openshift-origin-dns-bind 0.8.12

data/COPYRIGHT

@@ -0,0 +1 @@
+Copyright 2012 Red Hat, Inc. and/or its affiliates.

data/Gemfile

@@ -0,0 +1,3 @@
+source "http://rubygems.org"
+
+gemspec

data/LICENSE

@@ -0,0 +1,11 @@
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.

data/README.md

@@ -0,0 +1,3 @@
+Notice of Export Control Law
+
+This software distribution includes cryptographic software that is subject to the U.S. Export Administration Regulations (the "*EAR*") and other U.S. and foreign laws and may not be exported, re-exported or transferred (a) to any country listed in Country Group E:1 in Supplement No. 1 to part 740 of the EAR (currently, Cuba, Iran, North Korea, Sudan & Syria); (b) to any prohibited destination or to any end user who has been prohibited from participating in U.S. export transactions by any federal agency of the U.S. government; or (c) for use in connection with the design, development or production of nuclear, chemical or biological weapons, or rocket systems, space launch vehicles, or sounding rockets, or unmanned air vehicle systems.You may not download this software or technical information if you are located in one of these countries or otherwise subject to these restrictions. You may not provide this software or technical information to individuals or entities located in one of these countries or otherwise subject to these restrictions. You are also responsible for compliance with foreign law requirements applicable to the import, export and use of this software and technical information.

data/Rakefile

@@ -0,0 +1,9 @@
+#require "bundler/gem_tasks"
+require 'rake'
+require 'rake/testtask'
+
+Rake::TestTask.new(:test) do |t|
+  t.libs << 'test'
+  t.test_files = FileList['test/**/*_test.rb']
+  t.verbose = true
+end

