Initial charm
This commit is contained in:
commit
3fb2950ca9
|
@ -0,0 +1,5 @@
|
|||
.tox
|
||||
tmp
|
||||
build
|
||||
layers
|
||||
interfaces
|
|
@ -0,0 +1,5 @@
|
|||
.tox
|
||||
tmp
|
||||
build
|
||||
layers
|
||||
interfaces
|
|
@ -0,0 +1,8 @@
|
|||
#!/usr/bin/make
|
||||
LAYER_PATH := layers
|
||||
|
||||
clean:
|
||||
rm -Rf build
|
||||
|
||||
generate: clean
|
||||
LAYER_PATH=$(LAYER_PATH) tox -e generate
|
|
@ -0,0 +1,87 @@
|
|||
#!/bin/bash
|
||||
|
||||
apt-get install --yes bind9
|
||||
mv /etc/bind/named.conf.options /etc/bind/named.conf.options.org.$$
|
||||
mv /etc/bind/named.conf.local /etc/bind/named.conf.local.$$
|
||||
BASTION_IP="10.5.17.29"
|
||||
IP=$(ip -4 addr show eth0 | awk '/inet/ {print $2}' | sed -e 's!/.*!!')
|
||||
REV=$(echo $IP | awk 'BEGIN{FS="."} {print $3 "." $2 "." $1}')
|
||||
LAST_OCTET=$(echo $IP | awk 'BEGIN{FS="."} {print $4}')
|
||||
UNAME=$(uname -n)
|
||||
cat << EOF > /etc/bind/named.conf.options
|
||||
options {
|
||||
directory "/var/cache/bind";
|
||||
|
||||
// If there is a firewall between you and nameservers you want
|
||||
// to talk to, you may need to fix the firewall to allow multiple
|
||||
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
|
||||
|
||||
// If your ISP provided one or more IP addresses for stable
|
||||
// nameservers, you probably want to use them as forwarders.
|
||||
// Uncomment the following block, and insert the addresses replacing
|
||||
// the all-0's placeholder.
|
||||
|
||||
forwarders {
|
||||
$BASTION_IP;
|
||||
};
|
||||
|
||||
//========================================================================
|
||||
// If BIND logs error messages about the root key being expired,
|
||||
// you will need to update your keys. See https://www.isc.org/bind-keys
|
||||
//========================================================================
|
||||
dnssec-validation auto;
|
||||
|
||||
auth-nxdomain no; # conform to RFC1035
|
||||
listen-on-v6 { any; };
|
||||
};
|
||||
EOF
|
||||
|
||||
cat << EOF > /etc/bind/named.conf.local
|
||||
// forward zone
|
||||
zone "openstacklocal." {
|
||||
type master;
|
||||
file "/etc/bind/db.openstacklocal.com";
|
||||
};
|
||||
// reverse zone
|
||||
zone "${REV}.in-addr.arpa" {
|
||||
type master;
|
||||
notify no;
|
||||
file "/etc/bind/db.10";
|
||||
};
|
||||
EOF
|
||||
TTL='$TTL'
|
||||
|
||||
cat << EOF > /etc/bind/db.openstacklocal.com
|
||||
;
|
||||
; BIND data forward DNS sample for deployment on top of serverstack
|
||||
;
|
||||
$TTL 604800
|
||||
@ IN SOA ${UNAME}.openstacklocal. root.${UNAME}.openstacklocal. (
|
||||
201511161 ; Serial
|
||||
604800 ; Refresh
|
||||
86400 ; Retry
|
||||
2419200 ; Expire
|
||||
604800 ) ; Negative Cache TTL
|
||||
;
|
||||
@ IN NS ${UNAME}.openstacklocal.
|
||||
${UNAME} IN A ${IP}
|
||||
EOF
|
||||
cat << EOF > /etc/bind/db.10
|
||||
;
|
||||
; BIND reverse data file DNS sample for deployment on top of serverstack
|
||||
;
|
||||
$TTL 604800
|
||||
@ IN SOA ${UNAME}.openstacklocal. root.${UNAME}.openstacklocal. (
|
||||
201511161 ; Serial
|
||||
604800 ; Refresh
|
||||
86400 ; Retry
|
||||
2419200 ; Expire
|
||||
604800 ) ; Negative Cache TTL
|
||||
;
|
||||
@ IN NS ${UNAME}.
|
||||
${LAST_OCTET} IN PTR ${UNAME}.openstacklocal.
