4.4. Generating a BIND TSIG Key
If you want OpenShift Enterprise to act as the name server and manage DNS for applications hosted on OpenShift Enterprise, you must generate a TSIG key for the OpenShift Enterprise BIND instance. This key is used to update DNS records in the BIND server that will be installed, both for managing application DNS and (by default) for creating host DNS records.
Procedure 4.1. To Generate a BIND TSIG Key:
- The
dnssec-keygencommand, provided by the bind package, can be used to generate a TSIG key. Install the bind package on a host, if required:#
yum install bindNote
The bind package is available in the Red Hat Enterprise Linux 6 Server base channel. - Configure the
$domainenvironment variable to simplify the process in the following step, replacingCloud_Domainwith the domain name to suit your environment:# domain=Cloud_Domain - Generate a TSIG key for your chosen cloud domain:
#
dnssec-keygen -a HMAC-MD5 -b 512 -n USER -r /dev/urandom -K /var/named $domain#cat /var/named/K$domain.*.key | awk '{print $8}'The format for the TSIG key returned by the last command should resembleCNk+wjszKi9da9nL/1gkMY7H+GuUng==. This key is set in thebind_keyPuppet parameter in later sections. - If you want your OpenShift Enterprise hosts to be in a separate domain than the zone used for applications hosted on OpenShift Enterprise, you can create a second TSIG key at this time as well:
# infra_domain=Infrastructure_Domain#dnssec-keygen -a HMAC-MD5 -b 512 -n USER -r /dev/urandom -K /var/named $infra_domain#cat /var/named/K$infra_domain.*.key | awk '{print $8}'This key can be set in thedns_infrastructure_keyPuppet parameter in later sections, if thedns_infrastructure_zoneparameter is set.
