Ubuntu
bind9 package

Merge ~ahasenack/ubuntu/+source/bind9:mantic-bind9-dyndb-ldap-dep8 into ubuntu/+source/bind9:ubuntu/devel

  1. Git
  2. lp:~ahasenack/ubuntu/+source/bind9
  3. mantic-bind9-dyndb-ldap-dep8
  4. Merge into ubuntu/devel
Proposed by Andreas Hasenack
Status: Merged
Approved by: git-ubuntu bot
Approved revision: not available
Merged at revision: 4db95cb056e421208993cff5b6e2aa21244292c4
Proposed branch: ~ahasenack/ubuntu/+source/bind9:mantic-bind9-dyndb-ldap-dep8
Merge into: ubuntu/+source/bind9:ubuntu/devel
Diff against target: 313 lines (+291/-0)
3 files modified
debian/changelog (+6/-0)
debian/tests/control (+8/-0)
debian/tests/dyndb-ldap (+277/-0)
Reviewer Review Type Date Requested Status
git-ubuntu bot Approve
Lucas Kanashiro (community) Approve
Canonical Server Reporter Pending
Review via email: mp+449620@code.launchpad.net

Description of the change

Add a DEP8 test. This test is also being added to the bind-dyndb-ldap package.

This is the first step before rebuilding it against current bind9 in all supported distros, and evaluating how strict the dependency with bind9-libs must be.

PPA: https://launchpad.net/~ahasenack/+archive/ubuntu/bind9-dyndb-ldap/+packages

To post a comment you must log in.
Revision history for this message
Lucas Kanashiro (lucaskanashiro) wrote :

Thanks for this MP Andreas! The test you added here is the same as the one proposed here:

https://code.launchpad.net/~ahasenack/ubuntu/+source/bind-dyndb-ldap/+git/bind-dyndb-ldap/+merge/449619

My comment there is also valid here. I built the package and ran the test locally, it passed as expected.

review: Approve
Revision history for this message
git-ubuntu bot (git-ubuntu-bot) wrote :

Approvers: ahasenack, lucaskanashiro
Uploaders: ahasenack, lucaskanashiro
MP auto-approved

