PowerDNS instead of bind9 #2

Merged
kunsi merged 23 commits from kunsi-feature-powerdns-instead-of-bind into main 2020-10-17 11:12:35 +00:00
5 changed files with 155 additions and 1 deletions
Showing only changes of commit 9bba18d13e - Show all commits

View file

@ -0,0 +1,14 @@
SALT = '${repo.vault.decrypt('encrypt$gAAAAABfidFVqVEgWvlXgP-GSQUgVtcTxzoZx2G8VYWHaGKRpgaLDchlTRcKwqgvfG5orNpXt7aDd5i2aehi6cvIlxYNdL87twfVhDLBDho8j-Uz5Vga8-9cEzEZULl5pFCIcRlYUCKyEIOcdXSaLCM3p8pGjrh-O8_g49rbADKmLFoJx2vVTVs=')}'
SECRET_KEY = '${repo.vault.password_for('{} powerdnsadmin secret_key'.format(node.name))}'
BIND_ADDRESS = '127.0.0.1'
PORT = 9191
OFFLINE_MODE = True
SQLA_DB_USER = 'powerdnsadmin'
SQLA_DB_PASSWORD = '${node.metadata['postgresql']['users']['powerdnsadmin']['password']}'
SQLA_DB_HOST = '127.0.0.1'
SQLA_DB_NAME = 'powerdnsadmin'
SQLALCHEMY_TRACK_MODIFICATIONS = True
SQLALCHEMY_DATABASE_URI = 'postgresql://' + SQLA_DB_USER + ':' + SQLA_DB_PASSWORD + '@' + SQLA_DB_HOST + '/' + SQLA_DB_NAME
SAML_ENABLED = False

View file

@ -0,0 +1,14 @@
[Unit]
Description=PowerDNS-Admin
After=network.target postgresql.service
[Service]
User=powerdnsadmin
Group=powerdnsadmin
Environment=FLASK_CONF=/opt/powerdnsadmin/config.py
WorkingDirectory=/opt/powerdnsadmin/src
ExecStartPre=-/bin/chown powerdnsadmin:powerdnsadmin /opt/powerdnsadmin/src/powerdnsadmin/static
ExecStart=/opt/powerdnsadmin/venv/bin/gunicorn 'powerdnsadmin:create_app()'
[Install]
WantedBy=multi-user.target

View file

@ -0,0 +1,87 @@
assert node.has_bundle('nodejs')
assert node.has_bundle('postgresql')
directories = {
'/opt/powerdnsadmin/src': {},
}
git_deploy = {
'/opt/powerdnsadmin/src': {
'repo': 'https://github.com/ngoduykhanh/PowerDNS-Admin.git',
'rev': 'master',
'triggers': {
'action:powerdnsadmin_install_deps',
'action:powerdnsadmin_upgrade_database',
'action:powerdnsadmin_compile_assets',
'svc_systemd:powerdnsadmin:restart',
},
},
}
files = {
'/opt/powerdnsadmin/config.py': {
'content_type': 'mako',
},
'/etc/systemd/system/powerdnsadmin.service': {
'triggers': {
'action:systemd-reload',
},
},
}
actions = {
'powerdnsadmin_create_virtualenv': {
'command': '/usr/bin/python3 -m virtualenv -p python3 /opt/powerdnsadmin/venv/',
'unless': 'test -d /opt/powerdnsadmin/venv/',
'needs': {
'directory:/opt/powerdnsadmin', # provided by bundle:users
},
},
'powerdnsadmin_install_deps': {
'triggered': True,
'command': '/opt/powerdnsadmin/venv/bin/pip install -r /opt/powerdnsadmin/src/requirements.txt',
'needs': {
'action:powerdnsadmin_create_virtualenv',
'pkg_apt:',
},
},
'powerdnsadmin_install_deps': {
'triggered': True,
'command': '/opt/powerdnsadmin/venv/bin/pip install -r /opt/powerdnsadmin/src/requirements.txt',
'needs': {
'action:powerdnsadmin_create_virtualenv',
'pkg_apt:',
},
},
'powerdnsadmin_upgrade_database': {
'triggered': True,
'command': 'FLASK_CONF=/opt/powerdnsadmin/config.py FLASK_APP=/opt/powerdnsadmin/src/powerdnsadmin/__init__.py /opt/powerdnsadmin/venv/bin/flask db upgrade',
# TODO unless
'needs': {
'action:powerdnsadmin_install_deps',
'bundle:postgresql',
'pkg_apt:',
},
},
'powerdnsadmin_compile_assets': {
'triggered': True,
'command': 'cd /opt/powerdnsadmin/src && yarn install --pure-lockfile && FLASK_APP=/opt/powerdnsadmin/src/powerdnsadmin/__init__.py /opt/powerdnsadmin/venv/bin/flask assets build',
'needs': {
'action:powerdnsadmin_install_deps',
'pkg_apt:',
},
},
}
svc_systemd = {
'powerdnsadmin': {
'needs': {
'file:/opt/powerdnsadmin/config.py',
'file:/etc/systemd/system/powerdnsadmin.service',
'git_deploy:/opt/powerdnsadmin/src',
'action:powerdnsadmin_install_deps',
'action:powerdnsadmin_upgrade_database',
'action:powerdnsadmin_compile_assets',
},
},
}

View file

@ -0,0 +1,35 @@
defaults = {
'apt': {
'packages': {
'default-libmysqlclient-dev': {},
'libffi-dev': {},
'libldap2-dev': {},
'libsasl2-dev': {},
'libssl-dev': {},
'libxml2-dev': {},
'libxmlsec1-dev': {},
'libxslt1-dev': {},
'pkg-config': {},
'python3-psycopg2': {},
'python3-wheel': {},
},
},
'users': {
'powerdnsadmin': {
'home': '/opt/powerdnsadmin',
},
},
'postgresql': {
'users': {
'powerdnsadmin': {
'password': repo.vault.password_for('{} postgresql powerdnsadmin'.format(node.name)),
},
},
'databases': {
'powerdnsadmin': {
'owner': 'powerdnsadmin',
},
},
},
}

View file

@ -1,7 +1,11 @@
# ns-3.kunbox.net
# ns-1.kunbox.net
# Frankfurt, Germany
nodes['gce.bind01'] = {
'bundles': {
'nodejs',
'powerdnsadmin',
},
'groups': {
'dns',
},