openstack
/
charm-designate-bind
Code Issues Proposed changes

Initial charm

This commit is contained in:
James Page 2016-02-11 10:05:16 +00:00
commit 3fb2950ca9
14 changed files with 338 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
.bzrignore Normal file
View File

@ -0,0 +1,5 @@
.tox
tmp
build
layers
interfaces

5
.gitignore vendored Normal file
View File

@ -0,0 +1,5 @@
.tox
tmp
build
layers
interfaces

8
Makefile Normal file
View File

@ -0,0 +1,8 @@
#!/usr/bin/make
LAYER_PATH := layers
clean:
rm -Rf build
generate: clean
LAYER_PATH=$(LAYER_PATH) tox -e generate

87
bind-install.sh Executable file
View File

@ -0,0 +1,87 @@
#!/bin/bash
apt-get install --yes bind9
mv /etc/bind/named.conf.options /etc/bind/named.conf.options.org.$$
mv /etc/bind/named.conf.local /etc/bind/named.conf.local.$$
BASTION_IP="10.5.17.29"
IP=$(ip -4 addr show eth0 | awk '/inet/ {print $2}' | sed -e 's!/.*!!')
REV=$(echo $IP | awk 'BEGIN{FS="."} {print $3 "." $2 "." $1}')
LAST_OCTET=$(echo $IP | awk 'BEGIN{FS="."} {print $4}')
UNAME=$(uname -n)
cat << EOF > /etc/bind/named.conf.options
options {
directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
forwarders {
$BASTION_IP;
};
//========================================================================
// If BIND logs error messages about the root key being expired,
// you will need to update your keys. See https://www.isc.org/bind-keys
//========================================================================
dnssec-validation auto;
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
};
EOF
cat << EOF > /etc/bind/named.conf.local
// forward zone
zone "openstacklocal." {
type master;
file "/etc/bind/db.openstacklocal.com";
};
// reverse zone
zone "${REV}.in-addr.arpa" {
type master;
notify no;
file "/etc/bind/db.10";
};
EOF
TTL='$TTL'
cat << EOF > /etc/bind/db.openstacklocal.com
;
; BIND data forward DNS sample for deployment on top of serverstack
;
$TTL 604800
@ IN SOA ${UNAME}.openstacklocal. root.${UNAME}.openstacklocal. (
201511161 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS ${UNAME}.openstacklocal.
${UNAME} IN A ${IP}
EOF
cat << EOF > /etc/bind/db.10
;
; BIND reverse data file DNS sample for deployment on top of serverstack
;
$TTL 604800
@ IN SOA ${UNAME}.openstacklocal. root.${UNAME}.openstacklocal. (
201511161 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS ${UNAME}.
${LAST_OCTET} IN PTR ${UNAME}.openstacklocal.
EOF
echo "nameserver 127.0.0.1" > /etc/resolvconf/resolv.conf.d/head
/etc/init.d/bind9 restart

12
charm/config.yaml Normal file
View File

@ -0,0 +1,12 @@
options:
allowed_nets:
default: "p2p"
type: string
description:
list of allowed networks, with trailing semicolons" e.g., "10.172.0.0/16; 10.10.0.0/18;"
forwarders:
default: ""
type: string
description: |
list of forwarders, with trailing semicolons: e.g., "8.8.8.8; 10.1.1.1;"

29
charm/hooks/install Executable file
View File

@ -0,0 +1,29 @@
#!/usr/bin/env python3
from glob import glob
import os
import sys
from subprocess import check_call
# Load modules from $CHARM_DIR/lib
sys.path.append('lib')
# bootstrap wheelhouse
if os.path.exists('wheelhouse'):
check_call(['apt-get', 'install', '-yq', 'python3-pip'])
# need newer pip, to fix spurious Double Requirement error https://github.com/pypa/pip/issues/56
check_call(['pip3', 'install', '-U', '--no-index', '-f', 'wheelhouse', 'pip'])
# install the rest of the wheelhouse deps
check_call(['pip3', 'install', '-U', '--no-index', '-f', 'wheelhouse'] + glob('wheelhouse/*'))
check_call(['apt-get', 'install', '-yq', 'python3-netifaces'])
# This will load and run the appropriate @hook and other decorated
# handlers from $CHARM_DIR/reactive, $CHARM_DIR/hooks/reactive,
# and $CHARM_DIR/hooks/relations.
#
# See https://jujucharms.com/docs/stable/getting-started-with-charms-reactive
# for more information on this pattern.
from charms.reactive import main
main()

1
charm/layer.yaml Normal file
View File

@ -0,0 +1 @@
includes: ['layer:openstack', 'interface:bind-rndc']

13
charm/metadata.yaml Normal file
View File

@ -0,0 +1,13 @@
name: designate-bind
summary: BIND9 backend for Designate
maintainer: OpenStack Charmers <openstack-charmers@lists.ubuntu.com>
description: |
The Berkeley Internet Name Domain (BIND) implements an Internet domain
name server. BIND is the most widely-used name server software on the
Internet, and is supported by the Internet Software Consortium, www.isc.org.
categories:
- openstack
subordinate: false
provides:
dns-backend:
interface: bind-rndc

