KAZ
/
kaz-vagrant
2
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity
Browse Source

passage a snster 1.1.0

pull/1/head
Francois Lesueur 1 year ago
parent
91c982ff1c
commit
e1ac42525b
10 changed files with 20 additions and 222 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 2
      files/snster-kaz/isp-a/group.yml
  2. 3
      files/snster-kaz/isp-a/infra/root.hints
  3. 2
      files/snster-kaz/opendns/group.yml
  4. 3
      files/snster-kaz/opendns/resolver/root.hints
  5. 3
      files/snster-kaz/root-p/group.yml
  6. 3
      files/snster-kaz/root-p/rootns/reverse.zone
  7. 50
      files/templates/debian/resolverns/provision.sh
  8. 156
      files/templates/debian/rootns/provision.sh
  9. 12
      files/vm-install-kaz.sh
  10. 8
      files/vm-provision.sh

2
files/snster-kaz/isp-a/group.yml
View File

@ -43,7 +43,7 @@ hosts:
- mailserver:
domain: isp-a.sns
- resolverns:
roothints: root.hints
roots: p,100.100.1.10,2001:db8:a001::10
- resolv:
domain: isp-a.sns
ns: 100.120.1.2

3
files/snster-kaz/isp-a/infra/root.hints
View File

@ -1,3 +0,0 @@
. 3600000 NS P.ROOT-SERVERS.NET.
P.ROOT-SERVERS.NET. 3600000 A 100.100.1.10
P.ROOT-SERVERS.NET. 3600000 AAAA 2001:db8:a001::10

2
files/snster-kaz/opendns/group.yml
View File

@ -38,7 +38,7 @@ hosts:
gatewayv6: 2001:db8:a100::1
templates:
- resolverns:
roothints: root.hints
roots: p,100.100.1.10,2001:db8:a001::10
- resolv:
domain: opendns.sns
ns: 100.100.100.100

3
files/snster-kaz/opendns/resolver/root.hints
View File

@ -1,3 +0,0 @@
. 3600000 NS P.ROOT-SERVERS.NET.
P.ROOT-SERVERS.NET. 3600000 A 100.100.1.10
P.ROOT-SERVERS.NET. 3600000 AAAA 2001:db8:a001::10

3
files/snster-kaz/root-p/group.yml
View File

@ -38,6 +38,9 @@ hosts:
gatewayv6: 2001:db8:a001::1
templates:
- rootns:
roots: p,100.100.1.10,2001:db8:a001::10
tlds: sns,100.100.20.10,2001:db8:a020::10
reverse: reverse.zone
- resolv:
domain: ns-root-p.sns
ns: 100.100.100.100

3
files/snster-kaz/root-p/rootns/reverse.zone
View File

@ -0,0 +1,3 @@
120.100.in-addr.arpa. 172800 IN NS p.120.100.in-addr.arpa.
p.120.100.in-addr.arpa. 172800 IN A 100.120.1.2
p.120.100.in-addr.arpa. 172800 IN AAAA 2001:db8:120:1::2

50
files/templates/debian/resolverns/provision.sh
View File

@ -1,50 +0,0 @@
#!/bin/bash
# Root NS template
set -e
if [ -z $SNSTERGUARD ] ; then exit 1; fi
DIR=`dirname $0`
cd `dirname $0`
# disable systemd-resolved which conflicts with nsd
echo "DNSStubListener=no" >> /etc/systemd/resolved.conf
systemctl stop systemd-resolved
apt-get update
DEBIAN_FRONTEND=noninteractive apt-get install -y unbound dnsutils
# get root hints
#wget "http://www.internic.net/domain/named.root" -O /etc/unbound/root.hints
echo -e ". 3600000 NS P.ROOT-SERVERS.NET.
P.ROOT-SERVERS.NET. 3600000 A 100.100.1.10
P.ROOT-SERVERS.NET. 3600000 AAAA 2001:db8:a001::10
" > /etc/unbound/root.hints
# customize unbound config
#echo -e "server:
# ip-address: 127.0.0.1
echo -e "server:
root-hints: root.hints
" > /etc/unbound/unbound.conf.d/root.conf
for i in {64..127}; do
echo -e " local-zone: \"$i.100.in-addr.arpa.\" nodefault" >> /etc/unbound/unbound.conf.d/root.conf
done
# local-zone: \"120.100.in-addr.arpa.\" nodefault
# local-zone: \"64.100.in-addr.arpa. to 127.100.in-addr.arpa.\" nodefault
# for i in {64..127}; do echo $i; done
# no DNSSEC validation for now
sed -i "s/auto/\#auto/" /etc/unbound/unbound.conf.d/root-auto-trust-anchor-file.conf
# Be an open dns resolver -- TO CHANGE LATER
echo -e "server:
interface: 0.0.0.0
access-control: 0.0.0.0/0 allow
cache-max-ttl: 20
cache-min-ttl: 10
cache-max-negative-ttl: 20
" > /etc/unbound/unbound.conf.d/listen.conf
service unbound restart

