Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ddclient: T5791: Update dynamic dns configuration path for consistency #2554

Merged
merged 4 commits into from
Dec 1, 2023
Merged

ddclient: T5791: Update dynamic dns configuration path for consistency #2554

merged 4 commits into from
Dec 1, 2023

Conversation

indrajitr
Copy link
Contributor

Change Summary

Modify the configuration path to be consistent with the usual dialects of VyoS configuration (wireguard, dns, firewall, etc.)

This would also shorten the configuration path and have a unified treatment for RFC2136-based updates and other 'web-service' based updates.

While at it, add support for per-service web-options. This would allow for probing different external URLs on a per-service basis.

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Code style update (formatting, renaming)
  • Refactoring (no functional changes)
  • Migration from an old Vyatta component to vyos-1x, please link to related PR inside obsoleted component
  • Other (please describe):

Related Task(s)

Related PR(s)

Component(s) name

dns dynamic

Proposed changes

Summary of how the change would look like:

Case 1: Web-based DDNS with address web:
Before:

set service dns dynamic address web web-options url 'https://domains.google.com/checkip'   # Note that this was global
set service dns dynamic address web service cloudflare host-name 'dyn.example.com'
set service dns dynamic address web service cloudflare protocol 'cloudflare'
set service dns dynamic address web service cloudflare zone 'example.com'
set service dns dynamic address web service cloudflare password 'super-secret'
set service dns dynamic address web service cloudflare ip-version 'both'

After:

set service dns dynamic name cloudflare address 'web'
set service dns dynamic name cloudflare web-options url 'https://domains.google.com/checkip'   # Note that this is per-service now
set service dns dynamic name cloudflare host-name 'dyn.example.com'
set service dns dynamic name cloudflare protocol 'cloudflare'
set service dns dynamic name cloudflare zone 'example.com'
set service dns dynamic name cloudflare password 'super-secret'
set service dns dynamic name cloudflare ip-version 'both'

Case 2: Web-based DDNS with address eth6:
Before:

set service dns dynamic address eth6 service cloudflare host-name 'dyn.example.com'
set service dns dynamic address eth6 service cloudflare protocol 'cloudflare'
set service dns dynamic address eth6 service cloudflare zone 'example.com'
set service dns dynamic address eth6 service cloudflare password 'super-secret'
set service dns dynamic address eth6 service cloudflare ip-version 'both'

After:

set service dns dynamic name cloudflare address 'eth6'
set service dns dynamic name cloudflare host-name 'dyn.example.com'
set service dns dynamic name cloudflare protocol 'cloudflare'
set service dns dynamic name cloudflare zone 'example.com'
set service dns dynamic name cloudflare password 'super-secret'
set service dns dynamic name cloudflare ip-version 'both'

Case 3: RFC2136-based DDNS with address web:
Before:

set service dns dynamic address web web-options url 'https://domains.google.com/checkip'    # Note that this was global
set service dns dynamic address web rfc2136 foo host-name 'dyn.example.com'
set service dns dynamic address web rfc2136 foo zone 'example.com'
set service dns dynamic address web rfc2136 foo key '/config/auth/foo.txt'
set service dns dynamic address web rfc2136 foo server 'dns.example.com'

After:

set service dns dynamic name foo address 'web'
set service dns dynamic name cloudflare web-options url 'https://domains.google.com/checkip'   # Note that this is per-service now
set service dns dynamic name foo host-name 'foo.example.com'
set service dns dynamic name foo protocol 'nsupdate'             # Note that this needs to be configured now, just like other protocols
set service dns dynamic name foo zone 'example.com'
set service dns dynamic name foo key '/config/auth/foo.txt'     # Note that `nsupdate` needs `key` instead of `password`
set service dns dynamic name foo server 'dns.example.com'

How to test

Please see above

Smoketest result

vyos@vyos15e:~$ python3 /usr/libexec/vyos/tests/smoke/cli/test_service_dns_dynamic.py
test_01_dyndns_service_standard (__main__.TestServiceDDNS.test_01_dyndns_service_standard) ... 
"zone" is not supported for Dynamic DNS service "freedns" with protocol
"freedns"


"ttl" is not supported for Dynamic DNS service "freedns" with protocol
"freedns"


"ttl" is not supported for Dynamic DNS service "zoneedit" with protocol
"zoneedit1"


