Openstack Train配置手册-Designate配置
snow chuai汇总、整理、撰写---2020/3/4
1. 拓扑
------------+---------------------------+---------------------------+------------
| | |
eth0|192.168.10.11 eth0|192.168.10.12 eth0|192.168.10.13
+-----------+-----------+ +-----------+-----------+ +-----------+-----------+
| [ Control Node ] | | [ Compute Node ] | | [ Network Node ] |
| [node1.1000cc.net] | | [node2.1000cc.net] | | [node3.1000cc.net] |
| MariaDB RabbitMQ | | ibvirt | | Open-vSwitch |
| Memcached httpd | | Nova_Compute | | L2_Agent |
| Keystone Glance | | Open-vSwitch | | L3_Agent |
| Nova_API Cinder_API | | L2_Agent | | Metadata_Agent |
| Neutron_Server | | | | Cinder-Volume |
| Metadata_Agent | | | | Heat_API |
| Gnocchi | | | | Heat_Engine |
| Ceilometer_Central | | | | Designate_Services |
| Aodh_Evaluator | | | | named |
+-----------------------+ +-----------------------+ +-----------------------+
|
2. 在控制节点配置Designate
2.1 将Designate注册到Keystone中,并配置Endpoint
[root@node1 ~(keystone)]# openstack user create --domain default --project service --password servicepassword designate +---------------------+----------------------------------+ | Field | Value | +---------------------+----------------------------------+ | default_project_id | 7972f61f4a1c4f2592d2bb6dc7711e81 | | domain_id | default | | enabled | True | | id | 6647bc824e714ffcbaf72bae32425918 | | name | designate | | options | {} | | password_expires_at | None | +---------------------+----------------------------------+
[root@node1 ~(keystone)]# openstack role add --project service --user designate admin
[root@node1 ~(keystone)]# openstack service create --name designate --description "OpenStack DNS Service" dns +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | OpenStack DNS Service | | enabled | True | | id | 42b0030c30ce4805b9e5508020a1a235 | | name | designate | | type | dns | +-------------+----------------------------------+
[root@node1 ~(keystone)]# openstack endpoint create --region RegionOne dns public http://192.168.10.13:9001/ +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 79621f68546c41ebb6ec6eea44c386a1 | | interface | public | | region | RegionOne | | region_id | RegionOne | | service_id | 42b0030c30ce4805b9e5508020a1a235 | | service_name | designate | | service_type | dns | | url | http://192.168.10.13:9001/ | +--------------+----------------------------------+
[root@node1 ~(keystone)]# openstack endpoint create --region RegionOne dns internal http://192.168.10.13:9001/ +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 9c0dab4a7b5b4156b3f5c024a77e4274 | | interface | internal | | region | RegionOne | | region_id | RegionOne | | service_id | 42b0030c30ce4805b9e5508020a1a235 | | service_name | designate | | service_type | dns | | url | http://192.168.10.13:9001/ | +--------------+----------------------------------+
[root@node1 ~(keystone)]# openstack endpoint create --region RegionOne dns admin http://192.168.10.13:9001/ +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 042ce66675c2494996df1fd56db0d66b | | interface | admin | | region | RegionOne | | region_id | RegionOne | | service_id | 42b0030c30ce4805b9e5508020a1a235 | | service_name | designate | | service_type | dns | | url | http://192.168.10.13:9001/ | +--------------+----------------------------------+2.2 为Designate创建数据库
Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> create database designate; Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> grant all privileges on designate.* to designate@'localhost' identified by 'password'; Query OK, 0 rows affected (0.01 sec)
MariaDB [(none)]> grant all privileges on designate.* to designate@'%' identified by 'password'; Query OK, 0 rows affected (0.01 sec)
MariaDB [(none)]> flush privileges; Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> exit Bye
3. 在网络节点配置Designate
3.1 安装Designate
3.2 配置named
[root@node3 ~]# chown named:designate /etc/designate.key [root@node3 ~]# chmod 640 /etc/designate.key [root@node3 ~]# mv /etc/named.conf /etc/named.conf.bak
[root@node3 ~]# vim /etc/named.conf options { directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { localhost; 192.168.10.0/24; }; allow-new-zones yes; request-ixfr no; recursion no; bindkeys-file "/etc/named.iscdlv.key"; managed-keys-directory "/var/named/dynamic"; pid-file "/run/named/named.pid"; session-keyfile "/run/named/session.key"; };
