Page Menu
Home
DevCentral
Search
Configure Global Search
Log In
Files
F11723175
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Size
17 KB
Referenced Files
None
Subscribers
None
View Options
diff --git a/pillar/nodes/nodes.sls b/pillar/nodes/nodes.sls
index 174a41c..7c4f852 100644
--- a/pillar/nodes/nodes.sls
+++ b/pillar/nodes/nodes.sls
@@ -1,371 +1,372 @@
# -------------------------------------------------------------
# Salt — Nodes
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# Created: 2017-10-20
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
nodes_aliases:
netmasks:
intranought: &intranought_netmask 255.255.255.240
nodes:
##
## Forest: Nasqueron
## Semantic field: https://devcentral.nasqueron.org/P27
##
cloudhugger:
forest: nasqueron-infra
hostname: cloudhugger.nasqueron.org
roles:
- opensearch
network:
ipv6_tunnel: False
canonical_public_ipv4: 188.165.200.229
interfaces:
eno1:
device: eno1
ipv4:
address: 188.165.200.229
netmask: 255.255.255.0
gateway: 188.165.200.254
ipv6:
address: fe80::ec4:7aff:fe6a:36e8
prefix: 64
gateway: fe80::ee30:91ff:fee0:df80
complector:
forest: nasqueron-infra
hostname: complector.nasqueron.org
roles:
- vault
- salt-primary
zfs:
pool: zroot
network:
ipv6_tunnel: False
interfaces:
intranought:
device: vmx0
ipv4:
address: 172.27.27.7
netmask: *intranought_netmask
gateway: 172.27.27.1
db-A-001:
forest: nasqueron-infra
hostname: db-A-001.nasqueron.drake
roles:
- dbserver-pgsql
zfs:
pool: arcology
dbserver:
cluster: A
network:
ipv6_tunnel: False
interfaces:
intranought:
device: vmx0
ipv4:
address: 172.27.27.8
netmask: *intranought_netmask
gateway: 172.27.27.1
db-B-001:
forest: nasqueron-infra
hostname: db-B-001.nasqueron.drake
roles:
- dbserver-mysql
zfs:
pool: arcology
dbserver:
cluster: B
network:
ipv6_tunnel: False
interfaces:
intranought:
device: vmx0
ipv4:
address: 172.27.27.9
netmask: *intranought_netmask
gateway: 172.27.27.1
dns-001:
forest: nasqueron-infra
hostname: dns-001.nasqueron.org
roles:
- dns
zfs:
pool: arcology
network:
interfaces:
public:
device: vmx0
ipv4:
address: 178.32.70.109
netmask: 255.255.255.255
ipv6:
address: 2001:41d0:303:d971::1057:da7a
gateway: 2001:41d0:303:d9ff:ff:ff:ff:ff
prefix: 56
flags:
- hello_ipv6_ovh
intranought:
device: vmx1
ipv4:
address: 172.27.27.2
netmask: *intranought_netmask
gateway: 172.27.27.1
dwellers:
forest: nasqueron-dev-docker
hostname: dwellers.nasqueron.org
roles:
- paas-lxc
- paas-docker
- paas-docker-dev
- mastodon
flags:
install_docker_devel_tools: True
network:
ipv6_tunnel: True
canonical_public_ipv4: 51.255.124.11
interfaces:
public:
device: ens192
uuid: 6e05ebea-f2fd-4ca1-a21f-78a778664d8c
ipv4:
address: 51.255.124.11
netmask: *intranought_netmask
gateway: 51.210.99.254
intranought:
device: ens224
uuid: 8e8ca793-b2eb-46d8-9266-125aba6d06c4
ipv4:
address: 172.27.27.4
netmask: *intranought_netmask
