红帽全球峰会3.2. 部署 DNS 服务
要将 Red Hat OpenStack Services 部署到 OpenShift (RHOSO) DNS 服务(指定),您可以执行以下操作:
-
在
OpenStackControlPlane自定义资源(CR)文件中,启用 DNS 服务并添加所需的指定服务配置和自定义。 -
使用 DNS 服务所需的值更新
OpenStackControlPlaneCR。
先决条件
-
在工作站上安装了
oc命令行工具。 -
以具有
cluster-admin权限的用户身份登录到可访问 RHOSO 控制平面的工作站。
流程
在工作站上打开
OpenStackControlPlaneCR 文件,并通过添加以下内容来启用 DNS 服务(指定):designate: apiOverride: route: {} enabled: true template: nsRecords: -hostname: ns1.example.org. priority: 1 -hostname: ns2.example.org. priority: 2 ...另外,在
OpenStackControlPlaneCR 文件中,添加以下指定服务配置:DesignateApi:... designateAPI: networkAttachments: - internalapi override: service: internal: metadata: annotations: metallb.universe.tf/address-pool: internalapi metallb.universe.tf/allow-shared-ip: internalapi metallb.universe.tf/loadBalancerIPs: 172.17.0.80 spec: type: LoadBalancer ...注意确保
designateAPI的注解值与当前OpenstackControlPlaneCR 中用于其他 API 服务的注解值匹配。designateBackendbind9:... designateBackendbind9: controlNetworkName: designate networkAttachments: - designate override: services: - metadata: annotations: metallb.universe.tf/address-pool: designateext metallb.universe.tf/allow-shared-ip: designateext metallb.universe.tf/loadBalancerIPs: 172.34.0.80 spec: type: LoadBalancer - metadata: annotations: metallb.universe.tf/address-pool: designateext metallb.universe.tf/allow-shared-ip: designateext metallb.universe.tf/loadBalancerIPs: 172.34.0.81 spec: type: LoadBalancer - metadata: annotations: metallb.universe.tf/address-pool: designateext metallb.universe.tf/allow-shared-ip: designateext metallb.universe.tf/loadBalancerIPs: 172.34.0.82 spec: type: LoadBalancer replicas: 3 resources: {} serviceUser: designate storageClass: local-storage storageRequest: 10G ...注意为每个副本使用服务覆盖。在上例中,副本数为 3,因此定义了 3 个服务。如果使用额外的专用网络来访问 BIND 9 服务器,则网络附加可能会在生产系统中有所不同。
DesignateCentral:... designateCentral: replicas: 3 ...DesignateMDNS:... designateMdns: networkAttachments: - designate replicas: 3 ...DesignateProducer:... designateProducer: replicas: 3 ...DesignateUnbound:... designateUnbound: defaultConfigOverwrite: 01-unbound.conf: | server: verbosity: 2 access-control: 172.28.0.0/24 allow access-control: 100.64.0.0/10 allow module-config: "iterator" forwarders.conf: | forward-zone: name: "." forward-addr: 172.11.5.155 forward-addr: 172.12.5.155 networkAttachments: - designate override: services: - metadata: annotations: metallb.universe.tf/address-pool: designateext metallb.universe.tf/allow-shared-ip: designateext metallb.universe.tf/loadBalancerIPs: 172.34.0.90 spec: type: LoadBalancer - metadata: annotations: metallb.universe.tf/address-pool: designateext metallb.universe.tf/allow-shared-ip: designateext metallb.universe.tf/loadBalancerIPs: 172.34.0.91 spec: type: LoadBalancer - metadata: annotations: metallb.universe.tf/address-pool: designateext metallb.universe.tf/allow-shared-ip: designateext metallb.universe.tf/loadBalancerIPs: 172.34.0.93 spec: type: LoadBalancer replicas: 31 resources: {} stubZones:2 - name: example.org - name: anotherexample.org ...DesignateWorker :... designateWorker: databaseAccount: designate networkAttachments: - designate replicas: 3 ...
