Last active
March 10, 2020 12:22
-
-
Save hieunt79/24eabb1656b6ed76a4fa666aaeb2554d to your computer and use it in GitHub Desktop.
designate install ...
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apt-get install -y software-properties-common | |
add-apt-repository -y cloud-archive:queens | |
# apt update && apt dist-upgrade | |
# for openstack before stein | |
apt install python-openstackclient | |
--- | |
# install pre-requiresites | |
apt install -y mariadb-server | |
#root@www:~# vi /etc/mysql/mariadb.conf.d/50-server.cnf | |
## line 105,106: change like follows | |
#character-set-server = utf8 | |
##collation-server = utf8mb4_general_ci | |
systemctl restart mysql | |
mysql_secure_installation | |
# all questions should be "y" | |
# To check successful installation, connect to database | |
mysql -u root -p | |
> select user,host,password from mysql.user; | |
> show databases; | |
> exit; | |
--- | |
# install rabbitmq | |
apt-get install -y rabbitmq-server memcached python-pymysql | |
# there was one time, I catched an error and cannot install rabbitmq-server, then check rabbit log show | |
# ERROR: epmd error for host dpdk: address (cannot connect to host/port) | |
# after some gg, maybe because of missing hostname -> add hostname to /etc/hosts (it's was missing at that time) | |
# and it worked. | |
rabbitmqctl add_user openstack <password> | |
rabbitmqctl set_permissions openstack ".*" ".*" ".*" | |
systemctl restart rabbitmq-server | |
# change /etc/mysql/mariadb.conf.d/50-server.cnf | |
# line 29 | |
# bind-address = 0.0.0.0 | |
# line 105 | |
# character-set-server = utf8 | |
# #kcollation-server = utf8mb4_general_ci | |
systemctl restart mysql | |
# change /etc/memcached.conf | |
# line 35 | |
# -l 0.0.0.0 | |
systemctl restart memcached | |
--- | |
# install keystone | |
mysql -u root -p | |
> create database keystone; | |
> grant all privileges on keystone.* to keystone@'localhost' identified by 'secret'; | |
> grant all privileges on keystone.* to keystone@'%' identified by 'secret'; | |
> flush privileges; | |
> exit; | |
# install keystone | |
# disable auto-start | |
echo "manual" > /etc/init/keystone.override | |
apt-get -y install keystone python-openstackclient apache2 libapache2-mod-wsgi python-oauth2client | |
# config keystone | |
# root@dlp:~# vi /etc/keystone/keystone.conf | |
# # line 606: uncomment and specify Memcache Server | |
# memcache_servers = 10.0.0.30:11211 | |
# # line 740: change ( MariaDB connection info ) | |
# connection = mysql+pymysql://keystone:secret@10.240.206.119/keystone | |
# # line 2891: add | |
# [token] | |
# provider = fernet | |
su -s /bin/bash keystone -c "keystone-manage db_sync" | |
# initialize Fernet key | |
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone | |
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone-group | |
# define own (keystone) host | |
export controller=10.240.206.119 | |
# keystone bootstrap (set any password for "adminpassword" section) | |
keystone-manage bootstrap --bootstrap-password secret \ | |
--bootstrap-admin-url http://$controller:5000/v3/ \ | |
--bootstrap-internal-url http://$controller:5000/v3/ \ | |
--bootstrap-public-url http://$controller:5000/v3/ \ | |
--bootstrap-region-id RegionOne | |
# vi /etc/apache2/apache2.conf | |
# # line 70: specify server name | |
# ServerName dlp.srv.world | |
systemctl restart apache2 | |
--- | |
cat >> ~/keystonerc < EOF | |
export OS_PROJECT_DOMAIN_NAME=default | |
export OS_USER_DOMAIN_NAME=default | |
export OS_PROJECT_NAME=admin | |
export OS_USERNAME=admin | |
export OS_PASSWORD=secret | |
export OS_AUTH_URL=http://192.168.2.72:5000/v3 | |
export OS_IDENTITY_API_VERSION=3 | |
export OS_IMAGE_API_VERSION=2 | |
EOF | |