gateway: 172.27.27.1
docker-002:
forest: nasqueron-infra
hostname: docker-002.nasqueron.org
roles:
- paas-docker
- paas-docker-prod
network:
ipv6_tunnel: True
canonical_public_ipv4: 51.255.124.9
interfaces:
public:
device: ens192
uuid: d55e0fec-f90b-3014-a458-9067ff8f2520
ipv4:
address: 51.255.124.10
netmask: *intranought_netmask
gateway: 51.210.99.254
intranought:
device: ens224
uuid: 57c04bcc-929b-3177-a2e3-88f84f210721
ipv4:
address: 172.27.27.5
netmask: *intranought_netmask
gateway: 172.27.27.1
hervil:
forest: nasqueron-infra
hostname: hervil.nasqueron.drake
network:
interfaces:
vmx0:
device: vmx0
ipv4:
address: 172.27.27.3
netmask: *intranought_netmask
gateway: 172.27.27.1
vmx1:
device: vmx1
ipv4:
address: 178.32.70.108
netmask: 255.255.255.255
roles:
- mailserver
- webserver-core
- webserver-alkane
router-001:
forest: nasqueron-infra
hostname: router-001.nasqueron.org
roles:
- router
network:
ipv6_tunnel: False
canonical_public_ipv4: 51.255.124.8
interfaces:
public:
device: vmx0
ipv4:
address: 51.255.124.8
netmask: *intranought_netmask
gateway: 51.210.99.254
ipv6:
address: 2001:41d0:303:d971::6a7e
gateway: 2001:41d0:303:d9ff:ff:ff:ff:ff
prefix: 64
flags:
- ipv4_ovh_failover
intranought:
device: vmx1
ipv4:
address: 172.27.27.1
netmask: *intranought_netmask
web-001:
forest: nasqueron-infra
hostname: web-001.nasqueron.org
roles:
- webserver-alkane
- webserver-alkane-prod
- saas-mediawiki
- saas-wordpress
network:
ipv6_tunnel: False
canonical_public_ipv4: 51.255.124.10
interfaces:
intranought:
device: vmx0
ipv4:
address: 172.27.27.10
netmask: *intranought_netmask
gateway: 172.27.27.1
public:
device: vmx1
ipv4:
address: 51.255.124.10
netmask: 255.255.255.255
gateway: 51.210.99.254
ipv6:
address: 2001:41d0:303:d971::517e:c0de
gateway: 2001:41d0:303:d9ff:ff:ff:ff:ff
prefix: 56
flags:
- ipv4_ovh_failover
- hello_ipv6_ovh
ysul:
forest: nasqueron-dev
hostname: ysul.nasqueron.org
roles:
- devserver
- dbserver-mysql
- viperserv
- webserver-legacy
zfs:
pool: arcology
network:
ipv6_tunnel: True
ipv6_gateway: 2001:470:1f12:9e1::1
canonical_public_ipv4: 212.83.187.132
interfaces:
igb0:
device: igb0
ipv4:
address: 163.172.49.16
netmask: 255.255.255.0
gateway: 163.172.49.1
aliases:
- 212.83.187.132
windriver:
forest: nasqueron-dev
hostname: windriver.nasqueron.org
roles:
- builder
- devserver
- dbserver-mysql
- dbserver-pgsql
+ - dns
- grafana
- netbox
- prometheus
- redis
- saas-nextcloud
- webserver-alkane
- webserver-alkane-dev
zfs:
pool: arcology
network:
ipv6_tunnel: False
canonical_public_ipv4: 195.154.30.15
interfaces:
private_network:
device: ix0
ipv4:
address: 10.91.207.15
netmask: 255.255.255.0
igb0:
device: igb0
ipv4:
address: 195.154.30.15
netmask: 255.255.255.0
gateway: 195.154.30.1
ipv6:
address: 2001:bc8:2e84:700::da7a:7001
gateway: fe80::a293:51ff:feb7:55ef
prefix: 56
flags:
