This section describes how to install and configure the DNS service for openSUSE Leap 42.2 and SUSE Linux Enterprise Server 12 SP2.
Before you install and configure the DNS service, you must create service credentials and API endpoints.
Source the admin
credentials to gain access to
admin-only CLI commands:
$ source admin-openrc
To create the service credentials, complete these steps:
Create the designate
user:
$ openstack user create --domain default --password-prompt designate
Add the admin
role to the designate
user:
$ openstack role add --project service --user designate admin
Create the designate service entities:
$ openstack service create --name designate --description "DNS" dns
Create the DNS service API endpoint:
$ openstack endpoint create --region RegionOne \
dns public http://controller:9001/
Note
Default configuration files vary by distribution. You might need
to add these sections and options rather than modifying existing
sections and options. Also, an ellipsis (...
) in the configuration
snippets indicates potential default configuration options that you
should retain.
Install the packages:
# zypper install openstack-designate\*
Create a designate
database that is accessible by the designate
user. Replace DESIGNATE_DBPASS
with a suitable password:
# mysql
MariaDB [(none)]> CREATE DATABASE designate CHARACTER SET utf8 COLLATE utf8_general_ci;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON designate.* TO 'designate'@'localhost' \
IDENTIFIED BY 'DESIGNATE_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON designate.* TO 'designate'@'%' \
IDENTIFIED BY 'DESIGNATE_DBPASS';
Install the BIND packages:
# zypper install bind bind-utils
Add the following options in the /etc/named.conf
file:
options {
...
allow-new-zones yes;
request-ixfr no;
listen-on port 53 { 127.0.0.1; };
recursion no;
allow-query { 127.0.0.1; };
};
Create an RNDC Key:
# rndc-confgen -a -k designate -c /etc/designate/rndc.key -r /dev/urandom
Add the key to /etc/named.conf
:
...
include "/etc/designate/rndc.key";
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "designate"; };
};
Start the DNS service and configure it to start when the system boots:
# systemctl enable named
# systemctl start named
Edit the /etc/designate/designate.conf
file and
complete the following actions:
In the [service:api]
section, configure auth_strategy
:
[service:api]
listen = 0.0.0.0:9001
auth_strategy = keystone
api_base_uri = http://controller:9001/
enable_api_v2 = True
enabled_extensions_v2 = quotas, reports
In the [keystone_authtoken]
section, configure the following options:
[keystone_authtoken]
auth_type = password
username = designate
password = DESIGNATE_PASS
project_name = service
project_domain_name = Default
user_domain_name = Default
www_authenticate_uri = http://controller:5000/
auth_url = http://controller:5000/
Replace DESIGNATE_PASS
with the password you chose for the
designate
user in the Identity service.
In the [service:worker]
section, enable the worker model:
enabled = True
notify = True
In the [storage:sqlalchemy]
section, configure database access:
[storage:sqlalchemy]
connection = mysql+pymysql://designate:DESIGNATE_DBPASS@controller/designate
Replace DESIGNATE_DBPASS
with the password you chose for the
designate
database.
Populate the designate database
# su -s /bin/sh -c "designate-manage database sync" designate
Start the designate central and API services and configure them to start when the system boots:
# systemctl enable openstack-designate-central openstack-designate-api
# systemctl start openstack-designate-central openstack-designate-api
Create a pools.yaml file in /etc/designate/pools.yaml
with the following
contents:
- name: default
# The name is immutable. There will be no option to change the name after
# creation and the only way will to change it will be to delete it
# (and all zones associated with it) and recreate it.
description: Default Pool
attributes: {}
# List out the NS records for zones hosted within this pool
# This should be a record that is created outside of designate, that
# points to the public IP of the controller node.
ns_records:
- hostname: ns1-1.example.org.
priority: 1
# List out the nameservers for this pool. These are the actual BIND servers.
# We use these to verify changes have propagated to all nameservers.
nameservers:
- host: 127.0.0.1
port: 53
# List out the targets for this pool. For BIND there will be one
# entry for each BIND server, as we have to run rndc command on each server
targets:
- type: bind9
description: BIND9 Server 1
# List out the designate-mdns servers from which BIND servers should
# request zone transfers (AXFRs) from.
# This should be the IP of the controller node.
# If you have multiple controllers you can add multiple masters
# by running designate-mdns on them, and adding them here.
masters:
- host: 127.0.0.1
port: 5354
# BIND Configuration options
options:
host: 127.0.0.1
port: 53
rndc_host: 127.0.0.1
rndc_port: 953
rndc_key_file: /etc/designate/rndc.key
Update the pools:
# su -s /bin/sh -c "designate-manage pool update" designate
Start the designate and mDNS services and configure them to start when the system boots:
# systemctl enable openstack-designate-worker openstack-designate-producer openstack-designate-mdns
# systemctl start openstack-designate-worker openstack-designate-producer openstack-designate-mdns
Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.