data/doc/README.local_dns

@@ -0,0 +1,441 @@
+Running a service which adds new hostnames to the internet requires a
+Dynamic DNS service.  The openshift-origin-dns-bind package provides the client side
+of service interface for a Dynamic DNS based on ISC BIND DNS (or any
+other DNS service which honors RFC 2136 and 3007 dynamic update
+queries).  If you're running a self-contained service for development
+or testing, you'll need to have a local DNS service capable of
+accepting updates and responding to queries for your test zones while
+passing all other requests through to your external DNS servers.
+
+This document describes how to configure a DNS service on a
+self-contained system so that it can accept updates for local zones
+but does not interfere with normal system operation.
+
+The initial steps assume that the host has a static IP address.
+Additional steps to configure a system with an IP address provided by
+DHCP follow.
+
+* Install BIND
+* Generate update keys
+* Create initial test zone files
+* Configure named
+** dnssec
+** forwarding
+** control key
+** update keys
+** test zones
+* Start named service
+** Test local queries
+** Test remote queries
+** Test updates
+* Enable named service
+* Set resolver order
+* DHCP updates
+** SELinux
+*** Compiling policy module
+*** Installing policy module
+** Disable NetworkManager service
+** Enable network service
+** dhclient hooks (update forwarders)
+** named.conf: include forwarders
+** dhclient config (resolver prefix)
+
+* Summary
+
+This procedure will add a local named service which will accept
+updates using RFC compliant queries.  A tool in bind-utils named
+nsupdate can be used to send updates for testing.  The openshift-origin-dns-bind
+Ruby module uses rubygem-dnsruby to do the same thing.
+
+For this procedure, we're going to use a target domain of
+'example.com'.  This domain is set aside by RFC 2606 for just this
+purpose. When it is done you will be able to query the example.com
+domain and get local answers.  You will also be able to update the
+contents of the local example.com domain. Modify any instance of
+'example.com' in the procedure below if you wish to use another domain
+for your configuration.
+
+Nearly all of the commands below must be run as root or using sudo(8).
+
+All other queries will be forwarded to the normal external DNS service.
+
+* Install BIND
+
+You should just be able to request the 'bind' package. The bind-utils
+package is needed for verification and testing.
+
+  yum install bind bind-utils
+
+* Generate update keys
+
+There are several good sites that go into details about how to create
+DNSSEC keys. See the references section. For now I'm just going to
+give one example.
+
+Note that dnssec-keygen needs a source of "entropy".  If it appears to
+hang, log onto the host with another session and type or execute a few
+commands until enough entropy has been generated to complete the key
+generation.
+
+  dnssec-keygen -a HMAC-MD5 -b 512 -n USER example.com.
+
+This will produce two files who's names look something like this:
+
+  Kexample.com.+157+30572.key
+  Kexample.com.+157+30572.private
+
+The key string is in both files but you can extract it most easily
+like this:
+
+  grep Key: Kexample.com.*.private | cut -d' ' -f 2
+
+(assuming you only have one private key file in your current working directory)
+  
+Copy the files to /var/named for safe keeping.  We'll need the key
+string later for configuring /etc/named.conf
+
+* Create initial test zone files
+
+DNS updates have to be sent to a specific zone.  You need to have the
+example.com zone configured into your local named as a dynamic zone.
+There is a sample initial example.com.db file included in this
+directory.
+
+One thing to note is that the example has the default TTL value set to
+1 second.  This is to avoid testing errors caused by caching.  If the
+TTL is larger then changes will not be reflected until the record
+times out.  As it is, delete test queries should wait 2 seconds after
+the delete operation completes to be sure to get a correct answer. You
+would never use this value in production.
+
+* Configure named
+
+The master configuration file for ISC BIND named is /etc/named.conf.
+There is an example in the directory which contains this README.
+There are several significant settings in that file which bear
+pointing out.
+
+** forwarding
+
+The local server must be set to forward only.  While recursion is
+enabled, it will not be used.  Requests for zones which are not
+locally authoritative (basically everything but example.com) will be
+forwarded to the upstream DNS server.
+
+The forwarders clause in the configuration will be included from a
+file named /var/named/forwarders.conf.  This will allow you to update
+the forwarders without editing the named.conf itself.  This will
+become important if you're getting your primary IP address from DHCP.
+
+The forwarders section consists of the forwarders keyword and a block
+of semi-colon terminated IP addresses.  These addresses should be the
+addresses you would normally have in your /etc/resolv.conf nameserver
+list.
+
+  forwarders { <ip address 1> [ ; <ip address N ]... ; } ;
+ 
+For now you can create /var/named/forwarders.conf by hand.
+
+** update keys
+
+Each dynamic zone requires an associated update key.  The nameserver
+and client each have a copy of the same key.  The keys have an id and
+a value.  The id is the string provided at the end of the
+dnssec-keygen(8) command above and the value is the string we
+extracted from the K*.private file.
+
+The sample named.conf file includes the key configuration from a file
+called 'example.com.key'. 
+
+  include "example.com.key";
+
+The key file contains the key definition section which looks like this:
+
+  key example.com {
+    algorithm HMAC-MD5 ;
+    secret "<key string>" ;
+  } ;
+
+Substitute the key string from the private key file generated eariler
+and place the key file in /var/named/example.com.key.
+
+** test zones
+
+The test zones are set in the /etc/named.conf file with a zone
+section. The zone file itself was describe above.  Here we specify the
+type of zone, the zone file location and the fact that it can be
+updated using the key included in the previous section.
+
+The sample named.conf has a zone section for the example.com zone:
+
+  zone "example.com" IN {
+  	type master;
+  	file "dynamic/example.com.db";
+  	allow-update { key example.com ; } ;
+  };
+
+* Start named service
+
+First, you want to test that the configuration files are valid and
+free of typos.  You can start a named manually and observe the startup
+using the -g option:
+
+  /usr/sbin/named -g
+
+If there are any errors, check the log output and the contents of
+/var/log/messages for syntax and configuration errors.
+
+When you're satisfied that the configuration is correct, interrupt the
+named with CTRL-C and start it as a proper service:
+
+  service named start
+
+** Test local queries
+
+Once the named is running you can check that it is responding to
+queries. The tools for that are in the bind-utils RPM.  Install that
+if you haven't yet.  The two tools for testing ordinary queries are
+dig(1) and host(1).  Dig gives more detailed output and does not use
+the domain or search lines from /etc/resolv.conf.  You have to provide
+fully qualified domain names for queries.  Host gives more compact
+simple output and does use resolv.conf to complete partial names.
+
+Because the resolv.conf does not yet have 127.0.0.1 as the first
+nameserver you have to specify the nameserver on the query command
+line.
+
+  dig @127.0.0.1 example.com soa