156
files/templates/debian/rootns/provision.sh
View File

@ -1,156 +0,0 @@
#!/bin/bash
# Root NS template
set -e
if [ -z $SNSTERGUARD ] ; then exit 1; fi
DIR=`dirname $0`
cd `dirname $0`
# disable systemd-resolved which conflicts with nsd
echo "DNSStubListener=no" >> /etc/systemd/resolved.conf
systemctl stop systemd-resolved
apt-get update
DEBIAN_FRONTEND=noninteractive apt-get install -y nsd
# get root zone
wget "http://www.internic.net/domain/root.zone" -O /etc/nsd/root.zone
# customize root zone
# remove official roots
sed -i -e 's/^\.\s.*NS.*[a-m].root-servers.net.*//' /etc/nsd/root.zone
# add alternative milxc root
echo -e ". 518400 IN NS p.root-servers.net
p.root-servers.net 518400 IN A 100.100.1.10
p.root-servers.net 518400 IN AAAA 2001:db8:a001::10
" >> /etc/nsd/root.zone
# add .sns TLD served by 100.100.20.10
echo -e "sns. 518400 IN NS ns.sns.
ns.sns. 518400 IN A 100.100.20.10
ns.sns. 518400 IN AAAA 2001:db8:a020::10" >> /etc/nsd/root.zone
# customize nsd config
#echo -e "server:
# ip-address: 127.0.0.1
echo -e "zone:
name: \".\"
zonefile: \"root.zone\"
" > /etc/nsd/nsd.conf
# Reverse DNS
#sed -i -e 's/^arpa.*//' /etc/nsd/root.zone
#sed -i -e 's/^.\.ns\.arpa.*.*//' /etc/nsd/root.zone
## Racine
sed -i -e '/NSEC.*/d' /etc/nsd/root.zone
sed -i -e '/RRSIG.*/d' /etc/nsd/root.zone
sed -i -e '/DNSKEY.*/d' /etc/nsd/root.zone
sed -i -e '/DS.*/d' /etc/nsd/root.zone
sed -i -e '/^arpa.*/d' /etc/nsd/root.zone
sed -i -e '/^.\.ns\.arpa.*.*/d' /etc/nsd/root.zone
echo -e "arpa. 172800 IN NS p.ns.arpa.
p.ns.arpa. 172800 IN A 100.100.1.10
p.ns.arpa. 172800 IN AAAA 2001:db8:a001::10
" >> /etc/nsd/root.zone
## .arpa
wget "https://www.internic.net/domain/arpa.zone" -O /etc/nsd/arpa.zone
sed -i -e '/NSEC.*/d' /etc/nsd/arpa.zone
sed -i -e '/RRSIG.*/d' /etc/nsd/arpa.zone
sed -i -e '/DNSKEY.*/d' /etc/nsd/arpa.zone
sed -i -e '/DS.*/d' /etc/nsd/arpa.zone
sed -i -e '/^arpa\.\s.*NS.*[a-m].ns.arpa.*/d' /etc/nsd/arpa.zone
sed -i -e '/^in-addr.*/d' /etc/nsd/arpa.zone
sed -i -e '/^.\.in-addr.*/d' /etc/nsd/arpa.zone
echo -e "arpa. 172800 IN NS p.ns.arpa.
p.ns.arpa. 172800 IN A 100.100.1.10
p.ns.arpa. 172800 IN AAAA 2001:db8:a001::10
in-addr.arpa. 172800 IN NS p.in-addr-servers.arpa.
p.in-addr-servers.arpa. 172800 IN A 100.100.1.10
p.in-addr-servers.arpa. 172800 IN AAAA 2001:db8:a001::10
" >> /etc/nsd/arpa.zone
echo -e "zone:
name: \"arpa.\"
zonefile: \"arpa.zone\"
" >> /etc/nsd/nsd.conf
## .in-addr.arpa
wget "https://www.internic.net/domain/in-addr.arpa.zone" -O /etc/nsd/in-addr.arpa.zone
sed -i -e '/SOA.*/d' /etc/nsd/in-addr.arpa.zone
sed -i -e '/NSEC.*/d' /etc/nsd/in-addr.arpa.zone
sed -i -e '/RRSIG.*/d' /etc/nsd/in-addr.arpa.zone
