passage a snster 1.1.0
This commit is contained in:
Francois Lesueur
parent
91c982ff1c
commit
e1ac42525b
@ -43,7 +43,7 @@ hosts:
|
||||
- mailserver:
|
||||
domain: isp-a.sns
|
||||
- resolverns:
|
||||
roothints: root.hints
|
||||
roots: p,100.100.1.10,2001:db8:a001::10
|
||||
- resolv:
|
||||
domain: isp-a.sns
|
||||
ns: 100.120.1.2
|
||||
|
||||
@ -1,3 +0,0 @@
|
||||
. 3600000 NS P.ROOT-SERVERS.NET.
|
||||
P.ROOT-SERVERS.NET. 3600000 A 100.100.1.10
|
||||
P.ROOT-SERVERS.NET. 3600000 AAAA 2001:db8:a001::10
|
||||
@ -38,7 +38,7 @@ hosts:
|
||||
gatewayv6: 2001:db8:a100::1
|
||||
templates:
|
||||
- resolverns:
|
||||
roothints: root.hints
|
||||
roots: p,100.100.1.10,2001:db8:a001::10
|
||||
- resolv:
|
||||
domain: opendns.sns
|
||||
ns: 100.100.100.100
|
||||
|
||||
@ -1,3 +0,0 @@
|
||||
. 3600000 NS P.ROOT-SERVERS.NET.
|
||||
P.ROOT-SERVERS.NET. 3600000 A 100.100.1.10
|
||||
P.ROOT-SERVERS.NET. 3600000 AAAA 2001:db8:a001::10
|
||||
@ -38,6 +38,9 @@ hosts:
|
||||
gatewayv6: 2001:db8:a001::1
|
||||
templates:
|
||||
- rootns:
|
||||
roots: p,100.100.1.10,2001:db8:a001::10
|
||||
tlds: sns,100.100.20.10,2001:db8:a020::10
|
||||
reverse: reverse.zone
|
||||
- resolv:
|
||||
domain: ns-root-p.sns
|
||||
ns: 100.100.100.100
|
||||
|
||||
3
files/snster-kaz/root-p/rootns/reverse.zone
Normal file
3
files/snster-kaz/root-p/rootns/reverse.zone
Normal file
@ -0,0 +1,3 @@
|
||||
120.100.in-addr.arpa. 172800 IN NS p.120.100.in-addr.arpa.
|
||||
p.120.100.in-addr.arpa. 172800 IN A 100.120.1.2
|
||||
p.120.100.in-addr.arpa. 172800 IN AAAA 2001:db8:120:1::2
|
||||
@ -1,50 +0,0 @@
|
||||
#!/bin/bash
|
||||
# Root NS template
|
||||
set -e
|
||||
if [ -z $SNSTERGUARD ] ; then exit 1; fi
|
||||
DIR=`dirname $0`
|
||||
cd `dirname $0`
|
||||
|
||||
# disable systemd-resolved which conflicts with nsd
|
||||
echo "DNSStubListener=no" >> /etc/systemd/resolved.conf
|
||||
systemctl stop systemd-resolved
|
||||
|
||||
apt-get update
|
||||
DEBIAN_FRONTEND=noninteractive apt-get install -y unbound dnsutils
|
||||
|
||||
# get root hints
|
||||
#wget "http://www.internic.net/domain/named.root" -O /etc/unbound/root.hints
|
||||
echo -e ". 3600000 NS P.ROOT-SERVERS.NET.