+
+  host -t soa example.com 127.0.0.1
+
+Those will show the Start Of Authority records for the example.com
+zone.  They should reflect the values in your local zone.  Compare
+them to the values you get from the same query on a host using normal
+DNS.
+
+** Test remote queries
+
+With forwarders configured, you should also be able to get responses
+for zones outside your test zone.
+
+  dig @127.0.0.1 icann.org a
+
+  host -t a icann.org 127.0.0.1
+
+These should complete promptly and show the normal IP address values.
+
+** Test updates
+
+Update testing uses another tool from bind-utils named nsupdate(1).
+nsupdate takes its input from standard input.  It also requires the
+key for authentication.  You can test adding a record like this: (note
+the extra spaces in the indentation of the example)
+
+  nsupdate -k /var/named/example.com.key <<EOF
+  server 127.0.0.1
+  update add testaddr.example.com 1 A 192.168.254.254
+  send
+  quit
+  EOF
+
+following successful completion of that command you should be able to
+query with dig(1) or host(1) and verify that the new record is there.
+
+  dig @127.0.0.1 testhost.example.com a
+
+* Enable named service
+
+When you're satsfied that the service is running and responding
+correctly you can enable the system service so that it restarts on
+reboot:
+
+  chkconfig named on
+
+* Set resolver order
+
+The final step to integrating the local named is to make it the
+first nameserver in your resolver list.  Once this is done all
+queries will go to the local named first by default.
+
+Add the following line to your /etc/resolv.conf file before any
+other nameserver lines:
+
+  nameserver 127.0.0.1
+
+* DHCP updates
+
+For a self-contained service which would be typical for testing, or
+for a virtual host environment like EC2 it is possible that the DNS
+host will get it's IP address and DNS information from DHCP.  In that
+case each time the host renews it's DHCP lease it will overwrite the
+/etc/resolv.conf file.  It may also change its upstream nameserver
+list.  If that happens, the forwarders list for the named must also
+change. 
+
+dhclient is the daemon that maintains DHCP controlled interfaces.  It
+has hooks which can be used to run scripts triggered on lease
+renewals.  However in RHEL and Fedora distributions the current
+default manager for interfaces is NetworkManager.  NetworkManager is
+designed mostly for mobile device users and does not seem to provide
+access to the kinds of control hooks that dhclient does.
+
+To provide the control needed we're doing to disable NetworkManager
+and let interface control fall back to the more primative network
+service and the dhclient daemon. 
+
+Note that the forwarders update below will fail if you have SELinux
+enabled.  If you're running with SELinux disabled skip down past the SELinux
+instructions.
+
+If you consider it safe you can temporarily suspend SELinux and
+re-enable it later.
+
+  setenforce 0
+
+** SELinux
+
+If you are running your host with SELinux enabled then the dhclient
+service will not have permission to write any file which the named
+service has permission to read.  You will need to extend the SELinux
+policy to allow the dhclient-up-hooks script to write the
+/var/named/forwarders.conf file and make it readable.
+
+To compile and load the new policy you will need the selinux-policy
+and policycoreutils RPMs installed.  If you have SELinux enabled you
+will certainly already have the selinux-policy package.  You may still
+need to install policycoreutils.
+
+  yum install selinux-policy policycoreutils
+
+The examples directory contains two files which define a policy update that
+does just that:
+
+  dhcpnamedforward.te
+  dhcpnamedforward.fc
+
+The first is a set of new policy rules.  The second defines the
+default label for the /var/named/forwarders.conf file so that the
+rules will apply.
+
+*** Compiling policy module
+
+Copy the policy files to /usr/share/selinux/packages.
+
+Compile the policy module:
+
+  cd /usr/share/selinux/packages
+  make -f /usr/share/selinux/devel/Makefile
+
+This will generate two additional files.
+
+  dhcpnamedforward.if
+  dhcpnamedforward.pp
+
+The .if file is an empty "interface" template and can be ignored.
+
+The .pp file is the compiled policy.  This is what gets loaded.
+
+*** Installing policy module
+
+To load the policy module use semodule(8)
+
+  semodule -i /usr/share/selinux/packages/dhcpnamedforward.pp
+
+This could take a couple of minutes.  When it completes, check that
+the module is installed:
+
+  semodule -l | grep dhcpnamedforward
+
+At this point SELinux should allow the dhclient-up-hooks script to
+write /var/named/forwarders.conf and the named service to read it.
+
+** Disable NetworkManager service
+
+Attempt to disable NetworkManager service:
+
+  chkconfig NetworkManager off
+
+If you get any errors it's likely that you don't have NetworkManager
+installed and life is good.
+
+Then enable the generic "network" service
+
+  chkconfig network on
+
+And change any interfaces that think they're controlled by
+NetworkManager and change them over:
+
+  grep -l NM_CONTROLLED /etc/sysconfig/network-scripts/ifcfg-* | \
+    xargs perl -p -i -e '/NM_CONTROLLED/ && s/yes/no/i'
+
+** dhclient config (resolver prefix)
+
+As noted earlier, dhclient will rewrite the /etc/resolv.conf file each
+time it renews the DHCP lease.  You can configure it to put a value
+before the other nameserver lines.  Create a file named
+/etc/dhcp/dhclient.conf and put this in it:
+
+  # prepend localhost for DNS lookup in dev and test
+  prepend domain-name-servers 127.0.0.1 ;
+
+** dhclient hooks (update forwarders)
+
+dhclient also has the capability to run a script when an interface
+comes up.  If you place a bourne shell script at
+/etc/dhcp/dhclient-up-hooks and make sure it's readable and
+*executable* then it will be sourced when any interface renews its
+lease.
+
+The dhclient-up-hooks script in the directory which contains this
+README will create a file named /var/named/forwarders.conf on lease
+renew. 
+
+** named.conf: include forwarders
+
+If you followed the instructions initially your /etc/named.conf file
+already includes the /var/named/forwarders.conf to set the forwarders
+list.  If not, do it now.
+
+** renewing the interface
+
+Now if you force the external interface to renew (do this while logged
+in via serial console!) you should be able to watch the forwarders be
+updated and the named reloaded to get the update
+
+  service network restart
+
+If you get an error or you don't see the timestamp change on
+/var/named/forwarders.conf then check the execute bit on
+/etc/dhcp/dhclient-up-hooks.
+
+* References
+
+  - RFC 2136 Dynamic Updates in the Domain Name System (DNS UPDATE)
+      http://tools.ietf.org/rfc/rfc2136.txt
+
+  - RFC 2606 Reserved Top Level DNS Names
+      http://tools.ietf.org/rfc/rfc2606.txt
+
+  - RFC 3007 Secure Domain Name System (DNS) Dynamic Update
+      http://tools.ietf.org/rfc/rfc3007.txt
+
+  - Article: Painless Dynamic DNS,
+      Copyright © 2008 Jeff Garzik
+      http://linux.yyz.us/nsupdate/
+
+  - Article: Painless DDNS part 2: the server
+      Copyright © 2008 Jeff Garzik
+      http://linux.yyz.us/dns/ddns-server.html
+
+  - dhclient-script(8) man page
+      http://linux.die.net/man/8/dhclient-script
+
+
+  - ISC BIND documentation
+      http://www.isc.org/software/bind/documentation
+
+  - A step-by-step guide to building a new SELinux policy module, 
+      Dan Walsh, Copyright © 2012 Red Hat, Inc.
+
+  - SELinux reference policy
+      http://oss.tresys.com/projects/refpolicy