include "/etc/designate.key";
controls { inet 0.0.0.0 port 953 allow { localhost; } keys { "designate"; }; };
logging { channel default_debug { file "data/named.run"; severity dynamic; }; };
zone "." IN { type hint; file "named.ca"; };
[root@node3 ~]# chmod 640 /etc/named.conf [root@node3 ~]# chgrp named /etc/named.conf [root@node3 ~]# chown -R named. /var/named [root@node3 ~]# systemctl enable --now named3.3 配置Designate
[database] connection = mysql+pymysql://designate:password@192.168.10.11/designate
[service:api] listen = 0.0.0.0:9001 auth_strategy = keystone api_base_uri = http://192.168.10.13:9001 enable_api_v2 = True enabled_extensions_v2 = quotas, reports
[keystone_authtoken] www_authenticate_uri = http://192.168.10.11:5000 auth_url = http://192.168.10.11:5000 memcached_servers = 192.168.10.11:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = designate password = servicepassword
[service:worker] enabled = True notify = True
[storage:sqlalchemy] connection = mysql+pymysql://designate:password@192.168.10.11/designate
[root@node3 ~]# chmod 640 /etc/designate/designate.conf [root@node3 ~]# chgrp designate /etc/designate/designate.conf [root@node3 ~]# su -s /bin/sh -c "designate-manage database sync" designate [root@node3 ~]# systemctl enable --now designate-central designate-api
2) 配置Designate pool [root@node3 ~]# vim /etc/designate/pools.yaml - name: default description: Default Pool attributes: {} ns_records: - hostname: node3.1000cc.net. priority: 1 nameservers: - host: 192.168.10.13 port: 53 targets: - type: bind9 description: BIND9 Server masters: - host: 192.168.10.13 port: 5354 options: host: 192.168.10.13 port: 53 rndc_host: 192.168.10.13 rndc_port: 953 rndc_key_file: /etc/designate.key
[root@node3 ~]# chmod 640 /etc/designate/pools.yaml [root@node3 ~]# chgrp designate /etc/designate/pools.yaml [root@node3 ~]# su -s /bin/sh -c "designate-manage pool update" designate Updating Pools Configuration ****************************
[root@node3 ~]# systemctl enable --now designate-worker designate-producer designate-mdns
3) SELinux及防火墙设定 [root@node3 ~]# setsebool -P named_write_master_zones on
[root@node3 ~]# firewall-cmd --add-service=dns --permanent [root@node3 ~]# firewall-cmd --add-port={5354/tcp,9001/tcp} --permanent success [root@node3 ~]# firewall-cmd --reload success
4) 验证Designate服务状态 [root@node1 ~(keystone)]# openstack dns service list +----------------------+------------------+--------------+--------+-------+--------------+ | id | hostname | service_name | status | stats | capabilities | +----------------------+------------------+--------------+--------+-------+--------------+ | a3066329-241a-...... | node3.1000cc.net | central | UP | - | - | | db838fd9-32d2-...... | node3.1000cc.net | api | UP | - | - | | ced6fab2-e535-...... | node3.1000cc.net | producer | UP | - | - | | 9337726b-7af7-...... | node3.1000cc.net | mdns | UP | - | - | | 9d3d08b7-1aad-...... | node3.1000cc.net | worker | UP | - | - | +----------------------+------------------+--------------+--------+-------+--------------+
4. 使用Designate
4.1 创建正解zone及A资源记录
[snow@node1 ~(keystone)]$ openstack zone list +--------------------------------------+------------+---------+------------+--------+--------+ | id | name | type | serial | status | action | +--------------------------------------+------------+---------+------------+--------+--------+ | eef2f9a9-8405-4462-878c-ffffeb963de3 | niliu.edu. | PRIMARY | 1583321827 | ACTIVE | NONE | +--------------------------------------+------------+---------+------------+--------+--------+
2) 创建A资源记录 [snow@node1 ~(keystone)]$ openstack recordset create --record '192.168.10.222' --type A niliu.edu. www +-------------+--------------------------------------+ | Field | Value | +-------------+--------------------------------------+ | action | CREATE | | created_at | 2020-07-15T07:20:32.000000 | | description | None | | id | 3e90af58-5024-4e39-8c4a-d05fd5418872 | | name | www.niliu.edu. | | project_id | 70e9c932884544eea84190f7fb42f9f6 | | records | 192.168.10.222 | | status | PENDING | | ttl | None | | type | A | | updated_at | None | | version | 1 | | zone_id | eef2f9a9-8405-4462-878c-ffffeb963de3 | | zone_name | niliu.edu. | +-------------+--------------------------------------+