|
||||
P.ROOT-SERVERS.NET. 3600000 A 100.100.1.10
|
||||
P.ROOT-SERVERS.NET. 3600000 AAAA 2001:db8:a001::10
|
||||
" > /etc/unbound/root.hints
|
||||
|
||||
# customize unbound config
|
||||
#echo -e "server:
|
||||
# ip-address: 127.0.0.1
|
||||
echo -e "server:
|
||||
root-hints: root.hints
|
||||
" > /etc/unbound/unbound.conf.d/root.conf
|
||||
|
||||
for i in {64..127}; do
|
||||
echo -e " local-zone: \"$i.100.in-addr.arpa.\" nodefault" >> /etc/unbound/unbound.conf.d/root.conf
|
||||
done
|
||||
|
||||
|
||||
# local-zone: \"120.100.in-addr.arpa.\" nodefault
|
||||
# local-zone: \"64.100.in-addr.arpa. to 127.100.in-addr.arpa.\" nodefault
|
||||
# for i in {64..127}; do echo $i; done
|
||||
|
||||
# no DNSSEC validation for now
|
||||
sed -i "s/auto/\#auto/" /etc/unbound/unbound.conf.d/root-auto-trust-anchor-file.conf
|
||||
|
||||
# Be an open dns resolver -- TO CHANGE LATER
|
||||
echo -e "server:
|
||||
interface: 0.0.0.0
|
||||
access-control: 0.0.0.0/0 allow
|
||||
cache-max-ttl: 20
|
||||
cache-min-ttl: 10
|
||||
cache-max-negative-ttl: 20
|
||||
" > /etc/unbound/unbound.conf.d/listen.conf
|
||||
|
||||
service unbound restart
|
||||
@ -1,156 +0,0 @@
|
||||
#!/bin/bash
|
||||
# Root NS template
|
||||
set -e
|
||||
if [ -z $SNSTERGUARD ] ; then exit 1; fi
|
||||
DIR=`dirname $0`
|
||||
cd `dirname $0`
|
||||
|
||||
# disable systemd-resolved which conflicts with nsd
|
||||
echo "DNSStubListener=no" >> /etc/systemd/resolved.conf
|
||||
systemctl stop systemd-resolved
|
||||
|
||||
apt-get update
|
||||
DEBIAN_FRONTEND=noninteractive apt-get install -y nsd
|
||||
|
||||
# get root zone
|
||||
wget "http://www.internic.net/domain/root.zone" -O /etc/nsd/root.zone
|
||||
|
||||
# customize root zone
|
||||
# remove official roots
|
||||
sed -i -e 's/^\.\s.*NS.*[a-m].root-servers.net.*//' /etc/nsd/root.zone
|
||||
# add alternative milxc root
|
||||
|
||||
echo -e ". 518400 IN NS p.root-servers.net
|
||||
p.root-servers.net 518400 IN A 100.100.1.10
|
||||
p.root-servers.net 518400 IN AAAA 2001:db8:a001::10
|
||||
" >> /etc/nsd/root.zone
|
||||
|
||||
|
||||
# add .sns TLD served by 100.100.20.10
|
||||
echo -e "sns. 518400 IN NS ns.sns.
|
||||
ns.sns. 518400 IN A 100.100.20.10
|
||||
ns.sns. 518400 IN AAAA 2001:db8:a020::10" >> /etc/nsd/root.zone
|
||||
|
||||
# customize nsd config
|
||||
#echo -e "server:
|
||||
# ip-address: 127.0.0.1
|
||||
echo -e "zone:
|
||||
name: \".\"
|
||||
zonefile: \"root.zone\"
|
||||
" > /etc/nsd/nsd.conf
|
||||
|
||||
# Reverse DNS
|
||||
#sed -i -e 's/^arpa.*//' /etc/nsd/root.zone
|
||||
#sed -i -e 's/^.\.ns\.arpa.*.*//' /etc/nsd/root.zone
|
||||
|
||||
## Racine
|
||||
sed -i -e '/NSEC.*/d' /etc/nsd/root.zone
|
||||
sed -i -e '/RRSIG.*/d' /etc/nsd/root.zone
|
||||
sed -i -e '/DNSKEY.*/d' /etc/nsd/root.zone
|
||||
sed -i -e '/DS.*/d' /etc/nsd/root.zone
|
||||
sed -i -e '/^arpa.*/d' /etc/nsd/root.zone
|
||||
sed -i -e '/^.\.ns\.arpa.*.*/d' /etc/nsd/root.zone
|
||||
echo -e "arpa. 172800 IN NS p.ns.arpa.
