Rework to use podman and podman-systemd; improve setup.sh

This commit is contained in:
David Blacka 2024-09-17 22:22:27 -04:00
parent 5566774c55
commit 1ec46f1565
5 changed files with 63 additions and 43 deletions

View File

@ -8,6 +8,4 @@ options {
listen-on { any; };
listen-on-v6 { any; };
allow-recursion { 127.0.0.1; ::1; };
dnssec-validation yes;
};

View File

@ -1,16 +0,0 @@
[Unit]
Description=BIND9 Container
After=docker.service
Requires=docker.service
[Service]
TimeoutStartSec=0
Restart=always
ExecStartPre=-/usr/bin/docker stop bind9
ExecStartPre=-/usr/bin/docker rm bind9
# note: this container is actually provding DNS service, so when that is missing, the pull fails.
# ExecStartPre=/usr/bin/docker pull docker.io/internetsystemsconsortium/bind9:9.18
ExecStart=/etc/bind/run_bind_container.sh
[Install]
WantedBy=multi-user.target

14
named.container Normal file
View File

@ -0,0 +1,14 @@
[Container]
Image=docker.io/internetsystemsconsortium/bind9:9.18
ContainerName=bind9
Network=host
Volume=/etc/bind/cfg:/etc/bind
Volume=/etc/bind/cache:/var/cache/bind
Volume=/etc/bind/zones:/var/lib/bind
Volume=/etc/bind/log:/var/log
# note that the default command is '-f -c /etc/bind/named.conf -L /var/log/bind/default.log'
# this is close, but not quite what we want
Exec=-f -c /etc/bind/named.conf
[Install]
WantedBy=default.target

View File

@ -1,11 +1,25 @@
#! /bin/bash
BASE_CONF_DIR=/etc/bind
CMD="/etc/bind/run.sh"
[ "$1" = "interactive" ] && ARGS="-ti --entrypoint=/bin/bash" && CMD=""
# This is not normally how this container is launched. Instead, see
# named.container, which allows podman-systemd to construct a systemd
# unit files and run using podman.
#
# Instead, this script can be used to launch the container "by hand".
BASE_CONF_DIR=/etc/bind
CMD="-f -c /etc/bind/named.conf"
[ "$1" = "interactive" ] && ARGS="-ti --entrypoint=/bin/sh" && CMD=""
[ -x /usr/bin/docker ] && DOCKER=/usr/bin/docker
[ -x /usr/bin/podman ] && DOCKER=/usr/bin/podman
# Note that as of 2024-09-01, this image is based on Alpine linux and its entrypoint is:
# '/usr/sbin/named -u bind'
# and the default command is:
# '-f -c /etc/bind/named.conf -L /var/log/bind/default.log'
# shellcheck disable=SC2086
docker run $ARGS \
$DOCKER run $ARGS \
--rm \
--name=bind9 \
--network=host \
@ -13,20 +27,4 @@ docker run $ARGS \
-v $BASE_CONF_DIR/cache:/var/cache/bind \
-v $BASE_CONF_DIR/zones:/var/lib/bind \
-v $BASE_CONF_DIR/log:/var/log \
docker.io/internetsystemsconsortium/bind9:9.18 $CMD
# using bridge networking
# : "${DNS_PORT:=53}"
# : "${RNDC_PORT:=953}"
# docker run $ARGS \
# --rm \
# --name=bind9 \
# --add-host=host.docker.internal:host-gateway \
# --publish "$RNDC_PORT:953/tcp" \
# --publish "$DNS_PORT:53/udp" \
# --publish "$DNS_PORT:53/tcp" \
# -v $BASE_CONF_DIR/cfg:/etc/bind \
# -v $BASE_CONF_DIR/cache:/var/cache/bind \
# -v $BASE_CONF_DIR/zones:/var/lib/bind \
# -v $BASE_CONF_DIR/log:/var/log \
# docker.io/internetsystemsconsortium/bind9:9.18 $CMD
docker.io/internetsystemsconsortium/bind9:9.18 "$CMD"

View File

@ -1,9 +1,35 @@
#! /bin/bash
if [ "$EUID" -ne 0 ]; then
echo "Must run as root"
set -e
# NOTE: groupadd and useradd require root.
[ "$EUID" -ne 0 ] && echo "Must be run by root" && exit 1
IMAGE="docker.io/internetsystemsconsortium/bind9:9.18"
# determine current uid and gid
uidgid=$(podman run --rm --entrypoint=/bin/sh "$IMAGE" -c "/usr/bin/id -u bind; /usr/bin/id -g bind")
read -d '' -r uid gid <<< "$uidgid" || :
# create the group and user
id -g bind >/dev/null 2>&1 || groupadd -f -g "$gid" bind
id -u bind >/dev/null 2>&1 || useradd -u "$uid" -g "$gid" -M --no-log-init bind
# create our main directory setup
install -d -o bind -g bind -m 0755 /etc/bind/cfg /etc/bind/cache /etc/bind/zones /etc/bind/log/named
# copy over our config and data without overwriting anything, hopefully.
for d in cfg cache zones; do
rsync -av --chown bind:bind --ignore-existing ./$d/ /etc/bind/$d/
done
# install our podman config
if [ -d /etc/containers/systemd ]; then
install -o root -g root -m 0644 named.container /etc/containers/systemd/
systemctl daemon-reload
systemctl start named
else
echo "containers-common not installed?"
exit 1
fi
groupadd -f -g 105 bind
useradd -u 104 -g 105 -M --no-log-init bind
exit 0