diff --git a/src/bind/.gitignore b/src/bind/.gitignore new file mode 100644 index 0000000..cc43ccf --- /dev/null +++ b/src/bind/.gitignore @@ -0,0 +1,2 @@ + +images/ diff --git a/src/bind/build/Dockerfile b/src/bind/build/Dockerfile new file mode 100644 index 0000000..7e3c82d --- /dev/null +++ b/src/bind/build/Dockerfile @@ -0,0 +1,44 @@ +FROM ubuntu:22.04 + +# Set timezone and avoid interactive prompts +ENV DEBIAN_FRONTEND=noninteractive +ENV TZ=Asia/Shanghai + +# Update package list and install required packages +RUN apt-get update && \ + apt-get install -y \ + bind9 \ + bind9utils \ + bind9-doc \ + supervisor \ + && apt-get clean \ + && rm -rf /var/lib/apt/lists/* + +# Create supervisor configuration directory +RUN mkdir -p /etc/supervisor/conf.d + +# Copy supervisor configuration +COPY supervisord.conf /etc/supervisor/conf.d/supervisord.conf + +# Copy BIND9 configuration files +COPY named.conf.local /etc/bind/named.conf.local +COPY db.argus.com /etc/bind/db.argus.com + +# Copy startup and reload scripts +COPY startup.sh /usr/local/bin/startup.sh +COPY reload-bind9.sh /usr/local/bin/reload-bind9.sh + +# Make scripts executable +RUN chmod +x /usr/local/bin/startup.sh /usr/local/bin/reload-bind9.sh + +# Set proper ownership for BIND9 files +RUN chown bind:bind /etc/bind/named.conf.local /etc/bind/db.argus.com + +# Expose DNS port +EXPOSE 53/tcp 53/udp + +# Use root user as requested +USER root + +# Start with startup script +CMD ["/usr/local/bin/startup.sh"] \ No newline at end of file diff --git a/src/bind/build/db.argus.com b/src/bind/build/db.argus.com new file mode 100644 index 0000000..3dc48e1 --- /dev/null +++ b/src/bind/build/db.argus.com @@ -0,0 +1,16 @@ +$TTL 604800 +@ IN SOA ns1.argus.com. admin.argus.com. ( + 2 ; Serial + 604800 ; Refresh + 86400 ; Retry + 2419200 ; Expire + 604800 ) ; Negative Cache TTL + +; 定义 DNS 服务器 +@ IN NS ns1.argus.com. + +; 定义 ns1 主机 +ns1 IN A 127.0.0.1 + +; 定义 web 指向 12.4.5.6 +web IN A 12.4.5.6 \ No newline at end of file diff --git a/src/bind/build/named.conf.local b/src/bind/build/named.conf.local new file mode 100644 index 0000000..39ec99d --- /dev/null +++ b/src/bind/build/named.conf.local @@ -0,0 +1,4 @@ +zone "argus.com" { + type master; + file "/etc/bind/db.argus.com"; +}; \ No newline at end of file diff --git a/src/bind/build/private/argus/bind/db.argus.com b/src/bind/build/private/argus/bind/db.argus.com new file mode 100644 index 0000000..9f85ae0 --- /dev/null +++ b/src/bind/build/private/argus/bind/db.argus.com @@ -0,0 +1,16 @@ +$TTL 604800 +@ IN SOA ns1.argus.com. admin.argus.com. ( + 2 ; Serial + 604800 ; Refresh + 86400 ; Retry + 2419200 ; Expire + 604800 ) ; Negative Cache TTL + +; 定义 DNS 服务器 +@ IN NS ns1.argus.com. + +; 定义 ns1 主机 +ns1 IN A 127.0.0.1 + +; 定义 web 指向 12.4.5.6 +web IN A 22.4.5.6 diff --git a/src/bind/build/private/argus/bind/named.conf.local b/src/bind/build/private/argus/bind/named.conf.local new file mode 100644 index 0000000..39ec99d --- /dev/null +++ b/src/bind/build/private/argus/bind/named.conf.local @@ -0,0 +1,4 @@ +zone "argus.com" { + type master; + file "/etc/bind/db.argus.com"; +}; \ No newline at end of file diff --git a/src/bind/build/reload-bind9.sh b/src/bind/build/reload-bind9.sh new file mode 100644 index 0000000..8709f0f --- /dev/null +++ b/src/bind/build/reload-bind9.sh @@ -0,0 +1,27 @@ +#!