[roster-dns-management] r1169 committed - Updating Wiki
0 views
Skip to first unread message
roster-dns...@googlecode.com
Aug 16, 2013, 11:39:29 AM8/16/13
to roster-...@googlegroups.com
Revision: 1169
Author: J.S.P...@gmail.com
Date: Fri Aug 16 15:39:05 2013 UTC
Log: Updating Wiki
http://code.google.com/p/roster-dns-management/source/detail?r=1169
Modified:
/trunk/roster-server/scripts/rosterd
/trunk/roster-user-tools/scripts/dnsmkview
/wiki/About.wiki
/wiki/Authentication.wiki
/wiki/ConfigManagerInstallation.wiki
/wiki/ConfigManagerUsage.wiki
/wiki/CoreInstallation.wiki
/wiki/Example.wiki
/wiki/Installation.wiki
/wiki/RosterServerConfigFile.wiki
/wiki/ServerInstallation.wiki
/wiki/UserToolsInstallation.wiki
/wiki/UserToolsUsage.wiki
=======================================
--- /trunk/roster-server/scripts/rosterd Tue Aug 30 20:48:11 2011 UTC
+++ /trunk/roster-server/scripts/rosterd Fri Aug 16 15:39:05 2013 UTC
@@ -100,7 +100,7 @@
help='Print debug messages, with <n> indicating
level.',
default=0)
parser.add_option('--config-file', dest='config_file', metavar='<file>',
- help='Use <file> as a config file, rather than
default',
+ help='Use <file> as a config file, rather than
default.',
default=roster_core.SERVER_CONFIG_FILE_LOCATION)
parser.add_option('-H', '--host', dest='host', metavar='<host>',
help='Hostname of server to be created.',
@@ -109,7 +109,7 @@
help='Port of server to be created.',
default=None)
parser.add_option('--unit-test', dest='unit_test',
- help='Run as unit-test..',
+ help='Run as unit-test.',
default=False, action='store_true')
parser.add_option('-s', '--stop', dest='stop', action='store_true',
help='Stops rosterd. Will remove lockfile even if '
=======================================
--- /trunk/roster-user-tools/scripts/dnsmkview Thu Aug 15 15:18:41 2013 UTC
+++ /trunk/roster-user-tools/scripts/dnsmkview Fri Aug 16 15:39:05 2013 UTC
@@ -64,7 +64,7 @@
'\n'
'To make dns server set view assignments:\n'
'\t%s dns_server_set -v <view-name> \n'
- '\t-e <dns-server-set> [-o <options>]\n'
+ '\t-e <dns-server-set> -r <view-order> [-o <options>]\n'
'\n'
'To make acl for dns server set view assignment:\n'
'\t%s acl -v <view-name> -e <dns-server-set> -a <acl-name> '
=======================================
--- /wiki/About.wiki Tue Sep 11 16:36:42 2012 UTC
+++ /wiki/About.wiki Fri Aug 16 15:39:05 2013 UTC
@@ -1,4 +1,4 @@
-#summary Details Roster.
+#summary Details Roster.
<wiki:toc max_depth="2" />
@@ -16,7 +16,7 @@
== Roster Components ==
[http://roster-dns-management.googlecode.com/svn/wiki/img/Roster_pieces.png]
-Roster has 4 main components.
+Roster has four main components:
* Roster Core
* Roster Server
* Roster User Tools
@@ -27,10 +27,10 @@
Roster Core is a collection of functions to access the core API of Roster
and is used heavily by Roster Server. Roster Server contains the MySQL
database layer that accesses all data used by Roster. All records, zones,
views, etc. are contained in the database and is the authority on any DNS
data.
===Roster Server===
-Roster Server is a threaded SSL enabled XML RPC server that connects
directly to Roster Core. This allows clients to run core functions remotely
and securely. Users authenticate to Roster Server using LDAP or
[Authentication a user supplied authentication method]. The user need not
enter a password multiple times for multiple records as credentials are
stored for short periods of time (See [UserToolsUsage#Credential
Credentials] documentation).
+Roster Server is a threaded SSL enabled XML-RPC server that connects
directly to Roster Core. This allows clients to run core functions remotely
and securely. Users authenticate to Roster Server using LDAP or
[Authentication a user supplied authentication method]. The user need not
enter a password multiple times for multiple records as credentials are
stored for short periods of time (See [UserToolsUsage#Credential
Credentials] documentation).
===Roster User Tools===
-[UserToolsUsage Roster User Tools] communicates to Roster Server. Roster
User Tools contains command line tools for the majority of tasks performed
by Roster. Roster User Tools contains command line tools to contact Roster
Server through an SSL enabled XML RPC client.
+[UserToolsUsage Roster User Tools] communicates to Roster Server. Roster
User Tools contains command line tools to contact Roster Server through an
SSL enabled XML-RPC client, to perform the majority of Roster tasks.
===Roster Config Manager===
[ConfigManagerUsage Roster Config Manager] is the component of Roster
responsible for creating, exporting, and error checking files that will be
used by BIND. Roster Config Manager contains command line tools to export
all contents from the database to BIND files.
=======================================
--- /wiki/Authentication.wiki Mon Sep 10 21:42:19 2012 UTC
+++ /wiki/Authentication.wiki Fri Aug 16 15:39:05 2013 UTC
@@ -1,4 +1,4 @@
-#summary How to use an authentication method other than LDAP.
+#summary How to use an authentication method other than LDAP.
#labels Phase-Deploy,Phase-Implementation
= Introduction =
@@ -14,10 +14,10 @@
import dap
}}}
-Now a class is made. This class *MUST* be titled *_AuthenticationMethod_*.
There *MUST* be an instance dictionary called *_self.requires_* of the
variables to be placed in a config file in the *_ __init__ _* section of
the *_AuthenticationMethod_* class as shown below. Valid types are:
- *'str',
- *'int'
- *'float'
+Now a class is made. This class *MUST* be titled
*_!AuthenticationMethod_*. There *MUST* be an instance dictionary called
*_self.requires_* of the variables to be placed in a config file in the *_
__init__ _* section of the *_!AuthenticationMethod_* class as shown below.
Valid types are:
+ * str
+ * int
+ * float
A default can be provided, but if no default is specified (*None*), then
the user will be prompted to enter this information upon bootstrapping the
database.
@@ -68,7 +68,7 @@
"""
}}}
-If the "dap" module contains a *_"user_auth"_* method that raises a
UserErrorException then the user cannot be authenticated and nothing if the
user can be authenticated.
+The "dap" module can optionally contain a *_"user_auth"_* method that
raises a !UserErrorException if the user cannot be authenticated, and
nothing if the user can be authenticated.
The code would proceed as follows:
@@ -82,6 +82,10 @@
self.requires = {'binddn': {'type': 'str', 'default': None},
'server': {'type': 'str', 'default': None}}
+ def user_auth(self, binddn, password, server):
+ if( binddn in self.bad_binddn_list ):
+ raise UserErrorException('binddn %s is not allowed' % binddn)
+
def Authenticate(self, user_name=None, password=None, binddn=None,
server=None):
"""Authenticate method for DAP
=======================================
--- /wiki/ConfigManagerInstallation.wiki Mon Oct 1 16:59:01 2012 UTC
+++ /wiki/ConfigManagerInstallation.wiki Fri Aug 16 15:39:05 2013 UTC
@@ -1,6 +1,6 @@
-#summary Installation and usage of Roster User Tools
+#summary Installation of Roster Config Mananger
-See the [ConfigManagerUsage config manager usage page] for more on the
usage of these commands.
+See the Roster Config Manager [ConfigManagerUsage usage page] for more on
the usage of these commands.
== Roster Config Manager Setup ==
Installation of Roster User Tools is as follows:
@@ -18,7 +18,7 @@
== Importing zones ==
Rather than adding records manually with the user tools, they can also be
imported using [ConfigManagerUsage#dnszoneimporter dnszoneimporter] as
shown below:
{{{
-# dnszoneimporter -f private.db
+# dnszoneimporter -f private.db -z private
}}}
Where *{{{private.db}}}* is an existing zone file for the private zone.
=======================================
--- /wiki/ConfigManagerUsage.wiki Mon Jul 1 19:02:57 2013 UTC
+++ /wiki/ConfigManagerUsage.wiki Fri Aug 16 15:39:05 2013 UTC
@@ -1,6 +1,6 @@
-#summary Usage of Roster's Config Manager
+#summary Usage of Roster Config Manager
= Roster Config Manager =
-This is a collection of tools that use the core API to push bind files to
their appropriate servers, check validity of bind files, and recover the
database to a previous state.
+This is a collection of tools that check validity of BIND files, push BIND
files to their appropriate servers, and recover the database to a previous
state.
<wiki:toc max_depth="2" />
@@ -31,13 +31,47 @@
# dnscheckconfig
}}}
-3. Now send the BIND files out to each server. To export the configuration
to the appropriate servers, use [ConfigManagerUsage#dnsconfigsync
dnsconfigsync]:
+3. Before sending the BIND files to each respective server, check that
each DNS server is online, can be reached, and has proper directories and
permissions present. To check DNS servers, user
[ConfigManagerUseage#dnsservercheck dnsservercheck]:
+
+{{{
+# dnsservercheck
+}}}
+
+4. Now send the BIND files out to each server. To export the configuration
to the appropriate servers, use [ConfigManagerUsage#dnsconfigsync
dnsconfigsync]:
{{{
# dnsconfigsync
}}}
+
+5. Now that dnsconfigsync finished successfully, check that the DNS
servers are online and operating correctly. To check that zone files are
correctly loaded, use [ConfigManagerUsage#dnsquerycheck dnsquerycheck]:
+{{{
+# dnsquerycheck
+}}}
+
+Or, to automate the process, run [ConfigManagerUsage#dnsexportconfig
dnsexportconfig]:
+{{{
+# dnsexportconfig
+}}}
= Commands =
Each command's usage can be viewed by adding the *{{{--help}}}* flag.
+
+==dnstreeexport==
+Dump the Roster configuration tree to bz2 files.
+ To export all bind trees:
+{{{
+dnstreeexport [-c <config-file>] [-f] [-q]
+}}}
+
+ ===Options===
+{{{
+--version show programs version number and exit
+-h, --help show this help message and exit
+-c <config-file>, --config-file=<config-file>
+ Config File Location
+-f, --force Export trees even if nothing has changed in the
+ database.
+-q, --quiet Suppress program output.
+}}}
==dnscheckconfig==
Uses BIND's named-checkconf and named-checkzone binaries to validate named
configuration and zone files.
@@ -49,7 +83,7 @@
===Options===
{{{
---version show program's version number and exit
+--version show programs version number and exit
-h, --help show this help message and exit
-d <directory>, --directory=<directory>
Directory to scan.
@@ -65,9 +99,31 @@
Config File Location
-i <id>, --id=<id> ID of tarfile output from Roster tree export.
}}}
+
+==dnsservercheck==
+Checks that each DNS server is online, can be reached, and has proper
directories and permissions present.
+ To check a DNS server:
+{{{
+dnsservercheck -d <dns-server> [-c <config-file>] [-i <audit-id>]
+}}}
+
+ ===Options===
+{{{
+ --version show programs version number and exit
+ -h, --help show this help message and exit
+ --export-config This flag is used when dnsservercheck is called
from
+ dnsexportconfig. This should not be used by any
user.
+ -d <dns-server>, --dns-server=<dns-server>
+ DNS Server to check.
+ -c <config-file>, --config-file=<config-file>
+ Roster Server Config File Location.
+ -i <audit-id>, --id=<audit-id>
+ Audit Log ID for the tarfile output from Roster
tree
+ export
+}}}
==dnsconfigsync==
-Dumps the database into BIND files and rsync's them to the appropriate
servers.
+SSH's BIND files to, and rndc reloads, appropriate servers.
To sync bind trees:
{{{
dnsconfigsync -i <audit-id> [-c <config-file>] [-d <dest-directory>]
@@ -76,33 +132,66 @@
===Options===
{{{
---version show program's version number and exit
--h, --help show this help message and exit
--c <config-file>, --config-file=<config-file>
- Config File Location
--d <destination-directory>, --destination-directory=<destination-directory>
- Destination directory on dns servers.
