Split unbound and resolver: use resolver in TP3

2022-02-23 16:38:15 +01:00 · 2022-02-23 16:38:15 +01:00 · 7dfb50e357
commit 7dfb50e357
parent cc2c5986ed
6 changed files with 41 additions and 9 deletions
--- a/pkg/resolver/Dockerfile
+++ b/pkg/resolver/Dockerfile
@ -0,0 +1,17 @@
 FROM alpine:3.15
 MAINTAINER Pierre-Olivier Mercier <nemunaire@nemunai.re>
 RUN apk add --no-cache alpine-baselayout bash busybox unbound unbound-openrc dnssec-root openssh openrc
 VOLUME /etc/unbound
 EXPOSE 53
 EXPOSE 53/udp
 RUN unbound-anchor && mkdir -p /var/log && touch /var/log/unbound.log && chown unbound:unbound /var/log/unbound.log
 RUN rc-update add unbound default && rc-update add sshd default && rc-update add networking default
 COPY sshd_config /etc/ssh/sshd_config
 CMD ["/sbin/openrc-init"]
 LABEL org.mobyproject.config='{"binds": ["/etc/resolv.conf:/etc/resolv.conf"], "capabilities": ["CAP_NET_BIND_SERVICE"]}'
--- a/pkg/resolver/build.yml
+++ b/pkg/resolver/build.yml
@ -0,0 +1,4 @@
 image: unbound
 network: true
 arches:
 - x86_64
--- a/pkg/resolver/docker-entrypoint.sh
+++ b/pkg/resolver/docker-entrypoint.sh
@ -0,0 +1,13 @@
 #!/bin/sh
 set -e
 if [ `which unbound-$1 2>/dev/null` ]; then
  set -- unbound-"$@"
 elif [ ! `which $1 2>/dev/null` ]; then
  set -- unbound -dv "$@"
 fi
 unbound-anchor
 exec "$@"
--- a/pkg/resolver/sshd_config
+++ b/pkg/resolver/sshd_config
@ -81,7 +81,7 @@ ChallengeResponseAuthentication no
 # If you just want the PAM account and session checks to run without
 # PAM authentication, then enable this but set PasswordAuthentication
 # and ChallengeResponseAuthentication to 'no'.
-UsePAM yes
+#UsePAM yes
 #AllowAgentForwarding yes
 #AllowTcpForwarding yes
--- a/pkg/unbound/Dockerfile
+++ b/pkg/unbound/Dockerfile
@ -1,17 +1,15 @@
-FROM alpine
+FROM alpine:3.15
 MAINTAINER Pierre-Olivier Mercier <nemunaire@nemunai.re>
-RUN apk add --no-cache alpine-baselayout bash busybox unbound unbound-openrc dnssec-root openssh openrc
+RUN apk add --no-cache unbound dnssec-root
 COPY docker-entrypoint.sh /
 VOLUME /etc/unbound
 EXPOSE 53
 EXPOSE 53/udp
-RUN unbound-anchor && mkdir -p /var/log && touch /var/log/unbound.log && chown unbound:unbound /var/log/unbound.log
+ENTRYPOINT ["/docker-entrypoint.sh"]
-RUN rc-update add unbound default && rc-update add sshd default && rc-update add networking default
+CMD ["/usr/sbin/unbound", "-d"]
 COPY sshd_config /etc/ssh/sshd_config
 CMD ["/sbin/openrc-init"]
 LABEL org.mobyproject.config='{"binds": ["/etc/resolv.conf:/etc/resolv.conf"], "capabilities": ["CAP_NET_BIND_SERVICE"]}'
--- a/tuto3.yml
+++ b/tuto3.yml
@ -170,7 +170,7 @@ services:
      - /etc/hosts:/etc/hosts:ro
      - /etc/dresolv.conf:/etc/resolv.conf
  - name: ns-resolv
-    image: nemunaire/unbound:4988e30d81f3b1782e7bc520d2d24123930d72a6
+    image: nemunaire/resolver:4988e30d81f3b1782e7bc520d2d24123930d72a6
    net: /run/netns/ns
    pid: new
    ipc: new