/bin/bash + +echo "Reloading BIND9 configuration..." + +# Check if configuration files are valid +echo "Checking named.conf.local syntax..." +if ! named-checkconf /etc/bind/named.conf.local; then + echo "ERROR: named.conf.local has syntax errors!" + exit 1 +fi + +echo "Checking zone file syntax..." +if ! named-checkzone argus.com /etc/bind/db.argus.com; then + echo "ERROR: db.argus.com has syntax errors!" + exit 1 +fi + +# Reload BIND9 via supervisor +echo "Reloading BIND9 service..." +supervisorctl restart bind9 + +if [ $? -eq 0 ]; then + echo "BIND9 reloaded successfully!" +else + echo "ERROR: Failed to reload BIND9!" + exit 1 +fi \ No newline at end of file diff --git a/src/bind/build/startup.sh b/src/bind/build/startup.sh new file mode 100644 index 0000000..1a8d1df --- /dev/null +++ b/src/bind/build/startup.sh @@ -0,0 +1,29 @@ +#!/bin/bash + +# Set /private permissions to 777 as requested +chmod 777 /private 2>/dev/null || true + +# Create persistent directory for BIND9 configs +mkdir -p /private/argus/bind + +# Copy configuration files to persistent storage if they don't exist +if [ ! -f /private/argus/bind/named.conf.local ]; then + cp /etc/bind/named.conf.local /private/argus/bind/named.conf.local +fi + +if [ ! -f /private/argus/bind/db.argus.com ]; then + cp /etc/bind/db.argus.com /private/argus/bind/db.argus.com +fi + +# Create symlinks to use persistent configs +ln -sf /private/argus/bind/named.conf.local /etc/bind/named.conf.local +ln -sf /private/argus/bind/db.argus.com /etc/bind/db.argus.com + +# Set proper ownership +chown bind:bind /private/argus/bind/named.conf.local /private/argus/bind/db.argus.com + +# Create supervisor log directory +mkdir -p /var/log/supervisor + +# Start supervisor +exec /usr/bin/supervisord -c /etc/supervisor/conf.d/supervisord.conf \ No newline at end of file diff --git a/src/bind/build/supervisord.conf b/src/bind/build/supervisord.conf new file mode 100644 index 0000000..105e356 --- /dev/null +++ b/src/bind/build/supervisord.conf @@ -0,0 +1,24 @@ +[unix_http_server] +file=/var/run/supervisor.sock +chmod=0700 + +[supervisord] +nodaemon=true +user=root +logfile=/var/log/supervisor/supervisord.log +pidfile=/var/run/supervisord.pid + +[rpcinterface:supervisor] +supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface + +[supervisorctl] +serverurl=unix:///var/run/supervisor.sock + +[program:bind9] +command=/usr/sbin/named -g -c /etc/bind/named.conf -u bind +user=bind +autostart=true +autorestart=true +stderr_logfile=/var/log/supervisor/bind9.err.log +stdout_logfile=/var/log/supervisor/bind9.out.log +priority=10 \ No newline at end of file diff --git a/src/bind/scripts/build_images.sh b/src/bind/scripts/build_images.sh new file mode 100755 index 0000000..97a3690 --- /dev/null +++ b/src/bind/scripts/build_images.sh @@ -0,0 +1,74 @@ +#!