You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficcontrol.apache.org by GitBox <gi...@apache.org> on 2019/01/15 18:52:26 UTC
[trafficcontrol] Diff for: [GitHub] dangogh merged pull request #3213: Add
CIAB Dynamic DNS
diff --git a/infrastructure/cdn-in-a-box/cache/Dockerfile b/infrastructure/cdn-in-a-box/cache/Dockerfile
index 01ae708aa..c75efcb9f 100644
--- a/infrastructure/cdn-in-a-box/cache/Dockerfile
+++ b/infrastructure/cdn-in-a-box/cache/Dockerfile
@@ -28,7 +28,7 @@ EXPOSE 80
ADD https://ci.trafficserver.apache.org/RPMS/CentOS7/trafficserver-7.1.4-2.el7.x86_64.rpm /trafficserver.rpm
ADD https://ci.trafficserver.apache.org/RPMS/CentOS7/trafficserver-devel-7.1.4-2.el7.x86_64.rpm /trafficserver-devel.rpm
-RUN yum install -y kyotocabinet-libs epel-release initscripts iproute net-tools nmap-ncat gettext autoconf automake libtool gcc-c++ cronie glibc-devel openssl-devel
+RUN yum install -y bind-utils kyotocabinet-libs epel-release initscripts iproute net-tools nmap-ncat gettext autoconf automake libtool gcc-c++ cronie glibc-devel openssl-devel
RUN yum install -y /trafficserver.rpm /trafficserver-devel.rpm jq python34-psutil python34-typing python34-setuptools python34-pip && yum clean all
RUN pip3 install --upgrade pip && pip3 install requests urllib3 distro
diff --git a/infrastructure/cdn-in-a-box/dns/entrypoint.sh b/infrastructure/cdn-in-a-box/dns/entrypoint.sh
index 804c8a10c..cb924ccda 100644
--- a/infrastructure/cdn-in-a-box/dns/entrypoint.sh
+++ b/infrastructure/cdn-in-a-box/dns/entrypoint.sh
@@ -54,6 +54,10 @@ create_pid_dir
create_bind_data_dir
create_bind_cache_dir
+set-self-dns.sh
+
+set-dns-update.sh & # needs to execute after the DNS server starts
+
# allow arguments to be passed to named
if [[ ${1:0:1} = '-' ]]; then
EXTRA_ARGS="$@"
diff --git a/infrastructure/cdn-in-a-box/dns/insert-db-into-dns.sh b/infrastructure/cdn-in-a-box/dns/insert-db-into-dns.sh
new file mode 100755
index 000000000..3591579b9
--- /dev/null
+++ b/infrastructure/cdn-in-a-box/dns/insert-db-into-dns.sh
@@ -0,0 +1,63 @@
+#!/usr/bin/env bash
+
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+set -eu
+
+domain="ciab.test"
+shared_dns_dir="/shared/dns"
+dns_key_file_name="K${domain}.private"
+
+# TODO remove duplication with insert-self-into-dns.sh
+my_host="db"
+my_ip="$(dig +short ${my_host})" # TODO determine if this should be 'hostname -I'
+my_ip6="$(dig +short ${my_host} AAAA)"
+
+full_sub_domain="infra.${domain}"
+my_fqdn="${my_host}.${full_sub_domain}"
+
+ttl="86400"
+
+nsupdate_remove_cmd="update delete ${my_fqdn} A"
+nsupdate_remove_cmd6="update delete ${my_fqdn} AAAA"
+
+nsupdate_cmd="update add ${my_fqdn} ${ttl} A ${my_ip}"
+
+nsupdate_cmd6=
+if [ -n "$my_ip6" ] ; then
+ nsupdate_cmd6="update add ${my_fqdn} ${ttl} AAAA ${my_ip6}"
+fi
+
+dns_key_path="$(ls ${shared_dns_dir}/*.private || true)"
+while [ -z "${dns_key_path}" ]; do
+ printf "insert-self-into-dns waiting for dns server to place key\n"
+ sleep 1
+ dns_key_path="$(ls ${shared_dns_dir}/*private || true)"
+done
+
+printf "insert-self-into-dns domain $domain dns_key_path $dns_key_path my_host $my_host my_ip $my_ip my_fqdn $my_fqdn cmd '$nsupdate_cmd'\n"
+
+nsupdate -v -k "${dns_key_path}" << EOF
+${nsupdate_remove_cmd}
+${nsupdate_remove_cmd6}
+${nsupdate_cmd}
+${nsupdate_cmd6}
+show
+send
+EOF
diff --git a/infrastructure/cdn-in-a-box/dns/insert-self-into-dns.sh b/infrastructure/cdn-in-a-box/dns/insert-self-into-dns.sh
new file mode 100755
index 000000000..0c7d58aeb
--- /dev/null
+++ b/infrastructure/cdn-in-a-box/dns/insert-self-into-dns.sh
@@ -0,0 +1,62 @@
+#!/usr/bin/env bash
+
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+set -eu
+
+domain="ciab.test"
+shared_dns_dir="/shared/dns"
+dns_key_file_name="K${domain}.private"
+
+my_host="$(hostname -s)"
+my_ip="$(dig +short ${my_host})" # TODO determine if this should be 'hostname -I'
+my_ip6="$(dig +short ${my_host} AAAA)"
+
+full_sub_domain="infra.${domain}"
+my_fqdn="${my_host}.${full_sub_domain}"
+
+ttl="86400"
+
+nsupdate_remove_cmd="update delete ${my_fqdn} A"
+nsupdate_remove_cmd6="update delete ${my_fqdn} AAAA"
+
+nsupdate_cmd="update add ${my_fqdn} ${ttl} A ${my_ip}"
+
+nsupdate_cmd6=
+if [ -n "$my_ip6" ] ; then
+ nsupdate_cmd6="update add ${my_fqdn} ${ttl} AAAA ${my_ip6}"
+fi
+
+dns_key_path="$(ls ${shared_dns_dir}/*.private || true)"
+while [ -z "${dns_key_path}" ]; do
+ printf "insert-self-into-dns waiting for dns server to place key\n"
+ sleep 1
+ dns_key_path="$(ls ${shared_dns_dir}/*private || true)"
+done
+
+printf "insert-self-into-dns domain $domain dns_key_path $dns_key_path my_host $my_host my_ip $my_ip my_fqdn $my_fqdn cmd '$nsupdate_cmd'\n"
+
+nsupdate -v -k "${dns_key_path}" << EOF
+${nsupdate_remove_cmd}
+${nsupdate_remove_cmd6}
+${nsupdate_cmd}
+${nsupdate_cmd6}
+show
+send
+EOF
diff --git a/infrastructure/cdn-in-a-box/dns/named.conf.local b/infrastructure/cdn-in-a-box/dns/named.conf.local
index 46334cf06..2ca65c4db 100644
--- a/infrastructure/cdn-in-a-box/dns/named.conf.local
+++ b/infrastructure/cdn-in-a-box/dns/named.conf.local
@@ -19,6 +19,7 @@ zone "ciab.test" {
type master;
file "/etc/bind/zone.ciab.test";
forwarders {};
+ allow-update { key ciab.test.; };
};
zone "239.16.172.in-addr.arpa" IN {
diff --git a/infrastructure/cdn-in-a-box/dns/set-dns-update.sh b/infrastructure/cdn-in-a-box/dns/set-dns-update.sh
new file mode 100755
index 000000000..5c69196e6
--- /dev/null
+++ b/infrastructure/cdn-in-a-box/dns/set-dns-update.sh
@@ -0,0 +1,71 @@
+#!/usr/bin/env bash
+
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+set -eux
+
+domain="ciab.test"
+
+shared_dns_dir="/shared/dns"
+
+dns_key_file_name="K${domain}.private"
+
+dns_conf_file="/data/bind/etc/named.conf.local"
+
+if cat "${dns_conf_file}" | grep "key \"${domain}.\" {" > /dev/null; then
+ printf "set-dns-update: key already exists, not recreating\n"
+ exit 0 # if the key exists from a previous docker run, don't recreate it.