- ipv6_dhcp_duid
##
## Forest: Eglide
## Semantic field: ? (P27 used for "Eglide" too)
##
## This forest is intended to separate credentials
## between Eglide and Nasqueron servers.
##
eglide:
forest: eglide
hostname: eglide.org
roles:
- shellserver
network:
ipv6_tunnel: True
canonical_public_ipv4: 51.159.150.221
interfaces:
ens2:
device: ens2
ipv4:
address: 51.159.150.221
gateway: ""
flags:
# This interface is configured by cloud-init
- skip_interface_configuration
fixes:
rsyslog_xconsole: True
diff --git a/pillar/tower.sls b/pillar/tower.sls
index a95b7cf..7115c20 100644
--- a/pillar/tower.sls
+++ b/pillar/tower.sls
@@ -1,20 +1,21 @@
# -------------------------------------------------------------
# Salt configuration for Nasqueron servers
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# License: Trivial work, not eligible to copyright
# Description: External pillar to configure pillar stanza
# by pillar, grain or option value
# Reference: https://github.com/jgraichen/salt-tower
# -------------------------------------------------------------
base:
+ - dns/{{ minion_id }}/*.sls
- paas/alkane/{{ minion_id }}/*.sls
- paas/docker/{{ minion_id }}/*.sls
- saas/nextcloud/{{ minion_id }}/*.sls
- webserver/{{ minion_id }}/*.sls
# For devserver role, there is no cluster associated
- dbserver/{{ minion_id }}.sls
diff --git a/roles/dns/init.sls b/roles/dns/init.sls
new file mode 100644
index 0000000..e3ef906
--- /dev/null
+++ b/roles/dns/init.sls
@@ -0,0 +1,9 @@
+# -------------------------------------------------------------
+# Salt — DNS
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# -------------------------------------------------------------
+
+include:
+ - .knot
diff --git a/roles/dns/knot/config.sls b/roles/dns/knot/config.sls
new file mode 100644
index 0000000..739e72c
--- /dev/null
+++ b/roles/dns/knot/config.sls
@@ -0,0 +1,36 @@
+# -------------------------------------------------------------
+# Salt — KnotDNS configuration
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# -------------------------------------------------------------
+
+{% from "map.jinja" import dirs with context %}
+
+# -------------------------------------------------------------
+# KnotDNS main configuration
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+{{ dirs.etc }}/knot/knot.conf:
+ file.managed:
+ - source: salt://roles/dns/knot/files/knot.conf
+ - template: jinja
+ - context:
+ zones: {{ pillar["dns_zones"] }}
+ all_ips: {{ [ salt['node.resolve_network']()['ipv4_address'] ] + salt['node.get_public_ipv6']() }}
+ identity: {{ pillar["dns_identity"] }}
+
+# -------------------------------------------------------------
+# KnotDNS zones files provisioning
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+{% for zone in pillar["dns_zones"] %}
+
+knotdns_file_{{ zone }}:
+ file.managed:
+ - source: salt://roles/dns/knot/files/zones/{{ zone }}.zone
+ - name: /var/db/knot/{{ zone }}.zone
+ - template: jinja
+ - context:
+ identity: {{ pillar["dns_identity"] }}
+{% endfor %}
diff --git a/roles/dns/knot/files/knot.conf b/roles/dns/knot/files/knot.conf
new file mode 100644
index 0000000..71409b8
--- /dev/null
+++ b/roles/dns/knot/files/knot.conf
@@ -0,0 +1,50 @@
+# -------------------------------------------------------------
+# KnotDNS
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# Source file: roles/dns/knot/files/knot.conf
+# -------------------------------------------------------------
+#
+# <auto-generated>
+# This file is managed by our rOPS SaltStack repository.
+#
+# Changes to this file may cause incorrect behavior
+# and will be lost if the state is redeployed.
+# </auto-generated>
+
+server:
+ rundir: "/var/run/knot"
+ user: knot:knot
+ automatic-acl: on
+ listen: [{{ all_ips | join(", ") }}]
+ identity: {{ identity }}
+
+acl:
+ - id: he-net
+ address: [216.218.131.2, 2001:470:600::2, 216.218.132.2, 2001:470:300::2, 216.218.133.2, 2001:470:400::2, 216.66.1.2, 2001:470:500::2, 216.66.80.18, 2001:470:600::3]
+ action: transfer
+
+log:
+ - target: syslog
+ any: info
+
+remote:
+ - id: he-net
+ address: [216.218.130.2, 2001:470:100::2]
+
+database:
+ storage: "/var/db/knot"
+
+template:
+ - id: default
+ storage: "/var/db/knot"
+ file: "%s.zone"
+
+zone:
+{% for zone in zones %}
+ - domain: {{ zone }}
+ file: /var/db/knot/{{ zone }}.zone
+ notify: [he-net]
+ acl: [he-net]
+{% endfor %}
diff --git a/roles/dns/knot/files/rc/knot.conf b/roles/dns/knot/files/rc/knot.conf
new file mode 100644
index 0000000..b755364
--- /dev/null
+++ b/roles/dns/knot/files/rc/knot.conf
@@ -0,0 +1,17 @@
+# -------------------------------------------------------------
+# knotDNS — rc configuration
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# Source file: roles/dns/knot/files/rc/knot.conf
+# -------------------------------------------------------------
+#
+# <auto-generated>
+# This file is managed by our rOPS SaltStack repository.