--i <id>, --id=<id> ID of tarfile output from Roster tree export.
--u <user-name>, --user-name=<user-name>
- Rsync username.
---rsync-port=<port> Rsync port number.
---ssh-port=<ssh-port>
- SSH port number.
---ssh-id=<ssh-id> SSH id file.
--r <rsync-exec>, --rsync-exec=<rsync-exec>
- Rsync executable location.
---rndc-exec=<rndc-exec>
- Rndc executable location.
---rndc-key=<rndc-key>
- Rndc key file.
---rndc-conf=<rndc-conf>
- Rndc conf file.
--s <ssh-exec>, --ssh-exec=<ssh-exec>
- SSH executable location.
+ --version show programs version number and exit
+ -h, --help show this help message and exit
+ --export-config This flag is used when dnsconfigsync is called from
+ dnsexportconfig. This should not be used by any
user.
+ -d <dns-server>, --dns-server=<dns-server>
+ DNS Server Name
+ -c <config-file>, --config-file=<config-file>
+ Config File Location
+ -i <id>, --id=<id> ID of tarfile output from Roster tree export.
+ --ssh-id=<ssh-id> SSH id file.
+ --rndc-exec=<rndc-exec>
+ RNDC executable location.
+ --rndc-key=<rndc-key>
+ RNDC key file.
+ --rndc-conf=<rndc-conf>
+ RNDC conf file.
+ --rndc-port=<rndc-port>
+ RNDC communication port. If none provided,
named.conf
+ will be parsed to find one. If one can not be
found,
+ 953 will be used.
+ --ssh-failure-retries=TRIES
+ Number of times to retry config syncing should an
SSH
+ error (e.g. timeout) occur. Defaults to 3.
+}}}
+
+==dnsquerycheck==
+Queries a DNS server to make sure it is online and serving the correct
zone files.
+
+ To test a DNS server:
+{{{
+ /usr/bin/dnsquerycheck -c <config-file> -i <audit-log-id> -s <dns-server>
(-z <zone-name>) (-v <view-name>) or
+ /usr/bin/dnsquerycheck -f <zone-file> -s <dns-server>
+}}}
+
+ ===Options===
+{{{
+ --version show programs version number and exit
+ -h, --help show this help message and exit
+ --export-config This flag is used when dnsquerycheck is called from
+ dnsexportconfig. This should not be used by any
user.
+ -c <config_file>, --config-file=<config_file>
+ Roster Server config file
+ -i <id>, --id=<id> Audit log ID
+ -d <server>, --dns-server=<server>
+ DNS server to query.
+ -p <port>, --port=<port>
+ Port to query DNS server on.
+ -n <number>, --number=<number>
+ Number of random records to query for. Default=5 To
+ query all records, use -n 0
+ -f <zone_file>, --file=<zone_file>
+ Zone file to use for queries, instead of audit log
id.
+ -v <view_name>, --view=<view_name>
+ Check only a specific view. (optional)
+ -z <zone_name>, --zone=<zone_name>
+ Check only a specific zone. (optional)
}}}
==dnsexportconfig==
-Exports trees, checks named configurations and zones, and syncs the
configuration with the appropriate servers. Essentially, this command will
run [ConfigManagerUsage#dnstreeexport dnstreeexport],
[ConfigManagerUsage#dnscheckconfig dnscheckconfig], and
[ConfigManagerUsage#dnsconfigsync dnsconfigsync].
+Exports trees, checks named configurations and zones, and syncs the
configuration with the appropriate servers. Essentially, this command will
run [ConfigManagerUsage#dnstreeexport dnstreeexport],
[ConfigManagerUsage#dnscheckconfig dnscheckconfig],
[ConfigManageUsage#dnsservercheck dnsservercheck],
[ConfigManagerUsage#dnsconfigsync dnsconfigsync], and
[ConfigManagerUsage#dnsquerycheck dnsquerycheck]
To export database to config files:
{{{
dnsexportconfig [-d <output-directory>] [-f]
@@ -114,48 +203,46 @@
===Options===
{{{
---version show program's version number and exit
--h, --help show this help message and exit
--i <id>, --id=<id> ID of tarfile output from Roster tree export.
--d <directory>, --directory=<directory>
- Backup directory to scan.
--t TREE_EXPORT, --tree-exporter=TREE_EXPORT
- Location of "dnstreeexport" binary.
--c CHECK_CONFIG, --check-config=CHECK_CONFIG
- Location of "dnscheckconfig" binary.
--s CONFIG_SYNC, --config-sync=CONFIG_SYNC
- Location of "dnsconfigsync" binary.
---named-checkzone=NAMED_CHECKZONE
- Location of named_checkzone binary.
---named-checkconf=NAMED_CHECKCONF
- Location of named_checkconf binary.
---config-file=CONFIG_FILE
- Roster config file location.
---destination-directory=<destination-directory>
- (dnsconfigsync)Destination directory on dns servers.
--u <user-name>, --user-name=<user-name>
- (dnsconfigsync)Rsync username.
---rsync-port=<port> (dnsconfigsync)Rsync port number.
---ssh-port=<ssh-port>
- (dnsconfigsync)SSH port number.
---ssh-id=<ssh-id> (dnsconfigsync)SSH id file.
--r <rsync-exec>, --rsync-exec=<rsync-exec>
- (dnsconfigsync)Rsync executable location.
---rndc-exec=<rndc-exec>
- (dnsconfigsync)Rndc executable location.
---rndc-key=<rndc-key>
- (dnsconfigsync)Rndc key file.
---rndc-conf=<rndc-conf>
- (dnsconfigsync)Rndc conf file.
---ssh-exec=<ssh-exec>
- (dnsconfigsync)SSH executable location.
--o OUTPUT_DIRECTORY, --output-directory=OUTPUT_DIRECTORY
- (dnscheckconfig)Directory to temporarily output files
- to. Must be same in named.conf.
--v, --verbose (dnscheckconfig)Make command verbose.
--f, --force (dnstreeexport)Export trees even if nothing has
- changed in the database.
--q, --quiet (dnstreeexport)Suppress program output.
+ --version show programs version number and exit
+ -h, --help show this help message and exit
+ -i <audit-id>, --id=<audit-id>
+ ID of tarfile output from Roster tree export.
+ -c <config-file>, --config-file=<config-file>
+ Roster config file location.
+ -q, --quiet Suppress program output.
+ --tree-exporter=TREE_EXPORT
+ Location of "dnstreeexport" binary.
+ --check-config=CHECK_CONFIG
+ Location of "dnscheckconfig" binary.
+ --server-check=SERVER_CHECK
+ Location of "dnsservercheck" binary.
+ --config-sync=CONFIG_SYNC
+ Location of "dnsconfigsync" binary.
+ --query-check=QUERY_CHECK
+ Location of "dnsquerycheck" binary.
+ -f, --force (dnstreeexport)Export trees even if nothing has
+ changed in the database.
+ --named-checkzone=NAMED_CHECKZONE
+ (dnscheckconfig)Location of named_checkzone binary.
+ --named-checkconf=NAMED_CHECKCONF
+ (dnscheckconfig)Location of named_checkconf binary.
+ --ssh-id=<ssh-id> (dnsconfigsync)SSH id file.
+ --rndc-exec=<rndc-exec>
+ (dnsconfigsync)Rndc executable location.
+ --rndc-key=<rndc-key>
+ (dnsconfigsync)Rndc key file.
+ --rndc-conf=<rndc-conf>
+ (dnsconfigsync)Rndc conf file.
+ --rndc-port=<rndc-port>
+ RNDC communication port. If none provided,
named.conf
+ will be parsed to find one. If one can not be
found,
+ 953 will be used.
+ -p <port>, --port=<port>
+ (dnsquerycheck)Port to query DNS server on.
+ -n <number>, --number=<number>
+ (dnsquerycheck)Number of random records to query
for
+ Default=5 To query all records, use '-n all'
+
}}}
==dnsrecover==
@@ -172,7 +259,7 @@
===Options===
{{{
---version show program's version number and exit
+--version show programs version number and exit
-h, --help show this help message and exit
-i <id>, --id=<id> Audit log ID to recover to.
--single Run single audit rather than a full range.
@@ -180,24 +267,6 @@
Run as a different username.
--config-file=<file> Config file location.
}}}
-
-==dnstreeexport==
-Dump the Roster configuration tree to bz2 files.
- To export all bind trees:
-{{{
-dnstreeexport [-c <config-file>] [-f] [-q]
-}}}
-
- ===Options===
-{{{
---version show program's version number and exit
--h, --help show this help message and exit
--c <config-file>, --config-file=<config-file>
- Config File Location
--f, --force Export trees even if nothing has changed in the
- database.
--q, --quiet Suppress program output.
-}}}
==dnszonecompare==
Compare two similar zones on two nameservers.
@@ -208,7 +277,7 @@
===Options===
{{{
---version show program's version number and exit
+--version show programs version number and exit
-h, --help show this help message and exit
}}}
@@ -222,7 +291,7 @@
===Options===
{{{
---version show program's version number and exit
+--version show programs version number and exit
-h, --help show this help message and exit
-c <config-file>, --config-file=<config-file>
Database config file.
=======================================
--- /wiki/CoreInstallation.wiki Thu Aug 15 15:06:22 2013 UTC
+++ /wiki/CoreInstallation.wiki Fri Aug 16 15:39:05 2013 UTC
@@ -1,5 +1,5 @@
-== Roster Core Setup ==
-Installation of Roster User Tools is as follows:
+#summary Installation of Roster Core
+== Roster Core Setup ==
From pypi:
{{{
@@ -28,7 +28,7 @@
== Bootstrapping the Database ==
-A database needs to be set up initially for Roster to use. The
script "roster_database_bootstrap" can be used to set up the new database,
generate the rosterd init script, and create a roster config. (This script
is also located in the roster-core/scripts directory of the install.) If a
previously generated config. file is found, it can be used when prompted to
avoid unnecessary information re-entry.
+A database needs to be set up initially for Roster to use. The
script "roster_database_bootstrap" can be used to set up the new database,
generate the rosterd init script, and create a roster config file. (This
script is also located in the roster-core/scripts directory of the install)
If a previously generated config file is found, it can be used when
prompted to avoid information re-entry.
*Note:* bootstrapping a database will wipe all previous information stored
in the database.
=== Using a Config File ===
@@ -49,7 +49,7 @@
--ssl-cert <cert_file> -c <config_output_file>
}}}
-SSL keys must be generated and placed in the directories from the
configuration file generated by roster_database_bootstrap. You can
[http://www.tc.umn.edu/~brams006/selfsign.html use openssl to generate
these keys].
+SSL keys must be generated and placed in the directories from the
configuration file generated by roster_database_bootstrap. You can use
[http://www.tc.umn.edu/~brams006/selfsign.html openssl] to generate these
keys.
Follow the onscreen prompts and select an authentication method. The
authentication module will request some information about authentication
that needs to be entered at this time.
Example:
@@ -64,20 +64,20 @@
}}}
=== Configuration ===
-Finally, manually open the config file (Default location:
*/etc/roster/roster_server.conf*) and examine the contents.
+Finally, manually open the config file (Default location:
*/etc/roster/roster_server.conf*) and examine its contents.
-If your desired authentication method is PAM, some operating systems (such
as Ubuntu) do not allow PAM requests from the user nobody. There are
[http://publib.boulder.ibm.com/infocenter/tivihelp/v8r1/index.jsp?topic=%2Fcom.ibm.netcool_OMNIbus.doc_7.3.0%2Fomnibus%2Fwip%2Fcommon%2Freference%2Fomn_trb_userauthfailurepam.html
many solutions] on allowing non-root users to authenticate other users.
+*Note:* some operating systems (such as Ubuntu) do not allow PAM requests
from the user nobody. There are
[http://publib.boulder.ibm.com/infocenter/tivihelp/v8r1/index.jsp?topic=%2Fcom.ibm.netcool_OMNIbus.doc_7.3.0%2Fomnibus%2Fwip%2Fcommon%2Freference%2Fomn_trb_userauthfailurepam.html
many solutions] to allowing non-root users to authenticate other users.