data/doc/examples/192.168.0.reverse.db

@@ -0,0 +1,10 @@
+$TTL	1 ; ONLY THIS SHORT FOR TESTING, changes are cached this long
+$ORIGIN 0.168.192.IN-ADDR.ARPA.
+@  1D  IN	 SOA ns1.example.com.	mymail.example.com. (
+			      2002022401 ; serial
+			      3H ; refresh
+			      15 ; retry
+			      1w ; expire
+			      3h ; minimum
+			     )
+; server host definitions

data/doc/examples/Kexample.com.+157+37399.key

@@ -0,0 +1 @@
+example.com. IN KEY 0 3 157 lOuqTjZbxrFwOodiqXMcBQ8J5bGNvU6xUgOQxOohSRmiSi49P56x/wVN d/0kqmLvUxjt3qzx0lVCsFnxaRgg7g==

data/doc/examples/Kexample.com.+157+37399.private

@@ -0,0 +1,7 @@
+Private-key-format: v1.3
+Algorithm: 157 (HMAC_MD5)
+Key: lOuqTjZbxrFwOodiqXMcBQ8J5bGNvU6xUgOQxOohSRmiSi49P56x/wVNd/0kqmLvUxjt3qzx0lVCsFnxaRgg7g==
+Bits: AAA=
+Created: 20120327235602
+Publish: 20120327235602
+Activate: 20120327235602

data/doc/examples/dhclient-up-hooks

@@ -0,0 +1,44 @@
+#!/bin/sh
+#
+# This file is sourced using (.) by /sbin/dhclient-script after the eth0 
+# interface is brought up.
+#
+# The code here creates a file named /var/named/forwarders.conf containing
+# the nameservers listed in the DHCP response.
+# This allows the local named to properly respond to queries for both local
+# and remote zones.
+
+# The environment is inherited from the context in the dhclient-script at the
+# time when this file is sourced.
+
+# The file operations here require the dhcpnamedforward SELinux module to
+# succeed.  If the file write fails, check that the policy is loaded.
+# 
+
+FORWARD_CONF=${FORWARD_CONF:="/var/named/forwarders.conf"}
+
+if [ -n "$new_domain_name_servers" ]
+then
+  # remove the localhost reference if it's provided
+  NAME_SERVER_LIST=`echo ${new_domain_name_servers} | sed -e 's/127.0.0.1 *//g'`
+  logmessage "NAME_SERVER_LIST ${NAME_SERVER_LIST}"
+  FORWARDERS=""
+  for i in $NAME_SERVER_LIST; do
+    FORWARDERS="${FORWARDERS} $i ; "
+  done
+  FORWARDERS="${FORWARDERS} 8.8.8.8 ; 8.8.4.4 ;"
+  logmessage "set forwarders: ${FORWARDERS}"
+  cat > ${FORWARD_CONF} <<EOF
+// created by /etc/dhcp/dhclient-up-hooks
+// set named forwarders from the DHCP supplied name server list
+forwarders { ${FORWARDERS} } ;
+EOF
+
+  # reload the named configuration if needed
+  if service named status 2>&1 >/dev/null
+  then
+    service named reload
+  fi
+else
+  logmessage "no new name servers provided by DHCP"
+fi

