vincent/homelab
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

dns: pdns-admin in dedicated nomad group

Browse Source
This commit is contained in:
vincent 2024-09-29 17:38:27 +02:00
parent 374a62c304
commit af58866882
1 changed files with 91 additions and 85 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

176
nomad-job/system/pdns-auth.nomad
View File

@ -12,37 +12,34 @@ job "pdns-auth" {
} }
constraint { constraint {
attribute = "${node.class}" attribute = "${node.class}"
operator = "set_contains" operator = "set_contains"
value = "cluster" value = "cluster"
}
vault {
policies = ["pdns"]
} }
group "pdns-auth" { group "pdns-auth" {
network { network {
port "dns" { port "dns" {
static=5300 static = 5300
} }
port "http" { port "http" {
static = 8081 static = 8081
} }
port "pdnsadmin"{
to = 80
}
} }
vault { task "pdns-auth" {
policies = ["pdns"]
}
task "pdns-auth" {
driver = "docker" driver = "docker"
service { service {
name = "pdns-auth" name = "pdns-auth"
port = "dns" port = "dns"
} }
config { config {
image = "docker.service.consul:5000/powerdns/pdns-auth-master:latest" image = "docker.service.consul:5000/powerdns/pdns-auth-master:latest"
network_mode = "host" network_mode = "host"
privileged=true privileged = true
cap_add= ["net_bind_service"] cap_add = ["net_bind_service"]
volumes = [ volumes = [
"/mnt/diskstation/nomad/pdns-auth/var:/var/lib/powerdns/", "/mnt/diskstation/nomad/pdns-auth/var:/var/lib/powerdns/",
"local/dnsupdate.conf:/etc/powerdns/pdns.d/dnsupdate.conf", "local/dnsupdate.conf:/etc/powerdns/pdns.d/dnsupdate.conf",
@ -57,20 +54,20 @@ job "pdns-auth" {
PDNS_AUTH_API_KEY="{{.Data.data.API_KEY}}" PDNS_AUTH_API_KEY="{{.Data.data.API_KEY}}"
{{ end }} {{ end }}
EOH EOH
env = true env = true
} }
template{ template {
destination = "local/dnsupdate.conf" destination = "local/dnsupdate.conf"
data = <<EOH data = <<EOH
dnsupdate=yes dnsupdate=yes
allow-dnsupdate-from=192.168.1.43/24 allow-dnsupdate-from=192.168.1.43/24
local-address=192.168.1.5 local-address=192.168.1.5
local-port=53 local-port=53
EOH EOH
} }
template{ template {
destination = "local/pdns.conf" destination = "local/pdns.conf"
data = <<EOH data = <<EOH
launch=gpgsql launch=gpgsql
gpgsql-host=active.db.service.consul gpgsql-host=active.db.service.consul
gpgsql-port=5432 gpgsql-port=5432
@ -88,88 +85,48 @@ include-dir=/etc/powerdns/pdns.d
memory = 100 memory = 100
} }
} }
task "pnds-admin" {
service {
name = "pdns-admin"
tags = [
"homer.enable=true",
"homer.name=PDNS-ADMIN",
"homer.service=Application",
"homer.logo=http://${NOMAD_ADDR_pdnsadmin}/static/img/favicon.png",
"homer.target=_blank",
"homer.url=http://${NOMAD_ADDR_pdnsadmin}",
] task "pdns-recursor" {
port = "pdnsadmin"
} driver = "docker"
driver = "docker" config {
config { image = "docker.service.consul:5000/powerdns/pdns-recursor-master:latest"
image = "docker.service.consul:5000/powerdnsadmin/pda-legacy:latest" network_mode = "host"
ports= ["pdnsadmin"] volumes = [
volumes = [ "local/recursor.conf:/etc/powerdns/recursor.conf",