-Once you have verified it to be correct and you are finished, change the
*`'server_killswitch'`* value in the *`[server]`* section to *`'off'`* and
*`chmod`* the config. file to be non-world-writable. This will allow the
[ServerInstallation Roster server to start].
+Once you have verified the config file correct, and you are finished,
change the *`'server_killswitch'`* value in the *`[server]`* section to
*`'off'`* and *`chmod`* the config file to non-world-writable. This will
allow the [ServerInstallation Roster Server] to start.
-For a detailed outline of the Roster server config. file, see the
[RosterServerConfigFile Roster Server Config File] page.
+For a detailed outline of the Roster Server config file, see the
[RosterServerConfigFile Roster Server Config File] page.
=== More on bootstrapping ===
-Additional options can be configured using special flags visible with
*{{{# roster_database_bootstrap --help}}}*
+Additional options can be configured using special flags visible with
*{{{roster_database_bootstrap --help}}}*
{{{
Options:
- --version show program's version number and exit
+ --version show programs version number and exit
-h, --help show this help message and exit
-c <config-file>, --config-file=<config-file>
Location of the new config file.
@@ -89,8 +89,6 @@
Initial admin username for roster.
--run-as-username=RUN_AS_USERNAME
Username roster server should run as.
- --lock-file=LOCK_FILE
- Location of roster server lock file.
--infinite-renew-time=<time>
Time in seconds to renew infinite credentials.
--core-die-time=<time>
@@ -124,10 +122,27 @@
Password for the database user. Do not use this
flag
unless you need to. If not used a password prompt
will
be presented.
- --named-dir=NAMED_DIR
- Directory where named files will live.
--server-port=PORT Port server will start with.
--server-host=HOST Host server will start with.
+ --db_debug=DB_DEBUG Print MySQL commands to stdout or a file
+ --db_debug_log=DB_DEBUG_LOG
+ Log file to send MySQL commands to, if blank,
stdout
+ is used.
+ --smtp-server=SMTP_SERVER
+ SMTP server for dnsexportconfig to send error
messages
+ through.
+ --system-email=SYSTEM_EMAIL
+ The email address to send error messages from.
+ --failure-email=FAILURE_EMAIL
+ The email address to send error messages to.
+ --failure-email-subject=FAILURE_SUBJECT
+ The subject line of error messages.
+ --exporter-debug Print debug statements during Roster exporting.
+ --root-hint-file=ROOT_HINT_FILE
+ Location of root hint file.
+ --max-threads=MAX_THREADS
+ Maximum number of threads to run in parallel during
+ dnsexportconfig execution.
--zone-default-refresh-seconds=REFRESH_SECONDS
Refresh seconds to use during zone bootstrapping.
--zone-default-expiry-seconds=EXPIRY_SECONDS
@@ -154,18 +169,20 @@
server = database.university.edu
# Database username
login = roster_test
+# Database password
+passwd = test
# Database name
database = roster_test
-# Database password
-passwd = test
# big lock timeout
big_lock_timeout = 90
# big lock wait
big_lock_wait = 5
# Enable ssl in database connection
ssl = off
-# Database ssl Certificate of Authority
+# Database ssl ca
ssl_ca = /etc/mysql/server-ca.pem
+db_debug = off
+db_debug_log =
##### SERVER CONFIG #####
@@ -178,20 +195,20 @@
inf_renew_time = 432000
# Time for a core instance to die
core_die_time = 1200
+# Seconds to add wait for incorrect password
+get_credentials_wait_increment = 1
+# Change server_killswitch to off to allow server to run
+server_killswitch = off
+# Ssl keyfile
+ssl_key_file = /etc/roster_certs/host.key
+# Ssl certfile
+ssl_cert_file = /etc/roster_certs/host.cert
+# Lock file
+lock_file = /var/lock/roster
# Run as username
run_as_username = nobody
-# Lock file
-lock_file = /var/lock/roster
-# Ssl certfile
-ssl_cert_file = /etc/roster_certs/host.cert
-# Ssl keyfile
-ssl_key_file = /etc/roster_certs/host.key
# Server logfile
server_log_file = /var/log/rosterd
-# Seconds to add wait for incorrect password
-get_credentials_wait_increment = 1
-# Change server_killswitch to off to allow server to run
-server_killswitch = off
#Defaults for zone bootstraping
@@ -209,14 +226,20 @@
# Credential expiry time in seconds
exp_time = 3600
# Authentication method
-authentication_method = fakeldap
+authentication_method = auth_pam
##### EXPORTER CONFIG #####
[exporter]
root_config_dir = root_config_dir
backup_dir = test_data/backup_dir
-named_dir = /etc/named
+exporter_debug = on
+smtp_server = localhost
+failure_notification_email = admin@localhost
+system_email = admin@localhost
+email_subject = [Roster] dnsexportconfig Failure
+root_hint_file = test_data/named.ca
+max_threads = 10
##### AUTH_PAM CONFIG #####
=======================================
--- /wiki/Example.wiki Mon Sep 10 21:49:27 2012 UTC
+++ /wiki/Example.wiki Fri Aug 16 15:39:05 2013 UTC
@@ -1,4 +1,4 @@
-#summary Instructions for setting up common DNS setups.
+#summary Instructions for setting up common DNS setups.
<wiki:comment>
Google Drawings:
@@ -18,13 +18,29 @@
[http://roster-dns-management.googlecode.com/svn/wiki/img/MasterNameServers.png]
=== Commands ===
+ # Create a DNS server set:
+{{{
+$ dnsmkdnsserver dns_server_set -e server_set
+}}}
# Create a DNS server:
{{{
$ dnsmkdnsserver dns_server -d server
}}}
- # Create a view:
+ # Assign the DNS server to the DNS server set:
{{{
-$ dnsmkview view -v public -a any
+$ dnsmkdnsserver assignment -d server -e server_set
+}}}
+ # Make a view
+{{{
+$ dnsmkview view -v public
+}}}
+ # Assign the view to the DNS server set:
+{{{
+$ dnsmkview dns_server_set -v public -e server_set -r 1
+}}}
+ # Assign the view to the any ACL/DNS server set combo:
+{{{
+$ dnsmkview acl -v public -a any -e server_set
}}}
# Create a zone with the public view:
{{{
@@ -47,13 +63,29 @@
[http://roster-dns-management.googlecode.com/svn/wiki/img/SlaveNameServers.png]
=== Commands ===
+ # Create a DNS server set:
+{{{
+$ dnsmkdnsserver dns_server_set -e server_set
+}}}
# Create a DNS server:
{{{
$ dnsmkdnsserver dns_server -d server
}}}
- # Create a view:
+ # Assign the DNS server to the DNS server set:
+{{{
+$ dnsmkdnsserver assignment -d server -e server_set
+}}}
+ # Make a view
+{{{
+$ dnsmkview view -v public
+}}}
+ # Assign the view to the DNS server set:
+{{{
+$ dnsmkview dns_server_set -v public -e server_set -r 1
+}}}
+ # Assign the view to the any ACL/DNS server set combo:
{{{
-$ dnsmkview view -v public -a any
+$ dnsmkview acl -v public -a any -e server_set
}}}
# Create a master zone:
{{{
@@ -82,21 +114,36 @@
[http://roster-dns-management.googlecode.com/svn/wiki/img/StealthDNS.png]
=== Commands ===
+ # Create a DNS server set:
+{{{
+$ dnsmkdnsserver dns_server_set -e server_set
+}}}
# Create a DNS server:
{{{
$ dnsmkdnsserver dns_server -d server
}}}
+ # Assign the DNS server to the DNS server set:
+{{{
+$ dnsmkdnsserver assignment -d server -e server_set -r 1
+}}}
# Define an ACL that only allows local IP's:
{{{
$ dnsmkacl -a private --cidr-block 192.168.1.0/24 --allow
}}}
- # Create a view with no restriction:
+ # Make both the public and stealth views
+{{{
+$ dnsmkview view -v public
+$ dnsmkview view -v stealth
+}}}
+ # Assign the views to the DNS server set:
{{{
-$ dnsmkview view -v public -a any
+$ dnsmkview dns_server_set -v public -e server_set -r 1
+$ dnsmkview dns_server_set -v stealth -e server_set -r 2
}}}
- # Create a view constrained by the private ACL:
+ # Assign the views to their respective ACL/DNS server set combos:
{{{
-$ dnsmkview view -v stealth -a private
+$ dnsmkview acl -v public -a any -e server_set
+$ dnsmkview acl -v stealth -a private -e server_set
}}}
# Create a zone with the public view:
{{{
=======================================
--- /wiki/Installation.wiki Mon Sep 10 21:29:49 2012 UTC
+++ /wiki/Installation.wiki Fri Aug 16 15:39:05 2013 UTC
@@ -1,4 +1,4 @@
-#summary Details Roster Core and Roster Server installation and usage.
+#summary Details Roster Core and Roster Server installation and usage.
#labels Phase-Deploy
<wiki:toc max_depth="2" />
@@ -30,7 +30,7 @@
* openldap-clients
* openldap-devel
* python-devel
-=== Packages and dependencies as they show up in RedHat 6 repo ===
+=== Packages and dependencies as they show up in !RedHat 6 repo ===
* bind
* openssl
* python-setuptools
@@ -62,11 +62,11 @@
*All of the Roster's components need to be installed separately. Roster's
components are not designed to run on a single server, but can if desired.*
-For example, a normal setup would have one machine containing Roster Core,
Roster Server and Roster Config Manager and clients controlling it using
Roster User Tools.
-Another setup similar to the aforementioned setup may have Roster Config
Manager on a different machine.
-There are many possibilities and your individual setup will depend on DNS
size among other variables.
+For example, a normal setup would have one machine containing Roster Core,
Roster Server, and Roster Config Manager, with clients connecting using
Roster User Tools.
+Another setup, similar to the aforementioned, may have Roster Config
Manager on a different machine.
+There are many possibilities, and your individual setup will depend on DNS
size, among other variables.
-To use an authentication module other than LDAP in Roster a new
authentication module must be written before setting up roster server. How
to write an authentication module can be found on the [Authentication
authentication page].
+To use an authentication module other than LDAP in Roster, a new
authentication module must be written before setting up Roster Server. How
to write an authentication module can be found on the [Authentication
authentication page].
== Installing Roster Components ==
@@ -76,7 +76,7 @@
=== Installing Components by Download ===
-Each component of Roster can be installed by navigating to the component's
respective root directory, containing "setup.py" and running the following
command:
+Each component of Roster can be installed by navigating to the component's
respective root directory, (containing "setup.py") and running the
following command:
{{{
# python setup.py install
@@ -105,19 +105,19 @@
== Roster Core ==
-[CoreInstallation Core installation page]
+[CoreInstallation Core installation]
== Roster Server ==
-[ServerInstallation Server installation page]
+[ServerInstallation Server installation]
== Roster User Tools ==
-[UserToolsInstallation User tools installation page]
+[UserToolsInstallation User Tools installation]
== Roster Config Manager ==
-[ConfigManagerInstallation Config manager installation page]
+[ConfigManagerInstallation Config Manager installation]
=======================================
--- /wiki/RosterServerConfigFile.wiki Sat Dec 1 16:57:45 2012 UTC
+++ /wiki/RosterServerConfigFile.wiki Fri Aug 16 15:39:05 2013 UTC
@@ -76,6 +76,7 @@
email_subject = [Roster] dnsexportconfig Failure
# Print run statements during exporter tool execution in dnsexportconfig
exporter_debug = on
+ root_hint_file = /etc/bind/named.ca
# Fields regarding server user credentials (Only needed for Roster XML-RPC
server)
[credentials]
@@ -94,6 +95,18 @@
version = VERSION3
# TLS enabled/disabled (on/off) for authentication
tls = on
+
+#Defaults for zone bootstraping (Only gets used if dnsmkzone
--bootstrap-zone is used)
+[zone_defaults]
+ #SOA record default arguments
+ refresh_seconds = 3600
+ expiry_seconds = 1814400
+ minimum_seconds = 86400
+ retry_seconds = 600
+ soa_ttl = 3600
+
+ #NS record default argument
+ ns_ttl = 3600
}}}
The above list is not necessarilly comprehensive for all setups. There
could be extra sections/fields for LDAP, PAM, or others as necessary.