sed -i -e '/DNSKEY.*/d' /etc/nsd/in-addr.arpa.zone
sed -i -e '/DS.*/d' /etc/nsd/in-addr.arpa.zone
sed -i -e '/^in-addr\.arpa\.\s.*NS.*[a-m].in-addr-servers.arpa.*/d' /etc/nsd/in-addr.arpa.zone
sed -i -e '/^100.*/d' /etc/nsd/in-addr.arpa.zone
echo -e "in-addr.arpa. 172800 IN NS p.ns.in-addr.arpa.
p.ns.in-addr.arpa. 172800 IN A 100.100.1.10
p.ns.in-addr.arpa. 172800 IN AAAA 2001:db8:a001::10
100.in-addr.arpa. 172800 IN NS p.100.in-addr.arpa.
p.100.in-addr.arpa. 172800 IN A 100.100.1.10
p.100.in-addr.arpa. 172800 IN AAAA 2001:db8:a001::10
in-addr.arpa. 3600 IN SOA b.in-addr-servers.arpa. nstld.iana.org. 2022090676 1800 900 604800 3600
" >> /etc/nsd/in-addr.arpa.zone
echo -e "zone:
name: \"in-addr.arpa.\"
zonefile: \"in-addr.arpa.zone\"
" >> /etc/nsd/nsd.conf
# 100.in-addr.arpa
echo -e "100.in-addr.arpa. 3600 IN SOA b.in-addr-servers.arpa. nstld.iana.org. 2022090676 1800 900 604800 3600
100.in-addr.arpa. 172800 IN NS p.ns.100.in-addr.arpa.
p.ns.100.in-addr.arpa. 172800 IN A 100.100.1.10
p.ns.100.in-addr.arpa. 172800 IN AAAA 2001:db8:a001::10
120.100.in-addr.arpa. 172800 IN NS p.120.100.in-addr.arpa.
p.120.100.in-addr.arpa. 172800 IN A 100.120.1.2
p.120.100.in-addr.arpa. 172800 IN AAAA 2001:db8:120:1::2
" > /etc/nsd/100.in-addr.arpa.zone
echo -e "zone:
name: \"100.in-addr.arpa.\"
zonefile: \"100.in-addr.arpa.zone\"
" >> /etc/nsd/nsd.conf
#
# # 120.100.in-addr.arpa
# echo -e "120.100.in-addr.arpa. 3600 IN SOA b.in-addr-servers.arpa. nstld.iana.org. 2022090676 1800 900 604800 3600
# 120.100.in-addr.arpa. 172800 IN NS p.ns.120.100.in-addr.arpa.
# p.ns.120.100.in-addr.arpa. 172800 IN A 100.100.1.10
# p.ns.120.100.in-addr.arpa. 172800 IN AAAA 2001:db8:a001::10
# 1.120.100.in-addr.arpa. 172800 IN NS p.1.120.100.in-addr.arpa.
# p.1.120.100.in-addr.arpa. 172800 IN A 100.100.1.10
# p.1.120.100.in-addr.arpa. 172800 IN AAAA 2001:db8:a001::10
# " > /etc/nsd/120.100.in-addr.arpa.zone
#
# echo -e "zone:
# name: \"120.100.in-addr.arpa.\"
# zonefile: \"120.100.in-addr.arpa.zone\"
# " >> /etc/nsd/nsd.conf
#
# # 1.120.100.in-addr.arpa
# echo -e "1.120.100.in-addr.arpa. 3600 IN SOA b.in-addr-servers.arpa. nstld.iana.org. 2022090676 1800 900 604800 3600
# 1.120.100.in-addr.arpa. 172800 IN NS p.ns.1.120.100.in-addr.arpa.
# p.ns.1.120.100.in-addr.arpa. 172800 IN A 100.100.1.10
# p.ns.1.120.100.in-addr.arpa. 172800 IN AAAA 2001:db8:a001::10
# 2.1.120.100.in-addr.arpa. 172800 IN PTR smtp.isp-a.sns.
# " > /etc/nsd/1.120.100.in-addr.arpa.zone
#
# echo -e "zone:
# name: \"1.120.100.in-addr.arpa.\"
# zonefile: \"1.120.100.in-addr.arpa.zone\"
# " >> /etc/nsd/nsd.conf
# 2.1.120.100.in-addr.arpa. 172800 IN PTR smtp.isp-a.sns
# 100.120.1.2
#service nsd restart