data/doc/examples/dhclient.conf

@@ -0,0 +1,3 @@
+# prepend localhost for DNS lookup in dev and test
+# still bypassing local DNS - MAL 20120302
+prepend domain-name-servers 127.0.0.1;

data/doc/examples/dhcpnamedforward.fc

@@ -0,0 +1 @@
+/var/named/forwarders.conf  -- gen_context(system_u:object_r:named_forward_file_t,s0)

data/doc/examples/dhcpnamedforward.te

@@ -0,0 +1,26 @@
+policy_module(dhcpnamedforward,0.0.10)
+
+require {
+	type dhcpc_t;
+        type named_t;
+	type named_zone_t;
+	type named_initrc_exec_t;
+        type httpd_t;
+}
+
+# Create the new type
+type named_forward_file_t;
+files_type(named_forward_file_t)
+
+filetrans_pattern(dhcpc_t, named_zone_t, named_forward_file_t, file)
+manage_files_pattern(dhcpc_t, named_forward_file_t, named_forward_file_t)
+
+allow named_t named_forward_file_t:file { getattr open read };
+init_labeled_script_domtrans(dhcpc_t, named_initrc_exec_t)
+#allow dhcpc_t named_initrc_exec_t:file { getattr execute };
+
+ifdef(`corenet_udp_bind_all_ephemeral_ports',`
+  corenet_udp_bind_all_ephemeral_ports(named_t)
+')
+corenet_udp_bind_all_unreserved_ports(named_t)
+corenet_udp_bind_all_ports(httpd_t)

data/doc/examples/example.com.db

@@ -0,0 +1,14 @@
+$ORIGIN .
+$TTL 1	; 1 seconds (for testing only)
+example.com		IN SOA	ns1.example.com. hostmaster.example.com. (
+				2011112904 ; serial
+				60         ; refresh (1 minute)
+				15         ; retry (15 seconds)
+				1800       ; expire (30 minutes)
+				10         ; minimum (10 seconds)
+				)
+			NS	ns1.example.com.
+			MX	10 mail.example.com.
+$ORIGIN example.com.
+ns1			A	127.0.0.1
+

data/doc/examples/named.conf

@@ -0,0 +1,50 @@
+// named.conf
+//
+// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
+// server as a caching only nameserver (as a localhost DNS resolver only).
+//
+// See /usr/share/doc/bind*/sample/ for example named configuration files.
+//
+
+options {
+	listen-on port 53 { any; };
+	listen-on port 953 { any; };
+	directory 	"/var/named";
+	dump-file 	"/var/named/data/cache_dump.db";
+        statistics-file "/var/named/data/named_stats.txt";
+        memstatistics-file "/var/named/data/named_mem_stats.txt";
+	allow-query     { any; };
+	recursion yes;
+
+	/* Path to ISC DLV key */
+	bindkeys-file "/etc/named.iscdlv.key";
+
+	// set forwarding to the next nearest server (from DHCP response
+	forward only;
+        include "forwarders.conf";
+};
+
+logging {
+        channel default_debug {
+                file "data/named.run";
+                severity dynamic;
+        };
+};
+
+// use the default rndc key
+include "/etc/rndc.key";
+ 
+controls {
+	inet 127.0.0.1 port 953
+	allow { 127.0.0.1; } keys { "rndc-key"; };
+};
+
+include "/etc/named.rfc1912.zones";
+
+include "example.com.key";
+
+zone "example.com" IN {
+	type master;
+	file "dynamic/example.com.db";
+	allow-update { key example.com ; } ;
+};

data/lib/openshift-origin-dns-bind.rb

@@ -0,0 +1,10 @@
+require "openshift-origin-common"
+
+module OpenShift
+  module BindDnsModule
+    require 'openshift-origin-dns-bind/engine/engine' if defined?(Rails) && Rails::VERSION::MAJOR == 3
+  end
+end
+
+require "openshift-origin-dns-bind/lib/openshift/bind_plugin.rb"
+OpenShift::DnsService.provider=OpenShift::BindPlugin

data/lib/openshift-origin-dns-bind/config/initializers/openshift-origin-dns-bind-defaults.conf

@@ -0,0 +1,5 @@
+BIND_SERVER="127.0.0.1"
+BIND_PORT=53
+BIND_KEYNAME="example.com"
+BIND_KEYVALUE="base64-encoded key, most likely from /var/named/example.com.key."
+BIND_ZONE="example.com"

data/lib/openshift-origin-dns-bind/config/initializers/openshift-origin-dns-bind.rb

