adds isc-bind

build-bind.jenkins

@@ -0,0 +1,173 @@
+def repository = "registry.c.test-chamber-13.lan"
+def repositoryCreds = "harbor-repository-creds"
+
+def workspace
+def dockerFile
+def startFile
+def signzoneFile
+
+def label = "kubernetes-${UUID.randomUUID().toString()}"
+def templateName = "pipeline-worker"
+
+pipeline {
+    agent {
+        kubernetes{
+            yaml functions.podYaml(
+                repo: repository,
+                templateName: templateName,
+                kaniko: true
+            )
+        }
+    }
+
+    stages {
+        stage ('Initalize Jenkins') {
+            steps {
+                script {
+                    workspace = pwd()
+                    startFile = """
+#! /usr/bin/env bash
+SIGN_DOMAINS="\$(ls -1 /var/named/masters)" sign-zone.sh
+chown -R bind:bind /var/named
+bind_exporter --bind.stats-url="http://127.0.0.1:8553" --web.listen-address=0.0.0.0:8053 &
+/usr/sbin/named -g -c /etc/bind/named.conf -u bind
+"""
+                    writeFile(file: workspace + "/start.sh", text: startFile)
+
+                    signzoneFile = """
+#! /usr/bin/env bash
+
+# Keys directory
+KEYDIR="/var/named/keys"
+
+# Zone directory
+ZONEDIR="/var/named/masters"
+
+# Destination directory
+DESTDIR="/var/named/dynamic"
+
+function CleanJournal () {
+        if [ -e "\${DESTDIR}/\${DOMAIN}.signed.jnl" ]; then
+            printf 'Removing Journal File: %s\n' "\${DOMAIN}"
+            rm -f "\${DESTDIR}/\${DOMAIN}.signed.jnl"
+        fi
+}
+
+function SignZone () {
+        CleanJournal "\${DOMAIN}"
+        RANDOM_HASH=\$(head -c 1000 /dev/random | sha1sum | cut -b 1-16)
+        EXP=\$(( \$(/bin/date +%Y) + 1))\$(/bin/date +%m%d)000000
+        TEMP_FILE=\$(mktemp /tmp/zone-XXXXXXXXXX)
+
+        printf '%s\\n' "Updating Zone Serial"
+        cp "\${ZONEDIR}/\${DOMAIN}" "\${TEMP_FILE}"
+        sed -i -r -e "s/[0-9]+\t; Serial/\$(date +%Y%m%d%H)\t; Serial/" "\${TEMP_FILE}"
+
+        # If key files do not exist, generate them.
+        if [ -e "\${KEYDIR}/K\${DOMAIN}*.key" ];  then
+                # Keys does not exist so we will generate them
+                printf '%s\\n' "Creating Key Signing Key (4096-bit)"
+                dnssec-keygen -K \${KEYDIR} -f KSK -a RSASHA256 -3 -b 4096 -n ZONE "\${DOMAIN}"
+                printf '%s\\n' "Creating Zone Signing Key (4096-bit)"
+                dnssec-keygen -K \${KEYDIR} -a RSASHA256 -3 -b 4096 -n ZONE "\${DOMAIN}"
+
+                # Append keys to Zone
+                cat "\${KEYDIR}/K\${DOMAIN}*.key" >> "\${TEMP_FILE}"
+        fi
+
+        # Locate the Key Signing Key
+        if ! KSK=\$(grep -i -H "key-signing key" "\${KEYDIR}/K\${DOMAIN}"*.key | cut -d: -f1); then
+                printf '%s\n' "ERROR: Unable to detect Key Signing Key"
+                exit 100
+        fi
+        filename=\$(basename "\${KSK}")
+        KSKBASE=\${filename%.*}
+
+        # Locate the Zone Signing Key
+        if ! ZSK=\$(grep -i -H "zone-signing key" "\${KEYDIR}/K\${DOMAIN}"*.key | cut -d: -f1); then
+                printf '%s\\n' "ERROR: Unable to detect Zone Signing Key"
+                exit 100
+        fi
+        filename=\$(basename "\${ZSK}")
+        ZSKBASE=\${filename%.*}
+
+        printf '%s\\n' "Signing Zone: \${DOMAIN}"
+        cd "\${KEYDIR}" || exit 100
+        dnssec-signzone -3 "\${RANDOM_HASH}" -u -N INCREMENT -o "\${DOMAIN}" -k "\${KSKBASE}" -e "\${EXP}" -f "\${DESTDIR}/\${DOMAIN}.signed" "\${TEMP_FILE}" "\${KEYDIR}/\${ZSKBASE}.private"
+
+        printf '\\n%s\\n' "*** DNSSEC DS RR Generation ***"
+        dnssec-dsfromkey -2 "\${KEYDIR}/\${KSKBASE}.key"
+
+        printf '%s\\n' "Cleaning Temporary File"
+        rm -f "\${TEMP_FILE}"
+}
+
+# Check to see how we were called
+if [ ! -z \${SIGN_DOMAINS+x} ]; then
+        for DOMAIN in \${SIGN_DOMAINS}; do
+                if [ ! -e "\${ZONEDIR}/\${DOMAIN}" ]; then
+                        printf '%s\n' "ERROR: Unable to locate Zone: \${DOMAIN}"
+                        exit 100
+                else
+                        SignZone "\${DOMAIN}"
+                fi
+        done
+elif [ "\${#}" -gt 0 ]; then
+        for DOMAIN in "\${@}"; do
+                if [ ! -e "\${ZONEDIR}/\${DOMAIN}" ]; then
+                        printf '%s\n' "ERROR: Unable to locate Zone: \${DOMAIN}"
+                        exit 100
+                else
+                        SignZone "\${DOMAIN}"
+                fi
+        done
+else
+        printf '%s' "Please enter the Zone (domain) in lowescase: "
+        read -r DOMAIN
+        SignZone "\${DOMAIN}"
+fi
+"""
+                    writeFile(file: workspace + "/sign-zone.sh", text: signzoneFile)
+
+                    dockerFile = """
+FROM registry.hub.docker.com/internetsystemsconsortium/bind9:9.18
+
+COPY *.sh /usr/local/bin/
+
+RUN apt-get update && \
+    apt-get install -y --no-install-recommends dnsutils && \
+    chmod +x /usr/local/bin/start.sh /usr/local/bin/sign-zone.sh
+
+CMD [ "/bin/bash", "-c", "start.sh" ]
+"""
+                    writeFile(file: workspace + "/test-chamber-13.lan.root.crt", text: functions.getCurrentRootCA())
+                }
+            }
+        }
+
+        stage ('Build & Push') {
+            steps {
+                container ('kaniko') {
+                    script {
+                        declarativeFunctions.buildContainerMultipleDestinations(
+                            dockerFile: dockerFile,
+                            repositoryAccess: [
+                                [
+                                    repository: repository,
+                                    credentials: repositoryCreds
+                                ],
+                                [
+                                    repository: "https://index.docker.io/v1/",
+                                    credentials: "dockerhub-repository-creds"
+                                ],
+                            ],
+                            destination: [
+                                "index.docker.io/thespider/bind9:latest",
+                            ]
+                        )
+                    }
+                }
+            }
+        }
+    }
+}