在搭建openshift,需要用到域名解析,自搭dns服务器,以前都是用named的,这次接触到多两种方式

1.named

  1. [root@base ~]# yum install bind -y
  2. [root@base ~]# vim /etc/named.conf
  3. options {
  4. listen-on port 53 { 10.83.15.30; }; # 这里是把本机作dns服务器
  5. listen-on-v6 port 53 { ::1; };
  6. directory "/var/named";
  7. dump-file "/var/named/data/cache_dump.db";
  8. statistics-file "/var/named/data/named_stats.txt";
  9. memstatistics-file "/var/named/data/named_mem_stats.txt";
  10. recursing-file "/var/named/data/named.recursing";
  11. secroots-file "/var/named/data/named.secroots";
  12. allow-query { any; };
  13. forwarders { 10.83.15.254; };
  14. recursion yes;
  15. dnssec-enable no;
  16. dnssec-validation no;
  17. [root@base ~]# named-checkconf # 检查配置是否有问题
  18. [root@base ~]# vim /etc/named.rfc1912.zones # 结尾加一个zone
  19. zone "ocp.example.com" IN {
  20. type master;
  21. file "ocp.example.com.zone";
  22. allow-update { 10.83.15.30; };
  23. };
  24. [root@base ~]# named-checkconf
  25. [root@base ~]# vim /var/named/ocp.example.com.zone # 新建zone
  26. $ORIGIN ocp.example.com.
  27. $TTL 600 ; 10 minutes
  28. @ IN SOA dns.ocp.example.com. dnsadmin.ocp.example.com. (
  29. 2021092901 ; serial
  30. 10800 ; refresh (3 hours)
  31. 900 ; retry (15 minutes)
  32. 604800 ; expire (1 week)
  33. 86400 ; minimum (1 day)
  34. )
  35. NS dns.ocp.example.com.
  36. $TTL 60 ; 1 minute
  37. dns A 10.83.15.30
  38. api A 10.83.15.30
  39. api-int A 10.83.15.30
  40. bootstrap A 10.83.15.30
  41. master1 A 10.83.15.30
  42. master2 A 10.83.15.30
  43. master3 A 10.83.15.30
  44. worker1 A 10.83.15.30
  45. worker2 A 10.83.15.30
  46. etcd-0 A 10.83.15.30
  47. etcd-1 A 10.83.15.30
  48. etcd-2 A 10.83.15.30
  49. [root@base ~]# named-checkconf
  50. [root@base ~]# systemctl start named
  51. [root@base ~]# systemctl enable named
  52. [root@base ~]# netstat -lntup | grep 53

2.etcd + coredns

  1. [root@base ~]# yum install -y etcd
  2. [root@base ~]# systemctl enable etcd --now
  3. [root@base ~]# wget https://github.com/coredns/coredns/releases/download/v1.6.9/coredns_1.6.9_linux_amd64.tgz
  4. [root@base ~]# tar zxvf coredns_1.6.9_linux_amd64.tgz
  5. [root@base ~]# mv coredns /usr/local/bin
  6. # 创建启动文件
  7. [root@base ~]# cat > /etc/systemd/system/coredns.service <<EOF
  8. [Unit]
  9. Description=CoreDNS DNS server
  10. Documentation=https://coredns.io
  11. After=network.target
  12. [Service]
  13. PermissionsStartOnly=true
  14. LimitNOFILE=1048576
  15. LimitNPROC=512
  16. CapabilityBoundingSet=CAP_NET_BIND_SERVICE
  17. AmbientCapabilities=CAP_NET_BIND_SERVICE
  18. NoNewPrivileges=true
  19. User=coredns
  20. WorkingDirectory=~
  21. ExecStart=/usr/local/bin/coredns -conf=/etc/coredns/Corefile
  22. ExecReload=/bin/kill -SIGUSR1 $MAINPID
  23. Restart=on-failure
  24. [Install]
  25. WantedBy=multi-user.target
  26. EOF
  27. # 创建Corefile配置文件,要大写
  28. [root@base ~]# cat /etc/coredns/Corefile
  29. .:53 {
  30. template IN A apps.ocp.example.com {
  31. match .*apps.ocp.example.com
  32. answer "{{ .Name }} 60 IN A 10.83.15.30"
  33. fallthrough
  34. }
  35. etcd {
  36. path /skydns
  37. endpoint http://localhost:2379
  38. fallthrough
  39. }
  40. cache 160
  41. loadbalance
  42. log
  43. }
  44. # 配置解析信息到etcd的skydns目录
  45. alias etcdctlv3='ETCDCTL_API=3 etcdctl'
  46. etcdctlv3 put /skydns/com/example/ocp/api '{"host":"10.83.15.30","ttl":60}'
  47. etcdctlv3 put /skydns/com/example/ocp/api-int '{"host":"10.83.15.30","ttl":60}'
  48. etcdctlv3 put /skydns/com/example/ocp/etcd-0 '{"host":"10.83.15.32","ttl":60}'
  49. etcdctlv3 put /skydns/com/example/ocp/etcd-1 '{"host":"10.83.15.33","ttl":60}'
  50. etcdctlv3 put /skydns/com/example/ocp/etcd-2 '{"host":"10.83.15.34","ttl":60}'
  51. etcdctlv3 put /skydns/com/example/ocp/_tcp/_etcd-server-ssl/x1 '{"host":"etcd-0.ocp.example.com","ttl":60,"priority":0,"weight":10,"port":2380}'
  52. etcdctlv3 put /skydns/com/example/ocp/_tcp/_etcd-server-ssl/x2 '{"host":"etcd-1.ocp.example.com","ttl":60,"priority":0,"weight":10,"port":2380}'
  53. etcdctlv3 put /skydns/com/example/ocp/_tcp/_etcd-server-ssl/x3 '{"host":"etcd-2.ocp.example.com","ttl":60,"priority":0,"weight":10,"port":2380}'
  54. # 除此之外再添加各节点主机名记录
  55. etcdctlv3 put /skydns/com/example/ocp/bootstrap '{"host":"10.83.15.31","ttl":60}'
  56. etcdctlv3 put /skydns/com/example/ocp/master1 '{"host":"10.83.15.32","ttl":60}'
  57. etcdctlv3 put /skydns/com/example/ocp/master2 '{"host":"10.83.15.33","ttl":60}'
  58. etcdctlv3 put /skydns/com/example/ocp/master3 '{"host":"10.83.15.34","ttl":60}'
  59. etcdctlv3 put /skydns/com/example/ocp/worker1 '{"host":"10.83.15.35","ttl":60}'
  60. etcdctlv3 put /skydns/com/example/ocp/worker2 '{"host":"10.83.15.36","ttl":60}'
  61. etcdctlv3 put /skydns/com/example/ocp/registry '{"host":"10.83.15.30","ttl":60}'
  62. [root@base ~]# systemctl start etcd
  63. [root@base ~]# systemctl start coredns
  64. [root@base ~]# systemctl enable coredns --now
  65. [root@base ~]# systemctl enable etcd --now