+#
+# Changes to this file may cause incorrect behavior
+# and will be lost if the state is redeployed.
+# </auto-generated>
+
+knot_enable=YES
+knot_config=/usr/local/etc/knot/knot.conf
diff --git a/roles/dns/knot/init.sls b/roles/dns/knot/init.sls
new file mode 100644
index 0000000..bfa0c2b
--- /dev/null
+++ b/roles/dns/knot/init.sls
@@ -0,0 +1,11 @@
+# -------------------------------------------------------------
+# Salt — KnotDNS configuration
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# -------------------------------------------------------------
+
+include:
+ - .software
+ - .config
+ - .service
diff --git a/roles/dns/knot/service.sls b/roles/dns/knot/service.sls
new file mode 100644
index 0000000..ab585e9
--- /dev/null
+++ b/roles/dns/knot/service.sls
@@ -0,0 +1,24 @@
+# -------------------------------------------------------------
+# Salt — knotDNS service
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# -------------------------------------------------------------
+
+{% from "map.jinja" import dirs, services with context %}
+
+# -------------------------------------------------------------
+# OpenDKIM service
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+{% if services["manager"] == "rc" %}
+
+/etc/rc.conf.d/knot:
+ file.managed:
+ - source: salt://roles/dns/knot/files/rc/knot.conf
+
+{% endif %}
+
+knot:
+ service.running:
+ - enable: True
diff --git a/roles/dns/knot/software.sls b/roles/dns/knot/software.sls
new file mode 100644
index 0000000..1fa70aa
--- /dev/null
+++ b/roles/dns/knot/software.sls
@@ -0,0 +1,10 @@
+# -------------------------------------------------------------
+# Salt — KnotDNS software
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# -------------------------------------------------------------
+
+knotdns_software:
+ pkg.installed:
+ - name: knot3
diff --git a/top.sls b/top.sls
index fc047dd..0870018 100644
--- a/top.sls
+++ b/top.sls
@@ -1,58 +1,61 @@
# -------------------------------------------------------------
# Salt configuration for Nasqueron servers
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# Created: 2016-04-10
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
base:
'*':
- roles/core
- roles/webserver-content
'local':
- roles/salt-primary
'ysul':
- roles/builder
- roles/dbserver-mysql
- roles/devserver
- roles/viperserv
- roles/webserver-core
- roles/webserver-legacy
- roles/webserver-varnish
'windriver':
- roles/builder
- roles/dbserver-mysql
- roles/dbserver-pgsql
- roles/devserver
+ - roles/dns
- roles/freebsd-repo # depends of devserver/datacube, builder
- roles/grafana
- roles/prometheus
- roles/redis
- roles/saas-nextcloud
- roles/webserver-alkane
- roles/webserver-core
'cloudhugger':
- roles/opensearch
'db-A-001':
- roles/dbserver-pgsql
'db-B-001':
- roles/dbserver-mysql
+ 'dns-001':
+ - roles/dns
'docker-002':
- roles/paas-docker
'dwellers':
- roles/paas-docker/docker
- roles/paas-lxc/lxc
- roles/saas-airflow
'eglide':
- roles/webserver-core
- roles/shellserver
'hervil':
- roles/mailserver
- roles/webserver-core
- roles/webserver-alkane
'web-001':
- roles/webserver-core
- roles/webserver-alkane
- roles/saas-mediawiki
- roles/saas-wordpress
File Metadata
Details
Attached
Mime Type
text/x-diff
Expires
Thu, Sep 18, 08:39 (16 h, 49 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
2989580
Default Alt Text
(17 KB)
Attached To
Mode
rOPS Nasqueron Operations
Attached
Detach File
Event Timeline
Log In to Comment