@@ -0,0 +1,14 @@
+require 'openshift-origin-common/config'
+
+Broker::Application.configure do
+  conf = OpenShift::Config.new(File.join(OpenShift::Config::PLUGINS_DIR, File.basename(__FILE__, '.rb') + '.conf'))
+  defaults = OpenShift::Config.new(File.join(File.dirname(__FILE__), File.basename(__FILE__, '.rb') + '-defaults.conf'))
+
+  config.dns = {
+    :server => conf.get("BIND_SERVER") || defaults.get("BIND_SERVER"),
+    :port => (conf.get("BIND_PORT") || defaults.get("BIND_PORT")).to_i,
+    :keyname => conf.get("BIND_KEYNAME") || defaults.get("BIND_KEYNAME"),
+    :keyvalue => conf.get("BIND_KEYVALUE") || defaults.get("BIND_KEYVALUE"),
+    :zone => conf.get("BIND_ZONE") || defaults.get("BIND_ZONE")
+  }
+end

data/lib/openshift-origin-dns-bind/engine/engine.rb

@@ -0,0 +1,10 @@
+require 'openshift-origin-controller'
+require 'rails'
+
+module OpenShift
+  class BindDnsEngine < Rails::Engine
+    paths.lib                  << "lib/openshift-origin-bind-dns/lib"
+    paths.config               << "lib/openshift-origin-bind-dns/config"
+    config.autoload_paths      += %W(#{config.root}/lib)
+  end
+end

data/lib/openshift-origin-dns-bind/lib/openshift/bind_plugin.rb

@@ -0,0 +1,123 @@
+#
+# Make OpenShift updates to a BIND DNS service
+#
+require 'rubygems'
+require 'dnsruby'
+
+module OpenShift
+  class BindPlugin < OpenShift::DnsService
+    @oo_dns_provider = OpenShift::BindPlugin
+
+    # DEPENDENCIES
+    # Rails.application.config.openshift[:domain_suffix]
+    # Rails.application.config.dns[...]
+
+    attr_reader :server, :port, :keyname, :keyvalue
+
+    def initialize(access_info = nil)
+      if access_info != nil
+        @domain_suffix = access_info[:domain_suffix]
+      elsif defined? Rails
+        # extract from Rails.application.config[dns,ss]
+        access_info = Rails.application.config.dns
+        @domain_suffix = Rails.application.config.openshift[:domain_suffix]
+      else
+        raise Exception.new("BIND DNS service is not initialized")
+      end
+      @server = access_info[:server]
+      @port = access_info[:port].to_i
+      @src_port = access_info[:src_port].to_i if access_info[:src_port].to_i
+      @keyname = access_info[:keyname]
+      @keyvalue = access_info[:keyvalue]
+      @zone = access_info[:zone]
+    end
+
+    def dns
+      if not @dns_con
+        @dns_con = Dnsruby::Resolver.new(:nameserver => @server, :port => @port)
+        @dns_con.src_port = @src_port if @src_port
+      end
+      @dns_con
+    end
+
+    def namespace_available?(namespace)
+      fqdn = "#{namespace}.#{@domain_suffix}"
+
+      # If we get a response, then the namespace is reserved
+      # An exception means that it is available
+      begin
+        dns.query(fqdn, Dnsruby::Types::TXT)
+        return false
+      rescue Dnsruby::NXDomain
+        return true
+      end
+    end
+
+    def register_namespace(namespace)
+      # create a TXT record for the namespace in the domain
+      fqdn = "#{namespace}.#{@domain_suffix}"
+      # enable updates with key
+      dns.tsig = @keyname, @keyvalue
+
+      update = Dnsruby::Update.new(@zone)
+      #   update.absent(fqdn, 'TXT')
+      update.add(fqdn, 'TXT', 60, "Text record for #{namespace}")
+      dns.send_message(update)
+    end
+
+    def deregister_namespace(namespace)
+      # create a TXT record for the namespace in the domain
+      fqdn = "#{namespace}.#{@domain_suffix}"
+      # enable updates with key
+      dns.tsig = @keyname, @keyvalue
+
+      update = Dnsruby::Update.new(@zone)
+      update.delete(fqdn, 'TXT')
+      dns.send_message(update)
+    end
+
+    def register_application(app_name, namespace, public_hostname)
+      # create an A record for the application in the domain
+      fqdn = "#{app_name}-#{namespace}.#{@domain_suffix}"
+      # enable updates with key
+      dns.tsig = @keyname, @keyvalue
+
+      update = Dnsruby::Update.new(@zone)
+      update.add(fqdn, 'CNAME', 60, public_hostname)
+      dns.send_message(update)
+    end
+
+    def deregister_application(app_name, namespace)
+      begin
+        # delete the CNAME record for the application in the domain
+        fqdn = "#{app_name}-#{namespace}.#{@domain_suffix}"
+  
+        # We know we only have one CNAME per app, so look it up
+        # We need it for the delete
+        # should be an error if there's not exactly one answer
+        current = dns.query(fqdn, 'CNAME')
+        cnamevalue = current.answer[0].rdata.to_s        
+  
+        # enable updates with key
+        dns.tsig = @keyname, @keyvalue
+        update = Dnsruby::Update.new(@zone)
+        update_response = update.delete(fqdn, 'CNAME', cnamevalue)
+        send_response = dns.send_message(update)
+      rescue Dnsruby::NXDomain
+        Rails.logger.debug "DEBUG: BIND: Could not find CNAME for #{fqdn} to delete"
+      end
+    end
+  
+    def modify_application(app_name, namespace, public_hostname)
+      deregister_application(app_name, namespace)
+      register_application(app_name, namespace, public_hostname)
+    end
+
+    def publish
+    end
+
+    def close
+    end
+    
+  end
+end

