apealive-cookbooks / gitzone

Chef cookbook for git-shell managed BIND zone files
Other
1 stars 0 forks source link

rnds command didn't work default. #3

Open ikeji opened 10 years ago

ikeji commented 10 years ago

This is feature request.

I use this gitzone recipe with bind recipe. https://github.com/atomic-penguin/cookbook-bind This recipe creates rndc key but it's not enabled.

How about to enable it or create another rndc key for gitzone? Currently this recipe creates error by default.

epcim commented 10 years ago

I have just lost the whole reply.. Damn it!

The rndc reload was working with my cookbook two months ago. I see the dyne.org just updated gitzone itself - so might be some introduced bug. Will retest it soon.

Well I use the same bind cookbook. It creates the key but do not use it (load in in any configuration file). I assume you have an option to add rndc-key cfg options in databag or to attribute. Like extend default["bind"]["options"] with

    default-key "rndc-key"; 
    default-server 127.0.0.1; 
    default-port 953;

The attribute default["bind"]["include_files"] might serve to load rndc key config. However there was no way from cookbook-bind to configure "controls".

I assume folowing solution:

  1. Create rndc.conf in /etc/named. Gitzone will just create rndc.conf if it not exist yet - I suppose this is the bind cookbook role to manage it and subject of features in bind cookbook. Example config:
key "rndc-key" {
    algorithm hmac-md5;
    secret "<SECRET HASH>";
};

controls {
    inet 127.0.0.1 port 953
        allow { 127.0.0.1; } keys { "rndc-key"; };
};
  1. Gitzone cookbook will add this conf file to default["bind"]["include_files"] attribute.
  2. Gitzone cookbook will add default-key "rndc-key"; statement to named.options file.

Note: I have had some other issues wiht reloading, so the install.rb recipe also in last few lines fixes /usr/bin/gitzone (removes some class definitions - which forces to reload all zones)

epcim commented 10 years ago

I was forced to re-do it bit. First I am not sure I got the full usage of rndc. As I already wrote - I have had modified gitzone to use "su - bind" to run the reload (as a temporary workaround). I suppose configuration of rndc.key usage is up to bind cookbook or user attribute settings. Since it's not implemented/possible in full scale I creats own gitzone-rndc.config to load it.

Some found obstackles:

default["bind"]["options"] -- do not extend named.conf as bind cookbook documentations says but named.options the options section.

default-key "rndc-key"; if appears in named.options in the "options" section is not recognized as proper key/value.

If rndc.conf - named prints warnings that rndc.key exist but using rndc.conf. If rndc.conf contains the "controls" section then named-chckconfig fails. Solution was to create independent .config that is included directly in named.conf (gitzone-rndc.config).

Please retest at your environment and provide feedback if possible. If you can suggest any other solution it's welcome.