# 查看资源记录是否为Active状态 [snow@node1 ~(keystone)]$ openstack recordset list niliu.edu. +--------------------------------------+-----------------+------+--------------------- | id | name | type | +--------------------------------------+-----------------+------+--------------------- | 364f402b-6fe3-4991-adac-ccfcdd4a455b | niliu.edu. | NS | | eaca9b8b-7323-4bda-b5ab-03fbebc8e00c | niliu.edu. | SOA | | 3e90af58-5024-4e39-8c4a-d05fd5418872 | www.niliu.edu. | A | +--------------------------------------+-----------------+------+--------------------- -------------------------------------------------------------------+--------+--------+ records | status | action | -------------------------------------------------------------------+--------+--------+ node3.1000cc.net. | ACTIVE | NONE | node3.1000cc.net. snow.niliu.edu. 1583321883 3575 600 86400 3600 | ACTIVE | NONE | 192.168.10.221 | ACTIVE | NONE | -------------------------------------------------------------------+--------+--------+
3) 解析测试 [snow@node1 ~(keystone)]$ dig -p 5354 @node3.1000cc.net www.niliu.edu. # 参数解释: -p 端口 @dns_server_name/ip ; <<>> DiG 9.11.4-P2-RedHat-9.11.4-9.P2.el7 <<>> -p 5354 @node3.1000cc.net www.niliu.edu. ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40556 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 8192 ;; QUESTION SECTION: ;www.niliu.edu. IN A
;; ANSWER SECTION: www.niliu.edu. 3600 IN A 192.168.10.222
;; Query time: 47 msec ;; SERVER: 192.168.10.113#5354(192.168.10.113) ;; WHEN: Wed Mar 04 19:41:47 CST 2020 ;; MSG SIZE rcvd: 584.2 创建反解zone及PTR资源记录
[snow@node1 ~(keystone)]$ openstack zone list +---------------------+--------------------------+---------+------------+--------+--------+ | id | name | type | serial | status | action | +---------------------+--------------------------+---------+------------+--------+--------+ | eef2f9a9-8405...... | niliu.edu. | PRIMARY | 1583321883 | ACTIVE | NONE | | 69b6c9ac-7111...... | 10.168.192.in-addr.arpa. | PRIMARY | 1583322276 | ACTIVE | NONE | +---------------------+--------------------------+---------+------------+--------+--------+
2) 创建PTR资源记录 [snow@node1 ~(keystone)]$ openstack recordset create --record 'www.niliu.edu.' --type PTR 10.168.192.in-addr.arpa. 221 +-------------+--------------------------------------+ | Field | Value | +-------------+--------------------------------------+ | action | CREATE | | created_at | 2020-07-15T07:18:07.000000 | | description | None | | id | 1ddf347a-ee0e-4bb6-978e-f400a1aaa343 | | name | 221.10.168.192.in-addr.arpa. | | project_id | 70e9c932884544eea84190f7fb42f9f6 | | records | www.niliu.edu. | | status | PENDING | | ttl | None | | type | PTR | | updated_at | None | | version | 1 | | zone_id | 69b6c9ac-7111-458d-bf7b-a96e70e304c5 | | zone_name | 10.168.192.in-addr.arpa. | +-------------+--------------------------------------+
# 查看资源记录是否为Active状态 [snow@node1 ~(keystone)]$ openstack recordset list 10.168.192.in-addr.arpa. +--------------------------------------+------------------------------+------+-------- | id | name | type | +--------------------------------------+------------------------------+------+-------- | 06bb9d1b-4b2c-4048-bd71-1772e18b5a1c | 10.168.192.in-addr.arpa. | NS | | b791ef62-b410-4c75-b31f-7cd0f4c1a65c | 10.168.192.in-addr.arpa. | SOA | | 1ddf347a-ee0e-4bb6-978e-f400a1aaa343 | 221.10.168.192.in-addr.arpa. | PTR | +--------------------------------------+------------------------------+------+-------- -------------------------------------------------------------------+--------+--------+ records | status | action | -------------------------------------------------------------------+--------+--------+ node3.1000cc.net. | ACTIVE | NONE | node3.1000cc.net. snow.niliu.edu. 1583322360 3557 600 86400 3600 | ACTIVE | NONE | www.niliu.edu. | ACTIVE | NONE | --------------------------------------------------------------------+--------+--------+
3) 测试 [snow@node1 ~(keystone)]$ dig -p 5354 @node3.1000cc.net -x 192.168.10.221 ; <<>> DiG 9.11.4-P2-RedHat-9.11.4-9.P2.el7 <<>> -p 5354 @node3.1000cc.net -x 192.168.10.221 ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59828 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 8192 ;; QUESTION SECTION: ;221.10.168.192.in-addr.arpa. IN PTR
;; ANSWER SECTION: 221.10.168.192.in-addr.arpa. 3600 IN PTR www.niliu.edu.
