第1章 环境描述:
[root@ops-tmp-app-2 ~]# cat /etc/redhat-release CentOS Linux release 7.4.1708 (Core) [root@ops-tmp-app-2 ~]# getenforce Disabled [root@ops-tmp-app-2 ~]# systemctl status firewalld.service ●firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled) Active: inactive (dead) Docs: man:firewalld(1)
第2章 安装pdns
yum install -y pdns pdns-backend-mysql [root@ops-tmp-app-2 ~]# rpm -qa |grep pdns pdns-4.0.6-2.el7.x86_64 pdns-backend-mysql-4.0.6-2.el7.x86_64
启动pdns就可以了,这里粘贴一下配置文件
[root@ops-tmp-app-2 PowerDNS-Admin]# cat /etc/pdns/pdns.conf api=yes api-key=changeme api-logfile=/var/log/pdns.log cache-ttl=20 daemon=yes default-ttl=30 guardian=no launch=gmysql gmysql-host=10.3.2.15 gmysql-port=3306 gmysql-user=powerdns gmysql-dbname=powerdns gmysql-password=powerdns local-address=10.3.2.15 master=yes setgid=pdns setuid=pdns webserver=yes webserver-address=0.0.0.0 webserver-allow-from=0.0.0.0/0 webserver-port=8081 write-pid=yes allow-axfr-ips=10.3.2.15,10.3.2.5 also-notify=10.3.2.15,10.3.2.5 only-notify=10.3.2.15,10.3.2.5 slave=no slave-cycle-interval=60 log-dns-details=yes log-dns-queries=yes loglevel=6 pdns日志默认输出到message的系统日志中了,调试中可以把日志打印级别开大一点
第3章 后端数据库配置
3.1数据库安装
yum install mariadb-server mariadb –y systemctl enable mariadb.service systemctl start mariadb.service
3.2设置密码
mysql_secure_installation
首先是设置密码,会提示先输入密码
Enter current password for root (enter for none):<–初次运行直接回车
Set root password? [Y/n] <– 是否设置root用户密码,输入y并回车或直接回车
New password: <– 设置root用户的密码(比如123456)
Re-enter new password: <– 再输入一次你设置的密码
3.3其他配置
Remove anonymous users? [Y/n] <– 是否删除匿名用户,回车
Disallow root login remotely? [Y/n] <–是否禁止root远程登录,回车,
Remove test database and access to it? [Y/n] <– 是否删除test数据库,回车
Reload privilege tables now? [Y/n] <– 是否重新加载权限表,回车
3.4统一字符集
-> 首先是配置文件/etc/my.cnf,在[mysqld]标签下添加
init_connect='SET collation_connection = utf8_unicode_ci'
init_connect='SET NAMES utf8'
character-set-server=utf8
collation-server=utf8_unicode_ci
skip-character-set-client-handshake
-> 接着配置文件/etc/my.cnf.d/client.cnf,在[client]中添加
default-character-set=utf8
-> 然后配置文件/etc/my.cnf.d/mysql-clients.cnf,在[mysql]中添加
default-character-set=utf8
systemctl restart mariadb.service
3.5创建数据
[root@ops-tmp-app-2 ~]# mysql -p123456 Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 2 Server version: 5.5.60-MariaDB MariaDB Server Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [(none)]> source /root/pdns.sql
Sql文件的内容如下,复制一下自己创建sql文件即可
CREATE DATABASE powerdns; GRANT ALL ON powerdns.* TO 'powerdns'@'10.3.%' IDENTIFIED BY 'powerdns'; FLUSH PRIVILEGES; use powerdns; CREATE TABLE domains ( id INT AUTO_INCREMENT, name VARCHAR(255) NOT NULL, master VARCHAR(128) DEFAULT NULL, last_check INT DEFAULT NULL, type VARCHAR(6) NOT NULL, notified_serial INT DEFAULT NULL, account VARCHAR(40) DEFAULT NULL, PRIMARY KEY (id) ) Engine=InnoDB; CREATE UNIQUE INDEX name_index ON domains(name); CREATE TABLE records ( id BIGINT AUTO_INCREMENT, domain_id INT DEFAULT NULL, name VARCHAR(255) DEFAULT