review: Approve
Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Thanks, uploaded with rich history.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/debian/changelog b/debian/changelog
2index 08d0143..bdf90e2 100644
3--- a/debian/changelog
4+++ b/debian/changelog
5@@ -1,3 +1,9 @@
6+bind9 (1:9.18.16-1ubuntu2) mantic; urgency=medium
7+
8+ * d/t/control, d/t/dyndb-ldap: add DEP8 test (LP: #2032650)
9+
10+ -- Andreas Hasenack <andreas@canonical.com> Tue, 22 Aug 2023 09:24:02 -0300
11+
12 bind9 (1:9.18.16-1ubuntu1) mantic; urgency=medium
13
14 * Merge with Debian unstable (LP: #2018050). Remaining changes:
15diff --git a/debian/tests/control b/debian/tests/control
16index c004d95..09a620e 100644
17--- a/debian/tests/control
18+++ b/debian/tests/control
19@@ -13,3 +13,11 @@ Restrictions: isolation-container, needs-root
20 Depends: bind9,
21 bind9-dnsutils,
22 bind9-utils
23+
24+Tests: dyndb-ldap
25+Restrictions: isolation-container, needs-root
26+Depends: bind9,
27+ bind9-dyndb-ldap,
28+ slapd,
29+ ldap-utils,
30+ dpkg-dev
31diff --git a/debian/tests/dyndb-ldap b/debian/tests/dyndb-ldap
32new file mode 100644
33index 0000000..5482bc0
34--- /dev/null
35+++ b/debian/tests/dyndb-ldap
36@@ -0,0 +1,277 @@
37+#!/bin/bash
38+
39+set -e
40+
41+ldap_suffix="dc=example,dc=internal"
42+mydomain="example.internal"
43+myhostname="dep8"
44+ldap_admin_dn="cn=admin,${ldap_suffix}"
45+ldap_admin_pw="secret"
46+ldap_bind9_dn="uid=bind9,${ldap_suffix}"
47+ldap_bind9_pw="secretagain"
48+
49+cleanup() {
50+ result=$?
51+ set +e
52+ if [ ${result} -ne 0 ]; then
53+ echo "## Something failed, gathering logs"
54+ echo
55+ echo "## /var/log/syslog:"
56+ tail -n 200 /var/log/syslog
57+ echo
58+ echo "## slapd journal"
59+ journalctl -u slapd
60+ echo
61+ echo "## bind journal"
62+ journalctl -u bind
63+ fi
64+ sed -i '/include.*ldap_zone/d' /etc/bind/named.conf.local
65+ rm -f /etc/bind/named.conf.ldap_zone
66+}
67+
68+trap cleanup EXIT
69+
70+try_reload_apparmor_profile() {
71+ local apparmor_profile="${1}"
72+ local -i rc=0
73+ local arch
74+ local vendor
75+
76+ apparmor_parser -r -W -T "${apparmor_profile}" 2>&1 || rc=$?
77+ if [ ${rc} -ne 0 ]; then
78+ # This can fail on armhf in the Ubuntu DEP8 infrastructure
79+ # because that environment restricts changing apparmor profiles.
80+ # (See LP: #2008393)
81+ arch=$(dpkg --print-architecture)
82+ vendor=$(dpkg-vendor --query Vendor)
83+ if [ "${arch}" = "armhf" ] && [ "${vendor}" = "Ubuntu" ]; then
84+ echo "WARNING: failed to enforce apparmor profile."
85+ echo "On armhf and Ubuntu DEP8 infrastructure, this is not a fatal error."
86+ echo "See #2008393 for details."
87+ rc=0
88+ else
89+ echo "ERROR: failed to adjust the slapd apparmor profile for this test."
90+ fi
91+ fi
92+ return ${rc}
93+}
94+
95+adjust_apparmor_profile() {
96+ local profile_name="usr.sbin.named"
97+ local profile_path="/etc/apparmor.d/${profile_name}"
98+
99+ if [ -f "${profile_path}" ]; then
100+ if aa-status --enabled 2>/dev/null; then
101+ # Adjust apparmor so bind9 can connect to slapd's unix socket
102+ echo " /run/slapd/ldapi rw," >> "/etc/apparmor.d/local/${profile_name}"
103+ try_reload_apparmor_profile "${profile_path}"
104+ fi
105+ fi
106+}
107+
108+check_slapd_ready() {
109+ ldapwhoami -Q -Y EXTERNAL -H ldapi:/// > /dev/null 2>&1
110+}
111+
112+wait_service_ready() {
113+ local service="${1}"
114+ local check_function="${2}"
115+ local -i tries=5
116+ echo -n "Waiting for ${service} to be ready "
117+ while [ ${tries} -ne 0 ]; do
118+ echo -n "."
119+ if "${check_function}"; then
120+ echo
121+ break
122+ fi
123+ tries=$((tries-1))
124+ sleep 1s
125+ done
126+ if [ ${tries} -eq 0 ]; then
127+ echo "ERROR: ${service} is not ready"
128+ return 1
129+ fi
130+}
131+
132+setup_slapd() {
133+ local domain="$1"
134+ local password="$2"
135+ # MUST use REAL TABS as delimiters below!
136+ debconf-set-selections << EOF
137+slapd slapd/domain string ${domain}
138+slapd shared/organization string ${domain}
139+slapd slapd/password1 password ${password}
140+slapd slapd/password2 password ${password}
141+EOF
142+ rm -rf /var/backups/*slapd* /var/backups/unknown*ldapdb
143+ dpkg-reconfigure -fnoninteractive -pcritical slapd 2>&1
144+ systemctl restart slapd # http://bugs.debian.org/1010678
145+ wait_service_ready slapd check_slapd_ready
146+}
147+
148+configure_slapd_logging() {
149+ ldapmodify -Y EXTERNAL -H ldapi:/// 2>&1 <<EOF
150+dn: cn=config
151+changetype: modify
152+replace: olcLogLevel
