From ef36a459dde9decafb6c3a288588ac57d4b5346e Mon Sep 17 00:00:00 2001 From: songpenglei <14342538+songpenley@user.noreply.gitee.com> Date: Mon, 14 Oct 2024 09:08:27 +0000 Subject: [PATCH 1/2] =?UTF-8?q?dns=20=E9=9B=86=E6=88=90?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- bin/ncdns/dnsmasq.service | 13 +++++++++ bin/ncdns/src/utils.rs | 59 +++++++++++++++++++++++++++++++++------ bin/ncdns/src/vars.rs | 1 + 3 files changed, 64 insertions(+), 9 deletions(-) create mode 100644 bin/ncdns/dnsmasq.service diff --git a/bin/ncdns/dnsmasq.service b/bin/ncdns/dnsmasq.service new file mode 100644 index 00000000..5e282d68 --- /dev/null +++ b/bin/ncdns/dnsmasq.service @@ -0,0 +1,13 @@ +[Unit] +Description=DNS caching server. +Before=nss-lookup.target +Wants=nss-lookup.target +After=network.target + +[Service] +ExecStart=/usr/sbin/dnsmasq --conf-file=/var/lib/nanocl/dns/dnsmasq.conf +Type=forking +PIDFile=/run/dnsmasq.pid + +[Install] +WantedBy=multi-user.target diff --git a/bin/ncdns/src/utils.rs b/bin/ncdns/src/utils.rs index cfc77369..b2a905bb 100644 --- a/bin/ncdns/src/utils.rs +++ b/bin/ncdns/src/utils.rs @@ -4,7 +4,11 @@ use nanocld_client::stubs::dns::ResourceDnsRule; use nanocld_client::stubs::generic::{GenericClause, GenericFilter}; use nanocld_client::NanocldClient; +use std::process::Command; +use std::process::ExitStatus; + use crate::dnsmasq::Dnsmasq; +use crate::vars::DNSMASQ; /// Get public address of host async fn get_host_addr(client: &NanocldClient) -> IoResult { @@ -36,9 +40,24 @@ async fn get_network_addr( /// Reload the dns service /// TODO: use a better way to reload the service, we may have to move from dnsmasq to something else pub(crate) async fn reload_service(client: &NanocldClient) -> IoResult<()> { - client - .restart_process("cargo", "ndns", Some("system")) - .await?; + // client + // .restart_process("cargo", "ndns", Some("system")) + // .await?; + + // 由于 ndns 不再以 cargo 的形式部署,所以重启时,直接使用 systemctl 重启即可 + + if check_service_status(DNSMASQ) { + println!("the {} service is running...", DNSMASQ); + + // 尝试重启服务 + if restart_service(DNSMASQ) { + println!("{} is restarted", DNSMASQ); + } else { + println!("{} cannot restart", DNSMASQ); + } + } else { + println!("{} is not existing or running", DNSMASQ); + } Ok(()) } @@ -55,7 +74,7 @@ pub(crate) async fn update_entries( "data", GenericClause::Contains( "$.Network".parse().unwrap(), - dns_rule.clone().network + dns_rule.clone().network, ), ); let resources = client.list_resource(Some(&filter)).await.map_err(|err| { @@ -64,11 +83,9 @@ pub(crate) async fn update_entries( log::debug!("utils::update_entries: {} resources", resources.len()); let mut entries = dns_rule.entries.clone(); for resource in resources { - let mut dns_rule = serde_json::from_str::( - &*resource.spec.data, - ) - .map_err(|err| err.map_err_context(|| "Unable to serialize the DnsRule"))?; - entries.append(&mut dns_rule.entries); + let dns_rule = serde_json::from_str::(&resource.spec.data); + // .map_err(|err| err.map_err_context(|| "Unable to serialize the DnsRule"))?; + entries.append(&mut dns_rule.unwrap().entries); } let listen_address = get_network_addr(&dns_rule.network, client).await?; let mut file_content = @@ -159,3 +176,27 @@ pub mod tests { TestClient::new(srv, vars::VERSION) } } + +/// 检查服务是否存在并运行 +fn check_service_status(service_name: &str) -> bool { + let status: ExitStatus = Command::new("systemctl") + .arg("status") + .arg(service_name) + .status() + .expect("Failed to execute systemctl"); + + // 返回 true 表示服务运行正常,返回 false 表示服务未运行或不存在 + status.success() +} + +/// 重启服务 +fn restart_service(service_name: &str) -> bool { + let status: ExitStatus = Command::new("systemctl") + .arg("restart") + .arg(service_name) + .status() + .expect("Failed to restart service"); + + // 返回 true 表示服务重启成功 + status.success() +} diff --git a/bin/ncdns/src/vars.rs b/bin/ncdns/src/vars.rs index f24e5dc2..1293b503 100644 --- a/bin/ncdns/src/vars.rs +++ b/bin/ncdns/src/vars.rs @@ -2,3 +2,4 @@ pub const ARCH: &str = env!