openstack project create --domain default --description "Service Project" service | |
--- | |
# install designate | |
# link: https://docs.openstack.org/designate/queens/install/install-ubuntu.html | |
# tốt nhất là nên vào link trên để đọc | |
# chú ý thêm cái designate-sudoers | |
# /etc/sudoers.d/designate_sudoers | |
#Defaults:designate !requiretty | |
#designate ALL = (root) NOPASSWD:SETENV: /usr/local/bin/copy_file.sh | |
#designate ALL = (root) NOPASSWD: /usr/local/bin/designate-rootwrap | |
openstack user create --domain default --password-prompt designate | |
openstack role add --project service --user designate admin | |
openstack service create --name designate --description "DNS" dns | |
openstack endpoint create --region RegionOne dns public http://<ip or hostname>:9001/ | |
#openstack endpoint create --region RegionOne dns public http://192.168.2.72:9001/ | |
apt-get install designate | |
# # mysql -u root -p | |
# CREATE DATABASE designate CHARACTER SET utf8 COLLATE utf8_general_ci; | |
# GRANT ALL PRIVILEGES ON designate.* TO 'designate'@'localhost' IDENTIFIED BY 'secret'; | |
# GRANT ALL PRIVILEGES ON designate.* TO 'designate'@'%' IDENTIFIED BY 'secret'; | |
pip install pymysql | |
su -s /bin/sh -c "designate-manage database sync" designate | |
systemctl restart designate-central designate-api | |
apt-get install bind9 bind9utils bind9-doc | |
-> pause at this | |
rndc-confgen -a -k designate -c /etc/bind/designate.key -r /dev/urandom | |
# Create pools.yaml | |
cat > pools.yaml <<EOF | |
- name: default | |
# The name is immutable. There will be no option to change the name after | |
# creation and the only way will to change it will be to delete it | |
# (and all zones associated with it) and recreate it. | |
description: Default Pool | |
attributes: {} | |
# List out the NS records for zones hosted within this pool | |
# This should be a record that is created outside of designate, that | |
# points to the public IP of the controller node. | |
ns_records: | |
- hostname: ns1.cloudrity.com.vn. | |
priority: 1 | |
# List out the nameservers for this pool. These are the actual BIND servers. | |
# We use these to verify changes have propagated to all nameservers. | |
nameservers: | |
- host: 127.0.0.1 | |
port: 53 | |
# List out the targets for this pool. For BIND there will be one | |
# entry for each BIND server, as we have to run rndc command on each server | |
targets: | |
- type: bind9 | |
description: BIND9 Server 1 | |
# List out the designate-mdns servers from which BIND servers should | |
# request zone transfers (AXFRs) from. | |
# This should be the IP of the controller node. | |
# If you have multiple controllers you can add multiple masters | |
# by running designate-mdns on them, and adding them here. | |
masters: | |
- host: 127.0.0.1 | |
port: 5354 | |
# BIND Configuration options | |
options: | |
host: 127.0.0.1 | |
port: 53 | |
rndc_host: 127.0.0.1 | |
rndc_port: 953 | |
rndc_key_file: /etc/bind/designate.key | |
EOF | |
su -s /bin/sh -c "designate-manage pool update" designate | |
apt install designate-worker designate-producer designate-mdns | |
systemctl start designate-worker designate-producer designate-mdns |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apt-get install -y python-dev virtualenv | |
apt install -y mariadb-server | |
#root@www:~# vi /etc/mysql/mariadb.conf.d/50-server.cnf | |
## line 105,106: change like follows | |
#character-set-server = utf8 | |
##collation-server = utf8mb4_general_ci | |
systemctl restart mysql | |
# set root password | |
mysql_secure_installation | |
# pass for root: Sup3rS3cr#t | |
# install rabbitmq | |
apt-get install -y rabbitmq-server memcached python-pymysql | |