153+olcLogLevel: stats
154+
155+EOF
156+}
157+
158+create_bind9_uid() {
159+ ldapadd -x -D "${ldap_admin_dn}" -w "${ldap_admin_pw}" <<EOF
160+dn: ${ldap_bind9_dn}
161+uid: replicator
162+objectClass: simpleSecurityObject
163+objectClass: account
164+userPassword: {CRYPT}x
165+
166+EOF
167+ # this sets the password
168+ ldappasswd -x -D "${ldap_admin_dn}" -w "${ldap_admin_pw}" -s "${ldap_bind9_pw}" "${ldap_bind9_dn}"
169+
170+ ldapmodify -Q -Y EXTERNAL -H ldapi:/// <<EOF
171+dn: olcDatabase={1}mdb,cn=config
172+changetype: modify
173+add: olcAccess
174+olcAccess: {1}to dn.subtree="ou=dns,${ldap_suffix}" by dn.exact="${ldap_bind9_dn}" read by * none
175+
176+EOF
177+}
178+
179+
180+load_dyndb_schema() {
181+ local schema_file="/usr/share/doc/bind9-dyndb-ldap/schema.ldif.gz"
182+
183+ # https://wiki.debian.org/LDAP/OpenLDAPSetup#DNS.2FBind9
184+ zcat "${schema_file}" |
185+ sed 's/^attributeTypes:/olcAttributeTypes:/;
186+ s/^objectClasses:/olcObjectClasses:/;
187+ 1,/1.3.6.1.4.1.2428.20.0.0/ {/1.3.6.1.4.1.2428.20.0.0/!s/^/#/};
188+ 1idn: cn=dns,cn=schema,cn=config\nobjectClass: olcSchemaConfig' |
189+ ldapadd -Q -Y EXTERNAL -H ldapi:///
190+}
191+
192+load_syncprov() {
193+ ldapmodify -Q -Y EXTERNAL -H ldapi:/// <<EOF
194+dn: cn=module{0},cn=config
195+changetype: modify
196+add: olcModuleLoad
197+olcModuleLoad: syncprov
198+
199+EOF
200+
201+ ldapmodify -Q -Y EXTERNAL -H ldapi:/// <<EOF
202+dn: olcOverlay=syncprov,olcDatabase={1}mdb,cn=config
203+changeType: add
204+objectClass: olcOverlayConfig
205+objectClass: olcSyncProvConfig
206+olcOverlay: syncprov
207+olcSpCheckpoint: 100 10
208+olcSpSessionLog: 100
209+
210+EOF
211+}
212+
213+load_dns_data() {
214+ ldapadd -x -D "${ldap_admin_dn}" -w "${ldap_admin_pw}" <<EOF
215+dn: ou=dns,${ldap_suffix}
216+objectClass: organizationalUnit
217+objectClass: top
218+ou: dns
219+
220+dn: idnsName=${mydomain},ou=dns,${ldap_suffix}
221+objectClass: top
222+objectClass: idnsZone
223+objectClass: idnsRecord
224+idnsName: ${mydomain}
225+idnsZoneActive: TRUE
226+idnsSOAmName: ${myhostname}.${mydomain}
227+idnsSOArName: root.${myhostname}.${mydomain}
228+idnsSOAserial: 1
229+idnsSOArefresh: 10800
230+idnsSOAretry: 900
231+idnsSOAexpire: 604800
232+idnsSOAminimum: 86400
233+NSRecord: ${mydomain}.
234+ARecord: 192.168.141.5
235+
236+dn: idnsName=${myhostname},idnsName=${mydomain},ou=dns,${ldap_suffix}
237+objectClass: idnsRecord
238+objectClass: top
239+idnsName: ${myhostname}
240+CNAMERecord: ${mydomain}.
241+
242+dn: idnsName=_ldap._tcp,idnsName=${mydomain},ou=dns,${ldap_suffix}
243+objectClass: idnsRecord
244+objectClass: top
245+idnsName: _ldap._tcp
246+SRVRecord: 0 100 389 ${myhostname}
247+
248+dn: idnsName=somehost,idnsName=${mydomain},ou=dns,${ldap_suffix}
249+objectClass: idnsRecord
250+objectClass: top
251+ARecord: 192.168.141.6
252+
253+EOF
254+}
255+
256+configure_dyndb() {
257+ if ! grep -qE "ldap_zone" /etc/bind/named.conf.local; then
258+ echo "include \"/etc/bind/named.conf.ldap_zone\";" >> /etc/bind/named.conf.local
259+ fi
260+ cat > /etc/bind/named.conf.ldap_zone <<EOF
261+dyndb "ldap_zone" "/usr/lib/$(dpkg-architecture -qDEB_HOST_MULTIARCH 2>/dev/null)/bind/ldap.so" {
262+ uri "ldapi:///";
263+ base "ou=dns,${ldap_suffix}";
264+ auth_method "simple";
265+ bind_dn "${ldap_bind9_dn}";
266+ password "${ldap_bind9_pw}";
267+};
268+EOF
269+ chmod 0640 /etc/bind/named.conf.ldap_zone
270+ chgrp bind /etc/bind/named.conf.ldap_zone
271+ echo "## Restarting bind9"
272+ systemctl restart bind9.service
273+}
274+
275+echo "## Adjust bind9's apparmor profile if needed"
276+adjust_apparmor_profile
277+
278+echo "## Setting up slapd"
279+setup_slapd "${mydomain}" "${ldap_admin_pw}"
280+echo
281+
282+echo "## Configuring slapd logging"
283+configure_slapd_logging
284+echo
285+
286+echo "## Creating bind9 ldap uid"
287+create_bind9_uid
288+echo
289+
290+echo "## Loading bind9-dyndb-ldap schema"
291+load_dyndb_schema
292+echo
293+
294+echo "## Loading syncproc module"
295+load_syncprov
296+echo
297+
298+echo "## Loading DNS sample data"
299+load_dns_data
300+echo
301+
302+echo "## Configuring bind9 to use bind9-dyndb-ldap"
303+configure_dyndb
304+echo
305+
306+echo "## Checking DNS records"
307+host "somehost.${mydomain}" 127.0.0.1
308+echo
309+host "${myhostname}.${mydomain}" 127.0.0.1
310+echo
311+host -t srv "_ldap._tcp.${mydomain}" 127.0.0.1
312+echo
313+host -t soa "${mydomain}" 127.0.0.1

Subscribers

People subscribed via source and target branches