passage a snster 1.1.0

2023-01-27 21:15:36 +01:00 · 2023-01-27 21:15:36 +01:00 · e1ac42525b
commit e1ac42525b
parent 91c982ff1c
10 changed files with 20 additions and 222 deletions
--- a/files/snster-kaz/isp-a/group.yml
+++ b/files/snster-kaz/isp-a/group.yml
@ -43,7 +43,7 @@ hosts:
      - mailserver:
          domain: isp-a.sns
      - resolverns:
-          roothints: root.hints
+          roots: p,100.100.1.10,2001:db8:a001::10
      - resolv:
          domain: isp-a.sns
          ns: 100.120.1.2
--- a/files/snster-kaz/isp-a/infra/root.hints
+++ b/files/snster-kaz/isp-a/infra/root.hints
@ -1,3 +0,0 @@
 .												3600000      NS    P.ROOT-SERVERS.NET.
 P.ROOT-SERVERS.NET.      3600000      A     100.100.1.10
 P.ROOT-SERVERS.NET.      3600000      AAAA     2001:db8:a001::10
--- a/files/snster-kaz/opendns/group.yml
+++ b/files/snster-kaz/opendns/group.yml
@ -38,7 +38,7 @@ hosts:
      gatewayv6: 2001:db8:a100::1
    templates:
      - resolverns:
-          roothints: root.hints
+          roots: p,100.100.1.10,2001:db8:a001::10
      - resolv:
          domain: opendns.sns
          ns: 100.100.100.100
--- a/files/snster-kaz/opendns/resolver/root.hints
+++ b/files/snster-kaz/opendns/resolver/root.hints
@ -1,3 +0,0 @@
 .												3600000      NS    P.ROOT-SERVERS.NET.
 P.ROOT-SERVERS.NET.      3600000      A     100.100.1.10
 P.ROOT-SERVERS.NET.      3600000      AAAA     2001:db8:a001::10
--- a/files/snster-kaz/root-p/group.yml
+++ b/files/snster-kaz/root-p/group.yml
@ -38,6 +38,9 @@ hosts:
      gatewayv6: 2001:db8:a001::1
    templates:
      - rootns:
          roots: p,100.100.1.10,2001:db8:a001::10
          tlds: sns,100.100.20.10,2001:db8:a020::10
          reverse: reverse.zone
      - resolv:
          domain: ns-root-p.sns
          ns: 100.100.100.100
--- a/files/snster-kaz/root-p/rootns/reverse.zone
+++ b/files/snster-kaz/root-p/rootns/reverse.zone
@ -0,0 +1,3 @@
 120.100.in-addr.arpa.		172800	IN	NS	p.120.100.in-addr.arpa.
 p.120.100.in-addr.arpa.              172800  IN      A       100.120.1.2
 p.120.100.in-addr.arpa.              172800  IN      AAAA     2001:db8:120:1::2
--- a/files/templates/debian/resolverns/provision.sh
+++ b/files/templates/debian/resolverns/provision.sh
@ -1,50 +0,0 @@
 #!/bin/bash
 # Root NS template
 set -e
 if [ -z $SNSTERGUARD ] ; then exit 1; fi
 DIR=`dirname $0`
 cd `dirname $0`
 # disable systemd-resolved which conflicts with nsd
 echo "DNSStubListener=no" >> /etc/systemd/resolved.conf
 systemctl stop systemd-resolved
 apt-get update
 DEBIAN_FRONTEND=noninteractive apt-get install -y unbound dnsutils
 # get root hints
 #wget "http://www.internic.net/domain/named.root" -O /etc/unbound/root.hints
 echo -e ".												3600000      NS    P.ROOT-SERVERS.NET.