|
||||
EOF
|
||||
|
||||
echo "nameserver 127.0.0.1" > /etc/resolvconf/resolv.conf.d/head
|
||||
|
||||
/etc/init.d/bind9 restart
|
|
@ -0,0 +1,12 @@
|
|||
options:
|
||||
allowed_nets:
|
||||
default: "p2p"
|
||||
type: string
|
||||
description:
|
||||
list of allowed networks, with trailing semicolons" e.g., "10.172.0.0/16; 10.10.0.0/18;"
|
||||
forwarders:
|
||||
default: ""
|
||||
type: string
|
||||
description: |
|
||||
list of forwarders, with trailing semicolons: e.g., "8.8.8.8; 10.1.1.1;"
|
||||
|
|
@ -0,0 +1,29 @@
|
|||
#!/usr/bin/env python3
|
||||
|
||||
from glob import glob
|
||||
import os
|
||||
import sys
|
||||
from subprocess import check_call
|
||||
|
||||
|
||||
# Load modules from $CHARM_DIR/lib
|
||||
sys.path.append('lib')
|
||||
|
||||
# bootstrap wheelhouse
|
||||
if os.path.exists('wheelhouse'):
|
||||
check_call(['apt-get', 'install', '-yq', 'python3-pip'])
|
||||
# need newer pip, to fix spurious Double Requirement error https://github.com/pypa/pip/issues/56
|
||||
check_call(['pip3', 'install', '-U', '--no-index', '-f', 'wheelhouse', 'pip'])
|
||||
# install the rest of the wheelhouse deps
|
||||
check_call(['pip3', 'install', '-U', '--no-index', '-f', 'wheelhouse'] + glob('wheelhouse/*'))
|
||||
|
||||
check_call(['apt-get', 'install', '-yq', 'python3-netifaces'])
|
||||
|
||||
# This will load and run the appropriate @hook and other decorated
|
||||
# handlers from $CHARM_DIR/reactive, $CHARM_DIR/hooks/reactive,
|
||||
# and $CHARM_DIR/hooks/relations.
|
||||
#
|
||||
# See https://jujucharms.com/docs/stable/getting-started-with-charms-reactive
|
||||
# for more information on this pattern.
|
||||
from charms.reactive import main
|
||||
main()
|
|
@ -0,0 +1 @@
|
|||
includes: ['layer:openstack', 'interface:bind-rndc']
|
|
@ -0,0 +1,13 @@
|
|||
name: designate-bind
|
||||
summary: BIND9 backend for Designate
|
||||
maintainer: OpenStack Charmers <openstack-charmers@lists.ubuntu.com>
|
||||
description: |
|
||||
The Berkeley Internet Name Domain (BIND) implements an Internet domain
|
||||
name server. BIND is the most widely-used name server software on the
|
||||
Internet, and is supported by the Internet Software Consortium, www.isc.org.
|
||||
categories:
|
||||
- openstack
|
||||
subordinate: false
|
||||
provides:
|
||||
dns-backend:
|
||||
interface: bind-rndc
|
|
@ -0,0 +1,81 @@
|
|||
from charm.openstack.adapters import (
|
||||
OpenStackRelationAdapters,
|
||||
OpenStackRelationAdapter,
|
||||
)
|
||||
from charms.reactive import (
|
||||
hook,
|
||||
when,
|
||||
)
|
||||
from charmhelpers.core.templating import render
|
||||
from charmhelpers.core.hookenv import unit_private_ip
|
||||
from charmhelpers.core.host import restart_on_change, service_reload
|
||||
from charmhelpers.fetch import (
|
||||
apt_install,
|
||||
apt_update,
|
||||
)
|
||||
import os
|
||||
|
||||
BIND_DIR = '/etc/bind'
|
||||
NAMED_OPTIONS = 'named.conf.options'
|
||||
NAMED_CONF = 'named.conf'
|
||||
BIND_SERVICES = ['bind9']
|
||||
BIND_PACKAGES = ['bind9']
|
||||
|
||||
|
||||
class DNSAdapter(OpenStackRelationAdapter):
|
||||
|
||||
def __init__(self, relation):
|
||||
super(DNSAdapter, self).__init__(relation)
|
||||
|
||||
@property
|
||||
def control_listen_ip(self):
|
||||
return unit_private_ip()
|
||||
|
||||
@property
|
||||
def control_ips(self):
|
||||
return ';'.join(self.relation.client_ips())
|
||||
|
||||
|
||||
class BindAdapters(OpenStackRelationAdapters):
|
||||
"""
|
||||
Adapters class for the Designate charm.
|
||||
"""
|
||||
relation_adapters = {
|
||||
'dns_backend': DNSAdapter,
|
||||
}
|
||||
|
||||
def __init__(self, relations):
|
||||
super(BindAdapters, self).__init__(
|
||||
relations)
|
||||
|
||||
|
||||
def set_apparmor():
|
||||
apparmor_file = '/etc/apparmor.d/disable/usr.sbin.named'
|
||||
if not os.path.isfile(apparmor_file):
|
||||
open(apparmor_file, 'w').close()
|
||||
service_reload('apparmor')
|
||||
|
||||
|
||||
@hook('install')
|
||||
def install_packages():
|
||||
apt_update()
|
||||
apt_install(BIND_PACKAGES, fatal=True)
|
||||
set_apparmor()
|
||||
|
||||
|
||||
@when('dns-backend.related')
|
||||
def send_info(dns_client):
|
||||
dns_client.send_rndckey_info()
|
||||
|
||||
|
||||
@when('dns-backend.related')
|
||||
@restart_on_change({
|
||||
BIND_DIR + '/*': BIND_SERVICES
|
||||
})
|
||||
def config_changed(*args):
|
||||
set_apparmor()
|
||||
adapters = BindAdapters(args)
|
||||
for conf in [NAMED_OPTIONS, NAMED_CONF]:
|
||||
render(source=conf,
|
||||
target='{}/{}'.format(BIND_DIR, conf),
|
||||
context=adapters)
|
|
@ -0,0 +1,15 @@
|
|||
// This is the primary configuration file for the BIND DNS server named.
