Ubuntu 安装与配置

本节描述了如何在 Ubuntu 16.04 (LTS) 上安装和配置 DNS 服务。

先决条件

在安装和配置 DNS 服务之前，您必须创建服务凭证和 API 端点。

1. 激活 admin 凭证以访问仅管理员可用的 CLI 命令

   $ source admin-openrc
   

2. 要创建服务凭证，请完成以下步骤

   • 创建 designate 用户

     $ openstack user create --domain default --password-prompt designate
     

   • 将 admin 角色添加到 designate 用户

     $ openstack role add --project service --user designate admin
     

   • 创建 designate 服务实体

     $ openstack service create --name designate --description "DNS" dns
     

3. 创建 DNS 服务 API 端点

   $ openstack endpoint create --region RegionOne \
     dns public http://controller:9001/
   

安装和配置组件

注意

默认配置文件因发行版而异。您可能需要添加这些部分和选项，而不是修改现有的部分和选项。此外，配置片段中的省略号 (...) 表示您应该保留的潜在默认配置选项。

1. 安装软件包

   # apt-get install designate
   

2. 创建一个可被 designate 用户访问的 designate 数据库。将 DESIGNATE_DBPASS 替换为合适的密码

   # mysql
   mysql> CREATE DATABASE designate CHARACTER SET utf8 COLLATE utf8_general_ci;
   mysql> GRANT ALL PRIVILEGES ON designate.* TO 'designate'@'localhost' \
   IDENTIFIED BY 'DESIGNATE_DBPASS';
   mysql> GRANT ALL PRIVILEGES ON designate.* TO 'designate'@'%' \
   IDENTIFIED BY 'DESIGNATE_DBPASS';
   

3. 安装 BIND9 包

   # apt-get install bind9 bind9utils bind9-doc
   

4. 创建 RNDC 密钥

   # rndc-confgen -a -k designate -c /etc/designate/rndc.key -r /dev/urandom
   

5. 在 /etc/bind/named.conf.options 文件中添加以下选项

   ...
   include "/etc/designate/rndc.key";
   
   options {
       ...
       allow-new-zones yes;
       request-ixfr no;
       listen-on port 53 { 127.0.0.1; };
       recursion no;
       allow-query { 127.0.0.1; };
   };
   
   controls {
     inet 127.0.0.1 port 953
       allow { 127.0.0.1; } keys { "designate"; };
   };
   

6. 重启 DNS 服务

   # systemctl restart bind9.service
   

7. 编辑 /etc/designate/designate.conf 文件并完成以下操作

   • 在 [service:api] 部分，配置 auth_strategy

     [service:api]
     listen = 0.0.0.0:9001
     auth_strategy = keystone
     enable_api_v2 = True
     enable_api_admin = True
     enable_host_header = True
     enabled_extensions_admin = quotas, reports
     

   • 在 [keystone_authtoken] 部分，配置以下选项

     [keystone_authtoken]
     auth_type = password
     username = designate
     password = DESIGNATE_PASS
     project_name = service
     project_domain_name = Default
     user_domain_name = Default
     www_authenticate_uri = http://controller:5000/
     auth_url = http://controller:5000/
     memcached_servers = controller:11211
     

     将 DESIGNATE_PASS 替换为您在 Identity 服务中为 designate 用户选择的密码。

   • 在 [DEFAULT] 部分中，配置 RabbitMQ 消息队列访问

     [DEFAULT]
     # ...
     transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/
     

     将 RABBIT_PASS 替换为您在 RabbitMQ 中为 openstack 帐户选择的密码。

   • 在 [storage:sqlalchemy] 部分，配置数据库访问

     [storage:sqlalchemy]
     connection = mysql+pymysql://designate:DESIGNATE_DBPASS@controller/designate
     

     将 DESIGNATE_DBPASS 替换为您为 designate 数据库选择的密码。

   • 填充 designate 数据库

     # su -s /bin/sh -c "designate-manage database sync" designate
     

8. 启动 designate central 和 API 服务，并配置它们在系统启动时启动

   # systemctl start designate-central designate-api
   
   # systemctl enable designate-central designate-api
   

9. 在 /etc/designate/pools.yaml 中创建一个 pools.yaml 文件，内容如下

   - name: default
     # The name is immutable. There will be no option to change the name after
     # creation and the only way will to change it will be to delete it
     # (and all zones associated with it) and recreate it.
     description: Default Pool
   
     attributes: {}
   
     # List out the NS records for zones hosted within this pool
     # This should be a record that is created outside of designate, that
     # points to the public IP of the controller node.
     ns_records:
       - hostname: ns1-1.example.org.
         priority: 1
   
     # List out the nameservers for this pool. These are the actual BIND servers.
     # We use these to verify changes have propagated to all nameservers.
     nameservers:
       - host: 127.0.0.1
         port: 53
   
     # List out the targets for this pool. For BIND there will be one
     # entry for each BIND server, as we have to run rndc command on each server
     targets:
       - type: bind9
         description: BIND9 Server 1
   
         # List out the designate-mdns servers from which BIND servers should
         # request zone transfers (AXFRs) from.
         # This should be the IP of the controller node.
         # If you have multiple controllers you can add multiple masters
         # by running designate-mdns on them, and adding them here.
         masters:
           - host: 127.0.0.1
             port: 5354
   
         # BIND Configuration options
         options:
           host: 127.0.0.1
           port: 53
           rndc_host: 127.0.0.1
           rndc_port: 953
           rndc_key_file: /etc/designate/rndc.key
   

10. 更新 pools

    # su -s /bin/sh -c "designate-manage pool update" designate
    

11. 安装 Designate Worker、producer 和 mini-dns

    # apt install designate-worker designate-producer designate-mdns
    

12. 启动 designate 和 mDNS 服务，并配置它们在系统启动时启动

    # systemctl start designate-worker designate-producer designate-mdns
    
    # systemctl enable designate-worker designate-producer designate-mdns