 P.ROOT-SERVERS.NET.      3600000      A     100.100.1.10
 P.ROOT-SERVERS.NET.      3600000      AAAA     2001:db8:a001::10
 " > /etc/unbound/root.hints
 # customize unbound config
 #echo -e "server:
 #	ip-address: 127.0.0.1
 echo -e "server:
 	root-hints: root.hints
 " > /etc/unbound/unbound.conf.d/root.conf
 for i in {64..127}; do
 	echo -e "	local-zone: \"$i.100.in-addr.arpa.\" nodefault" >> /etc/unbound/unbound.conf.d/root.conf
 done
 #	local-zone: \"120.100.in-addr.arpa.\" nodefault
 #  local-zone: \"64.100.in-addr.arpa. to 127.100.in-addr.arpa.\" nodefault
 # for i in {64..127}; do echo $i; done
 # no DNSSEC validation for now
 sed -i "s/auto/\#auto/" /etc/unbound/unbound.conf.d/root-auto-trust-anchor-file.conf
 # Be an open dns resolver -- TO CHANGE LATER
 echo -e "server:
 	interface: 0.0.0.0
  access-control: 0.0.0.0/0 allow
 	cache-max-ttl: 20
 	cache-min-ttl: 10
 	cache-max-negative-ttl: 20
 " > /etc/unbound/unbound.conf.d/listen.conf
 service unbound restart
--- a/files/templates/debian/rootns/provision.sh
+++ b/files/templates/debian/rootns/provision.sh
@ -1,156 +0,0 @@
 #!/bin/bash
 # Root NS template
 set -e
 if [ -z $SNSTERGUARD ] ; then exit 1; fi
 DIR=`dirname $0`
 cd `dirname $0`
 # disable systemd-resolved which conflicts with nsd
 echo "DNSStubListener=no" >> /etc/systemd/resolved.conf
 systemctl stop systemd-resolved
 apt-get update
 DEBIAN_FRONTEND=noninteractive apt-get install -y nsd
 # get root zone
 wget "http://www.internic.net/domain/root.zone" -O /etc/nsd/root.zone
 # customize root zone
 # remove official roots
 sed -i -e 's/^\.\s.*NS.*[a-m].root-servers.net.*//' /etc/nsd/root.zone
 # add alternative milxc root
 echo -e ".	518400	IN	NS	p.root-servers.net
 p.root-servers.net	518400	IN	A 100.100.1.10
 p.root-servers.net	518400	IN	AAAA     2001:db8:a001::10
 " >> /etc/nsd/root.zone
 # add .sns TLD served by 100.100.20.10
 echo -e "sns.	518400	IN	NS	ns.sns.
 ns.sns.	518400	IN	A 100.100.20.10
 ns.sns.	518400	IN	AAAA 2001:db8:a020::10" >> /etc/nsd/root.zone
 # customize nsd config
 #echo -e "server:
 #	ip-address: 127.0.0.1
 echo -e "zone:
 	name: \".\"
 	zonefile: \"root.zone\"
 " > /etc/nsd/nsd.conf
 # Reverse DNS
 #sed -i -e 's/^arpa.*//' /etc/nsd/root.zone
 #sed -i -e 's/^.\.ns\.arpa.*.*//' /etc/nsd/root.zone
 ## Racine
 sed -i -e '/NSEC.*/d' /etc/nsd/root.zone
 sed -i -e '/RRSIG.*/d' /etc/nsd/root.zone
 sed -i -e '/DNSKEY.*/d' /etc/nsd/root.zone
 sed -i -e '/DS.*/d' /etc/nsd/root.zone
 sed -i -e '/^arpa.*/d' /etc/nsd/root.zone
 sed -i -e '/^.\.ns\.arpa.*.*/d' /etc/nsd/root.zone
 echo -e "arpa.	172800  IN      NS      p.ns.arpa.
 p.ns.arpa.              172800  IN      A       100.100.1.10
 p.ns.arpa.              172800  IN      AAAA     2001:db8:a001::10
 " >> /etc/nsd/root.zone
 ## .arpa
 wget "https://www.internic.net/domain/arpa.zone" -O /etc/nsd/arpa.zone
 sed -i -e '/NSEC.*/d' /etc/nsd/arpa.zone
 sed -i -e '/RRSIG.*/d' /etc/nsd/arpa.zone
 sed -i -e '/DNSKEY.*/d' /etc/nsd/arpa.zone
 sed -i -e '/DS.*/d' /etc/nsd/arpa.zone
 sed -i -e '/^arpa\.\s.*NS.*[a-m].ns.arpa.*/d' /etc/nsd/arpa.zone
 sed -i -e '/^in-addr.*/d' /etc/nsd/arpa.zone
 sed -i -e '/^.\.in-addr.*/d' /etc/nsd/arpa.zone
 echo -e "arpa.	172800  IN      NS      p.ns.arpa.
 p.ns.arpa.              172800  IN      A       100.100.1.10
 p.ns.arpa.              172800  IN      AAAA     2001:db8:a001::10
 in-addr.arpa.		172800	IN	NS	p.in-addr-servers.arpa.