# there was one time, I catched an error and cannot install rabbitmq-server, then check rabbit log show | |
# ERROR: epmd error for host dpdk: address (cannot connect to host/port) | |
# after some gg, maybe because of missing hostname -> add hostname to /etc/hosts (it's was missing at that time) | |
# and it worked. | |
rabbitmqctl add_user openstack <password> | |
# rabbitmqctl add_user openstack secret | |
rabbitmqctl set_permissions openstack ".*" ".*" ".*" | |
systemctl restart rabbitmq-server | |
# change /etc/mysql/mariadb.conf.d/50-server.cnf | |
# [mysqld] | |
# skip-host-cache | |
# skip-name-resolve | |
# | |
# line 29 | |
# bind-address = 0.0.0.0 | |
systemctl restart mysql | |
# change /etc/memcached.conf | |
# line 35 | |
# -l 0.0.0.0 | |
systemctl restart memcached | |
------- | |
#==== config DNS server ==== | |
# /etc/bind/designate.key | |
``` | |
key "designate" { | |
algorithm hmac-md5; | |
secret "MHcVS8MGNF94Wuqrsfubww=="; | |
}; | |
``` | |
# file named.conf.options | |
``` | |
include "/etc/bind/designate.key"; | |
options { | |
directory "/var/cache/bind"; | |
allow-new-zones yes; | |
dnssec-validation auto; | |
request-ixfr no; | |
auth-nxdomain no; # conform to RFC1035 | |
#listen-on port 53 { 192.168.2.72; }; | |
recursion no; | |
} | |
controls { | |
inet 192.168.2.72 port 953 allow { any; } keys {"designate";}; | |
inet 127.0.0.1 port 953 allow { any; }; | |
}; | |
statistics-channels { | |
inet 192.168.2.72 port 8080 allow {any;}; | |
} | |
``` | |
--- | |
# ======= install designate ========== | |
apt-get install -y bind9utils | |
git clone https://github.com/openstack/designate -b stable/queens | |
cd designate | |
virtualenv .venv -p python2 | |
source .venv/bin/activate | |
pip install -r requirements.txt -r test-requirements.txt | |
pip install PyMySQL | |
python setup.py develop | |
# Generate config file, if it's not there | |
oslo-config-generator --config-file etc/designate/designate-config-generator.conf --output-file /etc/designate/designate.conf | |
# open designate.conf and edit the following | |
[service:api] | |
listen = 0.0.0.0:9001 | |
auth_strategy = noauth | |
api_base_uri = http://192.168.2.88:9001/ | |
enable_api_v2 = True | |
enabled_extensions_v2 = quotas, reports | |
[service:worker] | |
enabled = True | |
notify = True | |
[storage:sqlalchemy] | |
connection = mysql+pymysql://designate:secret@192.168.2.88/designate | |
# | |
# add database designate to mysql | |
# mysql -u root -p | |
# CREATE DATABASE designate CHARACTER SET utf8 COLLATE utf8_general_ci; | |
# GRANT ALL PRIVILEGES ON designate.* TO 'designate'@'localhost' IDENTIFIED BY 'secret'; | |
# GRANT ALL PRIVILEGES ON designate.* TO 'designate'@'%' IDENTIFIED BY 'secret'; | |
# | |
designate-manage --config-file etc/designate/designate.conf database sync | |
mkdir -p var/log/designate | |
designate-api --config-file=etc/designate/designate.conf --log-file=var/log/designate/designate-api.log & | |
designate-central --config-file=etc/designate/designate.conf --log-file=var/log/designate/designate-central.log & | |
# update pool list | |
designate-manage --config-dir etc/designate/ pool update --file etc/designate/pools.yaml | |
designate-agent --config-file=etc/designate/designate.conf --log-file=var/log/designate/designate-agent.log & | |
designate-worker --config-file=etc/designate/designate.conf --log-file=var/log/designate/designate-worker.log & | |
designate-mdns --config-file=etc/designate/designate.conf --log-file=var/log/designate/designate-mdns.log & | |
designate-producer --config-file=etc/designate/designate.conf --log-file=var/log/designate/designate-producer.log & | |
---- | |
# Jupyter notebook | |
jupyter notebook --ip x.x.x.x --port xx --allow-root --no-browser |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment