refactor dns

This commit is contained in:
Jörg Thalheim 2016-02-02 22:15:17 +00:00
parent 3ab9757992
commit cdf198f61e
10 changed files with 74 additions and 47 deletions

View File

@ -1,5 +0,0 @@
#!/bin/bash
/usr/bin/ip route add 172.16.0.0/12 via 172.16.75.1 proto static metric 100
/usr/bin/ip route add 10.0.0.0/8 via 172.16.75.1 proto static metric 100
exit 0

View File

@ -11,11 +11,11 @@ module Lxc
@data["network"][name] = {} @data["network"][name] = {}
zone = @data["zone"] || {} zone = @data["zone"] || {}
@ipv4_subnet = NetAddr::CIDR.create(zone["v4_subnet"] || "192.168.10.0/24") @ipv4_subnet = NetAddr::CIDR.create(zone["ipv4-subnet"] || "192.168.10.0/24")
@ipv6_subnet = NetAddr::CIDR.create(zone["v6_subnet"] || "fd7d:aed0:18aa::/48") @ipv6_subnet = NetAddr::CIDR.create(zone["ipv6-subnet"] || "fd7d:aed0:18aa::/48")
@ula_subnet = NetAddr::CIDR.create(zone["ula_subnet"] || "fdc5:bdb8:b81::/48") @ula_subnet = NetAddr::CIDR.create(zone["ula-subnet"] || "fdc5:bdb8:b81::/48")
@container_root = Pathname.new(zone["lxc_root"]).join(name) @container_root = Pathname.new(zone["lxc-root"]).join(name)
network = data["network"] network = data["network"]
@name = name @name = name

View File

@ -21,7 +21,6 @@ module Lxc
host_part = arpa[0, arpa.size - @subnet.arpa.size - 1] host_part = arpa[0, arpa.size - @subnet.arpa.size - 1]
# only allowed characters in FQDN # only allowed characters in FQDN
name = name.gsub(/[^a-zA-Z0-9\-]/, "-") name = name.gsub(/[^a-zA-Z0-9\-]/, "-")
# <%= addr %> PTR <%= fqdn(name) %>.<%= data["zone"]["domain"] %>.
yield name, host_part yield name, host_part
end end
end end
@ -32,7 +31,7 @@ module Lxc
def write_zone_file(path) def write_zone_file(path)
zone_template = Template.new(CONFIG_ROOT.join("hooks/templates/rdns-zone.erb")) zone_template = Template.new(CONFIG_ROOT.join("hooks/templates/rdns-zone.erb"))
domain = data["zone"]["#{@addr_field}-domain"] domain = data["zone"]["dn42-domain"]
zone_template.write(path.join("zones", name), zone_template.write(path.join("zones", name),
zone: self, zone: self,
data: data, data: data,

View File

@ -8,4 +8,4 @@ lxc.mount = <%= fstab %>
lxc.network.ipv4 = <%= ipv4 %> lxc.network.ipv4 = <%= ipv4 %>
lxc.network.ipv6 = <%= ipv6 %> lxc.network.ipv6 = <%= ipv6 %>
lxc.network.ipv6 = <%= ula %> lxc.network.ipv6 = <%= ula %>
lxc.network.veth.pair = lxc_<%= name[0..(16-4)] %> lxc.network.veth.pair = <%= "lxc_#{name}"[0..14] %>

