504a2607a8
Implement the beginning of a structured pattern for Plugin's to provide configuration into Designate. The chosen pattern has been built to support both config generation, and the ability to define "extra" config options which are based on other config options (i.e. the dynamic sections for each pool server). Change-Id: I1889ac1de3dc90b95533bea3f456ea2bf8e9b845
156 lines
4.8 KiB
Plaintext
156 lines
4.8 KiB
Plaintext
# lib/designate_plugins/backend-bind9_pool
|
|
# Configure the bind9 pool backend
|
|
|
|
# Enable with:
|
|
# DESIGNATE_BACKEND_DRIVER=bind9_pool
|
|
|
|
# Dependencies:
|
|
# ``functions`` file
|
|
# ``designate`` configuration
|
|
|
|
# install_designate_backend - install any external requirements
|
|
# configure_designate_backend - make configuration changes, including those to other services
|
|
# init_designate_backend - initialize databases, etc.
|
|
# start_designate_backend - start any external services
|
|
# stop_designate_backend - stop any external services
|
|
# cleanup_designate_backend - remove transient data and cache
|
|
|
|
# Save trace setting
|
|
DP_BIND9_XTRACE=$(set +o | grep xtrace)
|
|
set +o xtrace
|
|
|
|
# Defaults
|
|
# --------
|
|
BIND_SERVICE_NAME=bind9
|
|
BIND_CFG_DIR=/etc/bind
|
|
BIND_VAR_DIR=/var/cache/bind
|
|
BIND_CFG_FILE=$BIND_CFG_DIR/named.conf.options
|
|
BIND_USER=bind
|
|
BIND_GROUP=bind
|
|
DESIGNATE_SERVICE_PORT_RNDC=${DESIGNATE_SERVICE_PORT_RNDC:-953}
|
|
|
|
if is_fedora; then
|
|
BIND_SERVICE_NAME=named
|
|
BIND_CFG_DIR=/etc/named
|
|
BIND_CFG_FILE=/etc/named.conf
|
|
BIND_VAR_DIR=/var/named
|
|
BIND_USER=named
|
|
BIND_GROUP=named
|
|
fi
|
|
|
|
# Entry Points
|
|
# ------------
|
|
|
|
# install_designate_backend - install any external requirements
|
|
function install_designate_backend {
|
|
if is_ubuntu; then
|
|
install_package bind9
|
|
elif is_fedora; then
|
|
install_package named
|
|
fi
|
|
|
|
# The user that designate runs as needs to be member of **$BIND_GROUP** group.
|
|
# The designate bind9 backend needs read/write access to $BIND_VAR_DIR
|
|
if ! getent group $BIND_GROUP >/dev/null; then
|
|
sudo groupadd $BIND_GROUP
|
|
fi
|
|
add_user_to_group $STACK_USER $BIND_GROUP
|
|
if [[ ! -d $BIND_CFG_DIR ]]; then
|
|
sudo mkdir -p $BIND_CFG_DIR
|
|
sudo chown $BIND_USER:$BIND_GROUP $BIND_CFG_DIR
|
|
fi
|
|
|
|
sudo chown -R $BIND_USER:$BIND_GROUP $BIND_CFG_DIR $BIND_VAR_DIR
|
|
sudo chmod -R g+r $BIND_CFG_DIR
|
|
sudo chmod -R g+rw $BIND_VAR_DIR
|
|
|
|
# Customize Bind9 apparmor profile if installed
|
|
if [[ -d /etc/apparmor.d ]]; then
|
|
sudo tee /etc/apparmor.d/local/usr.sbin.named > /dev/null << EOF
|
|
$DESIGNATE_STATE_PATH/bind9/** rw,
|
|
EOF
|
|
restart_service apparmor
|
|
fi
|
|
}
|
|
|
|
# configure_designate_backend - make configuration changes, including those to other services
|