=======================================
--- /wiki/ServerInstallation.wiki Mon Sep 17 18:09:10 2012 UTC
+++ /wiki/ServerInstallation.wiki Fri Aug 16 15:39:05 2013 UTC
@@ -1,3 +1,4 @@
+#summary Installation of Roster Server
== Roster Server Setup ==
Installation of Roster User Tools is as follows:
@@ -12,11 +13,11 @@
}}}
== Starting Roster Server ==
-The init.d script from roster_database_bootstrap will need to be
configured if it needs to be autostarted on system boot. Details of this
process are found at the [InitScriptInstallation init script installation
page].
+The init.d script from *`roster_database_bootstrap`* will need to be
configured if it needs to be autostarted on system boot. Details of this
process can be found at the [InitScriptInstallation init script
installation] page.
The config file generated by *`roster_database_bootstrap`* should be
[CoreInstallation#Configuration configured] before running Roster Server.
-If *_/etc/init.d/rosterd_* has been [InitScriptInstallation properly
configured], Roster Server can be started by running the script
+If *_/etc/init.d/rosterd_* has been [InitScriptInstallation properly
configured], Roster Server can be started by running
*_
/etc/init.d/rosterd start
_*
@@ -34,22 +35,23 @@
rosterd options:
{{{
--h, --help show this help message and exit
---lock-file=LOCK_FILE
- Lock file location.
--c CERT_FILE, --cert-file=CERT_FILE
- SSL cert file path.
--k KEY_FILE, --key-file=KEY_FILE
- SSL key file path.
--d <n>, --debug=<n> Print debug messages, with <n> indicating level.
---config-file=<file> Use <file> as a config file, rather than default
--H <host>, --host=<host>
- Hostname of server to be created.
--p <port>, --port=<port>
- Port of server to be created.
---unit-test Run as unit-test..
--s, --stop Stops rosterd. Will remove lockfile even if rosterd
is
- not running.
+Options:
+ -h, --help show this help message and exit
+ --lock-file=LOCK_FILE
+ Lock file location.
+ -c CERT_FILE, --cert-file=CERT_FILE
+ SSL cert file path.
+ -k KEY_FILE, --key-file=KEY_FILE
+ SSL key file path.
+ -d <n>, --debug=<n> Print debug messages, with <n> indicating level.
+ --config-file=<file> Use <file> as a config file, rather than default.
+ -H <host>, --host=<host>
+ Hostname of server to be created.
+ -p <port>, --port=<port>
+ Port of server to be created.
+ --unit-test Run as unit-test.
+ -s, --stop Stops rosterd. Will remove lockfile even if
rosterd is
+ not running
}}}
To kill or restart Roster Server, run the init script again.
=======================================
--- /wiki/UserToolsInstallation.wiki Tue Sep 11 17:24:30 2012 UTC
+++ /wiki/UserToolsInstallation.wiki Fri Aug 16 15:39:05 2013 UTC
@@ -1,6 +1,6 @@
-#summary Installation and usage of Roster User Tools
+#summary Installation of Roster User Tools
-See the [UserToolsUsage user tools usage page] for more information on the
usage of these commands.
+See the Roster User Tools [UserToolsUsage usage page] for more information
on the usage of these commands.
== Roster User Tools Setup ==
Installation of Roster User Tools is as follows:
@@ -15,17 +15,17 @@
# python setup.py install
}}}
-== Bootstrapping UserTools Config ==
+== Bootstrapping !UserTools Config ==
-After Roster User Tools is installed it MUST be bootstrapped to create a
usertools config file by running: *_# roster-user-tools-bootstrap_*.
+After Roster User Tools is installed, it MUST be bootstrapped to create a
usertools config file by running: {{{*# roster-user-tools-bootstrap*}}}
{{{
# roster_user_tools_bootstrap -s <server> --config-file <config_file>
}}}
== More on roster_user_tools_bootstrap ==
-Additional options can be configured using special flags visible with:
{{{# roster_user_tools_bootstrap --help}}}
+Additional options can be configured using special flags visible with:
{{{# *roster_user_tools_bootstrap --help*}}}
{{{
---version show program's version number and exit
+--version show programs version number and exit
-h, --help show this help message and exit
-s <server>, --server=<server>
XML RPC Server URL.
@@ -34,11 +34,11 @@
The config file can be specified to 2 locations:
* *_/etc/roster/roster_user_tools.conf_*
* *_~/.rosterrc_*
-You can also put it anywhere as long as an environment variable is set
like so: {{{export ROSTER_USER_CONFIG=/some/path/to.conf}}}.
+You can also put it anywhere as long as an environment variable is set
like so: {{{*# export ROSTER_USER_CONFIG=/some/path/to.conf*}}}
-This is an example usertools config file from
`/test/test_data/roster_user_tools.conf`:
+this is an example usertools config file from
*`/test/test_data/roster_user_tools.conf`*:
{{{
-[user_tools]
+[user_tools]
# credential file placement
cred_file = test_data/dnscred
=======================================
--- /wiki/UserToolsUsage.wiki Mon Jul 1 21:03:47 2013 UTC
+++ /wiki/UserToolsUsage.wiki Fri Aug 16 15:39:05 2013 UTC
@@ -1,8 +1,8 @@
-#summary Usage of Roster's User Tools
+#summary Usage of Roster User Tools
= Roster User Tools =
-Roster User Tools is a collection of tools to create, list, and remove
various records, zones, views, DNS servers, DNS server sets, groups, users,
reserved words, ACL's, and the assignments between them. They can set the
database maintenance flag, upload named configurations, create credential
files, and list the audit log.
+Roster User Tools is a collection of tools to create, list, and remove
various records, zones, views, DNS servers, DNS server sets, groups, users,
reserved words, ACL's, and assignments between them. They can also set the
database maintenance flag, create credential files, and list the audit log.
Each command's usage can be viewed by adding the *{{{--help}}}* flag. It
is also worth noting that all *--config-file* flags on user tools are
expecting a usertools config file created by
[UserToolsInstallation#Roster_User_Tools_Installation
roster_user_tools_bootstrap], not a roster config file.
@@ -115,7 +115,7 @@
* *_example.com._* is the zone origin
*(Don't forget the last dot on the origin.)*
-9. Create a SOA record with [UserToolsUsage#dnsmkrecord dnsmkrecord] for
the forward and reverse zones. The SOA record stores information about the
DNS zone, such as the admin e-mail address, the source host, the serial
number, and the several timers to refresh the zone. Use of the command
would be as follows:
+9a. Create a SOA record with [UserToolsUsage#dnsmkrecord dnsmkrecord] for
the forward and reverse zones. The SOA record stores information about the
DNS zone, such as the admin e-mail address, the source host, the serial
number, and the several timers to refresh the zone. Use of the command
would be as follows:
{{{
# dnsmkrecord soa --admin-email user.example.com. --name-server
example.com. --serial-number 1 --refresh-seconds 3600 --retry-seconds 600
--expiry-seconds 86400 --minimum-seconds 3600 -z private -t example.com
--view-name internal
# dnsmkrecord soa --admin-email user.example.com. --name-server
example.com. --serial-number 1 --refresh-seconds 3600 --retry-seconds 600
--expiry-seconds 86400 --minimum-seconds 3600 -z private_rev -t example.com
--view-name internal
@@ -126,6 +126,12 @@
* *_600_* is the default retry seconds for the slave to retry connecting
to master after a failed attempt.
* *_86400_* is the default time for the slave server to consider the
zone file to be valid.
* the second *_3600_* is the default minimum time-to-live seconds for
the slave server to cache the zone file.
+
+9b. Alternatively, an SOA record, and optionally, an NS record, can be
auto-created with the zone using dnsmkzone.
+{{{
+# dnsmkzone reverse -z private_rev -v internal --type master --origin
1.168.192.in-addr.arpa. --bootstrap-zone --bootstrap-admin-email
user.example.com. --bootstrap-nameserver example.com.
+# dnsmkzone forward -z private -v internal --type master --origin
example.com. --bootstrap-zone --bootstrap-admin-email user.example.com.
--bootstrap-nameserver example.com.
+}}}
10. Group permissions will need to be assigned prior to users being able
to create records on delegated zones/reverse-ranges:
{{{
@@ -179,7 +185,7 @@
=== Options ===
{{{
---version show program's version number and exit
+--version show programs version number and exit
-h, --help show this help message and exit
-u <username>, --username=<username>
Run as different username.
@@ -229,7 +235,7 @@
=== Options ===
{{{
---version show program's version number and exit
+--version show programs version number and exit
-h, --help show this help message and exit
-u <username>, --username=<username>
Run as different username.
@@ -263,7 +269,7 @@
=== Options ===
{{{
---version show program's version number and exit
+--version show programs version number and exit
-h, --help show this help message and exit
-u <username>, --username=<username>
Run as different username.
@@ -347,7 +353,7 @@
=== Options ===
{{{
---version show program's version number and exit
+--version show programs version number and exit
-h, --help show this help message and exit
-u <username>, --username=<username>
Run as different username.
@@ -411,7 +417,7 @@
=== Options ===
{{{
---version show program's version number and exit
+--version show programs version number and exit
-h, --help show this help message and exit
-u <username>, --username=<username>
Run as different username.
@@ -453,7 +459,7 @@
=== Options ===
{{{
---version show program's version number and exit
+--version show programs version number and exit
-h, --help show this help message and exit
-u <username>, --username=<username>
Run as different username.
@@ -687,7 +693,7 @@
=== Options ===
{{{
---version show program's version number and exit
+--version show programs version number and exit
-h, --help show this help message and exit
-u <username>, --username=<username>
Run as different username.
@@ -770,7 +776,7 @@
=== Options ===
{{{
---version show program's version number and exit
+--version show programs version number and exit
-h, --help show this help message and exit
-u <username>, --username=<username>
Run as different username.
@@ -883,7 +889,7 @@
=== Options ===
{{{
---version show program's version number and exit
+--version show programs version number and exit
-h, --help show this help message and exit
-u <username>, --username=<username>
Run as different username.
@@ -994,7 +1000,7 @@
=== Options ===
{{{
---version show program's version number and exit
+--version show programs version number and exit
-h, --help show this help message and exit
-u <username>, --username=<username>
Run as different username.
@@ -1073,7 +1079,7 @@
=== Options ===
{{{
---version show program's version number and exit
+--version show programs version number and exit
-h, --help show this help message and exit
-u <username>, --username=<username>
Run as different username.
@@ -1119,7 +1125,7 @@
=== Options ===
{{{
---version show program's version number and exit
+--version show programs version number and exit
-h, --help show this help message and exit
-u <username>, --username=<username>
Run as different username.
@@ -1139,6 +1145,8 @@
== Mass Record Handling ==
+Mass record handling is for easily working with large, already generated
zone files.
+
== dnsmassadd ==
To add a list of hosts from a file:
{{{
@@ -1147,7 +1155,7 @@
=== Options ===
{{{
---version show program's version number and exit
+--version show programs version number and exit
-h, --help show this help message and exit
-u <username>, --username=<username>
Run as different username.
@@ -1181,7 +1189,7 @@
=== Options ===
{{{
---version show program's version number and exit
+--version show programs version number and exit
-h, --help show this help message and exit
-u <username>, --username=<username>
Run as different username.
@@ -1225,7 +1233,7 @@
=== Options ===
{{{
---version show program's version number and exit
+--version show programs version number and exit
-h, --help show this help message and exit
-u <username>, --username=<username>
Run as different username.
@@ -1257,8 +1265,8 @@
}}}
-== Up Named Globals ==
-Use this tool to view, modify, and edit named global confs.
+== Named Globals ==
+Use dnsupnamedglobals to view, modify, and edit named global confs.
=== dnsupnamedglobals ===
@@ -1292,7 +1300,7 @@
=== Options ===
{{{
---version show program's version number and exit
+--version show programs version number and exit
-h, --help show this help message and exit
-u <username>, --username=<username>
Run as different username.