|
||||
p.ns.arpa. 172800 IN A 100.100.1.10
|
||||
p.ns.arpa. 172800 IN AAAA 2001:db8:a001::10
|
||||
" >> /etc/nsd/root.zone
|
||||
|
||||
## .arpa
|
||||
wget "https://www.internic.net/domain/arpa.zone" -O /etc/nsd/arpa.zone
|
||||
sed -i -e '/NSEC.*/d' /etc/nsd/arpa.zone
|
||||
sed -i -e '/RRSIG.*/d' /etc/nsd/arpa.zone
|
||||
sed -i -e '/DNSKEY.*/d' /etc/nsd/arpa.zone
|
||||
sed -i -e '/DS.*/d' /etc/nsd/arpa.zone
|
||||
sed -i -e '/^arpa\.\s.*NS.*[a-m].ns.arpa.*/d' /etc/nsd/arpa.zone
|
||||
sed -i -e '/^in-addr.*/d' /etc/nsd/arpa.zone
|
||||
sed -i -e '/^.\.in-addr.*/d' /etc/nsd/arpa.zone
|
||||
echo -e "arpa. 172800 IN NS p.ns.arpa.
|
||||
p.ns.arpa. 172800 IN A 100.100.1.10
|
||||
p.ns.arpa. 172800 IN AAAA 2001:db8:a001::10
|
||||
in-addr.arpa. 172800 IN NS p.in-addr-servers.arpa.
|
||||
p.in-addr-servers.arpa. 172800 IN A 100.100.1.10
|
||||
p.in-addr-servers.arpa. 172800 IN AAAA 2001:db8:a001::10
|
||||
" >> /etc/nsd/arpa.zone
|
||||
|
||||
echo -e "zone:
|
||||
name: \"arpa.\"
|
||||
zonefile: \"arpa.zone\"
|
||||
" >> /etc/nsd/nsd.conf
|
||||
|
||||
## .in-addr.arpa
|
||||
wget "https://www.internic.net/domain/in-addr.arpa.zone" -O /etc/nsd/in-addr.arpa.zone
|
||||
sed -i -e '/SOA.*/d' /etc/nsd/in-addr.arpa.zone
|
||||
sed -i -e '/NSEC.*/d' /etc/nsd/in-addr.arpa.zone
|
||||
sed -i -e '/RRSIG.*/d' /etc/nsd/in-addr.arpa.zone
|
||||
sed -i -e '/DNSKEY.*/d' /etc/nsd/in-addr.arpa.zone
|
||||
sed -i -e '/DS.*/d' /etc/nsd/in-addr.arpa.zone
|
||||
sed -i -e '/^in-addr\.arpa\.\s.*NS.*[a-m].in-addr-servers.arpa.*/d' /etc/nsd/in-addr.arpa.zone
|
||||
sed -i -e '/^100.*/d' /etc/nsd/in-addr.arpa.zone
|
||||
echo -e "in-addr.arpa. 172800 IN NS p.ns.in-addr.arpa.
|
||||
p.ns.in-addr.arpa. 172800 IN A 100.100.1.10
|
||||
p.ns.in-addr.arpa. 172800 IN AAAA 2001:db8:a001::10
|
||||
100.in-addr.arpa. 172800 IN NS p.100.in-addr.arpa.
|
||||
p.100.in-addr.arpa. 172800 IN A 100.100.1.10
|
||||
p.100.in-addr.arpa. 172800 IN AAAA 2001:db8:a001::10
|
||||
in-addr.arpa. 3600 IN SOA b.in-addr-servers.arpa. nstld.iana.org. 2022090676 1800 900 604800 3600
|
||||
" >> /etc/nsd/in-addr.arpa.zone
|
||||
|
||||
echo -e "zone:
|
||||
name: \"in-addr.arpa.\"
|
||||
zonefile: \"in-addr.arpa.zone\"
|
||||
" >> /etc/nsd/nsd.conf
|
||||
|
||||
|
||||
|
||||
# 100.in-addr.arpa
|
||||
echo -e "100.in-addr.arpa. 3600 IN SOA b.in-addr-servers.arpa. nstld.iana.org. 2022090676 1800 900 604800 3600
|
||||
100.in-addr.arpa. 172800 IN NS p.ns.100.in-addr.arpa.