 p.in-addr-servers.arpa.              172800  IN      A       100.100.1.10
 p.in-addr-servers.arpa.              172800  IN      AAAA     2001:db8:a001::10
 " >> /etc/nsd/arpa.zone
 echo -e "zone:
 	name: \"arpa.\"
 	zonefile: \"arpa.zone\"
 " >> /etc/nsd/nsd.conf
 ## .in-addr.arpa
 wget "https://www.internic.net/domain/in-addr.arpa.zone" -O /etc/nsd/in-addr.arpa.zone
 sed -i -e '/SOA.*/d' /etc/nsd/in-addr.arpa.zone
 sed -i -e '/NSEC.*/d' /etc/nsd/in-addr.arpa.zone
 sed -i -e '/RRSIG.*/d' /etc/nsd/in-addr.arpa.zone
 sed -i -e '/DNSKEY.*/d' /etc/nsd/in-addr.arpa.zone
 sed -i -e '/DS.*/d' /etc/nsd/in-addr.arpa.zone
 sed -i -e '/^in-addr\.arpa\.\s.*NS.*[a-m].in-addr-servers.arpa.*/d' /etc/nsd/in-addr.arpa.zone
 sed -i -e '/^100.*/d' /etc/nsd/in-addr.arpa.zone
 echo -e "in-addr.arpa.	172800  IN      NS      p.ns.in-addr.arpa.
 p.ns.in-addr.arpa.              172800  IN      A       100.100.1.10
 p.ns.in-addr.arpa.              172800  IN      AAAA     2001:db8:a001::10
 100.in-addr.arpa.		172800	IN	NS	p.100.in-addr.arpa.
 p.100.in-addr.arpa.              172800  IN      A       100.100.1.10
 p.100.in-addr.arpa.              172800  IN      AAAA     2001:db8:a001::10
 in-addr.arpa.           3600    IN      SOA     b.in-addr-servers.arpa. nstld.iana.org. 2022090676 1800 900 604800 3600
 " >> /etc/nsd/in-addr.arpa.zone
 echo -e "zone:
 	name: \"in-addr.arpa.\"
 	zonefile: \"in-addr.arpa.zone\"
 " >> /etc/nsd/nsd.conf
 # 100.in-addr.arpa
 echo -e "100.in-addr.arpa.           3600    IN      SOA     b.in-addr-servers.arpa. nstld.iana.org. 2022090676 1800 900 604800 3600
 100.in-addr.arpa.	172800  IN      NS      p.ns.100.in-addr.arpa.
 p.ns.100.in-addr.arpa.              172800  IN      A       100.100.1.10
 p.ns.100.in-addr.arpa.              172800  IN      AAAA     2001:db8:a001::10
 120.100.in-addr.arpa.		172800	IN	NS	p.120.100.in-addr.arpa.
 p.120.100.in-addr.arpa.              172800  IN      A       100.120.1.2
 p.120.100.in-addr.arpa.              172800  IN      AAAA     2001:db8:120:1::2
 " > /etc/nsd/100.in-addr.arpa.zone
 echo -e "zone:
 	name: \"100.in-addr.arpa.\"
 	zonefile: \"100.in-addr.arpa.zone\"
 " >> /etc/nsd/nsd.conf
 #
 # # 120.100.in-addr.arpa
 # echo -e "120.100.in-addr.arpa.           3600    IN      SOA     b.in-addr-servers.arpa. nstld.iana.org. 2022090676 1800 900 604800 3600
 # 120.100.in-addr.arpa.	172800  IN      NS      p.ns.120.100.in-addr.arpa.
 # p.ns.120.100.in-addr.arpa.              172800  IN      A       100.100.1.10
 # p.ns.120.100.in-addr.arpa.              172800  IN      AAAA     2001:db8:a001::10
 # 1.120.100.in-addr.arpa.		172800	IN	NS	p.1.120.100.in-addr.arpa.
 # p.1.120.100.in-addr.arpa.              172800  IN      A       100.100.1.10
 # p.1.120.100.in-addr.arpa.              172800  IN      AAAA     2001:db8:a001::10
 # " > /etc/nsd/120.100.in-addr.arpa.zone
 #
 # echo -e "zone:
 # 	name: \"120.100.in-addr.arpa.\"
 # 	zonefile: \"120.100.in-addr.arpa.zone\"
 # " >> /etc/nsd/nsd.conf
 #
 # # 1.120.100.in-addr.arpa
 # echo -e "1.120.100.in-addr.arpa.           3600    IN      SOA     b.in-addr-servers.arpa. nstld.iana.org. 2022090676 1800 900 604800 3600