"/mnt/diskstation/nomad/pdns-admin/:/data/node_module/", ]
]
} }
template{ template {
destination = "secrets/pdns-admin.env" destination = "local/recursor.conf"
env = true data = <<EOH
data = <<EOH
{{ with secret "secrets/data/nomad/pdns"}}
SECRET_KEY="{{ .Data.data.SECRET_KEY }}"
GUNICORN_WORKERS=2
{{ end }}
{{ with secret "secrets/data/database/pdns"}}
SQLALCHEMY_DATABASE_URI=postgresql://pdns-admin:{{ .Data.data.pdnsadmin }}@active.db.service.consul/pdns-admin
{{end}}
EOH
}
resources {
cpu = 50
memory = 200
}
}
task "pdns-recursor" {
driver = "docker"
config {
image = "docker.service.consul:5000/powerdns/pdns-recursor-master:latest"
network_mode = "host"
volumes = [
"local/recursor.conf:/etc/powerdns/recursor.conf",
]
}
template{
destination = "local/recursor.conf"
data= <<EOH
config-dir=/etc/powerdns config-dir=/etc/powerdns
dnssec=off dnssec=off
forward-zones=consul=127.0.0.1:8600,ducamps.eu=192.168.1.5,1.168.192.in-addr.arpa=192.168.1.5 forward-zones=consul=127.0.0.1:8600,ducamps.eu=192.168.1.5,1.168.192.in-addr.arpa=192.168.1.5
local-address=192.168.1.6 local-address=192.168.1.6
EOH EOH
}
resources {
cpu = 50
memory = 50
}
} }
resources { task "keepalived" {
cpu = 50 driver = "docker"
memory = 50
}
}
task "keepalived" {
driver = "docker"
lifecycle { lifecycle {
hook = "prestart" hook = "prestart"
sidecar = true sidecar = true
} }
env { env {
KEEPALIVED_ROUTER_ID = "52" KEEPALIVED_ROUTER_ID = "52"
KEEPALIVED_STATE = "MASTER" KEEPALIVED_STATE = "MASTER"
KEEPALIVED_VIRTUAL_IPS = "#PYTHON2BASH:['192.168.1.5','192.168.1.6']" KEEPALIVED_VIRTUAL_IPS = "#PYTHON2BASH:['192.168.1.5','192.168.1.6']"
} }
template{ template {
destination = "local/env.yaml" destination = "local/env.yaml"
change_mode = "restart" change_mode = "restart"
env= true env = true
data = <<EOH data = <<EOH
KEEPALIVED_INTERFACE= {{ sockaddr "GetPrivateInterfaces | include \"network\" \"192.168.1.0/24\" | attr \"name\"" }} KEEPALIVED_INTERFACE= {{ sockaddr "GetPrivateInterfaces | include \"network\" \"192.168.1.0/24\" | attr \"name\"" }}
EOH EOH
} }
@ -188,4 +145,53 @@ local-address=192.168.1.6
} }
} }
} }
group "pdns-admin" {
network {
port "pdnsadmin" {
to = 80
}
}
task "pnds-admin" {
service {
name = "pdns-admin"
tags = [
"homer.enable=true",
"homer.name=PDNS-ADMIN",
"homer.service=Application",
"homer.logo=http://${NOMAD_ADDR_pdnsadmin}/static/img/favicon.png",
"homer.target=_blank",
"homer.url=http://${NOMAD_ADDR_pdnsadmin}",
]
port = "pdnsadmin"
}
driver = "docker"
config {
image = "docker.service.consul:5000/powerdnsadmin/pda-legacy:latest"
ports = ["pdnsadmin"]
volumes = [
"/mnt/diskstation/nomad/pdns-admin/:/data/node_module/",
]
}
template {
destination = "secrets/pdns-admin.env"
env = true
data = <<EOH
{{ with secret "secrets/data/nomad/pdns"}}
SECRET_KEY="{{ .Data.data.SECRET_KEY }}"
GUNICORN_WORKERS=2
{{ end }}
{{ with secret "secrets/data/database/pdns"}}
SQLALCHEMY_DATABASE_URI=postgresql://pdns-admin:{{ .Data.data.pdnsadmin }}@active.db.service.consul/pdns-admin
{{end}}
EOH
}
resources {
cpu = 50
memory = 200
}
}
}
} }