红帽全球峰会第 2 章 手动 DNSaaS 安装
注意
必须注册您的服务器才能接收 OpenStack 软件包。如需更多信息,请参阅 https://access.redhat.com/documentation/zh-cn/red_hat_openstack_platform/8/html-single/director_installation_and_usage/#sect-Registering_your_System
1.在控制器节点上安装 DNSaaS 软件包:
# yum install openstack-designate-api openstack-designate-central openstack-designate-sink openstack-designate-pool-manager openstack-designate-mdns openstack-designate-common python-designate python-designateclient openstack-designate-agent
2.创建 DNSaaS 和池管理器数据库。更新 IDENTIFIED BY 'ComplexAlphanumericPassword' 值,以适应您的环境。
# mysql -u root << EOF
CREATE DATABASE designate;
GRANT ALL ON designate.* TO 'designate'@'%' IDENTIFIED BY 'ComplexAlphanumericPassword';
GRANT ALL ON designate.* TO 'designate'@'localhost' IDENTIFIED BY 'ComplexAlphanumericPassword';
CREATE DATABASE designate_pool_manager;
GRANT ALL ON designate_pool_manager.* TO 'designate'@'%' IDENTIFIED BY 'ComplexAlphanumericPassword';
GRANT ALL ON designate_pool_manager.* TO 'designate'@'localhost' IDENTIFIED BY 'ComplexAlphanumericPassword';
FLUSH PRIVILEGES;
quit
EOF
3.在 OpenStack Identity (keystone)中创建 DNSaaS 服务帐户和端点:本例使用 DNSaaS 主机 IP 地址 192.168.100.20。您可能需要更新这些步骤以适合您的环境。
$ openstack user create designate --password ComplexAlphanumericPassword --email designate@localhost
$ openstack role add --project service --user designate admin
$ openstack service create dns --name designate --description "Designate DNS Service"
$ openstack endpoint create --region RegionOne --publicurl http://192.168.100.20:9001 --internalurl http://192.168.100.20:9001 --adminurl http://192.168.100.20:9001 designate4.为 DNSaaS 添加防火墙规则:
$ sudo iptables -I INPUT -p tcp -m multiport --dports 9001 -m comment --comment "designate incoming" -j ACCEPT
$ sudo iptables -I INPUT -p tcp -m multiport --dports 5354 -m comment --comment "Designate mdns incoming" -j ACCEPT如果在本地托管 DNS,请检查所需端口是否已打开:
$ sudo iptables -I INPUT -p tcp -m multiport --dports 953 -m comment --comment "rndc incoming - bind only" -j ACCEPT
$ sudo service iptables save; sudo service iptables restart
5.配置 DNSaaS 数据库连接 :请确保在以下步骤中正确输入 DNSaaS 主机 IP 地址;将 ComplexAlphanumericPassword 替换为与您环境保持一致的值。
$ crudini --set /etc/designate/designate.conf storage:sqlalchemy connection mysql://designate:ComplexAlphanumericPassword@192.168.100.20/designate
$ crudini --set /etc/designate/designate.conf storage:sqlalchemy max_retries -1
$ crudini --set /etc/designate/designate.conf pool_manager_cache:sqlalchemy connection mysql://designate:ComplexAlphanumericPassword@192.168.100.20/designate_pool_manager
$ crudini --set /etc/designate/designate.conf pool_manager_cache:sqlalchemy max_retries -1
6.配置对 Identity Service 的身份验证(keystone):确保 admin_password 选项与您的环境一致。
$ crudini --set /etc/designate/designate.conf keystone_authtoken auth_uri http://192.168.100.20:5000/v2.0
$ crudini --set /etc/designate/designate.conf keystone_authtoken identity_uri http://192.168.100.20:35357/
$ crudini --set /etc/designate/designate.conf keystone_authtoken admin_tenant_name service
$ crudini --set /etc/designate/designate.conf keystone_authtoken admin_user designate
$ crudini --set /etc/designate/designate.conf keystone_authtoken admin_password ComplexAlphanumericPassword7.配置 DNSaaS 与 RabbitMQ 的连接:
使某些 rabbit_userid 和 rabbit_password 选项与您的环境一致。
$ crudini --set /etc/designate/designate.conf oslo_messaging_rabbit rabbit_hosts 192.168.100.20:5672
$ crudini --set /etc/designate/designate.conf oslo_messaging_rabbit rabbit_ha_queues False
$ crudini --set /etc/designate/designate.conf oslo_messaging_rabbit rabbit_host 192.168.100.20
$ crudini --set /etc/designate/designate.conf oslo_messaging_rabbit rabbit_port 5672
$ crudini --set /etc/designate/designate.conf oslo_messaging_rabbit rabbit_userid amqp_user
$ crudini --set /etc/designate/designate.conf oslo_messaging_rabbit rabbit_password ComplexAlphanumericPassword
$ crudini --set /etc/designate/designate.conf oslo_messaging_rabbit rabbit_virtual_host /8.添加初始 DNSaaS 配置:
$ crudini --set /etc/designate/designate.conf DEFAULT notification_driver nova.openstack.common.notifier.rpc_notifier
