diff --git a/files/snster-kaz/isp-a/group.yml b/files/snster-kaz/isp-a/group.yml index 3d624a8..8a07fb3 100644 --- a/files/snster-kaz/isp-a/group.yml +++ b/files/snster-kaz/isp-a/group.yml @@ -43,7 +43,7 @@ hosts: - mailserver: domain: isp-a.sns - resolverns: - roothints: root.hints + roots: p,100.100.1.10,2001:db8:a001::10 - resolv: domain: isp-a.sns ns: 100.120.1.2 diff --git a/files/snster-kaz/isp-a/infra/root.hints b/files/snster-kaz/isp-a/infra/root.hints deleted file mode 100644 index 120c5ae..0000000 --- a/files/snster-kaz/isp-a/infra/root.hints +++ /dev/null @@ -1,3 +0,0 @@ -. 3600000 NS P.ROOT-SERVERS.NET. -P.ROOT-SERVERS.NET. 3600000 A 100.100.1.10 -P.ROOT-SERVERS.NET. 3600000 AAAA 2001:db8:a001::10 diff --git a/files/snster-kaz/opendns/group.yml b/files/snster-kaz/opendns/group.yml index cd4a6f9..29c9423 100644 --- a/files/snster-kaz/opendns/group.yml +++ b/files/snster-kaz/opendns/group.yml @@ -38,7 +38,7 @@ hosts: gatewayv6: 2001:db8:a100::1 templates: - resolverns: - roothints: root.hints + roots: p,100.100.1.10,2001:db8:a001::10 - resolv: domain: opendns.sns ns: 100.100.100.100 diff --git a/files/snster-kaz/opendns/resolver/root.hints b/files/snster-kaz/opendns/resolver/root.hints deleted file mode 100644 index 120c5ae..0000000 --- a/files/snster-kaz/opendns/resolver/root.hints +++ /dev/null @@ -1,3 +0,0 @@ -. 3600000 NS P.ROOT-SERVERS.NET. -P.ROOT-SERVERS.NET. 3600000 A 100.100.1.10 -P.ROOT-SERVERS.NET. 3600000 AAAA 2001:db8:a001::10 diff --git a/files/snster-kaz/root-p/group.yml b/files/snster-kaz/root-p/group.yml index a4540bb..276ac0e 100644 --- a/files/snster-kaz/root-p/group.yml +++ b/files/snster-kaz/root-p/group.yml @@ -38,6 +38,9 @@ hosts: gatewayv6: 2001:db8:a001::1 templates: - rootns: + roots: p,100.100.1.10,2001:db8:a001::10 + tlds: sns,100.100.20.10,2001:db8:a020::10 + reverse: reverse.zone - resolv: domain: ns-root-p.sns ns: 100.100.100.100 diff --git a/files/snster-kaz/root-p/rootns/reverse.zone b/files/snster-kaz/root-p/rootns/reverse.zone new file mode 100644 index 0000000..a86c6d5 --- /dev/null +++ b/files/snster-kaz/root-p/rootns/reverse.zone @@ -0,0 +1,3 @@ +120.100.in-addr.arpa. 172800 IN NS p.120.100.in-addr.arpa. +p.120.100.in-addr.arpa. 172800 IN A 100.120.1.2 +p.120.100.in-addr.arpa. 172800 IN AAAA 2001:db8:120:1::2 diff --git a/files/templates/debian/resolverns/provision.sh b/files/templates/debian/resolverns/provision.sh deleted file mode 100644 index d0b843c..0000000 --- a/files/templates/debian/resolverns/provision.sh +++ /dev/null @@ -1,50 +0,0 @@ -#!/bin/bash -# Root NS template -set -e -if [ -z $SNSTERGUARD ] ; then exit 1; fi -DIR=`dirname $0` -cd `dirname $0` - -# disable systemd-resolved which conflicts with nsd -echo "DNSStubListener=no" >> /etc/systemd/resolved.conf -systemctl stop systemd-resolved - -apt-get update -DEBIAN_FRONTEND=noninteractive apt-get install -y unbound dnsutils - -# get root hints -#wget "http://www.internic.net/domain/named.root" -O /etc/unbound/root.hints -echo -e ". 