Author: J.S.P...@gmail.com
Date: Fri Aug 16 15:39:05 2013 UTC
Log: Updating Wiki
http://code.google.com/p/roster-dns-management/source/detail?r=1169
Modified:
/trunk/roster-server/scripts/rosterd
/trunk/roster-user-tools/scripts/dnsmkview
/wiki/About.wiki
/wiki/Authentication.wiki
/wiki/ConfigManagerInstallation.wiki
/wiki/ConfigManagerUsage.wiki
/wiki/CoreInstallation.wiki
/wiki/Example.wiki
/wiki/Installation.wiki
/wiki/RosterServerConfigFile.wiki
/wiki/ServerInstallation.wiki
/wiki/UserToolsInstallation.wiki
/wiki/UserToolsUsage.wiki
=======================================
--- /trunk/roster-server/scripts/rosterd Tue Aug 30 20:48:11 2011 UTC
+++ /trunk/roster-server/scripts/rosterd Fri Aug 16 15:39:05 2013 UTC
@@ -100,7 +100,7 @@
help='Print debug messages, with <n> indicating
level.',
default=0)
parser.add_option('--config-file', dest='config_file', metavar='<file>',
- help='Use <file> as a config file, rather than
default',
+ help='Use <file> as a config file, rather than
default.',
default=roster_core.SERVER_CONFIG_FILE_LOCATION)
parser.add_option('-H', '--host', dest='host', metavar='<host>',
help='Hostname of server to be created.',
@@ -109,7 +109,7 @@
help='Port of server to be created.',
default=None)
parser.add_option('--unit-test', dest='unit_test',
- help='Run as unit-test..',
+ help='Run as unit-test.',
default=False, action='store_true')
parser.add_option('-s', '--stop', dest='stop', action='store_true',
help='Stops rosterd. Will remove lockfile even if '
=======================================
--- /trunk/roster-user-tools/scripts/dnsmkview Thu Aug 15 15:18:41 2013 UTC
+++ /trunk/roster-user-tools/scripts/dnsmkview Fri Aug 16 15:39:05 2013 UTC
@@ -64,7 +64,7 @@
'\n'
'To make dns server set view assignments:\n'
'\t%s dns_server_set -v <view-name> \n'
- '\t-e <dns-server-set> [-o <options>]\n'
+ '\t-e <dns-server-set> -r <view-order> [-o <options>]\n'
'\n'
'To make acl for dns server set view assignment:\n'
'\t%s acl -v <view-name> -e <dns-server-set> -a <acl-name> '
=======================================
--- /wiki/About.wiki Tue Sep 11 16:36:42 2012 UTC
+++ /wiki/About.wiki Fri Aug 16 15:39:05 2013 UTC
@@ -1,4 +1,4 @@
-#summary Details Roster.
+#summary Details Roster.
<wiki:toc max_depth="2" />
@@ -16,7 +16,7 @@
== Roster Components ==
[http://roster-dns-management.googlecode.com/svn/wiki/img/Roster_pieces.png]
-Roster has 4 main components.
+Roster has four main components:
* Roster Core
* Roster Server
* Roster User Tools
@@ -27,10 +27,10 @@
Roster Core is a collection of functions to access the core API of Roster
and is used heavily by Roster Server. Roster Server contains the MySQL
database layer that accesses all data used by Roster. All records, zones,
views, etc. are contained in the database and is the authority on any DNS
data.
===Roster Server===
-Roster Server is a threaded SSL enabled XML RPC server that connects
directly to Roster Core. This allows clients to run core functions remotely
and securely. Users authenticate to Roster Server using LDAP or
[Authentication a user supplied authentication method]. The user need not
enter a password multiple times for multiple records as credentials are
stored for short periods of time (See [UserToolsUsage#Credential
Credentials] documentation).
+Roster Server is a threaded SSL enabled XML-RPC server that connects
directly to Roster Core. This allows clients to run core functions remotely
and securely. Users authenticate to Roster Server using LDAP or
[Authentication a user supplied authentication method]. The user need not
enter a password multiple times for multiple records as credentials are
stored for short periods of time (See [UserToolsUsage#Credential
Credentials] documentation).
===Roster User Tools===
-[UserToolsUsage Roster User Tools] communicates to Roster Server. Roster
User Tools contains command line tools for the majority of tasks performed
by Roster. Roster User Tools contains command line tools to contact Roster
Server through an SSL enabled XML RPC client.
+[UserToolsUsage Roster User Tools] communicates to Roster Server. Roster
User Tools contains command line tools to contact Roster Server through an
SSL enabled XML-RPC client, to perform the majority of Roster tasks.
===Roster Config Manager===
[ConfigManagerUsage Roster Config Manager] is the component of Roster
responsible for creating, exporting, and error checking files that will be
used by BIND. Roster Config Manager contains command line tools to export
all contents from the database to BIND files.
=======================================
--- /wiki/Authentication.wiki Mon Sep 10 21:42:19 2012 UTC
+++ /wiki/Authentication.wiki Fri Aug 16 15:39:05 2013 UTC
@@ -1,4 +1,4 @@
-#summary How to use an authentication method other than LDAP.
+#summary How to use an authentication method other than LDAP.
#labels Phase-Deploy,Phase-Implementation
= Introduction =
@@ -14,10 +14,10 @@
import dap
}}}
-Now a class is made. This class *MUST* be titled *_AuthenticationMethod_*.
There *MUST* be an instance dictionary called *_self.requires_* of the
variables to be placed in a config file in the *_ __init__ _* section of
the *_AuthenticationMethod_* class as shown below. Valid types are:
- *'str',
- *'int'
- *'float'
+Now a class is made. This class *MUST* be titled
*_!AuthenticationMethod_*. There *MUST* be an instance dictionary called
*_self.requires_* of the variables to be placed in a config file in the *_
__init__ _* section of the *_!AuthenticationMethod_* class as shown below.
Valid types are:
+ * str
+ * int
+ * float
A default can be provided, but if no default is specified (*None*), then
the user will be prompted to enter this information upon bootstrapping the
database.
@@ -68,7 +68,7 @@
"""
}}}
-If the "dap" module contains a *_"user_auth"_* method that raises a
UserErrorException then the user cannot be authenticated and nothing if the
user can be authenticated.
+The "dap" module can optionally contain a *_"user_auth"_* method that
raises a !UserErrorException if the user cannot be authenticated, and
nothing if the user can be authenticated.
The code would proceed as follows:
@@ -82,6 +82,10 @@
self.requires = {'binddn': {'type': 'str', 'default': None},
'server': {'type': 'str', 'default': None}}
+ def user_auth(self, binddn, password, server):
+ if( binddn in self.bad_binddn_list ):
+ raise UserErrorException('binddn %s is not allowed' % binddn)
+
def Authenticate(self, user_name=None, password=None, binddn=None,
server=None):
"""Authenticate method for DAP
=======================================
--- /wiki/ConfigManagerInstallation.wiki Mon Oct 1 16:59:01 2012 UTC
+++ /wiki/ConfigManagerInstallation.wiki Fri Aug 16 15:39:05 2013 UTC
@@ -1,6 +1,6 @@
-#summary Installation and usage of Roster User Tools
+#summary Installation of Roster Config Mananger
-See the [ConfigManagerUsage config manager usage page] for more on the
usage of these commands.
+See the Roster Config Manager [ConfigManagerUsage usage page] for more on
the usage of these commands.
== Roster Config Manager Setup ==
Installation of Roster User Tools is as follows:
@@ -18,7 +18,7 @@
== Importing zones ==
Rather than adding records manually with the user tools, they can also be
imported using [ConfigManagerUsage#dnszoneimporter dnszoneimporter] as
shown below:
{{{
-# dnszoneimporter -f private.db
+# dnszoneimporter -f private.db -z private
}}}
Where *{{{private.db}}}* is an existing zone file for the private zone.
=======================================
--- /wiki/ConfigManagerUsage.wiki Mon Jul 1 19:02:57 2013 UTC
+++ /wiki/ConfigManagerUsage.wiki Fri Aug 16 15:39:05 2013 UTC
@@ -1,6 +1,6 @@
-#summary Usage of Roster's Config Manager
+#summary Usage of Roster Config Manager
= Roster Config Manager =
-This is a collection of tools that use the core API to push bind files to
their appropriate servers, check validity of bind files, and recover the
database to a previous state.
+This is a collection of tools that check validity of BIND files, push BIND
files to their appropriate servers, and recover the database to a previous
state.
<wiki:toc max_depth="2" />
@@ -31,13 +31,47 @@
# dnscheckconfig
}}}
-3. Now send the BIND files out to each server. To export the configuration
to the appropriate servers, use [ConfigManagerUsage#dnsconfigsync
dnsconfigsync]:
+3. Before sending the BIND files to each respective server, check that
each DNS server is online, can be reached, and has proper directories and
permissions present. To check DNS servers, user
[ConfigManagerUseage#dnsservercheck dnsservercheck]:
+
+{{{
+# dnsservercheck
+}}}
+
+4. Now send the BIND files out to each server. To export the configuration
to the appropriate servers, use [ConfigManagerUsage#dnsconfigsync
dnsconfigsync]:
{{{
# dnsconfigsync
}}}
+
+5. Now that dnsconfigsync finished successfully, check that the DNS
servers are online and operating correctly. To check that zone files are
correctly loaded, use [ConfigManagerUsage#dnsquerycheck dnsquerycheck]:
+{{{
+# dnsquerycheck
+}}}
+
+Or, to automate the process, run [ConfigManagerUsage#dnsexportconfig
dnsexportconfig]:
+{{{
+# dnsexportconfig
+}}}
= Commands =
Each command's usage can be viewed by adding the *{{{--help}}}* flag.
+
+==dnstreeexport==
+Dump the Roster configuration tree to bz2 files.
+ To export all bind trees:
+{{{
+dnstreeexport [-c <config-file>] [-f] [-q]
+}}}
+
+ ===Options===
+{{{
+--version show programs version number and exit
+-h, --help show this help message and exit
+-c <config-file>, --config-file=<config-file>
+ Config File Location
+-f, --force Export trees even if nothing has changed in the
+ database.
+-q, --quiet Suppress program output.
+}}}
==dnscheckconfig==
Uses BIND's named-checkconf and named-checkzone binaries to validate named
configuration and zone files.
@@ -49,7 +83,7 @@
===Options===
{{{
---version show program's version number and exit
+--version show programs version number and exit
-h, --help show this help message and exit
-d <directory>, --directory=<directory>
Directory to scan.
@@ -65,9 +99,31 @@
Config File Location
-i <id>, --id=<id> ID of tarfile output from Roster tree export.
}}}
+
+==dnsservercheck==
+Checks that each DNS server is online, can be reached, and has proper
directories and permissions present.
+ To check a DNS server:
+{{{
+dnsservercheck -d <dns-server> [-c <config-file>] [-i <audit-id>]
+}}}
+
+ ===Options===
+{{{
+ --version show programs version number and exit
+ -h, --help show this help message and exit
+ --export-config This flag is used when dnsservercheck is called
from
+ dnsexportconfig. This should not be used by any
user.
+ -d <dns-server>, --dns-server=<dns-server>
+ DNS Server to check.
+ -c <config-file>, --config-file=<config-file>
+ Roster Server Config File Location.
+ -i <audit-id>, --id=<audit-id>
+ Audit Log ID for the tarfile output from Roster
tree
+ export
+}}}
==dnsconfigsync==
-Dumps the database into BIND files and rsync's them to the appropriate
servers.
+SSH's BIND files to, and rndc reloads, appropriate servers.
To sync bind trees:
{{{
dnsconfigsync -i <audit-id> [-c <config-file>] [-d <dest-directory>]
@@ -76,33 +132,66 @@
===Options===
{{{
---version show program's version number and exit
--h, --help show this help message and exit
--c <config-file>, --config-file=<config-file>
- Config File Location
--d <destination-directory>, --destination-directory=<destination-directory>
- Destination directory on dns servers.
--i <id>, --id=<id> ID of tarfile output from Roster tree export.
