Networking/ccl
1
0
Fork 0
mirror of https://gitea.elkins.co/Networking/ccl.git synced 2025-03-09 20:51:39 -05:00
Code Issues Actions Packages Projects Releases Wiki Activity

Implement per-container nsupdate settings

Browse Source
This commit is contained in:
Joel Elkins 2023-12-17 12:24:29 -06:00
parent 1da865adb0
commit f61bccfecb
No known key found for this signature in database
GPG Key ID: 133589DC38921AE2
4 changed files with 43 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
cmd/nsupdate.go
View File

@ -40,7 +40,7 @@ var nsupdateCmd = &cobra.Command{
Run: func(_ *cobra.Command, args []string) { Run: func(_ *cobra.Command, args []string) {
conts := config.Union(args, contMask) conts := config.Union(args, contMask)
execForEach(conts, func(c *container.Container) command.Set { execForEach(conts, func(c *container.Container) command.Set {
return c.NsUpdateCommands(config.Options.DomainName, config.Options.DNSServer, config.Options.TSIGName, config.Options.TSIGKey) return c.NsUpdateCommands()
}, 0) }, 0)
}, },
} }

2
internal/pkg/config/config.go
View File

@ -163,7 +163,7 @@ func Init(conn context.Context) error {
} }
Containers, Networks, Options = p.Containers, p.Networks, p.Options Containers, Networks, Options = p.Containers, p.Networks, p.Options
for i := range Containers { for i := range Containers {
Containers[i].Init(conn, Networks) Containers[i].Init(conn, Networks, Options.DomainName, Options.DNSServer, Options.TSIGName, Options.TSIGKey)
} }
slices.SortFunc(Containers, func(a, b *container.Container) bool { slices.SortFunc(Containers, func(a, b *container.Container) bool {
return a.Name < b.Name return a.Name < b.Name

19
internal/pkg/container/container.go
View File

@ -68,6 +68,10 @@ type Container struct {
CapAdd []string `toml:"cap_add,omitempty"` CapAdd []string `toml:"cap_add,omitempty"`
Privileged null.Bool `toml:"privileged,omitempty"` Privileged null.Bool `toml:"privileged,omitempty"`
Sysctl map[string]string `toml:"sysctl,omitempty"` Sysctl map[string]string `toml:"sysctl,omitempty"`
DomainName string `toml:"domain_name,omitempty"`
DnsServer string `toml:"dns_server,omitempty"`
TSIGName string `toml:"tsig_name,omitempty"`
TSIGKey string `toml:"tsig_key,omitempty"`
conn context.Context conn context.Context
getCData func() *define.InspectContainerData getCData func() *define.InspectContainerData
@ -77,7 +81,7 @@ type Container struct {
// Init will initialize a new container structure by filling in network details // Init will initialize a new container structure by filling in network details
// and by querying other metadata from libpod, if possible. // and by querying other metadata from libpod, if possible.
func (c *Container) Init(conn context.Context, nets []*network.Network) error { func (c *Container) Init(conn context.Context, nets []*network.Network, domain_name string, dns_server string, tsig_name string, tsig_key string) error {
// initialize user-provided definitions // initialize user-provided definitions
for i := range c.Networks { for i := range c.Networks {
var n *network.Network var n *network.Network
@ -119,6 +123,19 @@ func (c *Container) Init(conn context.Context, nets []*network.Network) error {
} }
c.conn = conn c.conn = conn
if c.DomainName == "" {
c.DomainName = domain_name
}
if c.DnsServer == "" {
c.DnsServer = dns_server
}
if c.TSIGName == "" {
c.TSIGName = tsig_name
}
if c.TSIGKey == "" {
c.TSIGKey = tsig_key
}
c.watchCData() c.watchCData()
c.wasRunning = c.IsRunning() c.wasRunning = c.IsRunning()
return nil return nil