+fi
+
+printf "set-dns-update: no key exists, creating\n"
+
+# no key exists in the dns conf, but one might in the shared volume, rm just in case
+rm -f K${domain}*
+rm -f /shared/dns/*.private
+rm -f /shared/dns/*.key
+
+dns_key_name="$(dnssec-keygen -C -r /dev/urandom -a HMAC-MD5 -b 512 -n HOST "${domain}")"
+dns_key_private="${dns_key_name}.private"
+dns_key_key="${dns_key_name}.key"
+
+dns_key_secret="$(cat ${dns_key_private} | grep '^Key' | awk '{print $2}')"
+
+printf "waiting for self to serve dns...\n"
+while ! dig +short "@$(hostname -s)" "$(hostname -s)"; do
+ printf "waiting for self to serve dns...\n"
+ sleep 1
+done
+
+cat << EOF >> "${dns_conf_file}"
+key "${domain}." {
+ algorithm hmac-md5;
+ secret "${dns_key_secret}";
+};
+EOF
+
+# origin_line="zone \"${domain}\" {"
+# allow_update_line=" allow-update { key \"${domain}.\"; };"
+# sed -i "s/${origin_line}/${origin_line}\n${allow_update_line}/" "${dns_conf_file}"
+
+mkdir -p "${shared_dns_dir}"
+
+/usr/sbin/rndc reload 2>&1 >> /rndc.log
+
+# copy the key after reloading, so by the time clients get the key, it's usable.
+cp "${dns_key_private}" "${shared_dns_dir}"
+cp "${dns_key_key}" "${shared_dns_dir}"
diff --git a/infrastructure/cdn-in-a-box/dns/set-dns.sh b/infrastructure/cdn-in-a-box/dns/set-dns.sh
new file mode 100755
index 000000000..ddd04000f
--- /dev/null
+++ b/infrastructure/cdn-in-a-box/dns/set-dns.sh
@@ -0,0 +1,40 @@
+#!/usr/bin/env bash
+
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+set -eu
+
+dns_container_hostname='dns'
+
+dns_domain='ciab.test'
+dns_search_domains='infra.ciab.test ciab.test'
+
+while ! dig "@${dns_container_hostname}" "${dns_container_hostname}"; do
+ printf "Waiting for dns container \"${dns_container_hostname}\" to serve...\n"
+ sleep 1
+done
+
+dnsip="$(dig +short ${dns_container_hostname})"
+
+cat << EOF > /etc/resolv.conf
+# autogenerated by set-dns.sh
+domain ${dns_domain}
+search ${dns_search_domains}
+nameserver ${dnsip}
+EOF
diff --git a/infrastructure/cdn-in-a-box/dns/set-self-dns.sh b/infrastructure/cdn-in-a-box/dns/set-self-dns.sh
new file mode 100755
index 000000000..c50117026
--- /dev/null
+++ b/infrastructure/cdn-in-a-box/dns/set-self-dns.sh
@@ -0,0 +1,46 @@
+#!/usr/bin/env bash
+
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+set -eu
+
+bind_zone_dir='/etc/bind'
+bind_zone_file='zone.ciab.test'
+
+bind_zone_file_path="${bind_zone_dir}/${bind_zone_file}"
+
+domain='infra.ciab.test'
+origin="${domain}."
+origin_line="\$ORIGIN ${origin}"
+
+function add_zone_entry {
+ host="$1"
+ ip="$2"
+ record="$3"
+
+ sed -E -i "/^${host}\s+IN\s+${record}/d" "${bind_zone_file_path}"
+
+ entry="${host} IN ${record} ${ip}"
+ sed -i "s/${origin_line}/${origin_line}\n\n${entry}/" "${bind_zone_file_path}"
+}
+
+dns_container_hostname='dns'
+ip="$(dig +short ${dns_container_hostname})"
+
+add_zone_entry "${dns_container_hostname}" "${ip}" "A"
diff --git a/infrastructure/cdn-in-a-box/dns/zone.ciab.test b/infrastructure/cdn-in-a-box/dns/zone.ciab.test
index 3cf524dae..47659a434 100644
--- a/infrastructure/cdn-in-a-box/dns/zone.ciab.test
+++ b/infrastructure/cdn-in-a-box/dns/zone.ciab.test
@@ -28,53 +28,5 @@ $TTL 30
$ORIGIN infra.ciab.test.