NULL, type VARCHAR(10) DEFAULT NULL, content VARCHAR(64000) DEFAULT NULL, ttl INT DEFAULT NULL, prio INT DEFAULT NULL, change_date INT DEFAULT NULL, disabled TINYINT(1) DEFAULT 0, ordername VARCHAR(255) BINARY DEFAULT NULL, auth TINYINT(1) DEFAULT 1, PRIMARY KEY (id) ) Engine=InnoDB; CREATE INDEX nametype_index ON records(name,type); CREATE INDEX domain_id ON records(domain_id); CREATE INDEX recordorder ON records (domain_id, ordername); CREATE TABLE supermasters ( ip VARCHAR(64) NOT NULL, nameserver VARCHAR(255) NOT NULL, account VARCHAR(40) NOT NULL, PRIMARY KEY (ip, nameserver) ) Engine=InnoDB; CREATE TABLE comments ( id INT AUTO_INCREMENT, domain_id INT NOT NULL, name VARCHAR(255) NOT NULL, type VARCHAR(10) NOT NULL, modified_at INT NOT NULL, account VARCHAR(40) NOT NULL, comment VARCHAR(64000) NOT NULL, PRIMARY KEY (id) ) Engine=InnoDB; CREATE INDEX comments_domain_id_idx ON comments (domain_id); CREATE INDEX comments_name_type_idx ON comments (name, type); CREATE INDEX comments_order_idx ON comments (domain_id, modified_at); CREATE TABLE domainmetadata ( id INT AUTO_INCREMENT, domain_id INT NOT NULL, kind VARCHAR(32), content TEXT, PRIMARY KEY (id) ) Engine=InnoDB; CREATE INDEX domainmetadata_idx ON domainmetadata (domain_id, kind); CREATE TABLE cryptokeys ( id INT AUTO_INCREMENT, domain_id INT NOT NULL, flags INT NOT NULL, active BOOL, content TEXT, PRIMARY KEY(id) ) Engine=InnoDB; CREATE INDEX domainidindex ON cryptokeys(domain_id); CREATE TABLE tsigkeys ( id INT AUTO_INCREMENT, name VARCHAR(255), algorithm VARCHAR(50), secret VARCHAR(255), PRIMARY KEY (id) ) Engine=InnoDB; CREATE UNIQUE INDEX namealgoindex ON tsigkeys(name, algorithm); flush privileges;
第4章 安装powerDNS-admin的web管理界面
这里没有使用官方提供的poweradmin,是基于LAMP的,太重,部署很不方便
4.1为powerDNS-admin准备数据库和用户
MariaDB [(none)]> CREATE DATABASE powerdnsadmin CHARACTER SET utf8 COLLATE utf8_general_ci; Query OK, 1 row affected (0.00 sec) MariaDB [(none)]> GRANT ALL PRIVILEGES ON powerdnsadmin.* TO 'pdnsadminuser'@'%' IDENTIFIED BY 'p4ssw0rd'; Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]> FLUSH PRIVILEGES; Query OK, 0 rows affected (0.00 sec)
4.2克隆powerDNS-admin代码
git clone https://github.com/ngoduykhanh/PowerDNS-Admin.git
4.3进入主目录修改.env配置文件,配置数据库连接信息
[root@ops-tmp-app-2 PowerDNS-Admin]# cat .env ENVIRONMENT=development PDA_DB_HOST=10.3.2.15 PDA_DB_NAME=powerdnsadmin PDA_DB_USER=pdnsadminuser PDA_DB_PASSWORD=p4ssw0rd PDA_DB_PORT=3306 PDNS_DB_HOST=10.3.2.15 PDNS_DB_NAME=powerdns PDNS_DB_USER=powerdns PDNS_DB_PASSWORD=powerdns PDNS_HOST=10.3.2.15 PDNS_API_KEY=changeme PDNS_WEBSERVER_ALLOW_FROM=0.0.0.0
4.4使用docker-compose构建
docker-compose build
4.5启动容器
docker-compose up
PS:只要powerdns-admin这个容器起来就可以了,其他都可以忽略或者直接干掉,因为数据库是使用自己的,没用compose文件中构建的
[root@ops-tmp-app-2 PowerDNS-Admin]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
56b74d880448 powerdns-admin "/entrypoint.sh" 6 days ago Up 1 second 0.0.0.0:9191->9191/tcp powerdns-admin
打开浏览器访问9191端口就可以了