 ;; QUESTION SECTION: ;221.10.168.192.in-addr.arpa. IN PTR ;; ANSWER SECTION: 221.10.168.192.in-addr.arpa. 3600 IN PTR www.1000cc.net. ;; Query time: 59 msec ;; SERVER: 192.168.10.13#5354(192.168.10.13) ;; WHEN: Fri Feb 07 23:18:54 CST 2020 ;; MSG SIZE rcvd: 84

4.3 区域及资源记录其他操作

1) 删除一条资源记录 [snow@node1 ~(keystone)]$ openstack recordset list 1000cc.net. +-------------+-----------------+------+---------------------------------+--------+--------+ | id | name | type | records | status | action | +-------------+-----------------+------+---------------------------------+--------+--------+ | 12970ed1... | 1000cc.net. | NS | node3.1000cc.net. | ACTIVE | NONE | | 7246371b... | 1000cc.net. | SOA | node3.1000cc.net. ....86400 3600| ACTIVE | NONE | | 9ba56a51... | www.1000cc.net. | A | 192.168.10.221 | ACTIVE | NONE | +-------------+-----------------+------+---------------------------------+--------+--------+ [snow@node1 ~(keystone)]$ openstack recordset delete 1000cc.net. www.1000cc.net. +-------------+--------------------------------------+ | Field | Value | +-------------+--------------------------------------+ | action | DELETE | | created_at | 2020-02-07T14:44:39.000000 | | description | None | | id | 9ba56a51-19bc-4f21-bcc9-1dd30a04ec08 | | name | www.1000cc.net. | | project_id | 7146a34d5b744320b2ed45af5b2e761b | | records | 192.168.10.221 | | status | PENDING | | ttl | None | | type | A | | updated_at | 2020-02-07T15:26:50.000000 | | version | 2 | | zone_id | 7ac23b93-0cc2-43bc-bf25-6580102f2c19 | | zone_name | 1000cc.net. | +-------------+--------------------------------------+ [snow@node1 ~(keystone)]$ openstack recordset list niliu.edu. +---------+-------------+------+---------------------------------------------+--------+--------+ | id | name | type | records | status | action | +---------+-------------+------+---------------------------------------------+--------+--------+ | 1297... | 1000cc.net. | NS | node3.1000cc.net. | ACTIVE | NONE | | 7246... | 1000cc.net. | SOA | node3.1000cc.net. snow.1000cc.net. ... 3600 | ACTIVE | NONE | +---------+-------------+------+---------------------------------------------+--------+--------+ 2) 删除zone [snow@node1 ~(keystone)]$ openstack zone list +----------------------+--------------------------+---------+------------+--------+--------+ | id | name | type | serial | status | action | +----------------------+--------------------------+---------+------------+--------+--------+ | 7ac23b93-0cc2-43b... | 1000cc.net. | PRIMARY | 1581089210 | ACTIVE | NONE | | 82511206-47a4-463... | 10.168.192.in-addr.arpa. | PRIMARY | 1581088112 | ACTIVE | NONE | +----------------------+--------------------------+---------+------------+--------+--------+ [snow@node1 ~(keystone)]$ openstack zone delete 1000cc.net. +----------------+--------------------------------------+ | Field | Value | +----------------+--------------------------------------+ | action | DELETE | | attributes | | | created_at | 2020-02-07T14:42:08.000000 | | description | None | | email | snow@1000cc.net | | id | 7ac23b93-0cc2-43bc-bf25-6580102f2c19 | | masters | | | name | 1000cc.net. | | pool_id | 794ccc2c-d751-44fe-b57f-8894c9f5c842 | | project_id | 7146a34d5b744320b2ed45af5b2e761b | | serial | 1581089210 | | status | PENDING | | transferred_at | None | | ttl | 3600 | | type | PRIMARY | | updated_at | 2020-02-07T15:34:34.000000 | | version | 7 | +----------------+--------------------------------------+ [snow@node1 ~(keystone)]$ openstack zone list +----------------+--------------------------+---------+------------+--------+--------+ | id | name | type | serial | status | action | +----------------+--------------------------+---------+------------+--------+--------+ | 82511206-47... | 10.168.192.in-addr.arpa. | PRIMARY | 1581088112 | ACTIVE | NONE | +----------------+--------------------------+---------+------------+--------+--------+