3600000 NS P.ROOT-SERVERS.NET. -P.ROOT-SERVERS.NET. 3600000 A 100.100.1.10 -P.ROOT-SERVERS.NET. 3600000 AAAA 2001:db8:a001::10 -" > /etc/unbound/root.hints - -# customize unbound config -#echo -e "server: -# ip-address: 127.0.0.1 -echo -e "server: - root-hints: root.hints -" > /etc/unbound/unbound.conf.d/root.conf - -for i in {64..127}; do - echo -e " local-zone: \"$i.100.in-addr.arpa.\" nodefault" >> /etc/unbound/unbound.conf.d/root.conf -done - - -# local-zone: \"120.100.in-addr.arpa.\" nodefault -# local-zone: \"64.100.in-addr.arpa. to 127.100.in-addr.arpa.\" nodefault -# for i in {64..127}; do echo $i; done - -# no DNSSEC validation for now -sed -i "s/auto/\#auto/" /etc/unbound/unbound.conf.d/root-auto-trust-anchor-file.conf - -# Be an open dns resolver -- TO CHANGE LATER -echo -e "server: - interface: 0.0.0.0 - access-control: 0.0.0.0/0 allow - cache-max-ttl: 20 - cache-min-ttl: 10 - cache-max-negative-ttl: 20 -" > /etc/unbound/unbound.conf.d/listen.conf - -service unbound restart diff --git a/files/templates/debian/rootns/provision.sh b/files/templates/debian/rootns/provision.sh deleted file mode 100644 index 3bf8888..0000000 --- a/files/templates/debian/rootns/provision.sh +++ /dev/null @@ -1,156 +0,0 @@ -#!/bin/bash -# Root NS template -set -e -if [ -z $SNSTERGUARD ] ; then exit 1; fi -DIR=`dirname $0` -cd `dirname $0` - -# disable systemd-resolved which conflicts with nsd -echo "DNSStubListener=no" >> /etc/systemd/resolved.conf -systemctl stop systemd-resolved - -apt-get update -DEBIAN_FRONTEND=noninteractive apt-get install -y nsd - -# get root zone -wget "http://www.internic.net/domain/root.zone" -O /etc/nsd/root.zone - -# customize root zone -# remove official roots -sed -i -e 's/^\.\s.*NS.*[a-m].root-servers.net.*//' /etc/nsd/root.zone -# add alternative milxc root - -echo -e ". 518400 IN NS p.root-servers.net -p.root-servers.net 518400 IN A 100.100.1.10 -p.root-servers.net 518400 IN AAAA 2001:db8:a001::10 -" >> /etc/nsd/root.zone - - -# add .sns TLD served by 100.100.20.10 -echo -e "sns. 518400 IN NS ns.sns. -ns.sns. 518400 IN A 100.100.20.10 -ns.sns. 518400 IN AAAA 2001:db8:a020::10" >> /etc/nsd/root.zone - -# customize nsd config -#echo -e "server: -# ip-address: 127.0.0.1 -echo -e "zone: - name: \".\" - zonefile: \"root.zone\" -" > /etc/nsd/nsd.conf - -# Reverse DNS -#sed -i -e 's/^arpa.*//' /etc/nsd/root.zone -#sed -i -e 's/^.\.ns\.arpa.*.*//' /etc/nsd/root.zone - -## Racine -sed -i -e '/NSEC.*/d' /etc/nsd/root.zone -sed -i -e '/RRSIG.*/d' /etc/nsd/root.zone -sed -i -e '/DNSKEY.*/d' /etc/nsd/root.zone -sed -i -e '/DS.*/d' /etc/nsd/root.zone -sed -i -e '/^arpa.*/d' /etc/nsd/root.zone -sed -i -e '/^.\.ns\.arpa.*.*/d' /etc/nsd/root.zone -echo -e "arpa. 172800 IN NS p.ns.arpa. -p.ns.arpa. 172800 IN A 100.100.1.10 -p.ns.arpa. 172800 IN AAAA 2001:db8:a001::10 -" >> /etc/nsd/root.zone - -## .arpa -wget "https://www.internic.net/domain/arpa.zone" -O /etc/nsd/arpa.zone -sed -i -e '/NSEC.*/d' /etc/nsd/arpa.zone -sed -i -e '/RRSIG.*/d' /etc/nsd/arpa.zone -sed -i -e '/DNSKEY.*/d' /etc/nsd/arpa.zone -sed -i -e '/DS.*/d' /etc/nsd/arpa.zone -sed -i -e '/^arpa\.\s.*NS.*[a-m].ns.arpa.*/d' /etc/nsd/arpa.zone -sed -i -e '/^in-addr.*/d' /etc/nsd/arpa.zone -sed -i -e '/^.