12
files/vm-install-kaz.sh
View File

@ -5,16 +5,16 @@ if [ -z "${KAZGUARD}" ] ; then
exit 1
fi
snster -c /root/snster-kaz -t /root/templates start
snster -c /root/snster-kaz start
sleep 10
snster -c /root/snster-kaz -t /root/templates attach kaz-prod -x /mnt/snster/root/snster-kaz/kaz/prod/kaz.sh
snster -c /root/snster-kaz attach kaz-prod -x /mnt/snster/root/snster-kaz/kaz/prod/kaz.sh
# On crée quelques mails
SETUP_MAIL="docker exec mailServ setup"
snster -c /root/snster-kaz -t /root/templates attach kaz-prod -x "${SETUP_MAIL} email add contact1@kaz.sns toto"
snster -c /root/snster-kaz -t /root/templates attach kaz-prod -x "${SETUP_MAIL} email add contact2@kaz.sns toto"
snster -c /root/snster-kaz -t /root/templates attach kaz-prod -x "${SETUP_MAIL} email add contact3@kaz.sns toto"
snster -c /root/snster-kaz -t /root/templates attach kaz-prod -x "${SETUP_MAIL} email add contact4@kaz.sns toto"
snster -c /root/snster-kaz attach kaz-prod -x "${SETUP_MAIL} email add contact1@kaz.sns toto"
snster -c /root/snster-kaz attach kaz-prod -x "${SETUP_MAIL} email add contact2@kaz.sns toto"
snster -c /root/snster-kaz attach kaz-prod -x "${SETUP_MAIL} email add contact3@kaz.sns toto"
snster -c /root/snster-kaz attach kaz-prod -x "${SETUP_MAIL} email add contact4@kaz.sns toto"
echo -e '#!/bin/sh\nsnster -c /root/snster-kaz start' >> /etc/rc.local
chmod +x /etc/rc.local

8
files/vm-provision.sh
View File

@ -180,10 +180,11 @@ EOF
cd
git clone https://framagit.org/flesueur/snster.git
cd snster
git checkout tags/v1.1.0
./install.sh
# SNSTER KAZ
cp -ar ${VAGRANT_SRC_DIR}/templates /root
# cp -ar ${VAGRANT_SRC_DIR}/templates /root
cp -ar ${VAGRANT_SRC_DIR}/snster-kaz /root
# crypto keys
@ -191,7 +192,7 @@ EOF
cp -ar /etc/letsencrypt /root/snster-kaz/isp-a/home/
# Build SNSTER KAZ !
snster -c /root/snster-kaz -t /root/templates create
snster -c /root/snster-kaz create
cp "${VAGRANT_SRC_DIR}/vm-install-kaz.sh" /root/
chmod +x /root/vm-install-kaz.sh
if [ "${NOKAZ}" == "true" ]; then
@ -206,6 +207,9 @@ EOF
echo "overlay /kaz-prod overlay lowerdir=/var/lib/lxc/sr-masters-bullseye/rootfs,upperdir=/var/lib/lxc/kaz-kaz-prod/overlay/delta,workdir=/var/lib/lxc/kaz-kaz-prod/overlay/work,nofail 0 0" >> /etc/fstab
echo "/kaz-prod/kaz /kaz none bind,nofail 0 0" >> /etc/fstab
# On met le KAZGUARD pour la mise au point
echo "export KAZGUARD='true'" >> /root/.bashrc
echo "########## ********** End Vagrant $(date +%D-%T)"
) > >(tee ${DebugLog}stdout.log) 2> >(tee ${DebugLog}stderr.log >&2)

Write Preview
Loading…
Cancel
Save