|
||||
p.ns.100.in-addr.arpa. 172800 IN A 100.100.1.10
|
||||
p.ns.100.in-addr.arpa. 172800 IN AAAA 2001:db8:a001::10
|
||||
120.100.in-addr.arpa. 172800 IN NS p.120.100.in-addr.arpa.
|
||||
p.120.100.in-addr.arpa. 172800 IN A 100.120.1.2
|
||||
p.120.100.in-addr.arpa. 172800 IN AAAA 2001:db8:120:1::2
|
||||
" > /etc/nsd/100.in-addr.arpa.zone
|
||||
|
||||
echo -e "zone:
|
||||
name: \"100.in-addr.arpa.\"
|
||||
zonefile: \"100.in-addr.arpa.zone\"
|
||||
" >> /etc/nsd/nsd.conf
|
||||
|
||||
#
|
||||
# # 120.100.in-addr.arpa
|
||||
# echo -e "120.100.in-addr.arpa. 3600 IN SOA b.in-addr-servers.arpa. nstld.iana.org. 2022090676 1800 900 604800 3600
|
||||
# 120.100.in-addr.arpa. 172800 IN NS p.ns.120.100.in-addr.arpa.
|
||||
# p.ns.120.100.in-addr.arpa. 172800 IN A 100.100.1.10
|
||||
# p.ns.120.100.in-addr.arpa. 172800 IN AAAA 2001:db8:a001::10
|
||||
# 1.120.100.in-addr.arpa. 172800 IN NS p.1.120.100.in-addr.arpa.
|
||||
# p.1.120.100.in-addr.arpa. 172800 IN A 100.100.1.10
|
||||
# p.1.120.100.in-addr.arpa. 172800 IN AAAA 2001:db8:a001::10
|
||||
# " > /etc/nsd/120.100.in-addr.arpa.zone
|
||||
#
|
||||
# echo -e "zone:
|
||||
# name: \"120.100.in-addr.arpa.\"
|
||||
# zonefile: \"120.100.in-addr.arpa.zone\"
|
||||
# " >> /etc/nsd/nsd.conf
|
||||
#
|
||||
# # 1.120.100.in-addr.arpa
|
||||
# echo -e "1.120.100.in-addr.arpa. 3600 IN SOA b.in-addr-servers.arpa. nstld.iana.org. 2022090676 1800 900 604800 3600
|
||||
# 1.120.100.in-addr.arpa. 172800 IN NS p.ns.1.120.100.in-addr.arpa.
|
||||
# p.ns.1.120.100.in-addr.arpa. 172800 IN A 100.100.1.10
|
||||
# p.ns.1.120.100.in-addr.arpa. 172800 IN AAAA 2001:db8:a001::10
|
||||
# 2.1.120.100.in-addr.arpa. 172800 IN PTR smtp.isp-a.sns.
|
||||
# " > /etc/nsd/1.120.100.in-addr.arpa.zone
|
||||
#
|
||||
# echo -e "zone:
|
||||
# name: \"1.120.100.in-addr.arpa.\"
|
||||
# zonefile: \"1.120.100.in-addr.arpa.zone\"
|
||||
# " >> /etc/nsd/nsd.conf
|
||||
|
||||
|
||||
|
||||
# 2.1.120.100.in-addr.arpa. 172800 IN PTR smtp.isp-a.sns
|
||||
# 100.120.1.2
|
||||
|
||||
|
||||
|
||||
#service nsd restart
|
||||
@ -5,16 +5,16 @@ if [ -z "${KAZGUARD}" ] ; then
|
||||
exit 1
|
||||
fi
|
||||
|
||||
snster -c /root/snster-kaz -t /root/templates start
|
||||
snster -c /root/snster-kaz start
|
||||
sleep 10
|
||||
snster -c /root/snster-kaz -t /root/templates attach kaz-prod -x /mnt/snster/root/snster-kaz/kaz/prod/kaz.sh
|
||||
snster -c /root/snster-kaz attach kaz-prod -x /mnt/snster/root/snster-kaz/kaz/prod/kaz.sh