--u <user-name>, --user-name=<user-name>
- Rsync username.
---rsync-port=<port> Rsync port number.
---ssh-port=<ssh-port>
- SSH port number.
---ssh-id=<ssh-id> SSH id file.
--r <rsync-exec>, --rsync-exec=<rsync-exec>
- Rsync executable location.
---rndc-exec=<rndc-exec>
- Rndc executable location.
---rndc-key=<rndc-key>
- Rndc key file.
---rndc-conf=<rndc-conf>
- Rndc conf file.
--s <ssh-exec>, --ssh-exec=<ssh-exec>
- SSH executable location.
+ --version show programs version number and exit
+ -h, --help show this help message and exit
+ --export-config This flag is used when dnsconfigsync is called from
+ dnsexportconfig. This should not be used by any
user.
+ -d <dns-server>, --dns-server=<dns-server>
+ DNS Server Name
+ -c <config-file>, --config-file=<config-file>
+ Config File Location
+ -i <id>, --id=<id> ID of tarfile output from Roster tree export.
+ --ssh-id=<ssh-id> SSH id file.
+ --rndc-exec=<rndc-exec>
+ RNDC executable location.
+ --rndc-key=<rndc-key>
+ RNDC key file.
+ --rndc-conf=<rndc-conf>
+ RNDC conf file.
+ --rndc-port=<rndc-port>
+ RNDC communication port. If none provided,
named.conf
+ will be parsed to find one. If one can not be
found,
+ 953 will be used.
+ --ssh-failure-retries=TRIES
+ Number of times to retry config syncing should an
SSH
+ error (e.g. timeout) occur. Defaults to 3.
+}}}
+
+==dnsquerycheck==
+Queries a DNS server to make sure it is online and serving the correct
zone files.
+
+ To test a DNS server:
+{{{
+ /usr/bin/dnsquerycheck -c <config-file> -i <audit-log-id> -s <dns-server>
(-z <zone-name>) (-v <view-name>) or
+ /usr/bin/dnsquerycheck -f <zone-file> -s <dns-server>
+}}}
+
+ ===Options===
+{{{
+ --version show programs version number and exit
+ -h, --help show this help message and exit
+ --export-config This flag is used when dnsquerycheck is called from
+ dnsexportconfig. This should not be used by any
user.
+ -c <config_file>, --config-file=<config_file>
+ Roster Server config file
+ -i <id>, --id=<id> Audit log ID
+ -d <server>, --dns-server=<server>
+ DNS server to query.
+ -p <port>, --port=<port>
+ Port to query DNS server on.
+ -n <number>, --number=<number>
+ Number of random records to query for. Default=5 To
+ query all records, use -n 0
+ -f <zone_file>, --file=<zone_file>
+ Zone file to use for queries, instead of audit log
id.
+ -v <view_name>, --view=<view_name>
+ Check only a specific view. (optional)
+ -z <zone_name>, --zone=<zone_name>
+ Check only a specific zone. (optional)
}}}
==dnsexportconfig==
-Exports trees, checks named configurations and zones, and syncs the
configuration with the appropriate servers. Essentially, this command will
run [ConfigManagerUsage#dnstreeexport dnstreeexport],
[ConfigManagerUsage#dnscheckconfig dnscheckconfig], and
[ConfigManagerUsage#dnsconfigsync dnsconfigsync].
+Exports trees, checks named configurations and zones, and syncs the
configuration with the appropriate servers. Essentially, this command will
run [ConfigManagerUsage#dnstreeexport dnstreeexport],
[ConfigManagerUsage#dnscheckconfig dnscheckconfig],
[ConfigManageUsage#dnsservercheck dnsservercheck],
[ConfigManagerUsage#dnsconfigsync dnsconfigsync], and
[ConfigManagerUsage#dnsquerycheck dnsquerycheck]
To export database to config files:
{{{
dnsexportconfig [-d <output-directory>] [-f]
@@ -114,48 +203,46 @@
===Options===
{{{
---version show program's version number and exit
--h, --help show this help message and exit
--i <id>, --id=<id> ID of tarfile output from Roster tree export.
--d <directory>, --directory=<directory>
- Backup directory to scan.
--t TREE_EXPORT, --tree-exporter=TREE_EXPORT
- Location of "dnstreeexport" binary.
--c CHECK_CONFIG, --check-config=CHECK_CONFIG
- Location of "dnscheckconfig" binary.
--s CONFIG_SYNC, --config-sync=CONFIG_SYNC
- Location of "dnsconfigsync" binary.
---named-checkzone=NAMED_CHECKZONE
- Location of named_checkzone binary.
---named-checkconf=NAMED_CHECKCONF
- Location of named_checkconf binary.
---config-file=CONFIG_FILE
- Roster config file location.
---destination-directory=<destination-directory>
- (dnsconfigsync)Destination directory on dns servers.
--u <user-name>, --user-name=<user-name>
- (dnsconfigsync)Rsync username.
---rsync-port=<port> (dnsconfigsync)Rsync port number.
---ssh-port=<ssh-port>
- (dnsconfigsync)SSH port number.
---ssh-id=<ssh-id> (dnsconfigsync)SSH id file.
--r <rsync-exec>, --rsync-exec=<rsync-exec>
- (dnsconfigsync)Rsync executable location.
---rndc-exec=<rndc-exec>
- (dnsconfigsync)Rndc executable location.
---rndc-key=<rndc-key>
- (dnsconfigsync)Rndc key file.
---rndc-conf=<rndc-conf>
- (dnsconfigsync)Rndc conf file.
---ssh-exec=<ssh-exec>
- (dnsconfigsync)SSH executable location.
--o OUTPUT_DIRECTORY, --output-directory=OUTPUT_DIRECTORY
- (dnscheckconfig)Directory to temporarily output files
- to. Must be same in named.conf.
--v, --verbose (dnscheckconfig)Make command verbose.
--f, --force (dnstreeexport)Export trees even if nothing has
- changed in the database.
--q, --quiet (dnstreeexport)Suppress program output.
+ --version show programs version number and exit
+ -h, --help show this help message and exit
+ -i <audit-id>, --id=<audit-id>
+ ID of tarfile output from Roster tree export.
+ -c <config-file>, --config-file=<config-file>
+ Roster config file location.
+ -q, --quiet Suppress program output.
+ --tree-exporter=TREE_EXPORT
+ Location of "dnstreeexport" binary.
+ --check-config=CHECK_CONFIG
+ Location of "dnscheckconfig" binary.
+ --server-check=SERVER_CHECK
+ Location of "dnsservercheck" binary.
+ --config-sync=CONFIG_SYNC
+ Location of "dnsconfigsync" binary.
+ --query-check=QUERY_CHECK
+ Location of "dnsquerycheck" binary.
+ -f, --force (dnstreeexport)Export trees even if nothing has
+ changed in the database.
+ --named-checkzone=NAMED_CHECKZONE
+ (dnscheckconfig)Location of named_checkzone binary.
+ --named-checkconf=NAMED_CHECKCONF
+ (dnscheckconfig)Location of named_checkconf binary.
+ --ssh-id=<ssh-id> (dnsconfigsync)SSH id file.
+ --rndc-exec=<rndc-exec>
+ (dnsconfigsync)Rndc executable location.
+ --rndc-key=<rndc-key>
+ (dnsconfigsync)Rndc key file.
+ --rndc-conf=<rndc-conf>
+ (dnsconfigsync)Rndc conf file.
+ --rndc-port=<rndc-port>
+ RNDC communication port. If none provided,
named.conf
+ will be parsed to find one. If one can not be
found,
+ 953 will be used.
+ -p <port>, --port=<port>
+ (dnsquerycheck)Port to query DNS server on.
+ -n <number>, --number=<number>
+ (dnsquerycheck)Number of random records to query
for
+ Default=5 To query all records, use '-n all'
+
}}}
==dnsrecover==
@@ -172,7 +259,7 @@
===Options===
{{{
---version show program's version number and exit
+--version show programs version number and exit
-h, --help show this help message and exit
-i <id>, --id=<id> Audit log ID to recover to.
--single Run single audit rather than a full range.
@@ -180,24 +267,6 @@
Run as a different username.
--config-file=<file> Config file location.
}}}
-
-==dnstreeexport==
-Dump the Roster configuration tree to bz2 files.
- To export all bind trees:
-{{{
-dnstreeexport [-c <config-file>] [-f] [-q]
-}}}
-
- ===Options===
-{{{
---version show program's version number and exit
--h, --help show this help message and exit
--c <config-file>, --config-file=<config-file>
- Config File Location
--f, --force Export trees even if nothing has changed in the
- database.
--q, --quiet Suppress program output.
-}}}
==dnszonecompare==
Compare two similar zones on two nameservers.
@@ -208,7 +277,7 @@
===Options===
{{{
---version show program's version number and exit
+--version show programs version number and exit
-h, --help show this help message and exit
}}}
@@ -222,7 +291,7 @@
===Options===
{{{
---version show program's version number and exit
+--version show programs version number and exit
-h, --help show this help message and exit
-c <config-file>, --config-file=<config-file>
Database config file.
=======================================
--- /wiki/CoreInstallation.wiki Thu Aug 15 15:06:22 2013 UTC
+++ /wiki/CoreInstallation.wiki Fri Aug 16 15:39:05 2013 UTC
@@ -1,5 +1,5 @@
-== Roster Core Setup ==
-Installation of Roster User Tools is as follows:
+#summary Installation of Roster Core
+== Roster Core Setup ==
From pypi:
{{{
@@ -28,7 +28,7 @@
== Bootstrapping the Database ==
-A database needs to be set up initially for Roster to use. The
script "roster_database_bootstrap" can be used to set up the new database,
generate the rosterd init script, and create a roster config. (This script
is also located in the roster-core/scripts directory of the install.) If a
previously generated config. file is found, it can be used when prompted to
avoid unnecessary information re-entry.
+A database needs to be set up initially for Roster to use. The
script "roster_database_bootstrap" can be used to set up the new database,
generate the rosterd init script, and create a roster config file. (This
script is also located in the roster-core/scripts directory of the install)
If a previously generated config file is found, it can be used when
prompted to avoid information re-entry.
*Note:* bootstrapping a database will wipe all previous information stored
in the database.
=== Using a Config File ===
@@ -49,7 +49,7 @@
--ssl-cert <cert_file> -c <config_output_file>
}}}
-SSL keys must be generated and placed in the directories from the
configuration file generated by roster_database_bootstrap. You can
[http://www.tc.umn.edu/~brams006/selfsign.html use openssl to generate
these keys].
+SSL keys must be generated and placed in the directories from the
configuration file generated by roster_database_bootstrap. You can use
[http://www.tc.umn.edu/~brams006/selfsign.html openssl] to generate these
keys.
Follow the onscreen prompts and select an authentication method. The
authentication module will request some information about authentication
that needs to be entered at this time.
Example:
@@ -64,20 +64,20 @@
}}}
=== Configuration ===
-Finally, manually open the config file (Default location:
*/etc/roster/roster_server.conf*) and examine the contents.
+Finally, manually open the config file (Default location:
*/etc/roster/roster_server.conf*) and examine its contents.
-If your desired authentication method is PAM, some operating systems (such
as Ubuntu) do not allow PAM requests from the user nobody. There are
[http://publib.boulder.ibm.com/infocenter/tivihelp/v8r1/index.jsp?topic=%2Fcom.ibm.netcool_OMNIbus.doc_7.3.0%2Fomnibus%2Fwip%2Fcommon%2Freference%2Fomn_trb_userauthfailurepam.html
many solutions] on allowing non-root users to authenticate other users.
+*Note:* some operating systems (such as Ubuntu) do not allow PAM requests
from the user nobody. There are
[http://publib.boulder.ibm.com/infocenter/tivihelp/v8r1/index.jsp?topic=%2Fcom.ibm.netcool_OMNIbus.doc_7.3.0%2Fomnibus%2Fwip%2Fcommon%2Freference%2Fomn_trb_userauthfailurepam.html
many solutions] to allowing non-root users to authenticate other users.