;; Query time: 59 msec ;; SERVER: 192.168.10.113#5354(192.168.10.113) ;; WHEN: Wed Mar 04 19:47:12 CST 2020 ;; MSG SIZE rcvd: 834.3 区域及资源记录其他操作
[snow@node1 ~(keystone)]$ openstack recordset delete niliu.edu. www.niliu.edu. +-------------+--------------------------------------+ | Field | Value | +-------------+--------------------------------------+ | action | DELETE | | created_at | 2020-03-04T11:38:03.000000 | | description | None | | id | 3e90af58-5024-4e39-8c4a-d05fd5418872 | | name | www.niliu.edu. | | project_id | 70e9c932884544eea84190f7fb42f9f6 | | records | 192.168.10.221 | | status | PENDING | | ttl | None | | type | A | | updated_at | 2020-03-04T11:50:34.000000 | | version | 2 | | zone_id | eef2f9a9-8405-4462-878c-ffffeb963de3 | | zone_name | niliu.edu. | +-------------+--------------------------------------+
[snow@node1 ~(keystone)]$ openstack recordset list niliu.edu. +-------------+----------------+------+---------------------------------+--------+--------+ | id | name | type | records | status | action | +-------------+----------------+------+---------------------------------+--------+--------+ | 364f402b... | niliu.edu. | NS | node3.1000cc.net. | ACTIVE | NONE | | eaca9b8b... | niliu.edu. | SOA | node3.1000cc.net. ....86400 3600| ACTIVE | NONE | +-------------+-------------+------+------------------------------------+--------+--------+
2) 删除zone [snow@node1 ~(keystone)]$ openstack zone list +-----------------+--------------------------+---------+------------+--------+--------+ | id | name | type | serial | status | action | +-----------------+--------------------------+---------+------------+--------+--------+ | eef2f9a9-...... | niliu.edu. | PRIMARY | 1583322634 | ACTIVE | NONE | | 69b6c9ac-...... | 10.168.192.in-addr.arpa. | PRIMARY | 1583322360 | ACTIVE | NONE | +-----------------+--------------------------+---------+------------+--------+--------+
[snow@node1 ~(keystone)]$ openstack zone delete niliu.edu. +----------------+--------------------------------------+ | Field | Value | +----------------+--------------------------------------+ | action | DELETE | | attributes | | | created_at | 2020-03-04T11:37:07.000000 | | description | None | | email | snow@niliu.edu | | id | eef2f9a9-8405-4462-878c-ffffeb963de3 | | masters | | | name | niliu.edu. | | pool_id | 794ccc2c-d751-44fe-b57f-8894c9f5c842 | | project_id | 70e9c932884544eea84190f7fb42f9f6 | | serial | 1583322634 | | status | PENDING | | transferred_at | None | | ttl | 3600 | | type | PRIMARY | | updated_at | 2020-03-04T11:53:08.000000 | | version | 7 | +----------------+--------------------------------------+
[snow@node1 ~(keystone)]$ openstack zone list +-------------------+--------------------------+---------+------------+--------+--------+ | id | name | type | serial | status | action | +-------------------+--------------------------+---------+------------+--------+--------+ | 69b6c9ac-7111-... | 10.168.192.in-addr.arpa. | PRIMARY | 1581088112 | ACTIVE | NONE | +-------------------+--------------------------+---------+------------+--------+--------+