-gw IN A 172.16.239.1
-gw IN AAAA fc01:9400:1000:8::1
-
-db IN A 172.16.239.10
-db IN AAAA fc01:9400:1000:8::10
-
-trafficops IN A 172.16.239.20
-trafficops IN AAAA fc01:9400:1000:8::20
-
-trafficops-perl IN A 172.16.239.21
-trafficops-perl IN AAAA fc01:9400:1000:8::21
-
-trafficportal IN A 172.16.239.30
-trafficportal IN AAAA fc01:9400:1000:8::30
-
-trafficmonitor IN A 172.16.239.40
-trafficmonitor IN AAAA fc01:9400:1000:8::40
-
-trafficvault IN A 172.16.239.50
-trafficvault IN AAAA fc01:9400:1000:8::50
-
-trafficrouter IN A 172.16.239.60
-trafficrouter IN AAAA fc01:9400:1000:8::60
-
-edge IN A 172.16.239.100
-edge IN AAAA fc01:9400:1000:8::100
-
-mid IN A 172.16.239.120
-mid IN AAAA fc01:9400:1000:8::120
-
-origin IN A 172.16.239.140
-origin IN AAAA fc01:9400:1000:8::140
-
-enroller IN A 172.16.239.200
-enroller IN AAAA fc01:9400:1000:8::200
-
-socksproxy IN A 172.16.239.233
-socksproxy IN AAAA fc01:9400:1000:8::233
-
-client IN A 172.16.239.250
-client IN AAAA fc01:9400:1000:8::250
-
-vnc IN A 172.16.239.251
-vnc IN AAAA fc01:9400:1000:8::251
-
-dns IN A 172.16.239.254
-dns IN AAAA fc01:9400:1000:8::254
-
$ORIGIN mycdn.ciab.test.
@ NS trafficrouter.infra.ciab.test.
diff --git a/infrastructure/cdn-in-a-box/docker-compose.yml b/infrastructure/cdn-in-a-box/docker-compose.yml
index dc567cea7..0421d949d 100644
--- a/infrastructure/cdn-in-a-box/docker-compose.yml
+++ b/infrastructure/cdn-in-a-box/docker-compose.yml
@@ -33,16 +33,6 @@
---
version: '2.1'
-networks:
- tcnet:
- driver: bridge
- enable_ipv6: true
- ipam:
- driver: default
- config:
- - subnet: 172.16.239.0/24
- - subnet: "fc01:9400:1000:8::/64"
-
services:
# db is the Traffic Ops database running in postgresql. Only trafficops and trafficops-perl need to have access to it.
# All other components access the database thru the Traffic Ops API
@@ -54,12 +44,7 @@ services:
domainname: infra.ciab.test
depends_on:
- dns
- networks:
- tcnet:
- ipv4_address: 172.16.239.10
- ipv6_address: "fc01:9400:1000:8::10"
volumes:
- - ./dns/container-resolv.conf:/etc/resolv.conf
- /var/lib/postgresql/data
- shared:/shared
env_file:
@@ -84,14 +69,11 @@ services:
- variables.env
hostname: trafficops
image: trafficops-go
- networks:
- tcnet:
- ipv4_address: 172.16.239.20
- ipv6_address: "fc01:9400:1000:8::20"
ports:
- "6443:443"
volumes:
- - ./dns/container-resolv.conf:/etc/resolv.conf
+ - ./dns/set-dns.sh:/usr/local/sbin/set-dns.sh
+ - ./dns/insert-self-into-dns.sh:/usr/local/sbin/insert-self-into-dns.sh
- shared:/shared
# trafficops-perl runs the legacy Traffic Ops in Perl using the Mojolicious framework. This remains
@@ -110,16 +92,15 @@ services:
- variables.env
hostname: trafficops-perl
image: trafficops-perl
- networks:
- tcnet:
- ipv4_address: 172.16.239.21
- ipv6_address: "fc01:9400:1000:8::21"
# TODO: change to expose: "60443" to limit to containers
ports:
- "60443:443"
volumes:
- ./traffic_ops/ca:/ca
- - ./dns/container-resolv.conf:/etc/resolv.conf
+ - ./dns/set-dns.sh:/usr/local/sbin/set-dns.sh
+ - ./dns/insert-self-into-dns.sh:/usr/local/sbin/insert-self-into-dns.sh
+ - ./dns/insert-db-into-dns.sh:/usr/local/sbin/insert-db-into-dns.sh
+ - ./traffic_ops/set-to-ips-from-dns.sh:/usr/local/sbin/set-to-ips-from-dns.sh
- shared:/shared
# trafficportal defines the web interface for Traffic Ops. It uses only the API exposed by Traffic Ops
@@ -137,14 +118,11 @@ services:
- variables.env
hostname: trafficportal
image: trafficportal
- networks:
- tcnet:
- ipv4_address: 172.16.239.30
- ipv6_address: "fc01:9400:1000:8::30"
ports:
- "443:443"
volumes:
- - ./dns/container-resolv.conf:/etc/resolv.conf
+ - ./dns/set-dns.sh:/usr/local/sbin/set-dns.sh
+ - ./dns/insert-self-into-dns.sh:/usr/local/sbin/insert-self-into-dns.sh
- shared:/shared
# trafficmonitor is an HTTP service that monitors the caches in a CDN for a variety of metrics
@@ -157,17 +135,14 @@ services:
depends_on:
- enroller
volumes:
+ - ./dns/set-dns.sh:/usr/local/sbin/set-dns.sh
+ - ./dns/insert-self-into-dns.sh:/usr/local/sbin/insert-self-into-dns.sh
- shared:/shared
- - ./dns/container-resolv.conf:/etc/resolv.conf
domainname: infra.ciab.test
env_file:
- variables.env
hostname: trafficmonitor
image: trafficmonitor
- networks:
- tcnet:
- ipv4_address: 172.16.239.40
- ipv6_address: "fc01:9400:1000:8::40"
ports:
- "80:80"
@@ -185,17 +160,14 @@ services:
env_file:
- variables.env
hostname: trafficrouter
- networks:
- tcnet:
- ipv4_address: 172.16.239.60
- ipv6_address: "fc01:9400:1000:8::60"
ports:
- "3053:53"
- "3080:80"
- "3443:443"
- "3333:3333"
volumes:
- - ./dns/container-resolv.conf:/etc/resolv.conf
+ - ./dns/set-dns.sh:/usr/local/sbin/set-dns.sh
+ - ./dns/insert-self-into-dns.sh:/usr/local/sbin/insert-self-into-dns.sh
- shared:/shared
