Install and configure for openSUSE and SUSE Linux Enterprise

This section describes how to install and configure the DNS service for openSUSE Leap 42.2 and SUSE Linux Enterprise Server 12 SP2.

Prerequisites¶

Before you install and configure the DNS service, you must create service credentials and API endpoints.

Source the admin credentials to gain access to admin-only CLI commands:
```
$ source admin-openrc
```

To create the service credentials, complete these steps:

Create the designate user:

$ openstack user create --domain default --password-prompt designate

Add the admin role to the designate user:

$ openstack role add --project service --user designate admin

Create the designate service entities:

$ openstack service create --name designate --description "DNS" dns

Create the DNS service API endpoint:

$ openstack endpoint create --region RegionOne \
  dns public http://controller:9001/

Install and configure components¶

Note

Default configuration files vary by distribution. You might need to add these sections and options rather than modifying existing sections and options. Also, an ellipsis (...) in the configuration snippets indicates potential default configuration options that you should retain.

Install the packages:
```
# zypper install openstack-designate\*
```

Create a designate database that is accessible by the designate user. Replace DESIGNATE_DBPASS with a suitable password:

# mysql -u root -p
MariaDB [(none)]> CREATE DATABASE designate CHARACTER SET utf8 COLLATE utf8_general_ci;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON designate.* TO 'designate'@'localhost' \
IDENTIFIED BY 'DESIGNATE_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON designate.* TO 'designate'@'%' \
IDENTIFIED BY 'DESIGNATE_DBPASS';

Install the BIND packages:
```
# zypper install bind bind-utils
```

Add the following options in the /etc/named.conf file:

options {
    ...
    allow-new-zones yes;
    request-ixfr no;
    listen-on port 53 { 127.0.0.1; };
    recursion no;
    allow-query { 127.0.0.1; };
};

Create an RNDC Key:

# rndc-confgen -a -k designate -c /etc/designate/rndc.key -r /dev/urandom

Add the key to /etc/named.conf:

...
include "/etc/designate/rndc.key";

controls {
  inet 127.0.0.1 port 953
    allow { 127.0.0.1; } keys { "designate"; };
};

Start the DNS service and configure it to start when the system boots:
```
# systemctl enable named

# systemctl start named
```

Edit the /etc/designate/designate.conf file and complete the following actions:

In the [service:api] section, configure auth_strategy:

[service:api]
listen = 0.0.0.0:9001
auth_strategy = keystone
enable_api_v1 = True
api_base_uri = http://controller:9001/
enabled_extensions_v1 = quotas, reports
enable_api_v2 = True
enabled_extensions_v2 = quotas, reports

In the [keystone_authtoken] section, configure the following options:

[keystone_authtoken]
auth_host = controller
auth_port = 35357
auth_protocol = http
admin_tenant_name = service
admin_user = designate
admin_password = DESIGNATE_PASS

Replace DESIGNATE_PASS with the password you chose for the designate user in the Identity service.

In the [service:worker] section, enable the worker model:
```
enabled = True
notify = True
```
In the [storage:sqlalchemy] section, configure database access:
```
[storage:sqlalchemy]
connection = mysql+pymysql://designate:DESIGNATE_DBPASS@controller/designate
```
Replace DESIGNATE_DBPASS with the password you chose for the designate database.

Populate the designate database

# su -s /bin/sh -c "designate-manage database sync" designate

Start the designate central and API services and configure them to start when the system boots:

# systemctl enable openstack-designate-central openstack-designate-api

# systemctl start openstack-designate-central openstack-designate-api

Create a pools.yaml file in /etc/designate/pools.yaml with the following contents:

- name: default
  # The name is immutable. There will be no option to change the name after
  # creation and the only way will to change it will be to delete it
  # (and all zones associated with it) and recreate it.
  description: Default Pool

  attributes: {}

  # List out the NS records for zones hosted within this pool
  # This should be a record that is created outside of designate, that
  # points to the public IP of the controller node.
  ns_records:
    - hostname: ns1-1.example.org.
      priority: 1

  # List out the nameservers for this pool. These are the actual BIND servers.
  # We use these to verify changes have propagated to all nameservers.
  nameservers:
    - host: 127.0.0.1
      port: 53

  # List out the targets for this pool. For BIND there will be one
  # entry for each BIND server, as we have to run rndc command on each server
  targets:
    - type: bind9
      description: BIND9 Server 1

      # List out the designate-mdns servers from which BIND servers should
      # request zone transfers (AXFRs) from.
      # This should be the IP of the controller node.
      # If you have multiple controllers you can add multiple masters
      # by running designate-mdns on them, and adding them here.
      masters:
        - host: 127.0.0.1
          port: 5354

      # BIND Configuration options
      options:
        host: 127.0.0.1
        port: 53
        rndc_host: 127.0.0.1
        rndc_port: 953
        rndc_key_file: /etc/designate/rndc.key

Update the pools:

# su -s /bin/sh -c "designate-manage pool update" designate

Start the designate and mDNS services and configure them to start when the system boots:

# systemctl enable openstack-designate-worker openstack-designate-producer openstack-designate-mdns

# systemctl start openstack-designate-worker openstack-designate-producer openstack-designate-mdns

https://docs.openstack.org/designate/pike/install/install-obs.html

Prerequisites¶

Install and configure components¶

Post a Comment

Post a Comment

Contact Form