46
internal/pkg/container/nsupdate.go
View File

@ -8,7 +8,7 @@ import (
"github.com/miekg/dns" "github.com/miekg/dns"
) )
func do_reverse(rv string, dn string, server string, tsn string, tsk string) error { func (c *Container) doReverse(rv string, dn string) error {
ptr := dns.PTR{ ptr := dns.PTR{
Hdr: dns.RR_Header{ Hdr: dns.RR_Header{
Name: rv, Name: rv,
@ -20,13 +20,13 @@ func do_reverse(rv string, dn string, server string, tsn string, tsk string) err
} }
cli := new(dns.Client) cli := new(dns.Client)
if tsn != "" { if c.TSIGName != "" {
cli.TsigSecret = map[string]string{tsn: tsk} cli.TsigSecret = map[string]string{c.TSIGName: c.TSIGKey}
} }
msg := new(dns.Msg) msg := new(dns.Msg)
msg.SetQuestion(rv, dns.TypeSOA) msg.SetQuestion(rv, dns.TypeSOA)
resp, _, err := cli.Exchange(msg, server) resp, _, err := cli.Exchange(msg, c.DnsServer)
if err != nil { if err != nil {
return err return err
} }
@ -36,22 +36,22 @@ func do_reverse(rv string, dn string, server string, tsn string, tsk string) err
msg = new(dns.Msg) msg = new(dns.Msg)
msg.SetUpdate(soa) msg.SetUpdate(soa)
msg.Ns = append(msg.Ns, &ptr) msg.Ns = append(msg.Ns, &ptr)
if tsn != "" { if c.TSIGName != "" {
msg.SetTsig(tsn, dns.HmacSHA256, 300, time.Now().Unix()) msg.SetTsig(c.TSIGName, dns.HmacSHA256, 300, time.Now().Unix())
} }
_, _, err = cli.Exchange(msg, server) _, _, err = cli.Exchange(msg, c.DnsServer)
if err != nil { if err != nil {
return err return err
} }
return nil return nil
} }
func (c *Container) NsUpdateCommands(forward_domain string, server string, tsn string, tsk string) cmd.Set { func (c *Container) NsUpdateCommands() cmd.Set {
hostname := c.Hostname hostname := c.Hostname
if c.Hostname == "" { if c.Hostname == "" {
hostname = c.Name hostname = c.Name
} }
dn := dns.Fqdn(hostname + "." + forward_domain) dn := dns.Fqdn(hostname + "." + c.DomainName)
cmds := []cmd.Command{} cmds := []cmd.Command{}
// TODO: also iterate over c.IPv6Addresses // TODO: also iterate over c.IPv6Addresses
@ -77,23 +77,23 @@ func (c *Container) NsUpdateCommands(forward_domain string, server string, tsn s
} }
cli := new(dns.Client) cli := new(dns.Client)
if tsn != "" { if c.TSIGName != "" {
cli.TsigSecret = map[string]string{tsn: tsk} cli.TsigSecret = map[string]string{c.TSIGName: c.TSIGKey}
} }
// Update the forward record // Update the forward record
msg := new(dns.Msg) msg := new(dns.Msg)
msg.SetUpdate(dns.Fqdn(forward_domain)) msg.SetUpdate(dns.Fqdn(c.DomainName))
msg.Ns = append(msg.Ns, &aaaa) msg.Ns = append(msg.Ns, &aaaa)
if tsn != "" { if c.TSIGName != "" {
msg.SetTsig(tsn, dns.HmacSHA256, 300, time.Now().Unix()) msg.SetTsig(c.TSIGName, dns.HmacSHA256, 300, time.Now().Unix())
} }
if _, _, err = cli.Exchange(msg, server); err != nil { if _, _, err = cli.Exchange(msg, c.DnsServer); err != nil {
return err return err
} }
if err = do_reverse(rv, dn, server, tsn, tsk); err != nil { if err = c.doReverse(rv, dn); err != nil {
return err return err
} }
return nil return nil
@ -121,22 +121,22 @@ func (c *Container) NsUpdateCommands(forward_domain string, server string, tsn s
} }
cli := new(dns.Client) cli := new(dns.Client)
if tsn != "" { if c.TSIGName != "" {
cli.TsigSecret = map[string]string{tsn: tsk} cli.TsigSecret = map[string]string{c.TSIGName: c.TSIGKey}
} }
// Update the forward record // Update the forward record
msg := new(dns.Msg) msg := new(dns.Msg)
msg.SetUpdate(dns.Fqdn(forward_domain)) msg.SetUpdate(dns.Fqdn(c.DomainName))
msg.Ns = append(msg.Ns, &a) msg.Ns = append(msg.Ns, &a)
if tsn != "" { if c.TSIGName != "" {
msg.SetTsig(tsn, dns.HmacSHA256, 300, time.Now().Unix()) msg.SetTsig(c.TSIGName, dns.HmacSHA256, 300, time.Now().Unix())
} }
if _, _, err = cli.Exchange(msg, server); err != nil { if _, _, err = cli.Exchange(msg, c.DnsServer); err != nil {
return err return err
} }
if err = do_reverse(rv, dn, server, tsn, tsk); err != nil { if err = c.doReverse(rv, dn); err != nil {
return err return err
} }
return nil return nil