# trafficvault runs a riak container to store private keys
@@ -213,17 +185,14 @@ services:
labels:
- "com.basho.riak.cluster.name=trafficvault"
volumes:
- - ./dns/container-resolv.conf:/etc/resolv.conf
+ - ./dns/set-dns.sh:/usr/local/sbin/set-dns.sh
+ - ./dns/insert-self-into-dns.sh:/usr/local/sbin/insert-self-into-dns.sh
- schemas:/etc/riak/schemas
- shared:/shared
domainname: infra.ciab.test
env_file:
- variables.env
hostname: trafficvault
- networks:
- tcnet:
- ipv4_address: 172.16.239.50
- ipv6_address: "fc01:9400:1000:8::50"
# Apache Traffic Server (ATS) caches defined here
# base image from which all other caches inherit (builds and installs ATS+plugins)
@@ -246,14 +215,11 @@ services:
env_file:
- variables.env
hostname: edge
- networks:
- tcnet:
- ipv4_address: 172.16.239.100
- ipv6_address: "fc01:9400:1000:8::100"
ports:
- "9000:80"
volumes:
- - ./dns/container-resolv.conf:/etc/resolv.conf
+ - ./dns/set-dns.sh:/usr/local/sbin/set-dns.sh
+ - ./dns/insert-self-into-dns.sh:/usr/local/sbin/insert-self-into-dns.sh
- shared:/shared
# mid cache
@@ -269,14 +235,11 @@ services:
env_file:
- variables.env
hostname: mid
- networks:
- tcnet:
- ipv4_address: 172.16.239.120
- ipv6_address: "fc01:9400:1000:8::120"
ports:
- "9100:80"
volumes:
- - ./dns/container-resolv.conf:/etc/resolv.conf
+ - ./dns/set-dns.sh:/usr/local/sbin/set-dns.sh
+ - ./dns/insert-self-into-dns.sh:/usr/local/sbin/insert-self-into-dns.sh
- shared:/shared
# origin provides the content to be distributed through the CDN caches
@@ -290,14 +253,11 @@ services:
env_file:
- variables.env
hostname: origin
- networks:
- tcnet:
- ipv4_address: 172.16.239.140
- ipv6_address: "fc01:9400:1000:8::140"
ports:
- "9200:80"
volumes:
- - ./dns/container-resolv.conf:/etc/resolv.conf
+ - ./dns/set-dns.sh:/usr/local/sbin/set-dns.sh
+ - ./dns/insert-self-into-dns.sh:/usr/local/sbin/insert-self-into-dns.sh
- shared:/shared
- ./origin/content:/var/www/html
@@ -312,12 +272,9 @@ services:
env_file:
- variables.env
hostname: enroller
- networks:
- tcnet:
- ipv4_address: 172.16.239.200
- ipv6_address: "fc01:9400:1000:8::200"
volumes:
- - ./dns/container-resolv.conf:/etc/resolv.conf
+ - ./dns/set-dns.sh:/usr/local/sbin/set-dns.sh
+ - ./dns/insert-self-into-dns.sh:/usr/local/sbin/insert-self-into-dns.sh
- shared:/shared
# Bind9 DNS services work in combination with the traffic router to route clients to the optimal cache
@@ -328,13 +285,11 @@ services:
env_file:
- variables.env
volumes:
+ - ./dns/set-self-dns.sh:/usr/local/sbin/set-self-dns.sh
+ - ./dns/set-dns-update.sh:/usr/local/sbin/set-dns-update.sh
- shared:/shared
hostname: dns
domainname: infra.ciab.test
- networks:
- tcnet:
- ipv4_address: 172.16.239.254
- ipv6_address: "fc01:9400:1000:8::254"
ports:
- "9353:53"
@@ -343,7 +298,7 @@ volumes:
external: false
shared:
external: false
- content:
+ content:
external: false
ca:
- external: false
+ external: false
diff --git a/infrastructure/cdn-in-a-box/edge/run.sh b/infrastructure/cdn-in-a-box/edge/run.sh
index affb597ff..03efb6d15 100755
--- a/infrastructure/cdn-in-a-box/edge/run.sh
+++ b/infrastructure/cdn-in-a-box/edge/run.sh
@@ -21,6 +21,9 @@ set -e
set -x
set -m
+set-dns.sh
+insert-self-into-dns.sh
+
source /to-access.sh
# Wait on SSL certificate generation
diff --git a/infrastructure/cdn-in-a-box/enroller/run.sh b/infrastructure/cdn-in-a-box/enroller/run.sh
index 3f0bbef25..2366321ba 100755
--- a/infrastructure/cdn-in-a-box/enroller/run.sh
+++ b/infrastructure/cdn-in-a-box/enroller/run.sh
@@ -21,6 +21,9 @@
set -x
. /to-access.sh
+set-dns.sh
+insert-self-into-dns.sh
+
export TO_URL=https://$TO_FQDN:$TO_PORT
export TO_USER=$TO_ADMIN_USER
export TO_PASSWORD=$TO_ADMIN_PASSWORD
diff --git a/infrastructure/cdn-in-a-box/mid/run.sh b/infrastructure/cdn-in-a-box/mid/run.sh
index b707bc9f7..a3dd96926 100755
--- a/infrastructure/cdn-in-a-box/mid/run.sh
+++ b/infrastructure/cdn-in-a-box/mid/run.sh
@@ -21,6 +21,9 @@ set -e
set -x
set -m
+set-dns.sh
+insert-self-into-dns.sh
+
source /to-access.sh
# Wait on SSL certificate generation
diff --git a/infrastructure/cdn-in-a-box/optional/docker-compose.socksproxy.yml b/infrastructure/cdn-in-a-box/optional/docker-compose.socksproxy.yml
index 13a16d616..35481efa4 100644
--- a/infrastructure/cdn-in-a-box/optional/docker-compose.socksproxy.yml
+++ b/infrastructure/cdn-in-a-box/optional/docker-compose.socksproxy.yml
@@ -33,37 +33,27 @@
---
version: '2.1'
-networks:
- tcnet:
- driver: bridge
- enable_ipv6: true
- ipam:
- driver: default
- config:
- - subnet: 172.16.239.0/24
- - subnet: "fc01:9400:1000:8::/64"
-
services:
# Optional Socks Proxy for docker hosts that have limited bridge/ipforwarding support.
socksproxy:
- image: wernight/dante
+ build:
+ context: .