$ crudini --set /etc/designate/designate.conf DEFAULT notification_driver messaging
$ crudini --set /etc/designate/designate.conf DEFAULT notification_topics notifications_designate
$ crudini --set /etc/designate/designate.conf service:api api_host 0.0.0.0
$ crudini --set /etc/designate/designate.conf service:api api_port 9001
$ crudini --set /etc/designate/designate.conf service:api auth_strategy keystone
$ crudini --set /etc/designate/designate.conf service:api enable_api_v1 True
$ crudini --set /etc/designate/designate.conf service:api enabled_extensions_v1 "diagnostics, quotas, reports, sync, touch"
$ crudini --set /etc/designate/designate.conf service:api enable_api_v2 True
$ crudini --set /etc/designate/designate.conf service:api enabled_extensions_v2 "quotas, reports"9.配置池管理器:
注意
目前,您尚未配置池目标,因为您尚未选择后端。这个过程稍后会发生这种情况。
pool_id 被硬编码,因此请使用如下所示的 UUID :
# pool_id=794ccc2c-d751-44fe-b57f-8894c9f5c842
# nameserver_id=$(uuidgen)
# target_id=$(uuidgen)
$ crudini --set /etc/designate/designate.conf service:pool_manager pool_id $pool_id
$ crudini --set /etc/designate/designate.conf pool:$pool_id nameservers $nameserver_id
$ crudini --set /etc/designate/designate.conf pool:$pool_id targets $target_id
$ crudini --set /etc/designate/designate.conf pool_nameserver:$nameserver_id port 53
$ crudini --set /etc/designate/designate.conf pool_nameserver:$nameserver_id host 192.168.100.2010.配置 DNSaaS Sink:
注意
现在,您不会配置 sink 使用的域(因为还没有存在)。
$ crudini --set /etc/designate/designate.conf service:sink enabled_notification_handlers "nova_fixed, neutron_floatingip"
$ crudini --set /etc/designate/designate.conf handler:nova_fixed notification_topics notifications_designate
$ crudini --set /etc/designate/designate.conf handler:nova_fixed control_exchange nova
$ crudini --set /etc/designate/designate.conf handler:nova_fixed format "%(display_name)s.%(domain)s"
$ crudini --set /etc/designate/designate.conf handler:neutron_floatingip notification_topics notifications_designate
$ crudini --set /etc/designate/designate.conf handler:neutron_floatingip control_exchange neutron
$ crudini --set /etc/designate/designate.conf handler:neutron_floatingip format "%(octet0)s-%(octet1)s-%(octet2)s-%(octet3)s.%(domain)s"11.配置计算和 OpenStack 网络以发送通知
注意
Ceilometer 的代理也侦听和消耗通知。创建特定的 指定 通知队列(如下所示),使它们不会冲突。
Kilo 发行版本中的 OpenStack Compute 切换到 messaging 作为其通知驱动程序;之前,它是 nova.openstack.common.notifier.rpc_notifier
$ crudini --set /etc/nova/nova.conf DEFAULT notification_topics notifications,notifications_designate
$ crudini --set /etc/nova/nova.conf DEFAULT notify_on_state_change vm_and_task_state
$ crudini --set /etc/nova/nova.conf DEFAULT instance_usage_audit_period hour
$ crudini --set /etc/nova/nova.conf DEFAULT instance_usage_audit true
$ crudini --set /etc/neutron/neutron.conf DEFAULT notification_driver neutron.openstack.common.notifier.rpc_notifier
$ crudini --set /etc/neutron/neutron.conf DEFAULT notification_topics notifications,notifications_designate
$ sudo systemctl restart nova.service
$ sudo systemctl restart neutron.service
12.手动验证 nova.conf 中的 notification_driver :
注意
由于 nova.conf 中多个 notification_drivers 的可能性,crudini 命令可能会导致问题。在 DEFAULT 部分中检查以确保您有两个条目:
notification_driver=ceilometer.compute.nova_notifier
notification_driver=messaging注意
如果使用单独的 Compute 节点,则需要 nova.conf 中的以下设置:
notification_driver =nova.openstack.common.notifier.rabbit_notifier,ceilometer.compute.nova_notifier
notification_driver =messaging
notification_topics=notifications,notifications_designate13.同步 DNSaaS 和池管理器缓存:
# designate-manage database sync
# designate-manage pool-manager-cache sync14.启用并启动 DNSaaS 服务:
# systemctl enable designate-central
# systemctl enable designate-api
# systemctl enable designate-mdns
# systemctl enable designate-pool-manager
# systemctl start designate-central
# systemctl start designate-api
# systemctl start designate-mdns
# systemctl start designate-pool-manager注意
此时您尚未为您的池创建 DNS 目标,因此还没有预期正常运行的 DNSaaS 部署。
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}