81
charm/reactive/designate-bind.py Normal file
View File

@ -0,0 +1,81 @@
from charm.openstack.adapters import (
OpenStackRelationAdapters,
OpenStackRelationAdapter,
)
from charms.reactive import (
hook,
when,
)
from charmhelpers.core.templating import render
from charmhelpers.core.hookenv import unit_private_ip
from charmhelpers.core.host import restart_on_change, service_reload
from charmhelpers.fetch import (
apt_install,
apt_update,
)
import os
BIND_DIR = '/etc/bind'
NAMED_OPTIONS = 'named.conf.options'
NAMED_CONF = 'named.conf'
BIND_SERVICES = ['bind9']
BIND_PACKAGES = ['bind9']
class DNSAdapter(OpenStackRelationAdapter):
def __init__(self, relation):
super(DNSAdapter, self).__init__(relation)
@property
def control_listen_ip(self):
return unit_private_ip()
@property
def control_ips(self):
return ';'.join(self.relation.client_ips())
class BindAdapters(OpenStackRelationAdapters):
"""
Adapters class for the Designate charm.
"""
relation_adapters = {
'dns_backend': DNSAdapter,
}
def __init__(self, relations):
super(BindAdapters, self).__init__(
relations)
def set_apparmor():
apparmor_file = '/etc/apparmor.d/disable/usr.sbin.named'
if not os.path.isfile(apparmor_file):
open(apparmor_file, 'w').close()
service_reload('apparmor')
@hook('install')
def install_packages():
apt_update()
apt_install(BIND_PACKAGES, fatal=True)
set_apparmor()
@when('dns-backend.related')
def send_info(dns_client):
dns_client.send_rndckey_info()
@when('dns-backend.related')
@restart_on_change({
BIND_DIR + '/*': BIND_SERVICES
})
def config_changed(*args):
set_apparmor()
adapters = BindAdapters(args)
for conf in [NAMED_OPTIONS, NAMED_CONF]:
render(source=conf,
target='{}/{}'.format(BIND_DIR, conf),
context=adapters)

15
charm/templates/named.conf Normal file
View File

@ -0,0 +1,15 @@
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
controls {
inet {{ dns_backend.control_listen_ip }} allow { {{ dns_backend.control_ips }}; };
};

29
charm/templates/named.conf.options Normal file
View File

@ -0,0 +1,29 @@
options {
directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
{% if options.forwarders -%}
forwarders {
{{ options.forwarders }};
};
{% endif -%}
//========================================================================
// If BIND logs error messages about the root key being expired,
// you will need to update your keys. See https://www.isc.org/bind-keys
//========================================================================
dnssec-validation auto;
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
allow-new-zones yes;
request-ixfr no;
recursion no;
};

2
requirements.txt Normal file
View File

@ -0,0 +1,2 @@
charm-tools
flake8

23
setup.sh Executable file
View File

@ -0,0 +1,23 @@
#!/bin/bash
export http_proxy=http://squid.internal:3128
export https_proxy=http://squid.internal:3128
export JUJU_REPOSITORY="$(pwd)/build"
export INTERFACE_PATH=interfaces
export LAYER_PATH=layers
rm -rf $JUJU_REPOSITORY
mkdir -p $JUJU_REPOSITORY
if [[ ! -d $INTERFACE_PATH ]]; then
mkdir $INTERFACE_PATH
( cd $INTERFACE_PATH;
git clone git+ssh://git.launchpad.net/~gnuoy/charms/+source/interface-bind-rndc bind-rndc; )
fi
if [[ ! -d $LAYER_PATH ]]; then
mkdir $LAYER_PATH
( cd $LAYER_PATH;
git clone git+ssh://git.launchpad.net/~gnuoy/charms/+source/reactive-openstack-layer openstack; )
fi
make clean
make generate
# ./kill_charms.sh designate
#juju-deployer -c barbican.yaml
echo $JUJU_REPOSITORY

28
tox.ini Normal file
View File

@ -0,0 +1,28 @@
[tox]
skipsdist = True
envlist = generate
[testenv]
setenv = VIRTUAL_ENV={envdir}
PYTHONHASHSEED=0
TERM=linux
INTERFACE_PATH={toxinidir}/interfaces
LAYER_PATH={toxinidir}/layers
JUJU_REPOSITORY={toxinidir}/build
passenv = http_proxy https_proxy
install_command =
pip install {opts} {packages}
deps =
-r{toxinidir}/requirements.txt
[testenv:generate]
basepython = python2.7
commands =
charm generate --log-level DEBUG -o {toxinidir}/build charm
[testenv:venv]
commands = {posargs}
[testenv:lint]
basepython = python2.7
commands = flake8 {posargs} charm/reactive charm/tests