View File

@ -13,11 +13,12 @@ $TTL <%= data["zone"]["ttl"] %>
<% end -%> <% end -%>
<% if data["zone"]["a"] -%> <% if data["zone"]["a"] -%>
A <%= data["zone"]["a"] %> A <%= data["zone"]["dn42-a"] %>
<% end -%> <% end -%>
<% if data["zone"]["aaaa"] -%> <% if data["zone"]["aaaa"] -%>
AAAA <%= data["zone"]["aaaa"]%> AAAA <%= data["zone"]["dn42-aaaa"]%>
<% end -%> <% end -%>
<% data["network"].each do |name, value| %> <% data["network"].each do |name, value| %>
<% if value["cname"] -%> <% if value["cname"] -%>
<%= fqdn(name) %> CNAME <%= value["cname"] %> <%= fqdn(name) %> CNAME <%= value["cname"] %>
@ -29,12 +30,11 @@ $TTL <%= data["zone"]["ttl"] %>
<%= fqdn(name) %> A <%= NetAddr::CIDR.create(value["ipv4"]).ip(Short: true) %> <%= fqdn(name) %> A <%= NetAddr::CIDR.create(value["ipv4"]).ip(Short: true) %>
ipv4.<%= fqdn(name) %> A <%= NetAddr::CIDR.create(value["ipv4"]).ip(Short: true) %> ipv4.<%= fqdn(name) %> A <%= NetAddr::CIDR.create(value["ipv4"]).ip(Short: true) %>
<% end -%> <% end -%>
<% if value["ipv6"] -%>
<%= fqdn(name) %> AAAA <%= NetAddr::CIDR.create(value["ipv6"]).ip(Short: true) %>
ipv6.<%= fqdn(name) %> AAAA <%= NetAddr::CIDR.create(value["ipv6"]).ip(Short: true) %>
<% end -%>
<% if value["ula"] -%> <% if value["ula"] -%>
<%= fqdn(name) %> AAAA <%= NetAddr::CIDR.create(value["ula"]).ip(Short: true) %> <%= fqdn(name) %> AAAA <%= NetAddr::CIDR.create(value["ula"]).ip(Short: true) %>
ula.<%= fqdn(name) %> AAAA <%= NetAddr::CIDR.create(value["ula"]).ip(Short: true) %> ula.<%= fqdn(name) %> AAAA <%= NetAddr::CIDR.create(value["ula"]).ip(Short: true) %>
<% end -%> <% end -%>
<% if value["ipv6"] -%>
ipv6.<%= fqdn(name) %> AAAA <%= NetAddr::CIDR.create(value["ipv6"]).ip(Short: true) %>
<% end -%>
<% end -%> <% end -%>

View File

@ -0,0 +1,32 @@
<% if data["zone"]["ttl"] -%>
$TTL <%= data["zone"]["ttl"] %>
<% end -%>
@ IN SOA <%= data["zone"]["soa"] %> <%= data["zone"]["hostmaster"] %> (
<%= data["zone"]["serial"] %> ; serial
<%= data["zone"]["refresh"] %> ; refresh
<%= data["zone"]["retry"] %> ; retry
<%= data["zone"]["expire"] %> ; expire
<%= data["zone"]["minimum"] %>) ; minimum
<% data["zone"]["ns"].each do |name, value| -%>
NS <%= name %>.
<% end -%>
<% if data["zone"]["a"] -%>
A <%= data["zone"]["a"] %>
<% end -%>
<% if data["zone"]["aaaa"] -%>
AAAA <%= data["zone"]["aaaa"]%>
<% end -%>
<% data["network"].each do |name, value| %>
<% if value["cname"] -%>
<%= fqdn(name) %> CNAME <%= value["cname"] %>
<% end -%>
<% if value["srv"] -%>
<%= fqdn(name) %> SRV <%= value["srv"] %>
<% end -%>
<% if value["ipv6"] -%>
<%= fqdn(name) %> AAAA <%= NetAddr::CIDR.create(value["ipv6"]).ip(Short: true) %>
<% end -%>
<% end -%>

View File

@ -39,7 +39,7 @@ end
registry = Lxc::Registry.new registry = Lxc::Registry.new
registry.data["zone"] ||= {} registry.data["zone"] ||= {}
domain = registry.data["zone"]["ipv6-domain"] || "lxc" domain = registry.data["zone"]["ipv6-domain"] || "lxc"
subnet = registry.data["zone"]["v6_subnet"] subnet = registry.data["zone"]["ipv6-subnet"]
if subnet if subnet
subnet_cidr = NetAddr::CIDR.create(subnet) subnet_cidr = NetAddr::CIDR.create(subnet)
credentials = File.read(Lxc::CONFIG_ROOT.join("hetzner.key")) credentials = File.read(Lxc::CONFIG_ROOT.join("hetzner.key"))
@ -47,5 +47,5 @@ if subnet
network = registry.data["network"] || {} network = registry.data["network"] || {}
update_hetzner_rdns6(user, password, domain, subnet_cidr, network) update_hetzner_rdns6(user, password, domain, subnet_cidr, network)
else else
puts "no v6_subnet specified in container.json. skip rdns records" puts "no ipv6-subnet specified in container.json. skip rdns records"
end end

View File

@ -4,7 +4,7 @@ require_relative "lib/lxc"
registry = Lxc::Registry.new registry = Lxc::Registry.new
container_root = Pathname.new(registry.data["zone"]["lxc_root"]) container_root = Pathname.new(registry.data["zone"]["lxc-root"])
network = registry.data["network"] || {} network = registry.data["network"] || {}
network.each do |name, container| network.each do |name, container|
next if container["lxc"] == false next if container["lxc"] == false