\.in-addr.*/d' /etc/nsd/arpa.zone -echo -e "arpa. 172800 IN NS p.ns.arpa. -p.ns.arpa. 172800 IN A 100.100.1.10 -p.ns.arpa. 172800 IN AAAA 2001:db8:a001::10 -in-addr.arpa. 172800 IN NS p.in-addr-servers.arpa. -p.in-addr-servers.arpa. 172800 IN A 100.100.1.10 -p.in-addr-servers.arpa. 172800 IN AAAA 2001:db8:a001::10 -" >> /etc/nsd/arpa.zone - -echo -e "zone: - name: \"arpa.\" - zonefile: \"arpa.zone\" -" >> /etc/nsd/nsd.conf - -## .in-addr.arpa -wget "https://www.internic.net/domain/in-addr.arpa.zone" -O /etc/nsd/in-addr.arpa.zone -sed -i -e '/SOA.*/d' /etc/nsd/in-addr.arpa.zone -sed -i -e '/NSEC.*/d' /etc/nsd/in-addr.arpa.zone -sed -i -e '/RRSIG.*/d' /etc/nsd/in-addr.arpa.zone -sed -i -e '/DNSKEY.*/d' /etc/nsd/in-addr.arpa.zone -sed -i -e '/DS.*/d' /etc/nsd/in-addr.arpa.zone -sed -i -e '/^in-addr\.arpa\.\s.*NS.*[a-m].in-addr-servers.arpa.*/d' /etc/nsd/in-addr.arpa.zone -sed -i -e '/^100.*/d' /etc/nsd/in-addr.arpa.zone -echo -e "in-addr.arpa. 172800 IN NS p.ns.in-addr.arpa. -p.ns.in-addr.arpa. 172800 IN A 100.100.1.10 -p.ns.in-addr.arpa. 172800 IN AAAA 2001:db8:a001::10 -100.in-addr.arpa. 172800 IN NS p.100.in-addr.arpa. -p.100.in-addr.arpa. 172800 IN A 100.100.1.10 -p.100.in-addr.arpa. 172800 IN AAAA 2001:db8:a001::10 -in-addr.arpa. 3600 IN SOA b.in-addr-servers.arpa. nstld.iana.org. 2022090676 1800 900 604800 3600 -" >> /etc/nsd/in-addr.arpa.zone - -echo -e "zone: - name: \"in-addr.arpa.\" - zonefile: \"in-addr.arpa.zone\" -" >> /etc/nsd/nsd.conf - - - -# 100.in-addr.arpa -echo -e "100.in-addr.arpa. 3600 IN SOA b.in-addr-servers.arpa. nstld.iana.org. 2022090676 1800 900 604800 3600 -100.in-addr.arpa. 172800 IN NS p.ns.100.in-addr.arpa. -p.ns.100.in-addr.arpa. 172800 IN A 100.100.1.10 -p.ns.100.in-addr.arpa. 172800 IN AAAA 2001:db8:a001::10 -120.100.in-addr.arpa. 172800 IN NS p.120.100.in-addr.arpa. -p.120.100.in-addr.arpa. 172800 IN A 100.120.1.2 -p.120.100.in-addr.arpa. 172800 IN AAAA 2001:db8:120:1::2 -" > /etc/nsd/100.in-addr.arpa.zone - -echo -e "zone: - name: \"100.in-addr.arpa.\" - zonefile: \"100.in-addr.arpa.zone\" -" >> /etc/nsd/nsd.conf - -# -# # 120.100.in-addr.arpa -# echo -e "120.100.in-addr.arpa. 3600 IN SOA b.in-addr-servers.arpa. nstld.iana.org. 2022090676 1800 900 604800 3600 -# 120.100.in-addr.arpa. 172800 IN NS p.ns.120.100.in-addr.arpa. -# p.ns.120.100.in-addr.arpa. 172800 IN A 100.100.1.10 -# p.ns.120.100.in-addr.arpa. 172800 IN AAAA 2001:db8:a001::10 -# 1.120.100.in-addr.arpa. 172800 IN NS p.1.120.100.in-addr.arpa. -# p.1.120.100.in-addr.arpa. 172800 IN A 100.100.1.10 -# p.1.120.100.in-addr.arpa. 172800 IN AAAA 2001:db8:a001::10 -# " > /etc/nsd/120.100.in-addr.arpa.zone -# -# echo -e "zone: -# name: \"120.100.in-addr.arpa.\" -# zonefile: \"120.100.in-addr.arpa.zone\" -# " >> /etc/nsd/nsd.conf -# -# # 1.120.100.in-addr.arpa -# echo -e "1.120.100.in-addr.arpa. 3600 IN SOA b.in-addr-servers.arpa. nstld.iana.org. 2022090676 1800 900 604800 3600 -# 1.120.100.in-addr.arpa. 172800 IN NS p.ns.1.120.100.in-addr.arpa. -# p.ns.1.120.100.in-addr.arpa. 172800 IN A 100.100.1.10 -# p.ns.1.120.100.in-addr.arpa. 172800 IN AAAA 2001:db8:a001::10 -# 2.1.120.100.in-addr.arpa. 172800 IN PTR smtp.isp-a.sns. -# " > /etc/nsd/1.120.100.in-addr.arpa.zone -# -# echo -e "zone: -# name: \"1.120.100.in-addr.arpa.