Allow any recursion and cache queries for named svc
Signed-off-by: Ruslan Aliev <raliev@mirantis.com> Change-Id: Idba94e27b4d1375fe5feabd6a2c08f4a9716f186
This commit is contained in:
parent
ab092a983d
commit
ec5ba2fc37
|
@ -0,0 +1,15 @@
|
|||
diff --git a/src/provisioningserver/templates/dns/named.conf.options.inside.maas.template b/src/provisioningserver/templates/dns/named.conf.options.inside.maas.template
|
||||
index d76fcfa9a..d198e90b9 100644
|
||||
--- a/src/provisioningserver/templates/dns/named.conf.options.inside.maas.template
|
||||
+++ b/src/provisioningserver/templates/dns/named.conf.options.inside.maas.template
|
||||
@@ -13,8 +13,8 @@ empty-zones-enable no;
|
||||
allow-query { any; };
|
||||
{{endif}}
|
||||
{{if not upstream_allow_recursion}}
|
||||
-allow-recursion { trusted; };
|
||||
+allow-recursion { any; };
|
||||
{{endif}}
|
||||
{{if not upstream_allow_query_cache}}
|
||||
-allow-query-cache { trusted; };
|
||||
+allow-query-cache { any; };
|
||||
{{endif}}
|
|
@ -64,12 +64,15 @@ COPY 3.0_ipmi_error.patch /tmp/3.0_ipmi_error.patch
|
|||
COPY 3.0_redfish_retries.patch /tmp/3.0_redfish_retries.patch
|
||||
# Patch to disable ipv6 in bind9
|
||||
COPY 3.0_named_conf.patch /tmp/3.0_named_conf.patch
|
||||
# Patch to allow any recursion and cache queries
|
||||
COPY 3.0_allow_query.patch /tmp/3.0_allow_query.patch
|
||||
|
||||
RUN cd /usr/lib/python3/dist-packages/provisioningserver/utils && patch network.py < /tmp/3.0_nic_filter.patch
|
||||
RUN cd /usr/lib/python3/dist-packages/twisted/web && patch server.py < /tmp/3.0_secure_headers.patch
|
||||
RUN cd /usr/lib/python3/dist-packages/provisioningserver/drivers/power && patch ipmi.py < /tmp/3.0_ipmi_error.patch
|
||||
RUN cd /usr/lib/python3/dist-packages/provisioningserver/drivers/power && patch redfish.py < /tmp/3.0_redfish_retries.patch
|
||||
RUN cd /usr/lib/python3/dist-packages/provisioningserver/dns/commands && patch edit_named_options.py < /tmp/3.0_named_conf.patch
|
||||
RUN cd /usr/lib/python3/dist-packages/provisioningserver/templates/dns && patch named.conf.options.inside.maas.template < /tmp/3.0_allow_query.patch
|
||||
|
||||
# echo journalctl logs to the container's stdout
|
||||
COPY scripts/journalctl-to-tty.service /etc/systemd/system/journalctl-to-tty.service
|
||||
|
@ -81,5 +84,8 @@ RUN umask 0337; echo 'Defaults:maas !pam_session, !syslog' > /etc/sudoers.d/99-m
|
|||
# avoid triggering bind9 high cpu utilization bug
|
||||
RUN sed -i -e '$a\include "/etc/bind/bind.keys";' /etc/bind/named.conf
|
||||
|
||||
# invoke regeneration named.conf and options
|
||||
RUN /usr/lib/maas/maas-common edit-named-options --config-path /etc/bind/named.conf.options && /usr/lib/maas/maas-common setup-dns
|
||||
|
||||
# initalize systemd
|
||||
CMD ["/bin/bash", "-c", "exec /sbin/init --log-target=console 3>&1"]
|
||||
|
|
|
@ -0,0 +1,15 @@
|
|||
diff --git a/src/provisioningserver/templates/dns/named.conf.options.inside.maas.template b/src/provisioningserver/templates/dns/named.conf.options.inside.maas.template
|
||||
index ba1aee316..ab5766210 100644
|
||||
--- a/src/provisioningserver/templates/dns/named.conf.options.inside.maas.template
|
||||
+++ b/src/provisioningserver/templates/dns/named.conf.options.inside.maas.template
|
||||
@@ -13,8 +13,8 @@ dnssec-validation {{dnssec_validation}};
|
||||
allow-query { any; };
|
||||
{{endif}}
|
||||
{{if not upstream_allow_recursion}}
|
||||
-allow-recursion { trusted; };
|
||||
+allow-recursion { any; };
|
||||
{{endif}}
|
||||
{{if not upstream_allow_query_cache}}
|
||||
-allow-query-cache { trusted; };
|
||||
+allow-query-cache { any; };
|
||||
{{endif}}
|
|
@ -63,12 +63,15 @@ COPY 2.8_ipmi_error.patch /tmp/2.8_ipmi_error.patch
|
|||
COPY 2.8_redfish_retries.patch /tmp/2.8_redfish_retries.patch
|
||||
# Patch to disable ipv6 in bind9
|
||||
COPY 2.8_named_conf.patch /tmp/2.8_named_conf.patch
|
||||
# Patch to allow any recursion and cache queries
|
||||
COPY 2.8_allow_query.patch /tmp/2.8_allow_query.patch
|
||||
|
||||
RUN cd /usr/lib/python3/dist-packages/provisioningserver/utils && patch network.py < /tmp/2.8_nic_filter.patch
|
||||
RUN cd /usr/lib/python3/dist-packages/twisted/web && patch server.py < /tmp/2.8_secure_headers.patch
|
||||
RUN cd /usr/lib/python3/dist-packages/provisioningserver/drivers/power && patch ipmi.py < /tmp/2.8_ipmi_error.patch
|
||||
RUN cd /usr/lib/python3/dist-packages/provisioningserver/drivers/power && patch redfish.py < /tmp/2.8_redfish_retries.patch
|
||||
RUN cd /usr/lib/python3/dist-packages/provisioningserver/dns/commands && patch edit_named_options.py < /tmp/2.8_named_conf.patch
|
||||
RUN cd /usr/lib/python3/dist-packages/provisioningserver/templates/dns && patch named.conf.options.inside.maas.template < /tmp/2.8_allow_query.patch
|
||||
|
||||
# echo journalctl logs to the container's stdout
|
||||
COPY scripts/journalctl-to-tty.service /etc/systemd/system/journalctl-to-tty.service
|
||||
|
@ -80,5 +83,8 @@ RUN umask 0337; echo 'Defaults:maas !pam_session, !syslog' > /etc/sudoers.d/99-m
|
|||
# avoid triggering bind9 high cpu utilization bug
|
||||
RUN sed -i -e '$a\include "/etc/bind/bind.keys";' /etc/bind/named.conf
|
||||
|
||||
# invoke regeneration named.conf and options
|
||||
RUN /usr/lib/maas/maas-common edit-named-options --config-path /etc/bind/named.conf.options && /usr/lib/maas/maas-common setup-dns
|
||||
|
||||
# initalize systemd
|
||||
CMD ["/bin/bash", "-c", "exec /sbin/init --log-target=console 3>&1"]
|
||||
|
|
Loading…
Reference in New Issue