View File

@ -5,8 +5,10 @@ require_relative "lib/lxc"
LXC_ROOT = Pathname.new("/data/containers") LXC_ROOT = Pathname.new("/data/containers")
FSTAB_D = Pathname.new("/etc/fstab.d") FSTAB_D = Pathname.new("/etc/fstab.d")
SYS_MOUNT = 165
MS_BIND = 4096
def fstab_entries(src_path, dest_path, mounts) def mount(src_path, dest_path, mounts)
unless src_path.exist? unless src_path.exist?
abort "container directory for shared mount does not exists #{dest_path}" abort "container directory for shared mount does not exists #{dest_path}"
end end
@ -17,14 +19,14 @@ def fstab_entries(src_path, dest_path, mounts)
src = src.gsub(/^\//, "") src = src.gsub(/^\//, "")
src_mount = dest_path.join(src) src_mount = dest_path.join(src)
puts ("mkdir -p #{src_mount}")
if dest == true if dest == true
dest_mount = src_path.join(src) dest_mount = src_path.join(src)
else else
dest_mount = src_path.join(dest.gsub(/^\//, "")) dest_mount = src_path.join(dest.gsub(/^\//, ""))
end end
puts ("mkdir -p #{dest_mount}")
FileUtils.mkdir_p(dest_mount) FileUtils.mkdir_p(dest_mount)
"#{src_mount} #{dest_mount} none bind,nofail,x-systemd.device-timeout=1 0 0" syscall(SYS_MOUNT, src_mount.to_s, dest_mount.to_s, "none", MS_BIND, 0)
end end
entries entries
@ -38,21 +40,10 @@ def main
containers = container["mounts"] containers = container["mounts"]
next if containers.nil? next if containers.nil?
fstab = []
containers.each do |dest_container, mounts| containers.each do |dest_container, mounts|
dest_path = LXC_ROOT.join(dest_container, "rootfs") dest_path = LXC_ROOT.join(dest_container, "rootfs")
fstab << fstab_entries(src_path, dest_path, mounts) mount(src_path, dest_path, mounts)
end end
content = fstab.join("\n")
path = FSTAB_D.join("50_lxc_#{name}")
f = File.open(path, "w+")
f.write content
f.write "\n"
f.close
Lxc::Utils.sh("update-conf.d", "fstab")
Lxc::Utils.sh("mount", "-a")
end end
end end

View File

@ -5,6 +5,16 @@ require_relative "lib/lxc"
DNS_CONTAINER = "dns" DNS_CONTAINER = "dns"
def dns_zone(registry, template, zone_name)
root_path = Pathname.new(File.expand_path("../..", __FILE__))
zone_template = Lxc::Template.new(root_path.join("hooks/templates/#{template}.erb"))
zone = registry.data["zone"] || {}
zone_template.write(root_path.join("zones",
"#{zone_name}.zone"),
data: registry.data,
zone: zone)
end
def main def main
registry = Lxc::Registry.new registry = Lxc::Registry.new
registry.data["zone"] ||= {} registry.data["zone"] ||= {}
@ -13,23 +23,23 @@ def main
root_path = Lxc::CONFIG_ROOT root_path = Lxc::CONFIG_ROOT
if subnet = registry.data["zone"]["ula_subnet"] if subnet = registry.data["zone"]["ula-subnet"]
Lxc::RdnsZone.new(registry.data, "ula", subnet).write_zone_file(root_path) zone = Lxc::RdnsZone.new(registry.data, "ula", subnet)
zone.write_zone_file(root_path)
end end
if subnet = registry.data["zone"]["v4_subnet"] if subnet = registry.data["zone"]["ipv4-subnet"]
Lxc::RdnsZone.new(registry.data, "ipv4", subnet).write_zone_file(root_path) zone = Lxc::RdnsZone.new(registry.data, "ipv4", subnet)
zone.write_zone_file(root_path)
end end
if subnet = registry.data["zone"]["v6_subnet"] if domain = registry.data["zone"]["ipv6-domain"]
Lxc::RdnsZone.new(registry.data, "ipv6", subnet).write_zone_file(root_path) dns_zone(registry, "ipv6-zone", domain)
end end
root_path = Pathname.new(File.expand_path("../..", __FILE__)) if domain = registry.data["zone"]["dn42-domain"]
zone_template = Lxc::Template.new(root_path.join("hooks/templates/lxc-zone.erb")) dns_zone(registry, "dn42-zone", domain)
zone = registry.data["zone"] || {} end
zone_name = registry.data["zone"]["domain"] || "lxc"
zone_template.write(root_path.join("zones", "#{zone_name}.zone"), data: registry.data, zone: zone)
Lxc::Utils.sh("lxc-attach", "-n", DNS_CONTAINER, "--", "rndc", "reload") Lxc::Utils.sh("lxc-attach", "-n", DNS_CONTAINER, "--", "rndc", "reload")
end end