\" -# zonefile: \"1.120.100.in-addr.arpa.zone\" -# " >> /etc/nsd/nsd.conf - - - -# 2.1.120.100.in-addr.arpa. 172800 IN PTR smtp.isp-a.sns -# 100.120.1.2 - - - -#service nsd restart diff --git a/files/vm-install-kaz.sh b/files/vm-install-kaz.sh index e2d5317..ace8725 100644 --- a/files/vm-install-kaz.sh +++ b/files/vm-install-kaz.sh @@ -5,16 +5,16 @@ if [ -z "${KAZGUARD}" ] ; then exit 1 fi -snster -c /root/snster-kaz -t /root/templates start +snster -c /root/snster-kaz start sleep 10 -snster -c /root/snster-kaz -t /root/templates attach kaz-prod -x /mnt/snster/root/snster-kaz/kaz/prod/kaz.sh +snster -c /root/snster-kaz attach kaz-prod -x /mnt/snster/root/snster-kaz/kaz/prod/kaz.sh # On crée quelques mails SETUP_MAIL="docker exec mailServ setup" -snster -c /root/snster-kaz -t /root/templates attach kaz-prod -x "${SETUP_MAIL} email add contact1@kaz.sns toto" -snster -c /root/snster-kaz -t /root/templates attach kaz-prod -x "${SETUP_MAIL} email add contact2@kaz.sns toto" -snster -c /root/snster-kaz -t /root/templates attach kaz-prod -x "${SETUP_MAIL} email add contact3@kaz.sns toto" -snster -c /root/snster-kaz -t /root/templates attach kaz-prod -x "${SETUP_MAIL} email add contact4@kaz.sns toto" +snster -c /root/snster-kaz attach kaz-prod -x "${SETUP_MAIL} email add contact1@kaz.sns toto" +snster -c /root/snster-kaz attach kaz-prod -x "${SETUP_MAIL} email add contact2@kaz.sns toto" +snster -c /root/snster-kaz attach kaz-prod -x "${SETUP_MAIL} email add contact3@kaz.sns toto" +snster -c /root/snster-kaz attach kaz-prod -x "${SETUP_MAIL} email add contact4@kaz.sns toto" echo -e '#!/bin/sh\nsnster -c /root/snster-kaz start' >> /etc/rc.local chmod +x /etc/rc.local diff --git a/files/vm-provision.sh b/files/vm-provision.sh index 983467b..c920ce6 100755 --- a/files/vm-provision.sh +++ b/files/vm-provision.sh @@ -180,10 +180,11 @@ EOF cd git clone https://framagit.org/flesueur/snster.git cd snster + git checkout tags/v1.1.0 ./install.sh # SNSTER KAZ - cp -ar ${VAGRANT_SRC_DIR}/templates /root + # cp -ar ${VAGRANT_SRC_DIR}/templates /root cp -ar ${VAGRANT_SRC_DIR}/snster-kaz /root # crypto keys @@ -191,7 +192,7 @@ EOF cp -ar /etc/letsencrypt /root/snster-kaz/isp-a/home/ # Build SNSTER KAZ ! - snster -c /root/snster-kaz -t /root/templates create + snster -c /root/snster-kaz create cp "${VAGRANT_SRC_DIR}/vm-install-kaz.sh" /root/ chmod +x /root/vm-install-kaz.sh if [ "${NOKAZ}" == "true" ]; then @@ -206,6 +207,9 @@ EOF echo "overlay /kaz-prod overlay lowerdir=/var/lib/lxc/sr-masters-bullseye/rootfs,upperdir=/var/lib/lxc/kaz-kaz-prod/overlay/delta,workdir=/var/lib/lxc/kaz-kaz-prod/overlay/work,nofail 0 0" >> /etc/fstab echo "/kaz-prod/kaz /kaz none bind,nofail 0 0" >> /etc/fstab + # On met le KAZGUARD pour la mise au point + echo "export KAZGUARD='true'" >> /root/.bashrc + echo "########## ********** End Vagrant $(date +%D-%T)" ) > >(tee ${DebugLog}stdout.log) 2> >(tee ${DebugLog}stderr.log >&2)