tdocumentation updates for first release - gitzone - git-based zone management tool for static and dynamic domains HTML git clone https://git.parazyd.org/gitzone DIR Log DIR Files DIR Refs --- DIR commit 26dfd85ca5ff5cc79744494e1fa8727cedb3102c DIR parent a546e75c82fde864c1a01be8129818395229a55f HTML Author: Jaromil <jaromil@dyne.org> Date: Thu, 31 Oct 2013 12:00:08 +0100 documentation updates for first release Diffstat: M Makefile | 3 +++ M README.org | 93 ++++++++++++++++++++++++------- 2 files changed, 75 insertions(+), 21 deletions(-) --- DIR diff --git a/Makefile b/Makefile t@@ -1,5 +1,8 @@ PREFIX=/usr +all: + @echo "Nothing to compile. run 'make install' as root (default prefix is /usr)" + install: mkdir -p ${PREFIX}/bin mkdir -p ${PREFIX}/libexec/gitzone DIR diff --git a/README.org b/README.org t@@ -4,49 +4,100 @@ #+INFOJS_OPT: view:showall ltoc:nil #+STYLE: <style>html{max-width:1000px}</style> +#+LATEX_HEADER: \usepackage{lmodern} +#+LATEX_HEADER: \usepackage{fullpage} + * About -gitzone is a git-based zone file management tool for BIND. Users can update +Gitzone is a git-based zone file management tool for BIND. Users can update their zones in a git repository then during a push the zone files are checked, updated & reloaded from git receive hooks. If there's an error in a file being pushed then the push is rejected, thus only correct files are stored on the -server. +server. Gitzone is written in Perl. + +Gitzone-shell is similar to git-shell but it restricts the user to the +zones repository and provides some additional commands for dynamic DNS +updates & SSH key management. Gitzone-shell and the Gitzone-install +scripts are written in Zsh shell script. + +#+LATEX: \pagebreak -gitzone-shell is similar to git-shell but it restricts the user to the zones -repository and provides some additional commands for dynamic DNS updates & SSH -key management. To use it the Z shell must be installed (zsh). * Installation (semi-automatic) -Gitzone comes with a relatively simple script: gitzone-install -whose usage is self-descriptive: +First install Bind9 (not covered by this documentation). + +Then install all scripts in the prefix /bin path and /libexec + + : # make install + +Once the binaries are in place, to enable gitzone for a user there is +a relatively simple script: gitzone-install. Usage synopsis: + + : # gitzone-install username id_rsa.pub - : # gitzone-install username [ id_rsa.pub ] +This script assumes that a user with 'username' (first argument) +already exists: anyone with access to this user will be in control of +gitzone, since access is managed via ssh authentication. -First argument is a user on the machine which will be the user in the git url. +Second argument is the first public ssh key which will have write +permissions to change zones (more keys can be added later). -Second argument is the first public ssh key which will have write permissions to change zones -(it is optional and can be added later) +If you intend to use the dynamic DNS feature via the gitzone-shell, +then you'd better create a specific user only for gitzone. -So first install bind9 (not covered by this documentation), -then create your user and then run the script with all the arguments in place. +Once ready, run the script with all the arguments in place. Then create /etc/bind/repos/${user}.conf and put inside: -: zone "domain.com" { -: type master; -: notify yes; -: file "/var/cache/bind/$user/domain.com"; -: allow-transfer { transfer; }; -: }; +#+BEGIN_EXAMPLE +zone "domain.com" { + type master; + notify yes; + file "/var/cache/bind/$user/domain.com"; + allow-transfer { transfer; }; +}; +#+END_EXAMPLE + +Where 'domain.com' is the first domain you are managing with +gitzone. There can be more domains and for each of them the above +configuration section must be created. + +Now clone the gitzone repository from another user that has access to +the ssh secret key configured in gitzone-install. The git url will be +composed of the hostname of the machine where is has been installed +and the username chosen: + +: git clone username@ns.myown.net:zones/username gitzone-admin + +The command above will clone the new gitzone repository into a +directory gitzone-admin. If you aren't familiar with git, this is a +good time to go study it. + +Create a file named 'domain.com' inside gitzone-admin and fill it in +as a canonical DNS zone file for bind9. Then add, commit and push: + +#+BEGIN_EXAMPLE +cd gitzone-admin; vim domain.com + (edit the zone file according to bind9 documentation) +git add domain.com +git commit -m "initial zone commit for domain.com" +git push +#+END_EXAMPLE + +If the domain.com file contains any errors, gitzone will not accept +the push and will report an error among the screen messages. + -Then restart the bind9 daemon. +If all went well, restart the bind9 daemon and you'll see that the +zone for domain.com is served by your new DNS. One can check using +nslookup. Gitzone can be installed on multiple users on the same machine, this way there can be different admins (or groups of admins) for different zones all on the same machine. -* Installation (manual) +* Installation (in close detail) - set PREFIX in Makefile and make sure the paths in the hooks are correct, then : # make install