"ttl" is not supported for Dynamic DNS service "zoneedit" with protocol
"zoneedit1"

ok
test_02_dyndns_service_ipv6 (__main__.TestServiceDDNS.test_02_dyndns_service_ipv6) ... 
"expiry-time" must be greater than "wait-time" for Dynamic DNS service
"dynv6"

ok
test_03_dyndns_service_dual_stack (__main__.TestServiceDDNS.test_03_dyndns_service_dual_stack) ... 
Both IPv4 and IPv6 at the same time is not supported for Dynamic DNS
service "google" with protocol "googledomains"

ok
test_04_dyndns_rfc2136 (__main__.TestServiceDDNS.test_04_dyndns_rfc2136) ... ok
test_05_dyndns_hostname (__main__.TestServiceDDNS.test_05_dyndns_hostname) ... ok
test_06_dyndns_web_options (__main__.TestServiceDDNS.test_06_dyndns_web_options) ... 
"web-options" is applicable only when using HTTP(S) web request to
obtain the IP address

ok
test_07_dyndns_vrf (__main__.TestServiceDDNS.test_07_dyndns_vrf) ... ok

----------------------------------------------------------------------
Ran 7 tests in 286.257s

OK

Checklist:

  • I have read the CONTRIBUTING document
  • I have linked this PR to one or more Phabricator Task(s)
  • I have run the components SMOKETESTS if applicable
  • My commit headlines contain a valid Task id
  • My change requires a change to the documentation
  • I have updated the documentation accordingly

@indrajitr
ddclient: T5791: Update dynamic dns configuration path
6c12c28 
Modify the configuration path to be consistent with the usual dialects
of VyoS configuration (wireguard, dns, firewall, etc.)

This would also shorten the configuration path and have a unified
treatment for RFC2136-based updates and other 'web-service' based updates.

