From 6b1e01429626dd015760726cc79eafc756eebe71 Mon Sep 17 00:00:00 2001 From: Kameron Kenny Date: Tue, 25 Feb 2025 14:17:50 -0500 Subject: [PATCH] add dnsdist for pubdns --- Dockerfile.dnsdist | 12 ++ Jenkinsfile | 134 ++++++++++++++++++--- docker-compose.yml | 63 +++++++++- primary/etc/bind/named.conf | 40 ++++-- primary/var/lib/bind/db.10.200 | 2 +- primary/var/lib/bind/db.10.99 | 9 +- primary/var/lib/bind/db.in.thelinuxpro.net | 9 +- secondary/etc/bind/named.conf | 42 +++++-- 8 files changed, 268 insertions(+), 43 deletions(-) create mode 100644 Dockerfile.dnsdist diff --git a/Dockerfile.dnsdist b/Dockerfile.dnsdist new file mode 100644 index 0000000..83c2c7b --- /dev/null +++ b/Dockerfile.dnsdist @@ -0,0 +1,12 @@ +FROM docker-registry1.in.thelinuxpro.net:5000/tlp/tlp_ubuntu:latest + +RUN apt update && apt upgrade -y +RUN apt install -y dnsdist +RUN apt clean + +EXPOSE 53/tcp 53/udp + +COPY dnsdist.conf /etc/dnsdist/dnsdist.conf + +ENTRYPOINT ["/usr/bin/dnsdist", "--uid", "_dnsdist", "--gid", "_dnsdist"] +CMD ["--supervised"] diff --git a/Jenkinsfile b/Jenkinsfile index 8e3fd16..481ff0f 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -19,6 +19,7 @@ pipeline { script { def status_p = sh(returnStatus: true, script: 'docker images | grep bind9-primary | grep $(grep image docker-compose.yml | grep primary | awk -F\':\' \'{ print $4 }\')') def status_s = sh(returnStatus: true, script: 'docker images | grep bind9-secondary | grep $(grep image docker-compose.yml | grep secondary | awk -F\':\' \'{ print $4 }\')') + def status_d = sh(returnStatus: true, script: 'docker images | grep pubdnsdist | grep $(grep image docker-compose.yml | grep pubdnsdist | awk -F\':\' \'{ print $4 }\')') if (status_p != 0) { sh 'docker compose build primary --push' @@ -31,6 +32,12 @@ pipeline { } else { echo "Secondary Image version already exists, no need to rebuild." } + + if (status_d != 0) { + sh 'docker compose build pubdnsdist --push' + } else { + echo "pubdnsdist Image version already exists, no need to rebuild." + } } } } @@ -69,16 +76,17 @@ pipeline { stage('Create contexts') { steps { sh 'docker context ls | grep pi502 || docker context create pi502 --docker "host=ssh://pi502.in.thelinuxpro.net"' + sh 'docker context ls | grep pi503 || docker context create pi503 --docker "host=ssh://pi503.in.thelinuxpro.net"' } } - stage('Stop secondary container') { + stage('Stop secondary container 1') { steps { script { - def status_s = sh(returnStatus: true, script: 'grep $(docker --context pi502 compose ps | tail -n1 | awk \'{ print $2 }\') docker-compose.yml') + def status_s = sh(returnStatus: true, script: 'grep $(docker --context pi502 compose ps | grep ns1 | tail -n1 | awk \'{ print $2 }\') docker-compose.yml') if (status_s != 0) { - sh 'docker --context pi502 compose down' + sh 'docker --context pi502 compose down secondary1' sh 'sleep 5' } else { echo 'skip' @@ -87,13 +95,13 @@ pipeline { } } - stage('Start secondary container') { + stage('Start secondary container 1') { steps { script { - def status_s = sh(returnStatus: true, script: 'grep $(docker --context pi502 compose ps | tail -n1 | awk \'{ print $2 }\') docker-compose.yml') + def status_s = sh(returnStatus: true, script: 'grep $(docker --context pi502 compose ps | grep ns1 | tail -n1 | awk \'{ print $2 }\') docker-compose.yml') if (status_s != 0) { - sh 'docker --context pi502 compose up -d --no-color secondary' + sh 'docker --context pi502 compose up -d --no-color secondary1' sh 'docker --context pi502 compose ps' } else { echo 'skip' @@ -102,21 +110,115 @@ pipeline { } } - stage('Integration Tests') { + stage('Stop secondary container 2') { steps { - sh 'rm -rf test/results' - sh 'mkdir -p test/results/integration' - sh 'bats -F junit test/integration/dns/**/*.bat test/integration/dns/**/**/*.bat > test/results/integration/dns.xml' + script { + def status_s = sh(returnStatus: true, script: 'grep $(docker --context pi503 compose ps | grep ns2 | tail -n1 | awk \'{ print $2 }\') docker-compose.yml') + + if (status_s != 0) { + sh 'docker --context pi503 compose down secondary2' + sh 'sleep 5' + } else { + echo 'skip' + } + } } } - } - post { - always { - archiveArtifacts artifacts: 'test/results/**/*.xml', fingerprint: true - junit 'test/results/**/*.xml' - sh 'rm -rf test/results' + stage('Start secondary container 2') { + steps { + script { + def status_s = sh(returnStatus: true, script: 'grep $(docker --context pi503 compose ps | grep ns2 | tail -n1 | awk \'{ print $2 }\') docker-compose.yml') + + if (status_s != 0) { + sh 'docker --context pi503 compose up -d --no-color secondary2' + sh 'docker --context pi503 compose ps' + } else { + echo 'skip' + } + } + } } + + stage('Stop pubdnsdist container 1') { + steps { + script { + def status = sh(returnStatus: true, script: 'grep $(docker --context pi502 compose ps | grep dnsdist1 | tail -n1 | awk \'{ print $2 }\') docker-compose.yml') + + if (status != 0) { + sh 'docker --context pi502 compose down pubdnsdist1' + sh 'sleep 5' + } else { + echo 'skip' + } + } + } + } + + stage('Start pubdnsdist container 1') { + steps { + script { + def status = sh(returnStatus: true, script: 'grep $(docker --context pi502 compose ps | grep dnsdist1 | tail -n1 | awk \'{ print $2 }\') docker-compose.yml') + + if (status != 0) { + sh 'docker --context pi502 compose up pubdnsdist1 -d' + sh 'docker --context pi502 compose ps' + sh 'sleep 3' + sh 'docker --context pi502 compose logs' + } else { + echo 'skip' + } + } + } + } + + stage('Stop pubdnsdist container 2') { + steps { + script { + def status = sh(returnStatus: true, script: 'grep $(docker --context pi503 compose ps | grep dnsdist2 | tail -n1 | awk \'{ print $2 }\') docker-compose.yml') + + if (status != 0) { + sh 'docker --context pi503 compose down pubdnsdist2' + sh 'sleep 5' + } else { + echo 'skip' + } + } + } + } + + stage('Start pubdnsdist container 2') { + steps { + script { + def status = sh(returnStatus: true, script: 'grep $(docker --context pi503 compose ps | grep dnsdist2 | tail -n1 | awk \'{ print $2 }\') docker-compose.yml') + + if (status != 0) { + sh 'docker --context pi503 compose up pubdnsdist2 -d' + sh 'docker --context pi503 compose ps' + sh 'sleep 3' + sh 'docker --context pi503 compose logs' + } else { + echo 'skip' + } + } + } + } + +// stage('Integration Tests') { +// steps { +// sh 'rm -rf test/results' +// sh 'mkdir -p test/results/integration' +// sh 'bats -F junit test/integration/dns/**/*.bat test/integration/dns/**/**/*.bat > test/results/integration/dns.xml' +// } +// } +// } + +// post { +// always { +// archiveArtifacts artifacts: 'test/results/**/*.xml', fingerprint: true +// junit 'test/results/**/*.xml' +// sh 'rm -rf test/results' +// } } } diff --git a/docker-compose.yml b/docker-compose.yml index 55b3447..476e1ff 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -15,10 +15,10 @@ networks: services: primary: - container_name: ns1 + container_name: ns0 build: dockerfile: Dockerfile.primary - image: docker-registry1.in.thelinuxpro.net:5000/tlp/bind9-primary:250225.0.1 + image: docker-registry1.in.thelinuxpro.net:5000/tlp/bind9-primary:250225.0.3 