3.dnsmasq

这是docker安装的

  1. docker search dnsmasq
  2. docker pull jpillora/dnsmasq
  3. docker exec -it xxxx /bin/sh
  4. / # cat etc/dnsmasq.conf
  5. cache-size=10000
  6. dns-forward-max=10000000
  7. address=/api.ocp.example.com/10.83.15.30
  8. address=/api-int.ocp.example.com/10.83.15.30
  9. address=/\*.apps.ocp.example.com/10.83.15.30
  10. address=/oauth-openshift.apps.ocp.example.com/10.83.15.30
  11. address=/bootstrap.ocp.example.com/10.83.15.31
  12. address=/console-openshift-console.apps.ocp.example.com/10.83.15.30
  13. address=/master1.ocp.example.com/10.83.15.32
  14. address=/master2.ocp.example.com/10.83.15.33
  15. address=/master3.ocp.example.com/10.83.15.34
  16. address=/worker1.ocp.example.com/10.83.15.35
  17. address=/worker2.ocp.example.com/10.83.15.36
  18. address=/etcd-0.ocp.example.com/10.83.15.32
  19. address=/etcd-1.ocp.example.com/10.83.15.33
  20. address=/etcd-2.ocp.example.com/10.83.15.34
  21. srv-host=_etcd-server-ssl._tcp.ocp.example.com,etcd-0.ocp.example.com,2380,0,100
  22. srv-host=_etcd-server-ssl._tcp.ocp.example.com,etcd-1.ocp.example.com,2380,0,100
  23. srv-host=_etcd-server-ssl._tcp.ocp.example.com,etcd-2.ocp.example.com,2380,0,100

验证

  1. 修改本机第一DNS为本机地址
  2. [root@base ~]# cat /etc/resolv.conf
  3. nameserver 10.83.15.30
  4. nameserver 114.114.114.114
  5. [root@base coredns]# dig +short api.ocp.example.com @127.0.0.1
  6. 10.83.15.30
  7. [root@base coredns]# dig +short api-int.ocp.example.com @127.0.0.1
  8. 10.83.15.30
  9. [root@base coredns]# dig +short bootstrap.ocp.example.com @127.0.0.1
  10. 10.83.15.31
  11. [root@base coredns]# dig +short master1.ocp.example.com @127.0.0.1
  12. 10.83.15.32
  13. [root@base coredns]# dig +short master2.ocp.example.com @127.0.0.1
  14. 10.83.15.33
  15. [root@base coredns]# dig +short master3.ocp.example.com @127.0.0.1
  16. 10.83.15.34
  17. [root@base coredns]# dig +short worker1.ocp.example.com @127.0.0.1
  18. 10.83.15.35
  19. [root@base coredns]# dig +short worker2.ocp.example.com @127.0.0.1
  20. 10.83.15.36
  21. [root@base coredns]# dig +short -t SRV _etcd-server-ssl._tcp.ocp.example.com @127.0.0.1
  22. 10 33 2380 etcd-0.ocp.example.com.
  23. 10 33 2380 etcd-1.ocp.example.com.
  24. 10 33 2380 etcd-2.ocp.example.com.