|
||||
//
|
||||
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
|
||||
// structure of BIND configuration files in Debian, *BEFORE* you customize
|
||||
// this configuration file.
|
||||
//
|
||||
// If you are just adding zones, please do that in /etc/bind/named.conf.local
|
||||
|
||||
include "/etc/bind/named.conf.options";
|
||||
include "/etc/bind/named.conf.local";
|
||||
include "/etc/bind/named.conf.default-zones";
|
||||
|
||||
controls {
|
||||
inet {{ dns_backend.control_listen_ip }} allow { {{ dns_backend.control_ips }}; };
|
||||
};
|
|
@ -0,0 +1,29 @@
|
|||
options {
|
||||
directory "/var/cache/bind";
|
||||
|
||||
// If there is a firewall between you and nameservers you want
|
||||
// to talk to, you may need to fix the firewall to allow multiple
|
||||
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
|
||||
|
||||
// If your ISP provided one or more IP addresses for stable
|
||||
// nameservers, you probably want to use them as forwarders.
|
||||
// Uncomment the following block, and insert the addresses replacing
|
||||
// the all-0's placeholder.
|
||||
|
||||
{% if options.forwarders -%}
|
||||
forwarders {
|
||||
{{ options.forwarders }};
|
||||
};
|
||||
{% endif -%}
|
||||
//========================================================================
|
||||
// If BIND logs error messages about the root key being expired,
|
||||
// you will need to update your keys. See https://www.isc.org/bind-keys
|
||||
//========================================================================
|
||||
dnssec-validation auto;
|
||||
|
||||
auth-nxdomain no; # conform to RFC1035
|
||||
listen-on-v6 { any; };
|
||||
allow-new-zones yes;
|
||||
request-ixfr no;
|
||||
recursion no;
|
||||
};
|
|
@ -0,0 +1,2 @@
|
|||
charm-tools
|
||||
flake8
|
|
@ -0,0 +1,23 @@
|
|||
#!/bin/bash
|
||||
export http_proxy=http://squid.internal:3128
|
||||
export https_proxy=http://squid.internal:3128
|
||||
export JUJU_REPOSITORY="$(pwd)/build"
|
||||
export INTERFACE_PATH=interfaces
|
||||
export LAYER_PATH=layers
|
||||
rm -rf $JUJU_REPOSITORY
|
||||
mkdir -p $JUJU_REPOSITORY
|
||||
if [[ ! -d $INTERFACE_PATH ]]; then
|
||||
mkdir $INTERFACE_PATH
|
||||
( cd $INTERFACE_PATH;
|
||||
git clone git+ssh://git.launchpad.net/~gnuoy/charms/+source/interface-bind-rndc bind-rndc; )
|
||||
fi
|
||||
if [[ ! -d $LAYER_PATH ]]; then
|
||||
mkdir $LAYER_PATH
|
||||
( cd $LAYER_PATH;
|
||||
git clone git+ssh://git.launchpad.net/~gnuoy/charms/+source/reactive-openstack-layer openstack; )
|
||||
fi
|
||||
make clean
|
||||
make generate
|
||||
# ./kill_charms.sh designate
|
||||
#juju-deployer -c barbican.yaml
|
||||
echo $JUJU_REPOSITORY
|
|
@ -0,0 +1,28 @@
|
|||
[tox]
|
||||
skipsdist = True
|
||||
envlist = generate
|
||||
|
||||
[testenv]
|
||||
setenv = VIRTUAL_ENV={envdir}
|
||||
PYTHONHASHSEED=0
|
||||
TERM=linux
|
||||
INTERFACE_PATH={toxinidir}/interfaces
|
||||
LAYER_PATH={toxinidir}/layers
|
||||
JUJU_REPOSITORY={toxinidir}/build
|
||||
passenv = http_proxy https_proxy
|
||||
install_command =
|
||||
pip install {opts} {packages}
|
||||
deps =
|
||||
-r{toxinidir}/requirements.txt
|
||||
|
||||
[testenv:generate]
|
||||
basepython = python2.7
|
||||
commands =
|
||||
charm generate --log-level DEBUG -o {toxinidir}/build charm
|
||||
|
||||
[testenv:venv]
|
||||
commands = {posargs}
|
||||
|
||||
[testenv:lint]
|
||||
basepython = python2.7
|
||||
commands = flake8 {posargs} charm/reactive charm/tests
|
Loading…
Reference in New Issue