Service/Nameservers: Difference between revisions

← Older edit Newer edit →

@@ Line 23: / Line 23: @@
 !  IPv6
 |-
-!  ns1.sugarlabs.org
+!  '''ns1.sugarlabs.org'''
 |  lightwave
 |  FSF, Boston, USA
@@ Line 59: / Line 59: @@
 To simplify merging, each hostmaster pushes to a separate branch:
-  git clone root@lightwave.sugarlabs.org:/var/lib/bind/etc/bind ns
+  git clone lightwave.sugarlabs.org:/var/lib/bind/etc/bind ns
- git config --add remote.origin.push '+refs/heads/*:refs/remotes/USERNAME/*'
-'''FIXME''': use an unprivileged group "hostmaster" rather than root.
+Do not checkout the repository as root. Your user needs to be in group bind.
+'''FIXME''': use a separate group ''hostmaster'' rather than bind.
 == Edit zone data ==
@@ Line 78: / Line 79: @@
 == Push changes back to master nameserver ==
-We have a handy script to automate this procedure:
+* We have a handy post-receive hook to automate this procedure. All you have to do is pushing your changes:
- ./update-named-master
+  git push
 * You should see the slaves transfering the new zones you have modified
@@ Line 92: / Line 93: @@
 FIXME: ssh keys needed for other admins
+== Implementation details ==
+* The git config file is as follows:
+ [core]
+        repositoryformatversion = 0
+        filemode = true
+        bare = false
+        shared = true
+        logallrefupdates = true
+        worktree = /etc/bind
+ [receive]
+        denycurrentbranch = ignore
+ [hooks]
+        mailinglist = bernie@codewiz.org
+        emailprefix = "[DNS] "
+        showrev = "git show -C %s; echo"
+* We use a post-receive hook to checkout the zones to the local sandbox and make
+BIND reload them:
+ #!/bin/bash
+ /bin/bash /usr/share/doc/git-core/contrib/hooks/post-receive-email
+ git checkout -f
+ tail -n0 -f /var/log/daemon.log &
+ /etc/init.d/bind9 reload
+ sleep 3
+* For slightly better security, the repository lives outside the sandbox