While at it, add support for per-service web-options. This would allow
for probing different external URLs on a per-service basis.
@indrajitr
ddclient: T5791: Remove XML includes that aren't used anymore
54591d0 
As followup to interface definition change, remove XML snippets that
aren't used anymore. They were there because they were 'include'-ed
multiple times in the interface definition `dynamic-dns.xml.in`. Since
that's not the case anymore, they can be removed.
@indrajitr
ddclient: T5791: Migration script for dynamic dns config path change
7cf735e
@indrajitr
ddclient: T5791: Update smoketest for dynamic dns config path change
2d9b005
@vyosbot vyosbot requested review from a team, dmbaturin, sarthurdev, zdc, jestabro, sever-sever and c-po and removed request for a team December 1, 2023 01:55
@c-po c-po merged commit a6d4dd1 into vyos:current Dec 1, 2023
7 of 8 checks passed
This was referenced Dec 3, 2023
Merged
Merged
arnoxit added a commit to TransFICC/vyos-1x that referenced this pull request Dec 6, 2023
@arnoxit
[Kim] vyos#2554 customise vyos-1x
a603679 
* update sshd_config template with parameters required for freeipa/sssd
* symlink config to /config/freeipa so it can be updated and retained
  * /etc/krb5.conf
  * /etc/krb5.conf.d
  * /etc/nslcd.conf
  * /etc/nsswitch.conf
  * /etc/pam.d/common-account
  * /etc/pam.d/common-account-ldaps
  * /etc/pam.d/common-auth
  * /etc/pam.d/common-auth-ldaps
  * /etc/pam.d/common-session
  * /etc/pam.d/common-session-ldaps
  * /etc/pam.d/common-session-noninteractive
  * /etc/pam.d/common-session-noninteractive-ldaps
  * /etc/sssd/conf.d
  * /etc/sssd/pki
  * /etc/sssd/sssd.conf
  * /etc/telegraf/telegraf.conf
  * /etc/telegraf/telegraf.d
  * /root/.k5login
  * /usr/local/share/ca-certificates
  * /var/lib/ipa-client
* override service definitions to start in mgmt vrf
  * nslcd
  * pdns-recursor
  * telegraf
arnoxit added a commit to TransFICC/vyos-1x that referenced this pull request Dec 6, 2023
@arnoxit
[Kim] vyos#2554 remove version number from release artifact
662fb4a 
* to make it easier to pull the latest into vyos-build
arnoxit added a commit to TransFICC/vyos-1x that referenced this pull request Dec 6, 2023
@arnoxit
[Kim] vyos#2554 add deb config file diversions
c2028b2
arnoxit added a commit to TransFICC/vyos-1x that referenced this pull request Dec 6, 2023
@arnoxit
[Kim] vyos#2554 fix dpkg-divert argument order
7f4c8c9
arnoxit added a commit to TransFICC/vyos-1x that referenced this pull request Dec 6, 2023
@arnoxit
[Kim] vyos#2554 remove dpkg diversions of directories
1a69992
arnoxit added a commit to TransFICC/vyos-1x that referenced this pull request Dec 6, 2023
@arnoxit
[Kim] vyos#2554 remove diversions for /etc/pam.d/common-*
446be11 
* these should move to changes in /usr/share/pam-configs
arnoxit added a commit to TransFICC/vyos-1x that referenced this pull request Dec 6, 2023
@arnoxit
[Kim] vyos#2554 add -transficc to package version
9ccd26a
arnoxit added a commit to TransFICC/vyos-1x that referenced this pull request Dec 6, 2023
@arnoxit
[Kim] vyos#2554 update pam-configs for ldap, unix and sss
ad3264e 
* divert standard config
* add pam_localuser.so to unix profile to skip unix prompts if non-local user
* change use_first_pass for sss auth to forward_pass as use_first_pass will not handle 2fa prompting
* change ldap profile to not be enabled by default
arnoxit added a commit to TransFICC/vyos-1x that referenced this pull request Dec 6, 2023
@arnoxit
[Kim] vyos#2554 remove pam-config profiles before diverting the overr…
8f673e4 
…idden files then re-enable
arnoxit added a commit to TransFICC/vyos-1x that referenced this pull request Dec 6, 2023
@arnoxit
[Kim] vyos#2554 update to pam config
f4d8cea
arnoxit added a commit to TransFICC/vyos-1x that referenced this pull request Dec 6, 2023
@arnoxit
[Kim] vyos#2554 force pam-auth-update as we need to clear out previou…
24d6eaf 
…s config
arnoxit added a commit to TransFICC/vyos-1x that referenced this pull request Dec 6, 2023
@arnoxit
[Kim] vyos#2554 try and trigger vyos-build workflow
3f9f056
arnoxit added a commit to TransFICC/vyos-1x that referenced this pull request Dec 19, 2023
@arnoxit
[Kim] vyos#2554 add -transficc to package version
70ea802
arnoxit added a commit to TransFICC/vyos-1x that referenced this pull request Dec 19, 2023
@arnoxit
[Kim] vyos#2554 update pam-configs for ldap, unix and sss
01e22dd 
* divert standard config
* add pam_localuser.so to unix profile to skip unix prompts if non-local user
* change use_first_pass for sss auth to forward_pass as use_first_pass will not handle 2fa prompting
* change ldap profile to not be enabled by default
arnoxit added a commit to TransFICC/vyos-1x that referenced this pull request Dec 19, 2023
@arnoxit
[Kim] vyos#2554 remove pam-config profiles before diverting the overr…
b8319f5 
…idden files then re-enable
arnoxit added a commit to TransFICC/vyos-1x that referenced this pull request Dec 19, 2023
@arnoxit
[Kim] vyos#2554 update to pam config