可选:如果要配置网络服务(neutron)和 DNS 服务之间的集成,请执行以下步骤。
如需更多信息,请参阅 使用集成的 DNS 服务。
找到
neutron的服务定义,并添加customServiceConfig部分:neutron: customServiceConfig: |在
customServiceConfig部分下,添加一个[DEFAULT]子部分,在其中为您的站点添加域。- Example
在本例中,DNS 域是
example.org。将此值更改为适合您的站点的域。在大多数情况下external_dns_driver的值为:neutron: customServiceConfig: | [DEFAULT] dns_domain = example.org. external_dns_driver = designate
添加
[ml2]子部分,并将subnet_dns_publish_fixed_ip包含在 neutron 扩展驱动程序列表中:neutron: customServiceConfig: | [DEFAULT] dns_domain = example.org. external_dns_driver = designate [ml2] extension_drivers=subnet_dns_publish_fixed_ip将
[designate]子部分添加到customServiceConfig部分。- Example
neutron: customServiceConfig: | [DEFAULT] dns_domain = example.org. external_dns_driver = designate [ml2] extension_drivers=subnet_dns_publish_fixed_ip [designate] url = https://designate-internal.openstack.svc:9001/v2 auth_type = password auth_url = {{ .KeystoneInternalURL }} username = {{ .ServiceUser }} password = {{ .ServicePassword }} project_name = service project_domain_name = Default user_domain_name = Default allow_reverse_dns_lookup = true ipv4_ptr_zone_prefix_size = 24 ipv6_ptr_zone_prefix_size = 116 ptr_zone_email = admin@example.org-
URL:使用当前版本
v2的 OpenStack DNS 服务公共端点 URL。 -
auth_type:要使用的授权插件,可以是password或token。 -
auth_url: Identity 服务(keystone)授权端点 URL。网络服务使用此端点以用户身份进行身份验证,以创建和更新反向查找区域。 -
用户名:网络服务用于创建和更新反向查找区域的用户名。 -
密码:网络服务用于创建和更新反向查找区域的用户密码。 -
project_name:网络服务用于创建和更新反向查找区域的项目名称。 -
project_domain_name:网络服务用于创建和更新反向查找区域的项目的名称。 -
user_domain_name:网络服务用于创建和更新反向查找区域的用户的域名。 -
allow_reverse_dns_lookup:当为true时,启用反向查找记录的创建。 -
ipv4_ptr_zone_prefix_size:IPv4 反向查找区域的前缀的大小(位)。 -
ipv6_ptr_zone_prefix_size:IPv6 反向查找区域的前缀的大小(以位表示)。 -
ptr_zone_email:在创建新的反向查找区域时 DNS 服务使用的电子邮件地址。默认为admin@<dns_domain>,其中 <dns_domain> 是在该区域中创建的第一个记录的域。
-
URL:使用当前版本
使用 DNS 服务所需的值更新
OpenStackControlPlane自定义资源。- Example
$ oc apply -f openstack_control_plane.yaml -n openstack
验证
等待 RHOCP 创建 DNS 服务资源。运行以下命令来检查状态:
$ oc wait designate designate --for condition=Ready- 输出示例
designate.designate.openstack.org/designate condition met
确认 DNS 服务 pod 正在运行:
$ oc -n openstack get pods | grep -iE "(designate)"- 输出示例
您应该看到类似如下的输出:
designate-api-7d8447bc98-cfl22 1/1 Running 0 10s designate-backendbind9-0 1/1 Running 0 15s designate-backendbind9-1 1/1 Running 0 20s designate-backendbind9-2 1/1 Running 0 22s designate-central-86c558fb98-82bn2 1/1 Running 0 12s designate-central-86c558fb98-0cxz1 1/1 Running 0 19s designate-central-86c558fb98-vkj72 1/1 Running 0 12s designate-mdns-0 1/1 Running 0 13s designate-mdns-1 1/1 Running 0 11s designate-mdns-2 1/1 Running 0 15s designate-producer-7f69498d75-6wlr8 1/1 Running 0 12s designate-producer-7f69498d75-3sd55 1/1 Running 0 10s designate-producer-7f69498d75-tvmr9 1/1 Running 0 12s designate-redis-redis-0 2/2 Running 0 11d designate-unbound-0 1/1 Running 0 18d designate-unbound-1 1/1 Running 0 11d designate-unbound-2 1/1 Running 0 16d designate-worker-85596d67b6-7sbgw 1/1 Running 0 14d designate-worker-85596d67b6-xkg49 1/1 Running 0 12d designate-worker-85596d67b6-5ckje 1/1 Running 0 10d
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}