change reverse zone

This commit is contained in:
Jörg Thalheim 2015-12-13 19:24:00 +00:00
parent 2a1e001cb5
commit 200c53966a
8 changed files with 106 additions and 39 deletions

View File

@ -1,10 +1,12 @@
{
"zone": {
"soa": "ns1.higgsboson.tk.",
"serial": 175,
"serial": 200,
"refresh": "1H",
"hostmaster": "hostmaster.higgsboson.tk",
"domain": "eve.higgsboson.tk",
"ipv6-domain": "eve.higgsboson.tk",
"ipv4-domain": "eve.evenet.dn42",
"ula-domain": "eve.evenet.dn42",
"ttl": 300,
"a": "148.251.132.243",
"aaaa": "2a01:4f8:210:31fd::1",
@ -13,7 +15,9 @@
"minimum": "1D",
"v4_subnet": "172.23.75.0/26",
"ula_subnet": "fdc0:4992:6a6d::/80",
"v6_subnet": "2a01:4f8:210:31fd:1::/80"
"v6_subnet": "2a01:4f8:210:31fd:1::/80",
"lxc_root": "/data/containers/",
"lxc-config": "/etc/lxc/default.conf"
},
"network": {
"eve": {
@ -38,9 +42,9 @@
"lxc": false
},
"base": {
"ipv4": "172.23.75.63/32",
"ipv6": "2a01:4f8:210:31fd:1::3f/128",
"ula": "fdc0:4992:6a6d::3f/128"
"ipv4": "172.23.75.62/32",
"ipv6": "2a01:4f8:210:31fd:1::3e/128",
"ula": "fdc0:4992:6a6d::3e/128"
},
"ldap": {
"ipv4": "172.23.75.3/32",
@ -56,10 +60,13 @@
"istwiki": {
"srv/http/ist.devkid.net": true
},
"letsencrypt": {
"/etc/letsencrypt/": true
},
"git": {
"usr/share/webapps/gitlab": true,
"var/lib/gitlab/assets": true,
"var/lib/gitlab/uploads": true
"usr/share/webapps/gitlab/public": true,
"srv/http/higgsboson.tk": true,
"srv/http/blog.higgsboson.tk": true
},
"halfcode": {
"srv/http/halfco.de": true
@ -73,6 +80,9 @@
"rainloop": {
"srv/http/mail.higgsboson.tk": true
},
"limesurvey": {
"usr/share/webapps/limesurvey": true
},
"etherpad": {
"/usr/share/webapps/etherpad-lite/src/static": "/srv/http/pad.higgsboson.tk/static"
},
@ -103,7 +113,6 @@
"pyload": {
"var/lib/pyload/Downloads": "mnt/pyload"
},
"phpmyadmin": true,
"ttrss": {
"usr/share/webapps/tt-rss": true,
"var/lib/tt-rss/feed-icons": true
@ -111,17 +120,17 @@
},
"ula": "fdc0:4992:6a6d::5/128"
},
"ns1": {
"ns1.evenet.dn42": {
"ns": true,
"lxc": false,
"ipv4": "148.251.132.243/32",
"ipv6": "2a01:4f8:210:31fd:1::6/128"
"ipv4": "172.23.75.6",
"ipv6": "fdc0:4992:6a6d::6"
},
"ns2": {
"ns2.evenet.dn42": {
"ns": true,
"lxc": false,
"ipv4": "188.226.214.194/32",
"ipv6": "2a03:b0c0:0:1010::3d:b002/128"
"ipv4": "172.23.75.70",
"ipv6": "fdc0:4992:6a6d:300::6"
},
"dns": {
"ipv4": "172.23.75.6/32",
@ -132,12 +141,17 @@
"dn42": {
"ipv4": "172.23.75.1/32",
"ipv6": "2a01:4f8:210:31fd:1::1/128",
"ula": "fdc0:4992:6a6d::1/128"
"ula": "fdc0:4992:6a6d::1/128",
"mounts": {
"web": {
"srv/http/dl.higgsboson.tk": true
}
}
},
"dn42-2": {
"ipv4": "172.23.75.64/32",
"ipv4": "172.23.75.65/32",
"ipv6": "2a03:b0c0:0:1010::3d:b001",
"ula": "fdc0:4992:6a6d::1/128",
"ula": "fdc0:4992:6a6d:300::1",
"lxc": false
},
"faces": {
@ -224,6 +238,12 @@
"ipv4": "172.23.75.16/32",
"ipv6": "2a01:4f8:210:31fd:1::10/128",
"rdns6": "mail.higgsboson.tk",
"mounts": {
"letsencrypt": {
"/etc/letsencrypt/live/": true,
"/etc/letsencrypt/archive/": true
}
},
"backup-paths": [
"var/vmail"
],
@ -334,6 +354,12 @@
"backup-paths": [
"var/lib/prosody"
],
"mounts": {
"letsencrypt": {
"/etc/letsencrypt/live/": true,
"/etc/letsencrypt/archive/": true
}
},
"ula": "fdc0:4992:6a6d::16/128"
},
"piwik": {
@ -380,11 +406,6 @@
"ipv6": "2a01:4f8:210:31fd:1::1b/128",
"ula": "fdc0:4992:6a6d::1b/128"
},
"classifier": {
"ipv4": "172.23.75.28/32",
"ipv6": "2a01:4f8:210:31fd:1::1c/128",
"ula": "fdc0:4992:6a6d::1c/128"
},
"seafile": {
"ipv4": "172.23.75.29/32",
"ipv6": "2a01:4f8:210:31fd:1::1d/128",
@ -401,6 +422,7 @@
},
"vars": {
"ssh_ldap": true,
"install_dn42_ca": false,
"add_repo_in_pacman_conf": false,
"additional_admins": [
{
@ -453,6 +475,43 @@
"ipv4": "172.23.75.37/32",
"ipv6": "2a01:4f8:210:31fd:1::25/128",
"ula": "fdc0:4992:6a6d::25/128"
},
"honeypot": {
"ipv4": "172.23.75.38/32",
"ipv6": "2a01:4f8:210:31fd:1::26/128",
"ula": "fdc0:4992:6a6d::26/128",
"lxc": false
},
"btsync": {
"ipv4": "172.23.75.31/32",
"ipv6": "2a01:4f8:210:31fd:1::1f/128",
"ula": "fdc0:4992:6a6d::1f/128",
"mounts": {
"pyload": {
"var/lib/pyload/Downloads": "mnt/pyload"
}
}
},
"letsencrypt": {
"ipv4": "172.23.75.28/32",
"ipv6": "2a01:4f8:210:31fd:1::1c/128",
"ula": "fdc0:4992:6a6d::1c/128"
},
"limesurvey": {
"ipv4": "172.23.75.39/32",
"ipv6": "2a01:4f8:210:31fd:1::27/128",
"ula": "fdc0:4992:6a6d::27/128",
"group": "php",
"vars": {
"php_extensions": [
"pgsql",
"pdo_pgsql",
"gd",
"zip",
"ldap",
"imap"
]
}
}
}
}