("TARGET_ARCH"); pub const VERSION: &str = env!("CARGO_PKG_VERSION"); pub const COMMIT_ID: &str = env!("GIT_HASH"); pub const CHANNEL: &str = env!("CHANNEL"); +pub const DNSMASQ: &str = "dnsmasq"; -- Gitee From d3ada92a80d47a2eb86ec7b3c688f362fc4413b2 Mon Sep 17 00:00:00 2001 From: songpenglei <14342538+songpenley@user.noreply.gitee.com> Date: Tue, 15 Oct 2024 02:04:43 +0000 Subject: [PATCH 2/2] add dns example --- bin/ncdns/README.md | 129 ++++++++++++++++++++++++++--- bin/ncdns/dnsmasq.conf | 7 ++ bin/ncdns/example/dns-example.yaml | 10 +++ bin/ncdns/ncdns.service | 13 +++ 4 files changed, 148 insertions(+), 11 deletions(-) create mode 100644 bin/ncdns/dnsmasq.conf create mode 100644 bin/ncdns/example/dns-example.yaml create mode 100644 bin/ncdns/ncdns.service diff --git a/bin/ncdns/README.md b/bin/ncdns/README.md index 2554d22e..8b2d284c 100644 --- a/bin/ncdns/README.md +++ b/bin/ncdns/README.md @@ -1,15 +1,122 @@ -# Nanocl official controller dns +## 安装过程 -The official nanocl controller dns build on top of dnsmasq. +1. 安装 dnsmasq:`yum install dnsmasq` +2. dnsmasq 依赖列表如下: -See [nanocl](https://github.com/next-hat/nanocl) for more informations. + ```jsx + package: dnsmasq-2.89-1.oe2309.x86_64 + dependency: /bin/sh + provider: bash-5.2.15-4.oe2309.x86_64 + provider: coreutils-9.3-2.oe2309.x86_64 + provider: bash-5.2.15-4.oe2309.x86_64 + provider: coreutils-9.3-2.oe2309.x86_64 + provider: bash-5.2.15-4.oe2309.x86_64 + provider: coreutils-9.3-2.oe2309.x86_64 + dependency: libc.so.6(GLIBC_2.38)(64bit) + provider: glibc-2.38-8.oe2309.x86_64 + provider: glibc-2.38-8.oe2309.x86_64 + provider: glibc-2.38-8.oe2309.x86_64 + dependency: libdbus-1.so.3()(64bit) + provider: dbus-libs-1:1.14.8-1.oe2309.x86_64 + provider: dbus-libs-1:1.14.8-1.oe2309.x86_64 + dependency: libdbus-1.so.3(LIBDBUS_1_3)(64bit) + provider: dbus-libs-1:1.14.8-1.oe2309.x86_64 + provider: dbus-libs-1:1.14.8-1.oe2309.x86_64 + dependency: libgmp.so.10()(64bit) + provider: gmp-1:6.3.0-5.oe2309.x86_64 + provider: gmp-1:6.3.0-5.oe2309.x86_64 + provider: gmp-1:6.3.0-5.oe2309.x86_64 + dependency: libhogweed.so.6()(64bit) + provider: nettle-3.8.1-1.oe2309.x86_64 + provider: nettle-3.8.1-1.oe2309.x86_64 + provider: nettle-3.8.1-1.oe2309.x86_64 + dependency: libhogweed.so.6(HOGWEED_6)(64bit) + provider: nettle-3.8.1-1.oe2309.x86_64 + provider: nettle-3.8.1-1.oe2309.x86_64 + provider: nettle-3.8.1-1.oe2309.x86_64 + dependency: libidn2.so.0()(64bit) + provider: libidn2-2.3.3-2.oe2309.x86_64 + provider: libidn2-2.3.3-2.oe2309.x86_64 + provider: libidn2-2.3.3-2.oe2309.x86_64 + dependency: libidn2.so.0(IDN2_0.0.0)(64bit) + provider: libidn2-2.3.3-2.oe2309.x86_64 + provider: libidn2-2.3.3-2.oe2309.x86_64 + provider: libidn2-2.3.3-2.oe2309.x86_64 + dependency: libnettle.so.8()(64bit) + provider: nettle-3.8.1-1.oe2309.x86_64 + provider: nettle-3.8.1-1.oe2309.x86_64 + provider: nettle-3.8.1-1.oe2309.x86_64 + dependency: libnettle.so.8(NETTLE_8)(64bit) + provider: nettle-3.8.1-1.oe2309.x86_64 + provider: nettle-3.8.1-1.oe2309.x86_64 + provider: nettle-3.8.1-1.oe2309.x86_64 + dependency: nettle >= 3.4 + provider: nettle-3.8.1-1.oe2309.x86_64 + provider: nettle-3.8.1-1.oe2309.x86_64 + provider: nettle-3.8.1-1.oe2309.x86_64 + dependency: rtld(GNU_HASH) + provider: glibc-2.38-8.oe2309.x86_64 + provider: glibc-2.38-8.oe2309.x86_64 + provider: glibc-2.38-8.oe2309.x86_64 + dependency: systemd + provider: systemd-253-5.oe2309.x86_64 + provider: systemd-253-5.oe2309.x86_64 + provider: systemd-253-5.oe2309.x86_64 + provider: systemd-253-5.oe2309.src + ``` -## Overview +3. 构建 ncdns 二进制 +4. 启动 ncdns 二进制 -The the default nanocl controller for domain name is using dnsmasq.