/bin/bash + +# Build BIND DNS container image +# Usage: ./build_images.sh [--intranet] + +set -e + +SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +PROJECT_ROOT="$(dirname "$SCRIPT_DIR")" +BUILD_DIR="$PROJECT_ROOT/build" + +IMAGE_NAME="argus-bind9" +TAG="latest" + +# Parse command line arguments +USE_INTRANET=false +while [[ $# -gt 0 ]]; do + case $1 in + --intranet) + USE_INTRANET=true + shift + ;; + *) + echo "Unknown option: $1" + echo "Usage: $0 [--intranet]" + exit 1 + ;; + esac +done + +echo "Building BIND9 DNS container image..." +echo "Image: $IMAGE_NAME:$TAG" +echo "Build directory: $BUILD_DIR" + +# Check if build directory exists +if [ ! -d "$BUILD_DIR" ]; then + echo "Error: Build directory not found: $BUILD_DIR" + exit 1 +fi + +# Check if Dockerfile exists +if [ ! -f "$BUILD_DIR/Dockerfile" ]; then + echo "Error: Dockerfile not found: $BUILD_DIR/Dockerfile" + exit 1 +fi + +cd "$BUILD_DIR" + +if [ "$USE_INTRANET" = true ]; then + echo "Building with intranet apt source (10.68.64.1)..." + + # Create temporary Dockerfile with intranet apt source + cp Dockerfile Dockerfile.tmp + + # Insert intranet apt configuration after the FROM line + sed -i '/^FROM ubuntu:22.04/a\\n# Configure intranet apt source\nRUN echo "deb [trusted=yes] http://10.68.64.1/ubuntu2204/ jammy main" > /etc/apt/sources.list && \\\n mkdir -p /etc/apt/apt.conf.d && \\\n echo "Acquire::https::Verify-Peer \"false\";" > /etc/apt/apt.conf.d/99-disable-ssl-verify && \\\n echo "Acquire::https::Verify-Host \"false\";" >> /etc/apt/apt.conf.d/99-disable-ssl-verify' Dockerfile.tmp + + # Build with modified Dockerfile + docker build -f Dockerfile.tmp -t "$IMAGE_NAME:$TAG" . + + # Clean up temporary file + rm -f Dockerfile.tmp +else + echo "Building with default public apt sources..." + docker build -t "$IMAGE_NAME:$TAG" . +fi + +echo "Build completed successfully!" +echo "Image: $IMAGE_NAME:$TAG" + +# Show image info +echo "" +echo "Image details:" +docker images "$IMAGE_NAME:$TAG" \ No newline at end of file diff --git a/src/bind/scripts/save_images.sh b/src/bind/scripts/save_images.sh new file mode 100755 index 0000000..3617466 --- /dev/null +++ b/src/bind/scripts/save_images.sh @@ -0,0 +1,46 @@ +#!/bin/bash + +# Save BIND DNS container images to tar files +# Usage: ./save_images.sh + +set -e + +SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +PROJECT_ROOT="$(dirname "$SCRIPT_DIR")" +IMAGES_DIR="$PROJECT_ROOT/images" + +IMAGE_NAME="argus-bind9" +TAG="latest" + +echo "Saving BIND9 DNS container images..." + +# Create images directory if it doesn't exist +mkdir -p "$IMAGES_DIR" + +# Check if image exists +if ! docker images --format "{{.Repository}}:{{.Tag}}" | grep -q "^$IMAGE_NAME:$TAG$"; then + echo "Error: Image $IMAGE_NAME:$TAG not found" + echo "Please build the image first using: ./build_images.sh" + exit 1 +fi + +# Save the image +echo "Saving $IMAGE_NAME:$TAG to $IMAGES_DIR/argus-bind9.tar..." +docker save "$IMAGE_NAME:$TAG" -o "$IMAGES_DIR/argus-bind9.tar" + +# Compress the tar file to save space +echo "Compressing image archive..." +gzip -f "$IMAGES_DIR/argus-bind9.tar" + +echo "Image saved successfully!" +echo "Location: $IMAGES_DIR/argus-bind9.tar.gz" + +# Show file size +if [ -f "$IMAGES_DIR/argus-bind9.tar.gz" ]; then + echo "File size: $(du -h "$IMAGES_DIR/argus-bind9.tar.gz" | cut -f1)" +fi + +echo "" +echo "To load the image later, use:" +echo " gunzip $IMAGES_DIR/argus-bind9.tar.gz" +echo " docker load -i $IMAGES_DIR/argus-bind9.tar" \ No newline at end of file