View File

@ -5,6 +5,8 @@ lxc.cap.keep = chown dac_override dac_read_search fowner fsetid ipc_owner kill l
# Setup the LXC devices in /dev/lxc/
lxc.devttydir = lxc
lxc.init_cmd = /usr/lib/systemd/systemd
# Set the halt/stop signals
lxc.haltsignal=SIGRTMIN+4
lxc.stopsignal=SIGRTMIN+14

View File

@ -44,6 +44,7 @@ module Lxc
FileUtils.touch(local_conf)
end
opts[:local_conf] = local_conf
opts[:global_conf] = @data["zone"]["lxc-config"]
fstab = @container_root.join("fstab")
opts[:fstab] = fstab if File.exists?(fstab)

View File

@ -1,7 +1,8 @@
module Lxc
class RdnsZone
def initialize(data, subnet)
def initialize(data, addr_field, subnet)
@data = data
@addr_field = addr_field
@subnet = NetAddr::CIDR.create(subnet)
end
@ -12,16 +13,15 @@ module Lxc
end
def pointers(&blk)
version = @subnet.version
@data["network"].each do |name, host|
ip = host["ipv#{version}"]
ip = host[@addr_field]
next unless ip
arpa = NetAddr::CIDR.create(ip).arpa
next unless arpa.end_with?(@subnet.arpa)
host_part = arpa[0, arpa.size - @subnet.arpa.size - 1]
# only allowed characters in FQDN
name = name.gsub(/[^a-zA-Z0-9\-]/, "-")
# <%= addr %> PTR <%= fqdn(name) %>.<%= data["zone"]["domain"] %>.
yield name, host_part
end
end
@ -32,7 +32,11 @@ module Lxc
def write_zone_file(path)
zone_template = Template.new(CONFIG_ROOT.join("hooks/templates/rdns-zone.erb"))
zone_template.write(path.join("zones", name), zone: self, data: data)
domain = data["zone"]["#{@addr_field}-domain"]
zone_template.write(path.join("zones", name),
zone: self,
data: data,
domain: domain)
end
end
end

View File

@ -1,4 +1,4 @@
lxc.include = /etc/lxc/overlay.conf
lxc.include = <%= global_conf %>
lxc.include = <%= local_conf %>
lxc.utsname = <%= name %>
lxc.rootfs = <%= rootfs %>

View File

@ -1,4 +1,4 @@
@ IN SOA <%= data["zone"]["soa"] %> <%= data["zone"]["hostmaster"] %>. (
@ IN SOA ns1.evenet.dn42. <%= data["zone"]["hostmaster"] %>. (
<%= data["zone"]["serial"] %> ; serial
<%= data["zone"]["refresh"] %> ; refresh
<%= data["zone"]["retry"] %> ; retry
@ -11,5 +11,5 @@
<% end -%>
<% zone.pointers do |name, addr| -%>
<%= addr %> PTR <%= fqdn(name) %>.<%= data["zone"]["domain"] %>.
<%= addr %> PTR <%= fqdn(name) %>.<%= domain %>.
<% end -%>

View File

@ -38,7 +38,7 @@ end
registry = Lxc::Registry.new
registry.data["zone"] ||= {}
domain = registry.data["zone"]["domain"] || "lxc"
domain = registry.data["zone"]["ipv6-domain"] || "lxc"
subnet = registry.data["zone"]["v6_subnet"]
if subnet
subnet_cidr = NetAddr::CIDR.create(subnet)

View File

@ -12,16 +12,17 @@ def main
registry.save
root_path = Lxc::CONFIG_ROOT
if subnet = registry.data["zone"]["ula_subnet"]
Lxc::RdnsZone.new(registry.data, "ula", subnet).write_zone_file(root_path)
end
if subnet = registry.data["zone"]["v4_subnet"]
Lxc::RdnsZone.new(registry.data, subnet).write_zone_file(root_path)
Lxc::RdnsZone.new(registry.data, "ipv4", subnet).write_zone_file(root_path)
end
if subnet = registry.data["zone"]["v6_subnet"]
Lxc::RdnsZone.new(registry.data, subnet).write_zone_file(root_path)
end
if subnet = registry.data["zone"]["ula_subnet"]
Lxc::RdnsZone.new(registry.data, subnet).write_zone_file(root_path)
Lxc::RdnsZone.new(registry.data, "ipv6", subnet).write_zone_file(root_path)
end
root_path = Pathname.new(File.expand_path("../..", __FILE__))