data/openshift-origin-dns-bind.gemspec

@@ -0,0 +1,34 @@
+# -*- encoding: utf-8 -*-
+$:.push File.expand_path("../lib", __FILE__)
+lib_dir  = File.join(File.join("lib", "**"), "*")
+test_dir  = File.join(File.join("test", "**"), "*")
+bin_dir  = File.join("bin", "*")
+doc_dir  = File.join(File.join("doc", "**"), "*")
+spec_file = "rubygem-openshift-origin-dns-bind.spec"
+
+Gem::Specification.new do |s|
+  s.name        = "openshift-origin-dns-bind"
+  s.version     = `rpm -q --qf "%{version}\n" --specfile #{spec_file}`.split[0]
+  s.license     = `rpm -q --qf "%{license}\n" --specfile #{spec_file}`.split[0]
+  s.authors     = ["Krishna Raman"]
+  s.email       = ["kraman@gmail.com"]
+  s.homepage    = `rpm -q --qf "%{url}\n" --specfile #{spec_file}`.split[0]
+  s.summary     = `rpm -q --qf "%{description}\n" --specfile #{spec_file}`.split[0]
+  s.description = `rpm -q --qf "%{description}\n" --specfile #{spec_file}`.split[0]
+
+  s.rubyforge_project = "openshift-origin-dns-bind"
+
+  s.files       = Dir[lib_dir] + Dir[doc_dir]
+  s.test_files  = Dir[test_dir]
+  s.executables   = Dir[bin_dir]
+  s.files       += %w(README.md Rakefile Gemfile rubygem-openshift-origin-dns-bind.spec openshift-origin-dns-bind.gemspec LICENSE COPYRIGHT)
+  s.require_paths = ["lib"]
+
+  s.add_dependency('openshift-origin-controller')
+  s.add_dependency('json')  
+  s.add_dependency('dnsruby')
+  s.add_development_dependency('rake')  
+  s.add_development_dependency('rspec')
+  s.add_development_dependency('bundler')
+  s.add_development_dependency('mocha')
+end