+ dockerfile: optional/socksproxy/Dockerfile
hostname: socksproxy
domainname: infra.ciab.test
- networks:
- tcnet:
- ipv4_address: 172.16.239.233
- ipv6_address: "fc01:9400:1000:8::233"
ports:
- "9080:1080"
volumes:
- - ./dns/container-resolv.conf:/etc/resolv.conf
+ - ./dns/set-dns.sh:/usr/local/sbin/set-dns.sh
+ - ./dns/insert-self-into-dns.sh:/usr/local/sbin/insert-self-into-dns.sh
+ - shared:/shared
volumes:
schemas:
external: false
shared:
external: false
- content:
+ content:
external: false
ca:
- external: false
+ external: false
diff --git a/infrastructure/cdn-in-a-box/optional/docker-compose.vnc.yml b/infrastructure/cdn-in-a-box/optional/docker-compose.vnc.yml
index 53fa30a2c..8834b17e3 100644
--- a/infrastructure/cdn-in-a-box/optional/docker-compose.vnc.yml
+++ b/infrastructure/cdn-in-a-box/optional/docker-compose.vnc.yml
@@ -33,16 +33,6 @@
---
version: '2.1'
-networks:
- tcnet:
- driver: bridge
- enable_ipv6: true
- ipam:
- driver: default
- config:
- - subnet: 172.16.239.0/24
- - subnet: "fc01:9400:1000:8::/64"
-
services:
# TestClient is a VNC/Proxy container for development/testing CDN-In-A-Box
# This container should not be merged to the Apache TrafficServer REPO due to
@@ -63,14 +53,11 @@ services:
- variables.env
hostname: vnc
domainname: infra.ciab.test
- networks:
- tcnet:
- ipv4_address: 172.16.239.251
- ipv6_address: "fc01:9400:1000:8::251"
ports:
- "5909:5909"
volumes:
- - ./dns/container-resolv.conf:/etc/resolv.conf
+ - ./dns/set-dns.sh:/usr/local/sbin/set-dns.sh
+ - ./dns/insert-self-into-dns.sh:/usr/local/sbin/insert-self-into-dns.sh
- shared:/shared
volumes:
@@ -78,7 +65,7 @@ volumes:
external: false
shared:
external: false
- content:
+ content:
external: false
ca:
- external: false
+ external: false
diff --git a/infrastructure/cdn-in-a-box/optional/socksproxy/Dockerfile b/infrastructure/cdn-in-a-box/optional/socksproxy/Dockerfile
new file mode 100644
index 000000000..87f40e971
--- /dev/null
+++ b/infrastructure/cdn-in-a-box/optional/socksproxy/Dockerfile
@@ -0,0 +1,44 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+############################################################
+# Dockerfile to build optional CiaB Socks Proxy
+# Based on CentOS 7
+############################################################
+FROM centos:7
+
+ARG DANTES_SRC=https://www.inet.no/dante/files/dante-1.4.2.tar.gz
+
+RUN yum install -y net-tools bind-utils iproute wget curl automake autoconf gcc make && \
+ curl -Ls -o /tmp/dante.tar.gz $DANTES_SRC && \
+ tar -C /usr/src -zxvpf $(find /tmp -type f -name dante\*) && \
+ cd $(find /usr/src -type d -name dante\*) && \
+ ./configure --prefix=/usr && \
+ make -j 4 && \
+ make install && \
+ groupadd -g 8062 sockd && \
+ useradd -m -u 8062 -g sockd sockd && \
+ yum remove -y automake autoconf gcc make && \
+ yum clean all && \
+ rm -rf /tmp/*
+
+COPY optional/socksproxy/sockd.conf /etc
+COPY optional/socksproxy/run.sh /
+
+EXPOSE 1080
+
+CMD ["/run.sh"]
diff --git a/infrastructure/cdn-in-a-box/dns/container-resolv.conf b/infrastructure/cdn-in-a-box/optional/socksproxy/run.sh
old mode 100644
new mode 100755
similarity index 75%
rename from infrastructure/cdn-in-a-box/dns/container-resolv.conf
rename to infrastructure/cdn-in-a-box/optional/socksproxy/run.sh
index 2c33b328f..acf1bf4d4
--- a/infrastructure/cdn-in-a-box/dns/container-resolv.conf
+++ b/infrastructure/cdn-in-a-box/optional/socksproxy/run.sh
@@ -1,3 +1,4 @@
+#!/usr/bin/env bash
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
@@ -5,15 +6,21 @@
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
-#
+#
# http://www.apache.org/licenses/LICENSE-2.0
-#
+#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
-domain ciab.test
-search infra.ciab.test ciab.test
-nameserver 172.16.239.254
+
+# Script for running the Dantes Socks Proxy
+set -x
+set -m
+
+[[ -f "/usr/local/sbin/set-dns.sh" ]] && /usr/local/sbin/set-dns.sh
+[[ -f "/usr/local/sbin/insert-self-into-dns.sh" ]] && /usr/local/sbin/insert-self-into-dns.sh
+
+sockd
diff --git a/infrastructure/cdn-in-a-box/optional/socksproxy/sockd.conf b/infrastructure/cdn-in-a-box/optional/socksproxy/sockd.conf
new file mode 100644
index 000000000..4fd2e3bc7
--- /dev/null
+++ b/infrastructure/cdn-in-a-box/optional/socksproxy/sockd.conf
@@ -0,0 +1,45 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+############################################################
+# Dantes 1.4.2 socks configuration file
+############################################################
+
+logoutput: stderr
+internal: 0.0.0.0 port = 1080
+external: eth0
+external.rotation: route
+socksmethod: username none
+clientmethod: none
+user.unprivileged: sockd
+
+client pass {
+ from: 0.0.0.0/0 to: 0.0.0.0/0
+ log: connect error
+}
+
+socks pass {
+ from: 0.0.0.0/0 to: 0.0.0.0/0
+ command: bind connect udpassociate
+ log: error
+}
+
+socks pass {
+ from: 0.0.0.0/0 to: 0.0.0.0/0
+ command: bindreply udpreply
+ log: error
+}
diff --git a/infrastructure/cdn-in-a-box/optional/vnc/run.sh b/infrastructure/cdn-in-a-box/optional/vnc/run.sh
