OpenStack Ussuri : Designate
OpenStack Ussuri : Designate
----------------------- ----------------------- -----------------------
| [ Controller Node ] | | [ Compute Node ] | | [ Network Node ] |
| | | Libvirt | | Open vSwitch |
| MariaDB RabbitMQ | | Nova compute | | L2 Agent |
| Memcached Keystone | | Open vSwitch | | L3 Agent |
| httpd Cinder API | | L2 Agent | | metadata agent |
| Nova-API Compute | | Cinder-LVM | | Swift-proxy |
| L2 agent L3 agent | | NFS | | Heat API |
| metadata agent | ----------------------- | API-CFN |
| Neutron Server | | Heat Engine |
| Gnocchi Trove API | | Designate Services |
----------------------- -----------------------OpenStack Ussuri : Designate
- Designate는 OpenStack 서비스에서 DNS 서비스를 배포, 관리를 담당합니다.
- Desigante는 Network node의 설치를 진행하고, controller node의 API를 이용하겠습니다.
- Designate의 보다 자세한 설명은 Designate를 참조해주세요.
Designate service 및 User 생성
$ controller ~(keystone)> openstack user create --domain default --project service --password qwer1234 designate
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| default_project_id | b470c69e28db47cdbfc81e06cc67f627 |
| domain_id | default |
| enabled | True |
| id | 7563701765d24b4884c0b324b7997530 |
| name | designate |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
$ controller ~(keystone)> openstack role add --project service --user designate admin
$ controller ~(keystone)> openstack service create --name designate --description "OpenStack DNS Service" dns
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack DNS Service |
| enabled | True |
| id | 0e7dacc11b5b48c099d3fe110f8b8197 |
| name | designate |
| type | dns |
+-------------+----------------------------------+
$ controller ~(keystone)> openstack endpoint create --region RegionOne dns public http://network:9001/
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 20b26900a14d44209ade2fab0a0f3bbc |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 0e7dacc11b5b48c099d3fe110f8b8197 |
| service_name | designate |
| service_type | dns |
| url | http://network:9001/ |
+--------------+----------------------------------+
$ controller ~(keystone)> openstack endpoint create --region RegionOne dns internal http://network:9001/
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 856883757b604b93a1273ecc4775f549 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 0e7dacc11b5b48c099d3fe110f8b8197 |
| service_name | designate |
| service_type | dns |
| url | http://network:9001/ |
+--------------+----------------------------------+
$ controller ~(keystone)> openstack endpoint create --region RegionOne dns admin http://network:9001/
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | c6fef7cbb6a848228fa8ef4067ebcc49 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 0e7dacc11b5b48c099d3fe110f8b8197 |
| service_name | designate |
| service_type | dns |
| url | http://network:9001/ |
+--------------+----------------------------------+Designate 유저의 DB를 생성합니다.
$ controller> mysql -u root -p
$ MariaDB> create database designate;
$ MariaDB> grant all privileges on designate.* to designate@'localhost' identified by 'qwer1234';
$ MariaDB> grant all privileges on designate.* to designate@'%' identified by 'qwer1234';
$ MariaDB> flush privileges;
$ MariaDB> exit;
Network Node Desigante 설치
$ network> dnf --enablerepo=centos-openstack-ussuri,powertools,epel -y install openstack-designate-api openstack-designate-central openstack-designate-worker openstack-designate-producer openstack-designate-mdns python3-designateclient bind bind-utils
# designate 및 관련 모듈을 설치합니다.
$ network> rndc-confgen -a -k designate -c /etc/designate.key -r /dev/urandom
$ network> chown named:designate /etc/designate.key
$ network> chmod 640 /etc/designate.key
# 역할기반 키를 생성하고 권한을 설정합니다.
$ network> cp /etc/named.conf /etc/named.conf.backup
$ network> vi /etc/named.conf
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { none; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
# replace query range to your environment
allow-query { localhost; 10.10.10.0/24; };
allow-new-zones yes;
request-ixfr no;
recursion no;
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
include "/etc/designate.key";
controls {
inet 0.0.0.0 port 953
allow { localhost; } keys { "designate"; };