-It will ensure each cargo instance will own a dns entry.
-The dns entry will be the cargo generated from the cargo key.
-We will replace `-` and `_` by a `.` and will be generated this way: `nanocl..local`
-This process should never stop by itself or by a crash.
-It will loop till it have a connection to nanocl daemon
-and be able to watch for his events. +## 功能测试 + +使用方法: + +```jsx +ApiVersion: v0.14 + +Resources: +- Name: vpn-dns + Kind: ncdns.io/rule + Data: | + Network: Private + Entries: + - Name: example.com + IpAddress: 192.168.122.200 +``` + +字段解释: + +- Network:必须字段 +- Entries:必须字段 + - Name:域名地址 + - IpAddress:IP地址 + +测试结果:表明 endpoint 可以使用配置的 mDNS 正常解析 + +```jsx +; <<>> DiG 9.16.37 <<>> @127.0.0.1 www.example.com +; (1 server found) +;; global options: +cmd +;; Got answer: +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41337 +;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 + +;; OPT PSEUDOSECTION: +; EDNS: version: 0, flags:; udp: 1232 +;; QUESTION SECTION: +;www.example.com. IN A + +;; ANSWER SECTION: +www.example.com. 0 IN A **192.168.122.200** + +;; Query time: 0 msec +;; SERVER: 127.0.0.1#53(127.0.0.1) +;; WHEN: Mon Oct 14 15:58:49 CST 2024 +;; MSG SIZE rcvd: 60 +``` + +部署方案如下: + +1. 在每个集群内,启用一个 dnsmasq 副本 +2. 主节点的 `/etc/resolv.conf` 设置 DNS 为 `127.0.0.1/localhost` ;其他节点的 DNS `/etc/resolv.conf` 设置为主节点 IP 地址 diff --git a/bin/ncdns/dnsmasq.conf b/bin/ncdns/dnsmasq.conf new file mode 100644 index 00000000..a2e00c29 --- /dev/null +++ b/bin/ncdns/dnsmasq.conf @@ -0,0 +1,7 @@ +bind-dynamic +no-resolv +no-poll +no-hosts +proxy-dnssec +except-interface=lo +conf-dir=/var/lib/nanocl/dns/dnsmasq.d,*.conf diff --git a/bin/ncdns/example/dns-example.yaml b/bin/ncdns/example/dns-example.yaml new file mode 100644 index 00000000..b4550449 --- /dev/null +++ b/bin/ncdns/example/dns-example.yaml @@ -0,0 +1,10 @@ +ApiVersion: v0.14 + +Resources: + - Name: dns-example + Kind: ncdns.io/rule/v0.7 + Data: | + Network: Private + Entries: + - Name: example.com + IpAddress: 192.168.122.200 diff --git a/bin/ncdns/ncdns.service b/bin/ncdns/ncdns.service new file mode 100644 index 00000000..c18cefe6 --- /dev/null +++ b/bin/ncdns/ncdns.service @@ -0,0 +1,13 @@ +[Unit] +Description=Nanocl Daemon Service +After=network.target + +[Service] +Type=simple +ExecStart=/usr/local/bin/ncdns --state-dir="/var/lib/nanocl/dns" +Restart=on-failure +Environment=PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin +LimitNOFILE=4096 + +[Install] +WantedBy=multi-user.target -- Gitee