|
||||
|
||||
# On crée quelques mails
|
||||
SETUP_MAIL="docker exec mailServ setup"
|
||||
snster -c /root/snster-kaz -t /root/templates attach kaz-prod -x "${SETUP_MAIL} email add contact1@kaz.sns toto"
|
||||
snster -c /root/snster-kaz -t /root/templates attach kaz-prod -x "${SETUP_MAIL} email add contact2@kaz.sns toto"
|
||||
snster -c /root/snster-kaz -t /root/templates attach kaz-prod -x "${SETUP_MAIL} email add contact3@kaz.sns toto"
|
||||
snster -c /root/snster-kaz -t /root/templates attach kaz-prod -x "${SETUP_MAIL} email add contact4@kaz.sns toto"
|
||||
snster -c /root/snster-kaz attach kaz-prod -x "${SETUP_MAIL} email add contact1@kaz.sns toto"
|
||||
snster -c /root/snster-kaz attach kaz-prod -x "${SETUP_MAIL} email add contact2@kaz.sns toto"
|
||||
snster -c /root/snster-kaz attach kaz-prod -x "${SETUP_MAIL} email add contact3@kaz.sns toto"
|
||||
snster -c /root/snster-kaz attach kaz-prod -x "${SETUP_MAIL} email add contact4@kaz.sns toto"
|
||||
|
||||
echo -e '#!/bin/sh\nsnster -c /root/snster-kaz start' >> /etc/rc.local
|
||||
chmod +x /etc/rc.local
|
||||
|
||||
@ -180,10 +180,11 @@ EOF
|
||||
cd
|
||||
git clone https://framagit.org/flesueur/snster.git
|
||||
cd snster
|
||||
git checkout tags/v1.1.0
|
||||
./install.sh
|
||||
|
||||
# SNSTER KAZ
|
||||
cp -ar ${VAGRANT_SRC_DIR}/templates /root
|
||||
# cp -ar ${VAGRANT_SRC_DIR}/templates /root
|
||||
cp -ar ${VAGRANT_SRC_DIR}/snster-kaz /root
|
||||
|
||||
# crypto keys
|
||||
@ -191,7 +192,7 @@ EOF
|
||||
cp -ar /etc/letsencrypt /root/snster-kaz/isp-a/home/
|
||||
|
||||
# Build SNSTER KAZ !
|
||||
snster -c /root/snster-kaz -t /root/templates create
|
||||
snster -c /root/snster-kaz create
|
||||
cp "${VAGRANT_SRC_DIR}/vm-install-kaz.sh" /root/
|
||||
chmod +x /root/vm-install-kaz.sh
|
||||
if [ "${NOKAZ}" == "true" ]; then
|
||||
@ -206,6 +207,9 @@ EOF
|
||||
echo "overlay /kaz-prod overlay lowerdir=/var/lib/lxc/sr-masters-bullseye/rootfs,upperdir=/var/lib/lxc/kaz-kaz-prod/overlay/delta,workdir=/var/lib/lxc/kaz-kaz-prod/overlay/work,nofail 0 0" >> /etc/fstab
|
||||
echo "/kaz-prod/kaz /kaz none bind,nofail 0 0" >> /etc/fstab
|
||||
|
||||
# On met le KAZGUARD pour la mise au point
|
||||
echo "export KAZGUARD='true'" >> /root/.bashrc
|
||||
|
||||
echo "########## ********** End Vagrant $(date +%D-%T)"
|
||||
) > >(tee ${DebugLog}stdout.log) 2> >(tee ${DebugLog}stderr.log >&2)
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user