-Once you have verified it to be correct and you are finished, change the
*`'server_killswitch'`* value in the *`[server]`* section to *`'off'`* and
*`chmod`* the config. file to be non-world-writable. This will allow the
[ServerInstallation Roster server to start].
+Once you have verified the config file correct, and you are finished,
change the *`'server_killswitch'`* value in the *`[server]`* section to
*`'off'`* and *`chmod`* the config file to non-world-writable. This will
allow the [ServerInstallation Roster Server] to start.
-For a detailed outline of the Roster server config. file, see the
[RosterServerConfigFile Roster Server Config File] page.
+For a detailed outline of the Roster Server config file, see the
[RosterServerConfigFile Roster Server Config File] page.
=== More on bootstrapping ===
-Additional options can be configured using special flags visible with
*{{{# roster_database_bootstrap --help}}}*
+Additional options can be configured using special flags visible with
*{{{roster_database_bootstrap --help}}}*
{{{
Options:
- --version show program's version number and exit
+ --version show programs version number and exit
-h, --help show this help message and exit
-c <config-file>, --config-file=<config-file>
Location of the new config file.
@@ -89,8 +89,6 @@
Initial admin username for roster.
--run-as-username=RUN_AS_USERNAME
Username roster server should run as.
- --lock-file=LOCK_FILE
- Location of roster server lock file.
--infinite-renew-time=<time>
Time in seconds to renew infinite credentials.
--core-die-time=<time>
@@ -124,10 +122,27 @@
Password for the database user. Do not use this
flag
unless you need to. If not used a password prompt
will
be presented.
- --named-dir=NAMED_DIR
- Directory where named files will live.
--server-port=PORT Port server will start with.
--server-host=HOST Host server will start with.
+ --db_debug=DB_DEBUG Print MySQL commands to stdout or a file
+ --db_debug_log=DB_DEBUG_LOG
+ Log file to send MySQL commands to, if blank,
stdout
+ is used.
+ --smtp-server=SMTP_SERVER
+ SMTP server for dnsexportconfig to send error
messages
+ through.
+ --system-email=SYSTEM_EMAIL
+ The email address to send error messages from.
+ --failure-email=FAILURE_EMAIL
+ The email address to send error messages to.
+ --failure-email-subject=FAILURE_SUBJECT
+ The subject line of error messages.
+ --exporter-debug Print debug statements during Roster exporting.
+ --root-hint-file=ROOT_HINT_FILE
+ Location of root hint file.
+ --max-threads=MAX_THREADS
+ Maximum number of threads to run in parallel during
+ dnsexportconfig execution.
--zone-default-refresh-seconds=REFRESH_SECONDS
Refresh seconds to use during zone bootstrapping.
--zone-default-expiry-seconds=EXPIRY_SECONDS
@@ -154,18 +169,20 @@
server = database.university.edu
# Database username
login = roster_test
+# Database password
+passwd = test
# Database name
database = roster_test
-# Database password
-passwd = test
# big lock timeout
big_lock_timeout = 90
# big lock wait
big_lock_wait = 5
# Enable ssl in database connection
ssl = off
-# Database ssl Certificate of Authority
+# Database ssl ca
ssl_ca = /etc/mysql/server-ca.pem
+db_debug = off
+db_debug_log =
##### SERVER CONFIG #####
@@ -178,20 +195,20 @@
inf_renew_time = 432000
# Time for a core instance to die
core_die_time = 1200
+# Seconds to add wait for incorrect password
+get_credentials_wait_increment = 1
+# Change server_killswitch to off to allow server to run
+server_killswitch = off
+# Ssl keyfile
+ssl_key_file = /etc/roster_certs/host.key
+# Ssl certfile
+ssl_cert_file = /etc/roster_certs/host.cert
+# Lock file
+lock_file = /var/lock/roster
# Run as username
run_as_username = nobody
-# Lock file
-lock_file = /var/lock/roster
-# Ssl certfile
-ssl_cert_file = /etc/roster_certs/host.cert
-# Ssl keyfile
-ssl_key_file = /etc/roster_certs/host.key
# Server logfile
server_log_file = /var/log/rosterd
-# Seconds to add wait for incorrect password
-get_credentials_wait_increment = 1
-# Change server_killswitch to off to allow server to run
-server_killswitch = off
#Defaults for zone bootstraping
@@ -209,14 +226,20 @@
# Credential expiry time in seconds
exp_time = 3600
# Authentication method
-authentication_method = fakeldap
+authentication_method = auth_pam
##### EXPORTER CONFIG #####
[exporter]
root_config_dir = root_config_dir
backup_dir = test_data/backup_dir
-named_dir = /etc/named
+exporter_debug = on
+smtp_server = localhost
+failure_notification_email = admin@localhost
+system_email = admin@localhost
+email_subject = [Roster] dnsexportconfig Failure
+root_hint_file = test_data/named.ca
+max_threads = 10
##### AUTH_PAM CONFIG #####
=======================================
--- /wiki/Example.wiki Mon Sep 10 21:49:27 2012 UTC
+++ /wiki/Example.wiki Fri Aug 16 15:39:05 2013 UTC
@@ -1,4 +1,4 @@
-#summary Instructions for setting up common DNS setups.
+#summary Instructions for setting up common DNS setups.
<wiki:comment>
Google Drawings:
@@ -18,13 +18,29 @@
[http://roster-dns-management.googlecode.com/svn/wiki/img/MasterNameServers.png]
=== Commands ===
+ # Create a DNS server set:
+{{{
+$ dnsmkdnsserver dns_server_set -e server_set
+}}}
# Create a DNS server:
{{{
$ dnsmkdnsserver dns_server -d server
}}}
- # Create a view:
+ # Assign the DNS server to the DNS server set:
{{{
-$ dnsmkview view -v public -a any
+$ dnsmkdnsserver assignment -d server -e server_set
+}}}
+ # Make a view
+{{{
+$ dnsmkview view -v public
+}}}
+ # Assign the view to the DNS server set:
+{{{
+$ dnsmkview dns_server_set -v public -e server_set -r 1
+}}}
+ # Assign the view to the any ACL/DNS server set combo:
+{{{
+$ dnsmkview acl -v public -a any -e server_set
}}}
# Create a zone with the public view:
{{{
@@ -47,13 +63,29 @@
[http://roster-dns-management.googlecode.com/svn/wiki/img/SlaveNameServers.png]
=== Commands ===
+ # Create a DNS server set:
+{{{
+$ dnsmkdnsserver dns_server_set -e server_set
+}}}
# Create a DNS server:
{{{
$ dnsmkdnsserver dns_server -d server
}}}
- # Create a view:
+ # Assign the DNS server to the DNS server set:
+{{{
+$ dnsmkdnsserver assignment -d server -e server_set
+}}}
+ # Make a view
+{{{
+$ dnsmkview view -v public
+}}}
+ # Assign the view to the DNS server set:
+{{{
+$ dnsmkview dns_server_set -v public -e server_set -r 1
+}}}
+ # Assign the view to the any ACL/DNS server set combo:
{{{
-$ dnsmkview view -v public -a any
+$ dnsmkview acl -v public -a any -e server_set
}}}
# Create a master zone:
{{{
@@ -82,21 +114,36 @@
[http://roster-dns-management.googlecode.com/svn/wiki/img/StealthDNS.png]
=== Commands ===
+ # Create a DNS server set:
+{{{
+$ dnsmkdnsserver dns_server_set -e server_set
+}}}
# Create a DNS server:
{{{
$ dnsmkdnsserver dns_server -d server
}}}
+ # Assign the DNS server to the DNS server set:
+{{{
+$ dnsmkdnsserver assignment -d server -e server_set -r 1
+}}}
# Define an ACL that only allows local IP's:
{{{
$ dnsmkacl -a private --cidr-block 192.168.1.0/24 --allow
}}}
- # Create a view with no restriction:
+ # Make both the public and stealth views
+{{{
+$ dnsmkview view -v public
+$ dnsmkview view -v stealth
+}}}
+ # Assign the views to the DNS server set:
{{{
-$ dnsmkview view -v public -a any
+$ dnsmkview dns_server_set -v public -e server_set -r 1
+$ dnsmkview dns_server_set -v stealth -e server_set -r 2
}}}
- # Create a view constrained by the private ACL:
+ # Assign the views to their respective ACL/DNS server set combos:
{{{
-$ dnsmkview view -v stealth -a private
+$ dnsmkview acl -v public -a any -e server_set
+$ dnsmkview acl -v stealth -a private -e server_set
}}}
# Create a zone with the public view:
{{{
=======================================
--- /wiki/Installation.wiki Mon Sep 10 21:29:49 2012 UTC
+++ /wiki/Installation.wiki Fri Aug 16 15:39:05 2013 UTC
@@ -1,4 +1,4 @@
-#summary Details Roster Core and Roster Server installation and usage.
+#summary Details Roster Core and Roster Server installation and usage.
#labels Phase-Deploy
<wiki:toc max_depth="2" />
@@ -30,7 +30,7 @@
* openldap-clients
* openldap-devel
* python-devel
-=== Packages and dependencies as they show up in RedHat 6 repo ===
+=== Packages and dependencies as they show up in !RedHat 6 repo ===
* bind
* openssl
* python-setuptools
@@ -62,11 +62,11 @@
*All of the Roster's components need to be installed separately. Roster's
components are not designed to run on a single server, but can if desired.*
-For example, a normal setup would have one machine containing Roster Core,
Roster Server and Roster Config Manager and clients controlling it using
Roster User Tools.
-Another setup similar to the aforementioned setup may have Roster Config
Manager on a different machine.
-There are many possibilities and your individual setup will depend on DNS
size among other variables.
+For example, a normal setup would have one machine containing Roster Core,
Roster Server, and Roster Config Manager, with clients connecting using
Roster User Tools.
+Another setup, similar to the aforementioned, may have Roster Config
Manager on a different machine.
+There are many possibilities, and your individual setup will depend on DNS
size, among other variables.
-To use an authentication module other than LDAP in Roster a new
authentication module must be written before setting up roster server. How
to write an authentication module can be found on the [Authentication
authentication page].
+To use an authentication module other than LDAP in Roster, a new
authentication module must be written before setting up Roster Server. How
to write an authentication module can be found on the [Authentication
authentication page].
== Installing Roster Components ==
@@ -76,7 +76,7 @@
=== Installing Components by Download ===
-Each component of Roster can be installed by navigating to the component's
respective root directory, containing "setup.py" and running the following
command:
+Each component of Roster can be installed by navigating to the component's
respective root directory, (containing "setup.py") and running the
following command:
{{{
# python setup.py install
@@ -105,19 +105,19 @@
== Roster Core ==
-[CoreInstallation Core installation page]
+[CoreInstallation Core installation]
== Roster Server ==
-[ServerInstallation Server installation page]
+[ServerInstallation Server installation]
== Roster User Tools ==
-[UserToolsInstallation User tools installation page]
+[UserToolsInstallation User Tools installation]
== Roster Config Manager ==
-[ConfigManagerInstallation Config manager installation page]
+[ConfigManagerInstallation Config Manager installation]
=======================================
--- /wiki/RosterServerConfigFile.wiki Sat Dec 1 16:57:45 2012 UTC
+++ /wiki/RosterServerConfigFile.wiki Fri Aug 16 15:39:05 2013 UTC
@@ -76,6 +76,7 @@
email_subject = [Roster] dnsexportconfig Failure
# Print run statements during exporter tool execution in dnsexportconfig
exporter_debug = on
+ root_hint_file = /etc/bind/named.ca
# Fields regarding server user credentials (Only needed for Roster XML-RPC
server)
[credentials]
@@ -94,6 +95,18 @@
version = VERSION3
# TLS enabled/disabled (on/off) for authentication
tls = on
+
+#Defaults for zone bootstraping (Only gets used if dnsmkzone
--bootstrap-zone is used)
+[zone_defaults]
+ #SOA record default arguments
+ refresh_seconds = 3600
+ expiry_seconds = 1814400
+ minimum_seconds = 86400
+ retry_seconds = 600
+ soa_ttl = 3600
+
+ #NS record default argument
+ ns_ttl = 3600
}}}
The above list is not necessarilly comprehensive for all setups. There
could be extra sections/fields for LDAP, PAM, or others as necessary.
