diff options
author | Federico Ceratto <federico.ceratto@hpe.com> | 2016-04-26 16:47:04 +0100 |
---|---|---|
committer | Federico Ceratto <federico.ceratto@gmail.com> | 2016-05-20 10:46:36 +0000 |
commit | be7e32dfaa8f2884ac89bf7335da9b309fcdc861 (patch) | |
tree | 2b8e24bf7b08cae819418bfe26a7099de99a3111 /contrib | |
parent | 6ae192335bdef42b9b55cba06f68c936eeccb665 (diff) | |
download | designate-be7e32dfaa8f2884ac89bf7335da9b309fcdc861.tar.gz |
Add djbdns backend
Add docs and basic tests
Update config sample file and support matrix
Change-Id: I709cea4e321f6bbee3b0f9f718fa6a9836af3ca5
Diffstat (limited to 'contrib')
-rwxr-xr-x | contrib/djbdns/tinydns.init | 110 | ||||
-rw-r--r-- | contrib/djbdns/tinydns.service | 44 |
2 files changed, 154 insertions, 0 deletions
diff --git a/contrib/djbdns/tinydns.init b/contrib/djbdns/tinydns.init new file mode 100755 index 00000000..7bcbb477 --- /dev/null +++ b/contrib/djbdns/tinydns.init @@ -0,0 +1,110 @@ +#! /bin/bash +### BEGIN INIT INFO +# Provides: tinydns +# Required-Start: $local_fs $remote_fs $network +# Required-Stop: $local_fs $remote_fs $network +# Should-Start: $syslog +# Should-Stop: $syslog +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: tinydns daemon processes +# Description: Start the TinyDNS resolver +### END INIT INFO + +# Documentation +# man tinydns + +# Load the VERBOSE setting and other rcS variables +. /lib/init/vars.sh + +# Define LSB log_* functions. +. /lib/lsb/init-functions + +NAME=tinydns +DAEMON=/usr/bin/$NAME +DAEMON_USER=djbdns +DESC="the tinydns daemon" +ROOTDIR=/var/lib/djbdns +PATH=/sbin:/bin:/usr/sbin:/usr/bin +LAUNCHER=/usr/bin/envuidgid +LAUNCHER_ARGS="$DAEMON_USER envdir ./env softlimit -d300000 $DAEMON" + +PIDFILE=/run/$NAME.pid + +# Exit if executable is not installed +[ -x "$DAEMON" ] || exit 0 + +set -x + +case "$1" in + start) + if [ ! -d "$ROOTDIR" ]; then + log_action_msg "Not starting $DESC: $ROOTDIR is missing." + exit 0 + fi + + log_action_begin_msg "Starting $DESC" + + if start-stop-daemon --stop --signal 0 --quiet --pidfile $PIDFILE --exec $DAEMON; then + log_action_end_msg 0 "already running" + else + if start-stop-daemon --start --verbose --make-pidfile --chdir $ROOTDIR --pidfile $PIDFILE --exec $LAUNCHER -- $LAUNCHER_ARGS + then + log_action_end_msg 0 + else + log_action_end_msg 1 + exit 1 + fi + fi + ;; + stop) + log_action_begin_msg "Stopping $DESC" + pid=$(cat $PIDFILE 2>/dev/null) || true + if test ! -f $PIDFILE -o -z "$pid"; then + log_action_end_msg 0 "not running - there is no $PIDFILE" + exit 0 + fi + + if start-stop-daemon --stop --signal INT --quiet --pidfile $PIDFILE --exec $DAEMON; then + rm -f $PIDFILE + elif kill -0 $pid 2>/dev/null; then + log_action_end_msg 1 "Is $pid not $NAME? Is $DAEMON a different binary now?" + exit 1 + else + log_action_end_msg 1 "$DAEMON died: process $pid not running; or permission denied" + exit 1 + fi + ;; + reload) + echo "Not implemented, use restart" + exit 1 + ;; + restart|force-reload) + $0 stop + $0 start + ;; + status) + if test ! -r $(dirname $PIDFILE); then + log_failure_msg "cannot read PID file $PIDFILE" + exit 4 + fi + pid=$(cat $PIDFILE 2>/dev/null) || true + if test ! -f $PIDFILE -o -z "$pid"; then + log_failure_msg "$NAME is not running" + exit 3 + fi + if ps "$pid" >/dev/null 2>&1; then + log_success_msg "$NAME is running" + exit 0 + else + log_failure_msg "$NAME is not running" + exit 1 + fi + ;; + *) + log_action_msg "Usage: $0 {start|stop|restart|force-reload|status}" >&2 + exit 1 + ;; +esac + +exit 0 diff --git a/contrib/djbdns/tinydns.service b/contrib/djbdns/tinydns.service new file mode 100644 index 00000000..2fcf9d2a --- /dev/null +++ b/contrib/djbdns/tinydns.service @@ -0,0 +1,44 @@ +# +# Replace /var/lib/djbdns if needed +# + +[Unit] +Description=tinydns DNS resolver +Documentation=man:tinydns +Documentation=https://cr.yp.to/djbdns.html +After=network.target +Requires=network.target +Wants=network.target +ConditionPathExists=/var/lib/djbdns + +[Service] +Type=forking +PIDFile=/run/tinydns.pid +Environment="ROOT=/var/lib/djbdns" +ExecStart=/usr/bin/tinydns +ExecStop=-/sbin/start-stop-daemon --quiet --stop --retry=TERM/5/KILL/5 --pidfile /run/tinydns.pid +TimeoutStopSec=30 +KillMode=mixed + +PermissionsStartOnly=true +Restart=on-abnormal +RestartSec=2s +LimitNOFILE=65536 + +WorkingDirectory=/var/lib/djbdns +User=$ug_name +Group=$ug_name + +# Hardening +# CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_CHOWN CAP_FOWNER +NoNewPrivileges=yes +PrivateDevices=yes +PrivateTmp=yes +ProtectHome=yes +ProtectSystem=full +# TODO: restrict ReadOnlyDirectories +ReadOnlyDirectories=/ +ReadWriteDirectories=-/var/lib/djbdns + +[Install] +WantedBy=multi-user.target |