summaryrefslogtreecommitdiff
path: root/devstack/designate_plugins/backend-bind9
blob: 3c43e76804de3a63f83280a932710d15567cbcc5 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
# Configure the bind9 pool backend

# Enable with:
# DESIGNATE_BACKEND_DRIVER=bind9

# Dependencies:
# ``functions`` file
# ``designate`` configuration

# install_designate_backend - install any external requirements
# configure_designate_backend - make configuration changes, including those to other services
# init_designate_backend - initialize databases, etc.
# start_designate_backend - start any external services
# stop_designate_backend - stop any external services
# cleanup_designate_backend - remove transient data and cache

# Save trace setting
DP_BIND9_XTRACE=$(set +o | grep xtrace)
set +o xtrace

# Defaults
# --------
BIND_SERVICE_NAME=bind9
BIND_CFG_DIR=/etc/bind
BIND_VAR_DIR=/var/cache/bind
BIND_CFG_FILE=$BIND_CFG_DIR/named.conf.options
BIND_USER=bind
BIND_GROUP=bind
DESIGNATE_SERVICE_PORT_RNDC=${DESIGNATE_SERVICE_PORT_RNDC:-953}

if is_fedora; then
    BIND_SERVICE_NAME=named
    BIND_CFG_DIR=/etc/named
    BIND_CFG_FILE=/etc/named.conf
    BIND_VAR_DIR=/var/named
    BIND_USER=named
    BIND_GROUP=named
fi

# Entry Points
# ------------

# install_designate_backend - install any external requirements
function install_designate_backend {
    if is_ubuntu; then
        install_package bind9
    elif is_fedora; then
        install_package bind
    fi

    # The user that designate runs as needs to be member of **$BIND_GROUP** group.
    # The designate bind9 backend needs read/write access to $BIND_VAR_DIR
    if ! getent group $BIND_GROUP >/dev/null; then
        sudo groupadd $BIND_GROUP
    fi
    add_user_to_group $STACK_USER $BIND_GROUP
    if [[ ! -d $BIND_CFG_DIR ]]; then
        sudo mkdir -p $BIND_CFG_DIR
        sudo chown $BIND_USER:$BIND_GROUP $BIND_CFG_DIR
    fi

    sudo chown -R $BIND_USER:$BIND_GROUP $BIND_CFG_DIR $BIND_VAR_DIR
    sudo chmod -R g+r $BIND_CFG_DIR
    sudo chmod -R g+rw $BIND_VAR_DIR

    # Customize Bind9 apparmor profile if installed
    if [[ -d /etc/apparmor.d ]]; then
        sudo tee /etc/apparmor.d/local/usr.sbin.named > /dev/null << EOF
$DESIGNATE_STATE_PATH/bind9/** rw,
EOF
        restart_service apparmor || :
    fi
}

# configure_designate_backend - make configuration changes, including those to other services
function configure_designate_backend {
    # Generate Designate pool.yaml file
    sudo tee $DESIGNATE_CONF_DIR/pools.yaml > /dev/null <<EOF
---
- name: default
  description: DevStack BIND Pool
  attributes: {}

  ns_records:
    - hostname: $DESIGNATE_DEFAULT_NS_RECORD
      priority: 1

  nameservers:
    - host: $DESIGNATE_SERVICE_HOST
      port: $DESIGNATE_SERVICE_PORT_DNS

  targets:
    - type: bind9
      description: BIND Instance

      masters:
        - host: $DESIGNATE_SERVICE_HOST
          port: $DESIGNATE_SERVICE_PORT_MDNS

      options:
        host: $DESIGNATE_SERVICE_HOST
        port: $DESIGNATE_SERVICE_PORT_DNS
        rndc_host: $DESIGNATE_SERVICE_HOST
        rndc_port: $DESIGNATE_SERVICE_PORT_RNDC
        rndc_config_file: $BIND_CFG_DIR/rndc.conf
        rndc_key_file: $BIND_CFG_DIR/rndc.key
EOF

    sudo chown $STACK_USER $BIND_CFG_DIR

    # create rndc key and config
    sudo rndc-confgen -a -c $BIND_CFG_DIR/rndc.key
    sudo chown $BIND_USER:$BIND_GROUP $BIND_CFG_DIR/rndc.key
    sudo chmod g+r $BIND_CFG_DIR/rndc.key

    # Configure Bind
    sudo tee $BIND_CFG_FILE > /dev/null <<EOF
include "$BIND_CFG_DIR/rndc.key";

options {
    directory "$BIND_VAR_DIR";
    allow-new-zones yes;
    dnssec-validation auto;
    auth-nxdomain no;    # conform to RFC1035
    listen-on port $DESIGNATE_SERVICE_PORT_DNS { $DESIGNATE_SERVICE_HOST; };
    recursion no;
    minimal-responses yes;
};

controls {
    inet $DESIGNATE_SERVICE_HOST port $DESIGNATE_SERVICE_PORT_RNDC allow { $DESIGNATE_SERVICE_HOST; } keys { "rndc-key"; };
};
EOF

    # Configure RNDC
    sudo tee $BIND_CFG_DIR/rndc.conf > /dev/null << EOF
include "$BIND_CFG_DIR/rndc.key";

options {
    default-key "rndc-key";
    default-server $DESIGNATE_SERVICE_HOST;
    default-port $DESIGNATE_SERVICE_PORT_RNDC;
};
EOF

    sudo chown $BIND_USER:$BIND_GROUP $BIND_CFG_FILE $BIND_CFG_DIR/rndc.conf
    sudo chmod g+r $BIND_CFG_FILE $BIND_CFG_DIR/rndc.conf

    restart_service $BIND_SERVICE_NAME
}

# init_designate_backend - initialize databases, etc.
function init_designate_backend {
    :
}

# start_designate_backend - start any external services
function start_designate_backend {
    start_service $BIND_SERVICE_NAME
}

# stop_designate_backend - stop any external services
function stop_designate_backend {
    stop_service $BIND_SERVICE_NAME
}

# cleanup_designate_backend - remove transient data and cache
function cleanup_designate_backend {
    sudo sh -c "rm -rf $BIND_VAR_DIR/*.nzf"
    sudo sh -c "rm -rf $BIND_VAR_DIR/slave.*"
    sudo rm -f $BIND_CFG_DIR/rndc.key
}

# Restore xtrace
$DP_BIND9_XTRACE