index 0c24db047..aade0c089 100755
--- a/infrastructure/cdn-in-a-box/optional/vnc/run.sh
+++ b/infrastructure/cdn-in-a-box/optional/vnc/run.sh
@@ -18,6 +18,13 @@
################################################################################
# Wait on SSL certificate generation
+set +x
+set +e
+set +m
+
+[[ -f "/usr/local/sbin/set-dns.sh" ]] && /usr/local/sbin/set-dns.sh
+[[ -f "/usr/local/sbin/insert-self-into-dns.sh" ]] && /usr/local/sbin/insert-self-into-dns.sh
+
until [ -f "$X509_CA_DONE_FILE" ]
do
echo "Waiting on Shared SSL certificate generation"
diff --git a/infrastructure/cdn-in-a-box/origin/Dockerfile b/infrastructure/cdn-in-a-box/origin/Dockerfile
index f54a73b7a..60c29d23c 100644
--- a/infrastructure/cdn-in-a-box/origin/Dockerfile
+++ b/infrastructure/cdn-in-a-box/origin/Dockerfile
@@ -23,7 +23,7 @@
FROM alpine:latest
-RUN apk add --no-cache lighttpd bash curl
+RUN apk add --no-cache lighttpd bash curl bind-tools
RUN rm /etc/lighttpd/lighttpd.conf
RUN rm -rf /var/www/localhost/
diff --git a/infrastructure/cdn-in-a-box/origin/run.sh b/infrastructure/cdn-in-a-box/origin/run.sh
index c7e1566c7..f0b0d4df6 100755
--- a/infrastructure/cdn-in-a-box/origin/run.sh
+++ b/infrastructure/cdn-in-a-box/origin/run.sh
@@ -21,6 +21,9 @@ set -e
set -x
set -m
+set-dns.sh
+insert-self-into-dns.sh
+
source /to-access.sh
# Wait on SSL certificate generation
diff --git a/infrastructure/cdn-in-a-box/traffic_monitor/run.sh b/infrastructure/cdn-in-a-box/traffic_monitor/run.sh
index 5029eec95..6e9fa735c 100755
--- a/infrastructure/cdn-in-a-box/traffic_monitor/run.sh
+++ b/infrastructure/cdn-in-a-box/traffic_monitor/run.sh
@@ -38,6 +38,9 @@ do
if [[ -z $$v ]]; then echo "$v is unset"; exit 1; fi
done
+set-dns.sh
+insert-self-into-dns.sh
+
source /to-access.sh
# Wait on SSL certificate generation
diff --git a/infrastructure/cdn-in-a-box/traffic_ops/Dockerfile b/infrastructure/cdn-in-a-box/traffic_ops/Dockerfile
index 0c9ec0762..64ab4bf88 100644
--- a/infrastructure/cdn-in-a-box/traffic_ops/Dockerfile
+++ b/infrastructure/cdn-in-a-box/traffic_ops/Dockerfile
@@ -37,6 +37,7 @@ RUN yum install -y epel-release && \
perl-Test-CPAN-Meta \
perl-JSON-PP \
git \
+ iproute \
jq && \
yum-config-manager --add-repo 'http://vault.centos.org/7.5.1804/os/x86_64/' && \
yum -y install --enablerepo=vault* golang-1.9.4 && \
diff --git a/infrastructure/cdn-in-a-box/traffic_ops/run-go.sh b/infrastructure/cdn-in-a-box/traffic_ops/run-go.sh
index 5914cebff..165bb0d72 100755
--- a/infrastructure/cdn-in-a-box/traffic_ops/run-go.sh
+++ b/infrastructure/cdn-in-a-box/traffic_ops/run-go.sh
@@ -42,6 +42,9 @@ do
if [[ -z $$v ]]; then echo "$v is unset"; exit 1; fi
done
+set-dns.sh
+insert-self-into-dns.sh
+
# Source to-access functions and FQDN vars
source /to-access.sh
diff --git a/infrastructure/cdn-in-a-box/traffic_ops/run.sh b/infrastructure/cdn-in-a-box/traffic_ops/run.sh
index f1b133fe2..afd18f88a 100755
--- a/infrastructure/cdn-in-a-box/traffic_ops/run.sh
+++ b/infrastructure/cdn-in-a-box/traffic_ops/run.sh
@@ -39,6 +39,12 @@ do
if [[ -z $$v ]]; then echo "$v is unset"; exit 1; fi
done
+set-dns.sh
+insert-self-into-dns.sh
+insert-db-into-dns.sh
+
+set-to-ips-from-dns.sh
+
# Source to-access functions and FQDN vars
source /to-access.sh
diff --git a/infrastructure/cdn-in-a-box/traffic_ops/set-to-ips-from-dns.sh b/infrastructure/cdn-in-a-box/traffic_ops/set-to-ips-from-dns.sh
new file mode 100755
index 000000000..cdf86cd54
--- /dev/null
+++ b/infrastructure/cdn-in-a-box/traffic_ops/set-to-ips-from-dns.sh
@@ -0,0 +1,118 @@
+#!/usr/bin/env bash
+
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+base_data_dir="/traffic_ops_data"
+servers_dir="${base_data_dir}/servers"
+profiles_dir="${base_data_dir}/profiles"
+
+service_names='db trafficops trafficops-perl trafficportal trafficmonitor trafficvault trafficrouter edge mid origin enroller socksproxy client vnc dns'
+
+service_domain='infra.ciab.test'
+
+gateway_ip="$(ip route | grep default | cut -d' ' -f3)"
+gateway_ip6="$(ip -6 route | grep default | cut -d' ' -f3)"
+
+while [ -z "${gateway_ip}" ]; do
+ printf "setting ips from dns: service gateway ip not found! Trying again in 1s\n"
+ sleep 1
+ gateway_ip="$(ip route | grep default | cut -d' ' -f3)"
+ gateway_ip6="$(ip -6 route | grep default | cut -d' ' -f3)"
+done
+
+service_ips="${gateway_ip}"
+service_ip6s="${gateway_ip6}"
+
+for service_name in $service_names; do
+ service_fqdn="${service_name}.${service_domain}"
+
+ service_ip="$(dig +short ${service_fqdn} A)"
+
+ #
+ # TODO add a way to determine if a service wasn't built in the Compose,
+ # so it's possible to Compose only e.g. TO and not everything. Ideas:
+ # 1. only wait so long, e.g. 30s. Not ideal, slow, inaccurate
+ # 2. dig the Docker DNS name, not the FQDN
+ # 3. run this in a cron, with the cron somehow also managing the enroller/init
+ #
+ if [ -z "${service_ip}" ]; then
+ # TODO sleep and try again? Up to n times?
