Red Hat SummitQuesto contenuto non è disponibile nella lingua selezionata.
4.4. Generating a BIND TSIG Key
If you want OpenShift Enterprise to act as the name server and manage DNS for applications hosted on OpenShift Enterprise, you must generate a TSIG key for the OpenShift Enterprise BIND instance. This key is used to update DNS records in the BIND server that will be installed, both for managing application DNS and (by default) for creating host DNS records.
Procedure 4.1. To Generate a BIND TSIG Key:
- The
dnssec-keygencommand, provided by the bind package, can be used to generate a TSIG key. Install the bind package on a host, if required:yum install bind
# yum install bindCopy to Clipboard Copied! Toggle word wrap Toggle overflow Note
The bind package is available in the Red Hat Enterprise Linux 6 Server base channel. - Configure the
$domainenvironment variable to simplify the process in the following step, replacingCloud_Domainwith the domain name to suit your environment:domain=Cloud_Domain
# domain=Cloud_DomainCopy to Clipboard Copied! Toggle word wrap Toggle overflow - Generate a TSIG key for your chosen cloud domain:
dnssec-keygen -a HMAC-MD5 -b 512 -n USER -r /dev/urandom -K /var/named $domain cat /var/named/K$domain.*.key | awk '{print $8}'# dnssec-keygen -a HMAC-MD5 -b 512 -n USER -r /dev/urandom -K /var/named $domain # cat /var/named/K$domain.*.key | awk '{print $8}'Copy to Clipboard Copied! Toggle word wrap Toggle overflow The format for the TSIG key returned by the last command should resembleCNk+wjszKi9da9nL/1gkMY7H+GuUng==. This key is set in thebind_keyPuppet parameter in later sections. - If you want your OpenShift Enterprise hosts to be in a separate domain than the zone used for applications hosted on OpenShift Enterprise, you can create a second TSIG key at this time as well:
infra_domain=Infrastructure_Domain dnssec-keygen -a HMAC-MD5 -b 512 -n USER -r /dev/urandom -K /var/named $infra_domain cat /var/named/K$infra_domain.*.key | awk '{print $8}'# infra_domain=Infrastructure_Domain # dnssec-keygen -a HMAC-MD5 -b 512 -n USER -r /dev/urandom -K /var/named $infra_domain # cat /var/named/K$infra_domain.*.key | awk '{print $8}'Copy to Clipboard Copied! Toggle word wrap Toggle overflow This key can be set in thedns_infrastructure_keyPuppet parameter in later sections, if thedns_infrastructure_zoneparameter is set.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}