=======================================
--- /wiki/ServerInstallation.wiki Mon Sep 17 18:09:10 2012 UTC
+++ /wiki/ServerInstallation.wiki Fri Aug 16 15:39:05 2013 UTC
@@ -1,3 +1,4 @@
+#summary Installation of Roster Server
== Roster Server Setup ==
Installation of Roster User Tools is as follows:
@@ -12,11 +13,11 @@
}}}
== Starting Roster Server ==
-The init.d script from roster_database_bootstrap will need to be
configured if it needs to be autostarted on system boot. Details of this
process are found at the [InitScriptInstallation init script installation
page].
+The init.d script from *`roster_database_bootstrap`* will need to be
configured if it needs to be autostarted on system boot. Details of this
process can be found at the [InitScriptInstallation init script
installation] page.
The config file generated by *`roster_database_bootstrap`* should be
[CoreInstallation#Configuration configured] before running Roster Server.
-If *_/etc/init.d/rosterd_* has been [InitScriptInstallation properly
configured], Roster Server can be started by running the script
+If *_/etc/init.d/rosterd_* has been [InitScriptInstallation properly
configured], Roster Server can be started by running
*_
/etc/init.d/rosterd start
_*
@@ -34,22 +35,23 @@
rosterd options:
{{{
--h, --help show this help message and exit
---lock-file=LOCK_FILE
- Lock file location.
--c CERT_FILE, --cert-file=CERT_FILE
- SSL cert file path.
--k KEY_FILE, --key-file=KEY_FILE
- SSL key file path.
--d <n>, --debug=<n> Print debug messages, with <n> indicating level.
---config-file=<file> Use <file> as a config file, rather than default
--H <host>, --host=<host>
- Hostname of server to be created.
--p <port>, --port=<port>
- Port of server to be created.
---unit-test Run as unit-test..
--s, --stop Stops rosterd. Will remove lockfile even if rosterd
is
- not running.
+Options:
+ -h, --help show this help message and exit
+ --lock-file=LOCK_FILE
+ Lock file location.
+ -c CERT_FILE, --cert-file=CERT_FILE
+ SSL cert file path.
+ -k KEY_FILE, --key-file=KEY_FILE
+ SSL key file path.
+ -d <n>, --debug=<n> Print debug messages, with <n> indicating level.
+ --config-file=<file> Use <file> as a config file, rather than default.
+ -H <host>, --host=<host>
+ Hostname of server to be created.
+ -p <port>, --port=<port>
+ Port of server to be created.
+ --unit-test Run as unit-test.
+ -s, --stop Stops rosterd. Will remove lockfile even if
rosterd is
+ not running
}}}
To kill or restart Roster Server, run the init script again.
=======================================
--- /wiki/UserToolsInstallation.wiki Tue Sep 11 17:24:30 2012 UTC
+++ /wiki/UserToolsInstallation.wiki Fri Aug 16 15:39:05 2013 UTC
@@ -1,6 +1,6 @@
-#summary Installation and usage of Roster User Tools
+#summary Installation of Roster User Tools
-See the [UserToolsUsage user tools usage page] for more information on the
usage of these commands.
+See the Roster User Tools [UserToolsUsage usage page] for more information
on the usage of these commands.
== Roster User Tools Setup ==
Installation of Roster User Tools is as follows:
@@ -15,17 +15,17 @@
# python setup.py install
}}}
-== Bootstrapping UserTools Config ==
+== Bootstrapping !UserTools Config ==
-After Roster User Tools is installed it MUST be bootstrapped to create a
usertools config file by running: *_# roster-user-tools-bootstrap_*.
+After Roster User Tools is installed, it MUST be bootstrapped to create a
usertools config file by running: {{{*# roster-user-tools-bootstrap*}}}
{{{
# roster_user_tools_bootstrap -s <server> --config-file <config_file>
}}}
== More on roster_user_tools_bootstrap ==
-Additional options can be configured using special flags visible with:
{{{# roster_user_tools_bootstrap --help}}}
+Additional options can be configured using special flags visible with:
{{{# *roster_user_tools_bootstrap --help*}}}
{{{
---version show program's version number and exit
+--version show programs version number and exit
-h, --help show this help message and exit
-s <server>, --server=<server>
XML RPC Server URL.
@@ -34,11 +34,11 @@
The config file can be specified to 2 locations:
* *_/etc/roster/roster_user_tools.conf_*
* *_~/.rosterrc_*
-You can also put it anywhere as long as an environment variable is set
like so: {{{export ROSTER_USER_CONFIG=/some/path/to.conf}}}.
+You can also put it anywhere as long as an environment variable is set
like so: {{{*# export ROSTER_USER_CONFIG=/some/path/to.conf*}}}
-This is an example usertools config file from
`/test/test_data/roster_user_tools.conf`:
+this is an example usertools config file from
*`/test/test_data/roster_user_tools.conf`*:
{{{
-[user_tools]
+[user_tools]
# credential file placement
cred_file = test_data/dnscred
=======================================
--- /wiki/UserToolsUsage.wiki Mon Jul 1 21:03:47 2013 UTC
+++ /wiki/UserToolsUsage.wiki Fri Aug 16 15:39:05 2013 UTC
@@ -1,8 +1,8 @@
-#summary Usage of Roster's User Tools
+#summary Usage of Roster User Tools
= Roster User Tools =
-Roster User Tools is a collection of tools to create, list, and remove
various records, zones, views, DNS servers, DNS server sets, groups, users,
reserved words, ACL's, and the assignments between them. They can set the
database maintenance flag, upload named configurations, create credential
files, and list the audit log.
+Roster User Tools is a collection of tools to create, list, and remove
various records, zones, views, DNS servers, DNS server sets, groups, users,
reserved words, ACL's, and assignments between them. They can also set the
database maintenance flag, create credential files, and list the audit log.
Each command's usage can be viewed by adding the *{{{--help}}}* flag. It
is also worth noting that all *--config-file* flags on user tools are
expecting a usertools config file created by
[UserToolsInstallation#Roster_User_Tools_Installation
roster_user_tools_bootstrap], not a roster config file.
@@ -115,7 +115,7 @@
* *_example.com._* is the zone origin
*(Don't forget the last dot on the origin.)*
-9. Create a SOA record with [UserToolsUsage#dnsmkrecord dnsmkrecord] for
the forward and reverse zones. The SOA record stores information about the
DNS zone, such as the admin e-mail address, the source host, the serial
number, and the several timers to refresh the zone. Use of the command
would be as follows:
+9a. Create a SOA record with [UserToolsUsage#dnsmkrecord dnsmkrecord] for
the forward and reverse zones. The SOA record stores information about the
DNS zone, such as the admin e-mail address, the source host, the serial
number, and the several timers to refresh the zone. Use of the command
would be as follows:
{{{
# dnsmkrecord soa --admin-email user.example.com. --name-server
example.com. --serial-number 1 --refresh-seconds 3600 --retry-seconds 600
--expiry-seconds 86400 --minimum-seconds 3600 -z private -t example.com
--view-name internal
# dnsmkrecord soa --admin-email user.example.com. --name-server
example.com. --serial-number 1 --refresh-seconds 3600 --retry-seconds 600
--expiry-seconds 86400 --minimum-seconds 3600 -z private_rev -t example.com
--view-name internal
@@ -126,6 +126,12 @@
* *_600_* is the default retry seconds for the slave to retry connecting
to master after a failed attempt.
* *_86400_* is the default time for the slave server to consider the
zone file to be valid.
* the second *_3600_* is the default minimum time-to-live seconds for
the slave server to cache the zone file.
+
+9b. Alternatively, an SOA record, and optionally, an NS record, can be
auto-created with the zone using dnsmkzone.
+{{{
+# dnsmkzone reverse -z private_rev -v internal --type master --origin
1.168.192.in-addr.arpa. --bootstrap-zone --bootstrap-admin-email
user.example.com. --bootstrap-nameserver example.com.
+# dnsmkzone forward -z private -v internal --type master --origin
example.com. --bootstrap-zone --bootstrap-admin-email user.example.com.
--bootstrap-nameserver example.com.
+}}}
10. Group permissions will need to be assigned prior to users being able
to create records on delegated zones/reverse-ranges:
{{{
@@ -179,7 +185,7 @@
=== Options ===
{{{
---version show program's version number and exit
+--version show programs version number and exit
-h, --help show this help message and exit
-u <username>, --username=<username>
Run as different username.
@@ -229,7 +235,7 @@
=== Options ===
{{{
---version show program's version number and exit
+--version show programs version number and exit
-h, --help show this help message and exit
-u <username>, --username=<username>
Run as different username.
@@ -263,7 +269,7 @@
=== Options ===
{{{
---version show program's version number and exit
+--version show programs version number and exit
-h, --help show this help message and exit
-u <username>, --username=<username>
Run as different username.
@@ -347,7 +353,7 @@
=== Options ===
{{{
---version show program's version number and exit
+--version show programs version number and exit
-h, --help show this help message and exit
-u <username>, --username=<username>
Run as different username.
@@ -411,7 +417,7 @@
=== Options ===
{{{
---version show program's version number and exit
+--version show programs version number and exit
-h, --help show this help message and exit
-u <username>, --username=<username>
Run as different username.
@@ -453,7 +459,7 @@
=== Options ===
{{{
---version show program's version number and exit
+--version show programs version number and exit
-h, --help show this help message and exit
-u <username>, --username=<username>
Run as different username.
@@ -687,7 +693,7 @@
=== Options ===
{{{
---version show program's version number and exit
+--version show programs version number and exit
-h, --help show this help message and exit
-u <username>, --username=<username>
Run as different username.
@@ -770,7 +776,7 @@
=== Options ===
{{{
---version show program's version number and exit
+--version show programs version number and exit
-h, --help show this help message and exit
-u <username>, --username=<username>
Run as different username.
@@ -883,7 +889,7 @@
=== Options ===
{{{
---version show program's version number and exit
+--version show programs version number and exit
-h, --help show this help message and exit
-u <username>, --username=<username>
Run as different username.
@@ -994,7 +1000,7 @@
=== Options ===
{{{
---version show program's version number and exit
+--version show programs version number and exit
-h, --help show this help message and exit
-u <username>, --username=<username>
Run as different username.
@@ -1073,7 +1079,7 @@
=== Options ===
{{{
---version show program's version number and exit
+--version show programs version number and exit
-h, --help show this help message and exit
-u <username>, --username=<username>
Run as different username.
@@ -1119,7 +1125,7 @@
=== Options ===
{{{
---version show program's version number and exit
+--version show programs version number and exit
-h, --help show this help message and exit
-u <username>, --username=<username>
Run as different username.
@@ -1139,6 +1145,8 @@
== Mass Record Handling ==
+Mass record handling is for easily working with large, already generated
zone files.
+
== dnsmassadd ==
To add a list of hosts from a file:
{{{
@@ -1147,7 +1155,7 @@
=== Options ===
{{{
---version show program's version number and exit
+--version show programs version number and exit
-h, --help show this help message and exit
-u <username>, --username=<username>
Run as different username.
@@ -1181,7 +1189,7 @@
=== Options ===
{{{
---version show program's version number and exit
+--version show programs version number and exit
-h, --help show this help message and exit
-u <username>, --username=<username>
Run as different username.
@@ -1225,7 +1233,7 @@
=== Options ===
{{{
---version show program's version number and exit
+--version show programs version number and exit
-h, --help show this help message and exit
-u <username>, --username=<username>
Run as different username.
@@ -1257,8 +1265,8 @@
}}}
-== Up Named Globals ==
-Use this tool to view, modify, and edit named global confs.
+== Named Globals ==
+Use dnsupnamedglobals to view, modify, and edit named global confs.
=== dnsupnamedglobals ===
@@ -1292,7 +1300,7 @@
=== Options ===
{{{
---version show program's version number and exit
+--version show programs version number and exit
-h, --help show this help message and exit
-u <username>, --username=<username>
Run as different username.
Reply all
Reply to author
Forward
0 new messages