+ printf "setting ips from dns: service \"${service_fqdn}\" not found in dns, skipping!\n"
+ fi
+
+ service_ip6="$(dig +short $service_name AAAA)"
+
+ service_ips="${service_ips} ${service_ip}"
+ if [ -n "${service_ip6}" ]; then
+ service_ip6s="${service_ip6s} ${service_ip6}"
+ fi
+
+ # not all services have server files
+ printf "setting ips from dns: checking file for dir '${servers_dir}' service '${service_name}'\n"
+ service_file="$(ls ${servers_dir}/*${service_name}* 2>/dev/null)"
+ printf "setting ips from dns: trying service file '${service_file}'\n"
+ if [ -n "${service_file}" ]; then
+ printf "setting ips from dns: service file '${service_file}' exists, adding IPs\n"
+ cat "${service_file}" | jq '. + {"ipAddress":"'"${service_ip}"'"}' > "${service_file}.tmp" && mv "${service_file}.tmp" "${service_file}"
+ cat "${service_file}" | jq '. + {"ipGateway":"'"${gateway_ip}"'"}' > "${service_file}.tmp" && mv "${service_file}.tmp" "${service_file}"
+ if [ -n "${service_ip6}" ]; then
+ cat "${service_file}" | jq '. + {"ip6Address":"'"${service_ip6}"'"}' > "${service_file}.tmp" && mv "${service_file}.tmp" "${service_file}"
+ fi
+ if [ -n "${gateway_ip6}" ]; then
+ cat "${service_file}" | jq '. + {"ip6Gateway":"'"${gateway_ip6}"'"}' > "${service_file}.tmp" && mv "${service_file}.tmp" "${service_file}"
+ fi
+
+ rm -rf "${service_file}.tmp"
+ fi
+done
+
+ats_profile_type="ATS_PROFILE"
+
+service_ips="$(echo "${service_ips}" | sed 's/^[[:blank:]]*//;s/[[:blank:]]*$//')" # trim
+service_ip6s="$(echo "${service_ip6s}" | sed 's/^[[:blank:]]*//;s/[[:blank:]]*$//')" # trim
+
+for profile_file in ${profiles_dir}/*.json; do
+ profile_type="$(cat ${profile_file} | jq -r '.type')"
+ if [ "${profile_type}" != "${ats_profile_type}" ]; then
+ continue
+ fi
+
+ # get existing allow_ip, as space-separated
+ existing_allow_ips="$(cat ${profile_file} | jq -r '.params | map(select(.name == "allow_ip")) | .[] | .value' 2>/dev/null | tr ',' ' ')"
+
+ new_allow_ips="${existing_allow_ips} ${service_ips}"
+ new_allow_ips="$(echo "${new_allow_ips}" | sed 's/^[[:blank:]]*//;s/[[:blank:]]*$//')" # trim
+ new_allow_ips="$(echo "${new_allow_ips}" | tr -s ' ' | tr ' ' ',')" # replace spaces with commas, like ATS needs
+
+ # delete existing allow_ip, and add new one
+ cat ${profile_file} | jq '. + {params: (.params | map(select(.name != "allow_ip")))} | .params += [{configFile: "astats.config", name: "allow_ip", secure: false, value: "'"${new_allow_ips}"'"}]' > "${profile_file}.tmp" && mv "${profile_file}.tmp" "${profile_file}"
+
+
+ # get existing allow_ip6, as space-separated
+ existing_allow_ip6s="$(cat ${profile_file} | jq -r '.params | map(select(.name == "allow_ip6")) | .[] | .value' 2>/dev/null | tr ',' ' ')"
+
+ new_allow_ip6s="${existing_allow_ip6s} ${service_ip6s}"
+ new_allow_ip6s="$(echo "${new_allow_ip6s}" | sed 's/^[[:blank:]]*//;s/[[:blank:]]*$//')" # trim
+ new_allow_ip6s="$(echo "${new_allow_ip6s}" | tr -s ' ' | tr ' ' ',')" # replace spaces with commas, like ATS needs
+
+ # delete existing allow_ip, and add new one
+ cat ${profile_file} | jq '. + {params: (.params | map(select(.name != "allow_ip6")))} | .params += [{configFile: "astats.config", name: "allow_ip6", secure: false, value: "'"${new_allow_ips}"'"}]' > "${profile_file}.tmp" && mv "${profile_file}.tmp" "${profile_file}"
+
+ rm -rf "${profile_file}.tmp"
+done
diff --git a/infrastructure/cdn-in-a-box/traffic_ops_data/profiles/010-ATS_EDGE_TIER_CACHE.json b/infrastructure/cdn-in-a-box/traffic_ops_data/profiles/010-ATS_EDGE_TIER_CACHE.json
index 01cd6770e..81525dbf6 100644
--- a/infrastructure/cdn-in-a-box/traffic_ops_data/profiles/010-ATS_EDGE_TIER_CACHE.json
+++ b/infrastructure/cdn-in-a-box/traffic_ops_data/profiles/010-ATS_EDGE_TIER_CACHE.json
@@ -237,13 +237,13 @@
"configFile": "astats.config",
"name": "allow_ip",
"secure": false,
- "value": "127.0.0.1,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16"
+ "value": "127.0.0.1,10.0.0.0/8,192.168.0.0/16"
},
{
"configFile": "astats.config",
"name": "allow_ip6",
"secure": false,
- "value": "::1/128,fc01:9400:1000:8::/64"
+ "value": "::1/128"
},
{
"configFile": "astats.config",
diff --git a/infrastructure/cdn-in-a-box/traffic_ops_data/profiles/020-ATS_MID_TIER_CACHE.json b/infrastructure/cdn-in-a-box/traffic_ops_data/profiles/020-ATS_MID_TIER_CACHE.json
index 7ad5f20f3..29f6377a4 100644
--- a/infrastructure/cdn-in-a-box/traffic_ops_data/profiles/020-ATS_MID_TIER_CACHE.json
+++ b/infrastructure/cdn-in-a-box/traffic_ops_data/profiles/020-ATS_MID_TIER_CACHE.json
@@ -237,13 +237,13 @@
"configFile": "astats.config",
"name": "allow_ip",
"secure": false,
- "value": "127.0.0.1,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16"
+ "value": "127.0.0.1,10.0.0.0/8,192.168.0.0/16"
},
{