 # 1.120.100.in-addr.arpa.	172800  IN      NS      p.ns.1.120.100.in-addr.arpa.
 # p.ns.1.120.100.in-addr.arpa.              172800  IN      A       100.100.1.10
 # p.ns.1.120.100.in-addr.arpa.              172800  IN      AAAA     2001:db8:a001::10
 # 2.1.120.100.in-addr.arpa.		172800	IN	PTR  smtp.isp-a.sns.
 # " > /etc/nsd/1.120.100.in-addr.arpa.zone
 #
 # echo -e "zone:
 # 	name: \"1.120.100.in-addr.arpa.\"
 # 	zonefile: \"1.120.100.in-addr.arpa.zone\"
 # " >> /etc/nsd/nsd.conf
 # 2.1.120.100.in-addr.arpa.		172800  IN      PTR       smtp.isp-a.sns
 # 100.120.1.2
 #service nsd restart
--- a/files/vm-install-kaz.sh
+++ b/files/vm-install-kaz.sh
@ -5,16 +5,16 @@ if [ -z "${KAZGUARD}" ] ; then
    exit 1
 fi
-snster -c /root/snster-kaz -t /root/templates start
+snster -c /root/snster-kaz start
 sleep 10
-snster -c /root/snster-kaz -t /root/templates attach kaz-prod -x /mnt/snster/root/snster-kaz/kaz/prod/kaz.sh
+snster -c /root/snster-kaz attach kaz-prod -x /mnt/snster/root/snster-kaz/kaz/prod/kaz.sh
 # On crée quelques mails
 SETUP_MAIL="docker exec mailServ setup"
-snster -c /root/snster-kaz -t /root/templates attach kaz-prod -x "${SETUP_MAIL} email add contact1@kaz.sns toto"
+snster -c /root/snster-kaz attach kaz-prod -x "${SETUP_MAIL} email add contact1@kaz.sns toto"
-snster -c /root/snster-kaz -t /root/templates attach kaz-prod -x "${SETUP_MAIL} email add contact2@kaz.sns toto"
+snster -c /root/snster-kaz attach kaz-prod -x "${SETUP_MAIL} email add contact2@kaz.sns toto"
-snster -c /root/snster-kaz -t /root/templates attach kaz-prod -x "${SETUP_MAIL} email add contact3@kaz.sns toto"
+snster -c /root/snster-kaz attach kaz-prod -x "${SETUP_MAIL} email add contact3@kaz.sns toto"
-snster -c /root/snster-kaz -t /root/templates attach kaz-prod -x "${SETUP_MAIL} email add contact4@kaz.sns toto"
+snster -c /root/snster-kaz attach kaz-prod -x "${SETUP_MAIL} email add contact4@kaz.sns toto"
 echo -e '#!/bin/sh\nsnster -c /root/snster-kaz start' >> /etc/rc.local
 chmod +x /etc/rc.local
--- a/files/vm-provision.sh
+++ b/files/vm-provision.sh
@ -180,10 +180,11 @@ EOF
    cd
    git clone https://framagit.org/flesueur/snster.git
    cd snster
    git checkout tags/v1.1.0
    ./install.sh
    # SNSTER KAZ
-    cp -ar ${VAGRANT_SRC_DIR}/templates /root
+    # cp -ar ${VAGRANT_SRC_DIR}/templates /root
    cp -ar ${VAGRANT_SRC_DIR}/snster-kaz /root
    # crypto keys
@ -191,7 +192,7 @@ EOF
    cp -ar /etc/letsencrypt /root/snster-kaz/isp-a/home/
    # Build SNSTER KAZ !
-    snster -c /root/snster-kaz -t /root/templates create
+    snster -c /root/snster-kaz create
    cp "${VAGRANT_SRC_DIR}/vm-install-kaz.sh" /root/
    chmod +x /root/vm-install-kaz.sh
    if [ "${NOKAZ}" == "true" ]; then
@ -206,6 +207,9 @@ EOF
    echo "overlay	/kaz-prod	overlay	lowerdir=/var/lib/lxc/sr-masters-bullseye/rootfs,upperdir=/var/lib/lxc/kaz-kaz-prod/overlay/delta,workdir=/var/lib/lxc/kaz-kaz-prod/overlay/work,nofail  0 0" >> /etc/fstab
    echo "/kaz-prod/kaz /kaz  none  bind,nofail  0 0" >> /etc/fstab
    # On met le KAZGUARD pour la mise au point
    echo "export KAZGUARD='true'" >> /root/.bashrc
    echo "########## ********** End Vagrant $(date +%D-%T)"
 )  > >(tee ${DebugLog}stdout.log) 2> >(tee ${DebugLog}stderr.log >&2)