|
function configure_designate_backend {
|
|
iniset $DESIGNATE_CONF service:pool_manager backends bind9_pool
|
|
iniset $DESIGNATE_CONF service:mdns slave_nameserver_ips_and_ports "$DESIGNATE_SERVICE_HOST:$DESIGNATE_SERVICE_PORT_DNS"
|
|
|
|
iniset $DESIGNATE_CONF backend:bind9_pool masters $DESIGNATE_SERVICE_HOST:$DESIGNATE_SERVICE_PORT_MDNS
|
|
iniset $DESIGNATE_CONF backend:bind9_pool server_ids $DESIGNATE_SERVER_ID
|
|
iniset $DESIGNATE_CONF backend:bind9_pool rndc_port $DESIGNATE_SERVICE_PORT_RNDC
|
|
iniset $DESIGNATE_CONF backend:bind9_pool rndc_host $DESIGNATE_SERVICE_HOST
|
|
iniset $DESIGNATE_CONF backend:bind9_pool rndc_config_file "$BIND_CFG_DIR/rndc.conf"
|
|
iniset $DESIGNATE_CONF backend:bind9_pool rndc_key_file "$BIND_CFG_DIR/rndc.key"
|
|
|
|
iniset $DESIGNATE_CONF backend:bind9_pool:$DESIGNATE_SERVER_ID host $DESIGNATE_SERVICE_HOST
|
|
iniset $DESIGNATE_CONF backend:bind9_pool:$DESIGNATE_SERVER_ID port $DESIGNATE_SERVICE_PORT_DNS
|
|
|
|
sudo chown $STACK_USER $BIND_CFG_DIR
|
|
|
|
# create rndc key and config
|
|
sudo rndc-confgen -a -c $BIND_CFG_DIR/rndc.key
|
|
sudo chown $BIND_USER:$BIND_GROUP $BIND_CFG_DIR/rndc.key
|
|
sudo chmod g+r $BIND_CFG_DIR/rndc.key
|
|
|
|
# Configure Bind
|
|
sudo tee $BIND_CFG_FILE > /dev/null <<EOF
|
|
include "$BIND_CFG_DIR/rndc.key";
|
|
|
|
options {
|
|
directory "$BIND_VAR_DIR";
|
|
allow-new-zones yes;
|
|
dnssec-validation auto;
|
|
auth-nxdomain no; # conform to RFC1035
|
|
listen-on port $DESIGNATE_SERVICE_PORT_DNS { $DESIGNATE_SERVICE_HOST; };
|
|
};
|
|
|
|
controls {
|
|
inet $DESIGNATE_SERVICE_HOST port $DESIGNATE_SERVICE_PORT_RNDC allow { $DESIGNATE_SERVICE_HOST; } keys { "rndc-key"; };
|
|
};
|
|
EOF
|
|
|
|
# Configure RNDC
|
|
sudo tee $BIND_CFG_DIR/rndc.conf > /dev/null << EOF
|
|
include "$BIND_CFG_DIR/rndc.key";
|
|
|
|
options {
|
|
default-key "rndc-key";
|
|
default-server $DESIGNATE_SERVICE_HOST;
|
|
default-port $DESIGNATE_SERVICE_PORT_RNDC;
|
|
};
|
|
EOF
|
|
|
|
sudo chown $BIND_USER:$BIND_GROUP $BIND_CFG_FILE $BIND_CFG_DIR/rndc.conf
|
|
sudo chmod g+r $BIND_CFG_FILE $BIND_CFG_DIR/rndc.conf
|
|
|
|
restart_service $BIND_SERVICE_NAME
|
|
}
|
|
|
|
# init_designate_backend - initialize databases, etc.
|
|
function init_designate_backend {
|
|
:
|
|
}
|
|
|
|
# start_designate_backend - start any external services
|
|
function start_designate_backend {
|
|
start_service bind9
|
|
}
|
|
|
|
# stop_designate_backend - stop any external services
|
|
function stop_designate_backend {
|
|
stop_service bind9
|
|
}
|
|
|
|
# cleanup_designate_backend - remove transient data and cache
|
|
function cleanup_designate_backend {
|
|
sudo sh -c "rm -rf $BIND_VAR_DIR/*.nzf"
|
|
sudo sh -c "rm -rf $BIND_VAR_DIR/slave.*"
|
|
sudo rm -f $BIND_CFG_DIR/rndc.key
|
|
}
|
|
|
|
# Restore xtrace
|
|
$DP_BIND9_XTRACE
|