@TOCPrefaceDesignate是一个开源的DNS-as-a-service实现,是运行云的OpenStack服务生态系统的一部分。Designate是OpenStack的多租户DNSaaS服务。它提供了一个带有集成Keystone身份验证的RESTAPI。它可以配置为根据Nova和Neutron操作自动生成记录。Designate支持多种DNS服务器,包括Bind9和PowerDNS4。ArchitectureDesignate由几个不同的服务组成:API、Producer、Central、Worker和MiniDNS。它使用与oslo.db兼容的数据库来存储状态和数据,并使用与oslo.messaging兼容的消息队列来促进服务之间的通信。所有给定服务的多个副本可以串联运行以促进高可用性部署,API进程通常位于负载平衡器后面。前提准备好获取admin凭证以管理员权限访问源码admin-openrc#创建指定用户openstackusercreate--domaindemo--password000000designate#给指定用户openstackroleadd--project添加admin角色service--userdesignateadmin#创建指定服务实体openstackservicecreate--namedesignate--description"DNS"dns#创建DNS服务API端点openstackendpointcreate--regionRegionOnednspublichttp://controller:9001/openstackendpointcreate--regionRegionOnednsinternalhttp://controller:9001/openstackendpointcreate--regionRegionOnednsadminhttp://controller:9001/安装和配置组件安装包#yuminstallopenstack-designate\*createuserdesignate可以访问指定数据库CREATEDATABASEdesignateCHARACTERSETutf8COLLATEutf8_general_ci;GRANTALLPRIVILEGESONdesignate.*TO'designate'@'localhost'IDENTIFIEDBY'000000';GRANTALLPRIVILEGESONdesignate.*TO'designate'@'%'IDENTIFIED00'00之前;安装BIND包yuminstallbindbind-utils创建RNDC密钥rndc-confgen-a-kdesignate-c/etc/designate/rndc.key-r/dev/urandom在文件/etc/named.conf中添加以下选项vim/etc/named.conf...include"/etc/designate/rndc.key";options{...allow-new-zones是的;请求ixfr号;侦听端口53{127.0.0.1;};递归没有;允许查询{127.0.0.1;};};controls{inet127.0.0.1端口953允许{127.0.0.1;}键{“指定”;};};启动DNS服务systemctlenablenamedsystemctlstartnamed编辑/etc/designate/designate.conf文件[service:api]listen=0.0.0.0:9001auth_strategy=keystoneenable_api_v2=Trueenable_api_admin=Trueenable_host_header=Trueenabled_extensions_admin=quotas,reports[keystone_authtoken]auth_type=passwordusername=designatepassword=000000project_name=serviceproject_domain_name=demouser_domain_name=demowww_authenticate_uri=http://controller:5000/auth_url=http://controller:5000/memcached_servers=controller:11211[默认]#...transport_url=rabbit://openstack:000000@controller:5672/[存储:sqlalchemy]connection=mysql+pymysql://designate:000000@controller/designate填写指定数据库su-s/bin/sh-c"designate-managedatabasesync"designate启动指定的中心和API服务systemctlstartdesignate-centraldesignate-apisystemctlenabledesignate-centraldesignate-api在其中创建一个pools.yaml文件,/etc/designate/pools.yaml其中包含以下内容-name:default#名称是不可变的。#创建后将没有更改名称的选项,更改它的唯一方法是删除它#(以及与之关联的所有区域)并重新创建它。描述:默认池属性:{}#列出此池中托管的区域的NS记录#这应该是在指定之外创建的记录,#指向控制器节点的公共IP。ns_records:-主机名:ns1-1.example.org。priority:1#列出这个池的名称服务器。这些是实际的BIND服务器。#我们使用这些来验证更改是否已传播到所有名称服务器。nameservers:-host:127.0.0.1port:53#列出这个池的目标。对于BIND,每个BIND服务器都有一个#条目,因为我们必须在每个服务器目标上运行rndc命令:-type:bind9description:BIND9Server1#列出指定的mdns服务器,BIND服务器应该从中请求区域从转移(AXFR)。#这应该是控制器节点的IP。#如果你有多个控制器,你可以添加多个主控制器#通过在它们上运行designate-mdns并在此处添加它们。masters:-host:127.0.0.1port:5354#BIND配置选项options:host:127.0.0.1port:53rndc_host:127.0.0.1rndc_port:953rndc_key_file:/etc/designate/rndc.key更新池:#su-s/bin/sh-c"designate-managepoolupdate"designate启动指定和mDNS服务systemctlstartdesignate-workerdesignate-producerdesignate-mdnssystemctlenabledesignate-workerdesignate-producerdesignate-mdnsverifyaction列出服务组件以验证每个进程是否成功启动和注册:$.admin-openrc$ps-aux|grepdesignate../usr/bin/python/usr/bin/designate-mdns--config-file/etc/designate/designate.conf../usr/bin/python/usr/bin/designate-central--config-文件/etc/designate/designate.conf../usr/bin/python/usr/bin/designate-agent--config-file/etc/designate/designate.conf../usr/bin/python/usr/bin/designate-api--config-file/etc/designate/designate.conf../usr/bin/python/usr/bin/designate-worker--config-file/etc/designate/designate.conf../usr/bin/python/usr/bin/designate-producer--config-file/etc/designate/designate.conf$openstackdns服务列表+--------------------------------------+----------------------------+--------------+-------+--------+------------+|编号|主机名|服务名称|状态|统计|能力|+-------------------------------------+-------------------------+------------+--------+--------+------------+|918a8f6e-9e7e-453e-8583-cbefa7ae7f8f|流浪者-ubuntu-trusty-64|中央|上|-|-||982f78d5-525a-4c36-af26-a09aa39de5d7|流浪者-ubuntu-trusty-64|应用程序接口|上|-|-||eda2dc16-ad27-4ee1-b091-bb75b6ceaffe|流浪者-ubuntu-trusty-64|域名系统|上|-|-||00c5c372-e630-49b1-a6b6-17e3fa4544ea|流浪者-ubuntu-trusty-64|工人|上|-|-||8cdaf2e9-accd-4665-8e9e-be26f1ccfe4a|流浪者-ubuntu-trusty-64|制作人|上|-|-|+------------------------------------+--------------------------+------------+--------+------+----------------+
