Split unbound and resolver: use resolver in TP3

2022-02-23 16:38:15 +01:00 · 2022-02-23 16:38:15 +01:00 · 7dfb50e357
parent cc2c5986ed
commit 7dfb50e357
6 changed files with 41 additions and 9 deletions
--- a/pkg/resolver/Dockerfile
+++ b/pkg/resolver/Dockerfile
@ -0,0 +1,17 @@
+FROM alpine:3.15
+MAINTAINER Pierre-Olivier Mercier <nemunaire@nemunai.re>
+
+RUN apk add --no-cache alpine-baselayout bash busybox unbound unbound-openrc dnssec-root openssh openrc
+
+VOLUME /etc/unbound
+
+EXPOSE 53
+EXPOSE 53/udp
+
+RUN unbound-anchor && mkdir -p /var/log && touch /var/log/unbound.log && chown unbound:unbound /var/log/unbound.log
+RUN rc-update add unbound default && rc-update add sshd default && rc-update add networking default
+COPY sshd_config /etc/ssh/sshd_config
+
+CMD ["/sbin/openrc-init"]
+
+LABEL org.mobyproject.config='{"binds": ["/etc/resolv.conf:/etc/resolv.conf"], "capabilities": ["CAP_NET_BIND_SERVICE"]}'
--- a/pkg/resolver/build.yml
+++ b/pkg/resolver/build.yml
@ -0,0 +1,4 @@
+image: unbound
+network: true
+arches:
+- x86_64
--- a/pkg/resolver/docker-entrypoint.sh
+++ b/pkg/resolver/docker-entrypoint.sh
@ -0,0 +1,13 @@
+#!/bin/sh
+
+set -e
+
+if [ `which unbound-$1 2>/dev/null` ]; then
+  set -- unbound-"$@"
+elif [ ! `which $1 2>/dev/null` ]; then
+  set -- unbound -dv "$@"
+fi
+
+unbound-anchor
+
+exec "$@"
--- a/pkg/resolver/sshd_config
+++ b/pkg/resolver/sshd_config
@ -81,7 +81,7 @@ ChallengeResponseAuthentication no
 # If you just want the PAM account and session checks to run without
 # PAM authentication, then enable this but set PasswordAuthentication
 # and ChallengeResponseAuthentication to 'no'.
-UsePAM yes
+#UsePAM yes

 #AllowAgentForwarding yes
 #AllowTcpForwarding yes
--- a/pkg/unbound/Dockerfile
+++ b/pkg/unbound/Dockerfile
@ -1,17 +1,15 @@
-FROM alpine
+FROM alpine:3.15
 MAINTAINER Pierre-Olivier Mercier <nemunaire@nemunai.re>

-RUN apk add --no-cache alpine-baselayout bash busybox unbound unbound-openrc dnssec-root openssh openrc
+RUN apk add --no-cache unbound dnssec-root
+COPY docker-entrypoint.sh /

 VOLUME /etc/unbound

 EXPOSE 53
 EXPOSE 53/udp

-RUN unbound-anchor && mkdir -p /var/log && touch /var/log/unbound.log && chown unbound:unbound /var/log/unbound.log
-RUN rc-update add unbound default && rc-update add sshd default && rc-update add networking default
-COPY sshd_config /etc/ssh/sshd_config
-
-CMD ["/sbin/openrc-init"]
+ENTRYPOINT ["/docker-entrypoint.sh"]
+CMD ["/usr/sbin/unbound", "-d"]

 LABEL org.mobyproject.config='{"binds": ["/etc/resolv.conf:/etc/resolv.conf"], "capabilities": ["CAP_NET_BIND_SERVICE"]}'
--- a/tuto3.yml
+++ b/tuto3.yml
@ -170,7 +170,7 @@ services:
      - /etc/hosts:/etc/hosts:ro
      - /etc/dresolv.conf:/etc/resolv.conf
  - name: ns-resolv
-    image: nemunaire/unbound:4988e30d81f3b1782e7bc520d2d24123930d72a6
+    image: nemunaire/resolver:4988e30d81f3b1782e7bc520d2d24123930d72a6
    net: /run/netns/ns
    pid: new
    ipc: new