restart: always user: root environment: @@ -32,16 +32,41 @@ services: #- primary/var/lib/bind:/tmp/bind networks: pub_dns_net: - ipv4_address: 10.99.153.241 + ipv4_address: 10.99.153.250 # command: [ "cp", "-rv", "/tmp/bind/*", "/var/lib/bind/" ] deploy: placement: constraints: [node.role == manager] - secondary: + + secondary1: + container_name: ns1 + build: + dockerfile: Dockerfile.secondary + image: docker-registry1.in.thelinuxpro.net:5000/tlp/bind9-secondary:250225.0.3 + restart: always + user: root + environment: + - TZ='America/Indianapolis' + - BIND9_USER=bind + #volumes: + #- bind9_logs:/var/named/log + #- secondary_var_lib_bind:/var/lib/bind + #- ./secondary/var/lib/bind:/var/lib/bind:rw + #- ./secondary/etc/bind/named.conf:/etc/bind/named.conf:ro + #- secondary/var/lib/bind:/tmp/bind + networks: + pub_dns_net: + ipv4_address: 10.99.153.241 + #command: [ "cp", "-rv", "/tmp/bind/*", "/var/lib/bind/" ] + deploy: + placement: + constraints: [node.role == worker] + + secondary2: container_name: ns2 build: dockerfile: Dockerfile.secondary - image: docker-registry1.in.thelinuxpro.net:5000/tlp/bind9-secondary:250225.0.1 + image: docker-registry1.in.thelinuxpro.net:5000/tlp/bind9-secondary:250225.0.3 restart: always user: root environment: @@ -60,3 +85,31 @@ services: deploy: placement: constraints: [node.role == worker] + + pubdnsdist1: + build: + dockerfile: Dockerfile.dnsdist + container_name: pubdnsdist1 + image: docker-registry1.in.thelinuxpro.net:5000/tlp/pubdnsdist:250225.0.01 + networks: + dns_local_net: + ipv4_address: 10.99.153.251 + restart: always + volumes: + - /etc/timezone:/etc/timezone:ro + - /etc/localtime:/etc/localtime:ro + - /etc/resolv.conf:/etc/resolv.conf:ro + + pubdnsdist2: + build: + dockerfile: Dockerfile.dnsdist + container_name: pubdnsdist2 + image: docker-registry1.in.thelinuxpro.net:5000/tlp/pubdnsdist:250225.0.01 + networks: + dns_local_net: + ipv4_address: 10.99.153.252 + restart: always + volumes: + - /etc/timezone:/etc/timezone:ro + - /etc/localtime:/etc/localtime:ro + - /etc/resolv.conf:/etc/resolv.conf:ro diff --git a/primary/etc/bind/named.conf b/primary/etc/bind/named.conf index 6b02321..4b1e429 100755 --- a/primary/etc/bind/named.conf +++ b/primary/etc/bind/named.conf @@ -22,30 +22,54 @@ options { zone "thelinuxpro.net" in { type master; file "/var/lib/bind/db.thelinuxpro.net"; - allow-transfer { 10.99.153.242; }; - also-notify { 10.99.153.242; }; + allow-transfer { + 10.99.153.241; + 10.99.153.242; + }; + also-notify { + 10.99.153.241; + 10.99.153.242; + }; }; zone "in.thelinuxpro.net" in { type master; file "/var/lib/bind/db.in.thelinuxpro.net"; - allow-transfer { 10.99.153.242; }; + allow-transfer { + 10.99.153.241; + 10.99.153.242; + }; + also-notify { + 10.99.153.241; + 10.99.153.242; + }; // allow-query { internal-nets; }; - also-notify { 10.99.153.242; }; }; zone "kameronkenny.com" in { type master; file "/var/lib/bind/db.kameronkenny.com"; - allow-transfer { 10.99.153.242; }; - also-notify { 10.99.153.242; }; + allow-transfer { + 10.99.153.241; + 10.99.153.242; + }; + also-notify { + 10.99.153.241; + 10.99.153.242; + }; }; zone "thelinux.pro" in { type master; file "/var/lib/bind/db.thelinux.pro"; - allow-transfer { 10.99.153.242; }; - also-notify { 10.99.153.242; }; + allow-transfer { + 10.99.153.241; + 10.99.153.242; + }; + also-notify { + 10.99.153.241; + 10.99.153.242; + }; }; zone "200.10.in-addr.arpa" in { diff --git a/primary/var/lib/bind/db.10.200 b/primary/var/lib/bind/db.10.200 index 8dafbac..d427900 100755 --- a/primary/var/lib/bind/db.10.200 +++ b/primary/var/lib/bind/db.10.200 @@ -1,6 +1,6 @@ $TTL 3600 @ IN SOA in.thelinuxpro.net. hostmaster.in.thelinuxpro.net. ( - 25022501 ; serial + 25022502 ; serial 21600 ; refresh after 6 hours 3600 ; retry after 1 hour 604800 ; expire after 1 week diff --git a/primary/var/lib/bind/db.10.99 b/primary/var/lib/bind/db.10.99 index 14f98a4..2d53e9e 100755 --- a/primary/var/lib/bind/db.10.99 +++ b/primary/var/lib/bind/db.10.99 @@ -1,13 +1,13 @@ $TTL 3600 @ IN SOA in.thelinuxpro.net. hostmaster.in.thelinuxpro.net. ( - 25022501 ; serial + 25022502 ; serial 21600 ; refresh after 6 hours 3600 ; retry after 1 hour 604800 ; expire after 1 week 86400 ) ; minimum TTL of 1 day ; - IN NS ns1.in.thelinuxpro.net. - IN NS ns2.in.thelinuxpro.net. + IN NS nsd1.in.thelinuxpro.net. + IN NS nsd2.in.thelinuxpro.net. ; 51.22 IN PTR pi501.in.thelinuxpro.net. 52.22 IN PTR pi502.in.thelinuxpro.net. @@ -40,3 +40,6 @@ $TTL 3600 111.23 IN PTR sensors.in.thelinuxpor.net. 241.153 IN PTR ns1.in.thelinuxpro.net. 242.153 IN PTR ns2.in.thelinuxpro.net. +250.153 IN PTR ns0.in.thelinuxpro.net. +251.153 IN PTR nsd1.in.thelinuxpro.net. +252.153 IN PTR nsd2.in.thelinuxpro.net. diff --git a/primary/var/lib/bind/db.in.thelinuxpro.net b/primary/var/lib/bind/db.in.thelinuxpro.net index 3eb736f..a0f15bf 100755 --- a/primary/var/lib/bind/db.in.thelinuxpro.net +++ b/primary/var/lib/bind/db.in.thelinuxpro.net @@ -1,21 +1,24 @@ $TTL 2m @ IN SOA in.thelinuxpro.net. root.in.thelinuxpro.net. ( - 25022501 ; serial, todays date + todays serial # + 25022502 ; serial, todays date + todays serial # 1h ; refresh, seconds 15m ; retry, seconds 10D ; expire, seconds 1d ; minimum, seconds ) ; - NS ns1.in.thelinuxpro.net. - NS ns2.in.thelinuxpro.net. + NS nsd1.in.thelinuxpro.net. + NS nsd2.in.thelinuxpro.net. ; MX 10 thelinuxpro.net. ; Primary Mail Exchanger TXT "The Linux Pro Internal Net" ; IN A 127.0.0.1 ; +ns0 IN A 10.99.153.250 ns1 IN A 10.99.153.241 ns2 IN A 10.99.153.242 +nsd1 IN A 10.99.153.251 +nsd2 IN A 10.99.153.252 ; pi401 IN A 10.99.22.61 pi501 IN A 10.99.22.51 diff --git a/secondary/etc/bind/named.conf b/secondary/etc/bind/named.conf index 5ef181c..bd198c0 100755 --- a/secondary/etc/bind/named.conf +++ b/secondary/etc/bind/named.conf @@ -21,41 +21,69 @@ options { zone "thelinuxpro.net" in { type secondary; - primaries { 10.99.153.241; }; + primaries { 10.99.153.250; }; + allow-query { + 10.99.153.251; + 10.99.153.252; + }; }; zone "kameronkenny.com" in { type secondary; - primaries { 10.99.153.241; }; + primaries { 10.99.153.250; }; + allow-query { + 10.99.153.251; + 10.99.153.252; + }; }; zone "thelinux.pro" in { type secondary; - primaries { 10.99.153.241; }; + primaries { 10.99.153.250; }; + allow-query { + 10.99.153.251; + 10.99.153.252; + }; }; zone "in.thelinuxpro.net" in { type secondary; - primaries { 10.99.153.241; }; + primaries { 10.99.153.250; }; // allow-query { internal-nets; }; + allow-query { + 10.99.153.251; + 10.99.153.252; + }; }; zone "200.10.in-addr.arpa" in { type secondary; - primaries { 10.99.153.241; }; + primaries { 10.99.153.250; }; // allow-query { internal-nets; }; + allow-query { + 10.99.153.251; + 10.99.153.252; + }; }; zone "99.10.in-addr.arpa" in { type secondary; - primaries { 10.99.153.241; }; + primaries { 10.99.153.250; }; // allow-query { internal-nets; }; + allow-query { + 10.99.153.251; + 10.99.153.252; + }; }; zone "0.0.127.in-addr.arpa" in { type secondary; - primaries { 10.99.153.241; }; + primaries { 10.99.153.250; }; // allow-query { internal-nets; }; + allow-query { + 10.99.153.251; + 10.99.153.252; + }; }; logging {