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
$ network> chmod 640 /etc/named.conf
$ network> chgrp named /etc/named.conf
$ network> chown -R named. /var/named
$ network> systemctl enable --now named
# named dns 서비스를 시작합니다.
$ network> vi /etc/designate/designate.conf
[DEFAULT]
log_dir = /var/log/designate
transport_url = rabbit://openstack:qwer1234@controller
root_helper = sudo designate-rootwrap /etc/designate/rootwrap.conf
[database]
connection = mysql+pymysql://designate:qwer1234@controller/designate
[service:api]
listen = 0.0.0.0:9001
auth_strategy = keystone
api_base_uri = http://network:9001
enable_api_v2 = True
enabled_extensions_v2 = quotas, reports
[keystone_authtoken]
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = designate
password = qwer1234
[service:worker]
enabled = True
notify = True
[storage:sqlalchemy]
connection = mysql+pymysql://designate:qwer1234@controller/designate
$ network> su -s /bin/bash -c "designate-manage database sync" designate
$ network> systemctl enable --now designate-central designate-api
# designate api db를 임포트 시키고 서비스를 시작 및 등록합니다.
$ network> vi /etc/designate/pools.yaml
- name: default
description: Default Pool
attributes: {}
ns_records:
- hostname: network
priority: 1
nameservers:
- host: network
port: 53
targets:
- type: bind9
description: BIND9 Server
masters:
- host: network
port: 5354
options:
host: network
port: 53
rndc_host: network
rndc_port: 953
rndc_key_file: /etc/designate.key
$ network> chmod 640 /etc/designate/pools.yaml
$ network> chgrp designate /etc/designate/pools.yaml
$ network> su -s /bin/bash -c "designate-manage pool update" designate
$ network> systemctl enable --now designate-worker designate-producer designate-mdns
# designate pool db를 임포트 시키고 서비스를 시작 및 등록합니다.
$ network> setsebool -P named_write_master_zones on
$ network> firewall-cmd --add-service=dns --permanent
$ network> firewall-cmd --add-port={5354/tcp,9001/tcp} --permanent
$ network> firewall-cmd --reload
# SELinux 및 방화벽을 설정합니다.
확인
$ controller ~(keystone)> openstack dns service list
+--------------------------------------+----------+--------------+--------+-------+--------------+
| id | hostname | service_name | status | stats | capabilities |
+--------------------------------------+----------+--------------+--------+-------+--------------+
| 43f62f8d-20bc-43b9-8c64-758ac0a2a074 | network | central | UP | - | - |
| ab90b2dc-381d-4ca8-ae66-fad57a9f9c11 | network | api | UP | - | - |
| 2dbc8027-0c6a-4c4a-b7a0-92a2b19517a7 | network | worker | UP | - | - |
| 502ce893-3256-432f-9c6f-2353078ee585 | network | producer | UP | - | - |
| 078b306a-e3bb-461d-9c97-71679c9f8830 | network | mdns | UP | - | - |
+--------------------------------------+----------+--------------+--------+-------+--------------+
$ controller ~(keystone)> openstack zone create --email dnsmaster@server.education server.education.
$ controller ~(keystone)> openstack zone list
$ controller ~(keystone)> openstack recordset create --record '192.168.100.10' --type A server.education. node01
$ controller ~(keystone)> openstack recordset list server.education.
$ controller ~(keystone)> dig -p 5354 @network.srv.world node01.server.education.
$ controller ~(keystone)> openstack zone create --email dnsmaster@server.education 100.168.192.in-addr.arpa.
$ controller ~(keystone)> openstack zone list
$ controller ~(keystone)> openstack recordset create --record 'node01.server.education.' --type PTR 100.168.192.in-addr.arpa. 10
$ controller ~(keystone)> openstack recordset list 100.168.192.in-addr.arpa.
$ controller ~(keystone)> dig -p 5354 @network.srv.world -x 192.168.100.10
$ controller ~(keystone)> openstack recordset list server.education.
$ controller ~(keystone)> openstack recordset delete server.education. node01.server.education.
$ controller ~(keystone)> openstack recordset list server.education.
$ controller ~(keystone)> openstack zone list
$ controller ~(keystone)> openstack zone delete server.education.
$ controller ~(keystone)> openstack zone list
마지막 수정일자