"configFile": "astats.config",
"name": "allow_ip6",
"secure": false,
- "value": "::1/128,fc01:9400:1000:8::/64"
+ "value": "::1/128"
},
{
"configFile": "astats.config",
diff --git a/infrastructure/cdn-in-a-box/traffic_ops_data/servers/010-bind_server.json b/infrastructure/cdn-in-a-box/traffic_ops_data/servers/010-dns_server.json
similarity index 72%
rename from infrastructure/cdn-in-a-box/traffic_ops_data/servers/010-bind_server.json
rename to infrastructure/cdn-in-a-box/traffic_ops_data/servers/010-dns_server.json
index cf7fe7d7a..9058fd335 100644
--- a/infrastructure/cdn-in-a-box/traffic_ops_data/servers/010-bind_server.json
+++ b/infrastructure/cdn-in-a-box/traffic_ops_data/servers/010-dns_server.json
@@ -3,11 +3,7 @@
"domainName": "infra.ciab.test",
"cachegroup": "CDN_in_a_Box_Edge",
"interfaceName": "eth0",
- "ipAddress": "172.16.239.254",
"ipNetmask": "255.255.255.0",
- "ipGateway": "172.16.239.1",
- "ip6Address": "fc01:9400:1000:8::254",
- "ip6Gateway": "fc01:9400:1000:8::1",
"interfaceMtu": 1500,
"type": "BIND",
"physLocation": "Apachecon North America 2018",
diff --git a/infrastructure/cdn-in-a-box/traffic_ops_data/servers/020-db_server.json b/infrastructure/cdn-in-a-box/traffic_ops_data/servers/020-db_server.json
index 66afe75f1..05b3502cd 100644
--- a/infrastructure/cdn-in-a-box/traffic_ops_data/servers/020-db_server.json
+++ b/infrastructure/cdn-in-a-box/traffic_ops_data/servers/020-db_server.json
@@ -3,11 +3,7 @@
"domainName": "infra.ciab.test",
"cachegroup": "CDN_in_a_Box_Edge",
"interfaceName": "eth0",
- "ipAddress": "172.16.239.10",
"ipNetmask": "255.255.255.0",
- "ipGateway": "172.16.239.1",
- "ip6Address": "fc01:9400:1000:8::10",
- "ip6Gateway": "fc01:9400:1000:8::1",
"interfaceMtu": 1500,
"type": "TRAFFIC_OPS_DB",
"physLocation": "Apachecon North America 2018",
diff --git a/infrastructure/cdn-in-a-box/traffic_ops_data/servers/030-enroller_server.json b/infrastructure/cdn-in-a-box/traffic_ops_data/servers/030-enroller_server.json
index ea1be9558..d4618c905 100644
--- a/infrastructure/cdn-in-a-box/traffic_ops_data/servers/030-enroller_server.json
+++ b/infrastructure/cdn-in-a-box/traffic_ops_data/servers/030-enroller_server.json
@@ -3,11 +3,7 @@
"domainName": "infra.ciab.test",
"cachegroup": "CDN_in_a_Box_Edge",
"interfaceName": "eth0",
- "ipAddress": "172.16.239.200",
"ipNetmask": "255.255.255.0",
- "ipGateway": "172.16.239.1",
- "ip6Address": "fc01:9400:1000:8::200",
- "ip6Gateway": "fc01:9400:1000:8::1",
"interfaceMtu": 1500,
"type": "ENROLLER",
"physLocation": "Apachecon North America 2018",
diff --git a/infrastructure/cdn-in-a-box/traffic_ops_data/servers/040-trafficvault_server.json b/infrastructure/cdn-in-a-box/traffic_ops_data/servers/040-trafficvault_server.json
index 3a5e987a9..fcc8392e4 100644
--- a/infrastructure/cdn-in-a-box/traffic_ops_data/servers/040-trafficvault_server.json
+++ b/infrastructure/cdn-in-a-box/traffic_ops_data/servers/040-trafficvault_server.json
@@ -3,11 +3,7 @@
"domainName": "infra.ciab.test",
"cachegroup": "CDN_in_a_Box_Edge",
"interfaceName": "eth0",
- "ipAddress": "172.16.239.50",
"ipNetmask": "255.255.255.0",
- "ipGateway": "172.16.239.1",
- "ip6Address": "fc01:9400:1000:8::50",
- "ip6Gateway": "fc01:9400:1000:8::1",
"interfaceMtu": 1500,
"type": "RIAK",
"physLocation": "Apachecon North America 2018",
diff --git a/infrastructure/cdn-in-a-box/traffic_portal/run.sh b/infrastructure/cdn-in-a-box/traffic_portal/run.sh
index 453225c5b..a4a058a44 100755
--- a/infrastructure/cdn-in-a-box/traffic_portal/run.sh
+++ b/infrastructure/cdn-in-a-box/traffic_portal/run.sh
@@ -27,6 +27,9 @@ LOGFILE="/var/log/traffic_portal/traffic_portal.log"
MIN_UPTIME="5000"
SPIN_SLEEP_TIME="2000"
+set-dns.sh
+insert-self-into-dns.sh
+
source /to-access.sh
# Wait on SSL certificate generation
diff --git a/infrastructure/cdn-in-a-box/traffic_router/run.sh b/infrastructure/cdn-in-a-box/traffic_router/run.sh
index e8112ac01..616462a74 100755
--- a/infrastructure/cdn-in-a-box/traffic_router/run.sh
+++ b/infrastructure/cdn-in-a-box/traffic_router/run.sh
@@ -17,6 +17,9 @@
# under the License.
NAME="Traffic Router Application"
+set-dns.sh
+insert-self-into-dns.sh
+
# Global Vars for FQDNs, ports, etc
source /to-access.sh
diff --git a/infrastructure/cdn-in-a-box/traffic_vault/run.sh b/infrastructure/cdn-in-a-box/traffic_vault/run.sh
index ed40e6b4c..1b0f9159c 100755
--- a/infrastructure/cdn-in-a-box/traffic_vault/run.sh
+++ b/infrastructure/cdn-in-a-box/traffic_vault/run.sh
@@ -1,4 +1,5 @@
#!/usr/bin/env bash
+
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
@@ -16,6 +17,9 @@
# specific language governing permissions and limitations
# under the License.
+set-dns.sh
+insert-self-into-dns.sh
+
. /to-access.sh
TO_URL=https://${TO_FQDN}:${TO_PORT}
With regards,
Apache Git Services