84e82b7
arnoxit added a commit to TransFICC/vyos-1x that referenced this pull request Dec 19, 2023
@arnoxit
[Kim] vyos#2554 force pam-auth-update as we need to clear out previou…
5eb9a82 
…s config
arnoxit added a commit to TransFICC/vyos-1x that referenced this pull request Dec 19, 2023
@arnoxit
[Kim] vyos#2554 try and trigger vyos-build workflow
39ed150
arnoxit added a commit to TransFICC/vyos-1x that referenced this pull request Dec 19, 2023
@arnoxit
[Kim] vyos#2554 add workflow_dispatch
8e70821
arnoxit added a commit to TransFICC/vyos-1x that referenced this pull request Dec 19, 2023
@arnoxit
[Kim] vyos#2554 remove trigger of vyos-build as need some credentials
f4e6c46
arnoxit added a commit to TransFICC/vyos-1x that referenced this pull request Dec 19, 2023
@arnoxit
[Kim] vyos#2554 add missing files
1c0ce4e
arnoxit added a commit to TransFICC/vyos-1x that referenced this pull request Dec 19, 2023
@arnoxit
[Kim] vyos#2554 disable pam_radius by default
6fc19bf
arnoxit added a commit to TransFICC/vyos-1x that referenced this pull request Dec 19, 2023
@arnoxit
[Kim] vyos#2554 change ipsec retransmit defaults
341dea1
arnoxit added a commit to TransFICC/vyos-1x that referenced this pull request Dec 19, 2023
@arnoxit
[Kim] vyos#2554 remove symlinks and add sssd.service config
caf01d7
arnoxit added a commit to TransFICC/vyos-1x that referenced this pull request Dec 19, 2023
@arnoxit
[Kim] vyos#2554 add missing /etc/nslcd.conf
ffad472
arnoxit added a commit to TransFICC/vyos-1x that referenced this pull request Dec 19, 2023
@arnoxit
[Kim] vyos#2554 change dpkg diversions
f9b139a
arnoxit added a commit to TransFICC/vyos-1x that referenced this pull request Dec 19, 2023
@arnoxit
[Kim] vyos#2554 trying to resolve issue with nslcd.conf
9e59dcb
arnoxit added a commit to TransFICC/vyos-1x that referenced this pull request Dec 19, 2023
@arnoxit
[Kim] vyos#2554 update systemd overrides
9d78169 
* add After vyos-router.service
arnoxit added a commit to TransFICC/vyos-1x that referenced this pull request Dec 19, 2023
@arnoxit
[Kim] vyos#2554 update workflow
4905f96 
* add additional assets
arnoxit added a commit to TransFICC/vyos-1x that referenced this pull request Dec 19, 2023
@arnoxit
[Kim] vyos#2554 increase memlock limit for ip vrf exec
97b2c32
arnoxit added a commit to TransFICC/vyos-1x that referenced this pull request Dec 19, 2023
@arnoxit
[Kim] vyos#2554 fix sssd services and increase memlock limit for sshd
61ce8e3
arnoxit added a commit to TransFICC/vyos-1x that referenced this pull request Dec 19, 2023
@arnoxit
[Kim] vyos#2554 add etc/sssd/conf.d to install paths
f85169f
arnoxit added a commit to TransFICC/vyos-1x that referenced this pull request Dec 19, 2023
@arnoxit
[Kim] vyos#2554 add workflow to regularly rebase against upstream
5088ff5
arnoxit added a commit to TransFICC/vyos-1x that referenced this pull request Dec 19, 2023
@arnoxit
[Kim] vyos#2554 pull in all commits
f04fd72
arnoxit added a commit to TransFICC/vyos-1x that referenced this pull request Dec 19, 2023
@arnoxit
[Kim] vyos#2554 change pam-config profiles
a919f67
arnoxit added a commit to TransFICC/vyos-1x that referenced this pull request Dec 19, 2023
@arnoxit
[Kim] vyos#2554 fix permissions on /etc/sssd/conf.d files
02a7c6f
arnoxit added a commit to TransFICC/vyos-1x that referenced this pull request Dec 19, 2023
@arnoxit
[Kim] vyos#2554 fix sssd conf permissions in postinst instead
be26243
arnoxit added a commit to TransFICC/vyos-1x that referenced this pull request Dec 19, 2023
@arnoxit
[Kim] vyos#2554 fix pam ldaps config
aed24d5
arnoxit added a commit to TransFICC/vyos-1x that referenced this pull request Dec 19, 2023
@arnoxit
[Kim] vyos#2554 add memlock limit to telegraf systemd service overrid…
7de1c02 
…e for ip vrf
arnoxit added a commit to TransFICC/vyos-1x that referenced this pull request Dec 19, 2023
@arnoxit
[Kim] vyos#2554 add auto restart to nslcd service
91624e7
arnoxit added a commit to TransFICC/vyos-1x that referenced this pull request Dec 19, 2023
@arnoxit
[Kim] vyos#2554 disable pam_radius by default
5cdda42
@indrajitr indrajitr deleted the ddclient-update-20231128 branch December 27, 2023 20:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@c-po c-po c-po approved these changes

@dmbaturin dmbaturin Awaiting requested review from dmbaturin dmbaturin is a code owner automatically assigned from vyos/reviewers

@sarthurdev sarthurdev Awaiting requested review from sarthurdev sarthurdev is a code owner automatically assigned from vyos/reviewers

@zdc zdc Awaiting requested review from zdc zdc is a code owner automatically assigned from vyos/reviewers

@jestabro jestabro Awaiting requested review from jestabro jestabro is a code owner automatically assigned from vyos/reviewers

@sever-sever sever-sever Awaiting requested review from sever-sever sever-sever is a code owner automatically assigned from vyos/reviewers

Assignees

@indrajitr indrajitr

Labels
current
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@indrajitr @c-po