data/rubygem-openshift-origin-dns-bind.spec

@@ -0,0 +1,139 @@
+%global ruby_sitelib %(ruby -rrbconfig -e "puts Config::CONFIG['sitelibdir']")
+%global gemdir %(ruby -rubygems -e 'puts Gem::dir' 2>/dev/null)
+%global gemname openshift-origin-dns-bind
+%global geminstdir %{gemdir}/gems/%{gemname}-%{version}
+
+Summary:        OpenShift plugin for BIND service
+Name:           rubygem-%{gemname}
+Version:        0.8.12
+Release:        1%{?dist}
+Group:          Development/Languages
+License:        ASL 2.0
+URL:            http://openshift.redhat.com
+Source0:        rubygem-%{gemname}-%{version}.tar.gz
+BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
+Requires:       ruby(abi) >= 1.8
+Requires:       rubygems
+Requires:       rubygem(openshift-origin-common)
+Requires:       rubygem(json)
+Requires:       bind
+Requires:       bind-utils
+Requires:       rubygem(dnsruby)
+Requires:       openshift-origin-broker
+Requires:  		selinux-policy-targeted
+Requires:  		policycoreutils-python
+Obsoletes:      rubygem-uplift-bind-plugin
+
+BuildRequires:  ruby
+BuildRequires:  rubygems
+BuildArch:      noarch
+Provides:       rubygem(%{gemname}) = %version
+
+%package -n ruby-%{gemname}
+Summary:        OpenShift plugin for Bind service
+Requires:       rubygem(%{gemname}) = %version
+Provides:       ruby(%{gemname}) = %version
+
+%description
+Provides a Bind DNS service based plugin
+
+%description -n ruby-%{gemname}
+Provides a Bind DNS service based plugin
+
+%prep
+%setup -q
+
+%build
+
+%install
+rm -rf %{buildroot}
+mkdir -p %{buildroot}%{gemdir}
+mkdir -p %{buildroot}%{ruby_sitelib}
+
+# Build and install into the rubygem structure
+gem build %{gemname}.gemspec
+gem install --local --install-dir %{buildroot}%{gemdir} --force %{gemname}-%{version}.gem
+
+# Symlink into the ruby site library directories
+ln -s %{geminstdir}/lib/%{gemname} %{buildroot}%{ruby_sitelib}
+ln -s %{geminstdir}/lib/%{gemname}.rb %{buildroot}%{ruby_sitelib}
+
+# Add documents/examples
+mkdir -p %{buildroot}%{_docdir}/%{name}-%{version}/
+cp -r doc/* %{buildroot}%{_docdir}/%{name}-%{version}/
+
+# Compile SELinux policy
+mkdir -p %{buildroot}/usr/share/selinux/packages/rubygem-openshift-origin-dns-bind
+cp %{buildroot}%{gemdir}/gems/openshift-origin-dns-bind-*/doc/examples/dhcpnamedforward.* %{buildroot}/usr/share/selinux/packages/rubygem-openshift-origin-dns-bind
+
+%clean
+rm -rf %{buildroot}                                
+
+%files
+%defattr(-,root,root,-)
+%doc %{_docdir}/%{name}-%{version}
+%dir %{geminstdir}
+%doc %{geminstdir}/Gemfile
+%{gemdir}/doc/%{gemname}-%{version}
+%{gemdir}/gems/%{gemname}-%{version}
+%{gemdir}/cache/%{gemname}-%{version}.gem
+%{gemdir}/specifications/%{gemname}-%{version}.gemspec
+/usr/share/selinux/packages/rubygem-openshift-origin-dns-bind
+
+%files -n ruby-%{gemname}
+%{ruby_sitelib}/%{gemname}
+%{ruby_sitelib}/%{gemname}.rb
+
+%changelog
+* Tue Oct 23 2012 Brenton Leanhardt <bleanhar@redhat.com> 0.8.12-1
+- removing remaining cases of SS and config.ss (dmcphers@redhat.com)
+- Making openshift-origin-msg-broker-mcollective a Rails engine so that it can
+  hook into Rails initializers Making openshift-origin-dns-bind a Rails engine
+  so that it can hook into Rails initializers (kraman@gmail.com)
+
+* Thu Oct 11 2012 Brenton Leanhardt <bleanhar@redhat.com> 0.8.11-1
+- Centralize plug-in configuration (miciah.masters@gmail.com)
+
+* Tue Oct 09 2012 Brenton Leanhardt <bleanhar@redhat.com> 0.8.10-1
+- Merge pull request #613 from kraman/master (openshift+bot@redhat.com)
+- Module name and gem path fixes for auth plugins (kraman@gmail.com)
+
+* Mon Oct 08 2012 Dan McPherson <dmcphers@redhat.com> 0.8.9-1
+- Fixing obsoletes for openshift-origin-port-proxy (kraman@gmail.com)
+
+* Fri Oct 05 2012 Krishna Raman <kraman@gmail.com> 0.8.8-1
+- new package built with tito
+
+* Thu Aug 30 2012 Brenton Leanhardt <bleanhar@redhat.com> 0.8.7-1
+- adding dnsruby dependency in bind plugin gemspec and spec file
+  (abhgupta@redhat.com)
+
+* Mon Aug 20 2012 Brenton Leanhardt <bleanhar@redhat.com> 0.8.6-1
+- gemspec refactorings based on Fedora packaging feedback (bleanhar@redhat.com)
+- allow ruby versions > 1.8 (mlamouri@redhat.com)
+- setup broker/nod script fixes for static IP and custom ethernet devices add
+  support for configuring different domain suffix (other than example.com)
+  Fixing dependency to qpid library (causes fedora package conflict) Make
+  livecd start faster by doing static configuration during cd build rather than
+  startup Fixes some selinux policy errors which prevented scaled apps from
+  starting (kraman@gmail.com)
+- Removing requirement to disable NetworkManager so that liveinst works Adding
+  initial support for dual interfaces Adding "xhost +" so that liveinst can
+  continue to work after hostname change to broker.example.com Added delay
+  befor launching firefox so that network is stable Added rndc key generation
+  for Bind Dns plugin instead of hardcoding it (kraman@gmail.com)
+- Add modify application dns and use where applicable (dmcphers@redhat.com)
+- MCollective updates - Added mcollective-qpid plugin - Added mcollective-
+  msg-broker plugin - Added mcollective agent and facter plugins - Added
+  option to support ignoring node profile - Added systemu dependency for
+  mcollective-client (kraman@gmail.com)
+
+* Wed May 30 2012 Krishna Raman <kraman@gmail.com> 0.8.5-1
+- Adding livecd build scripts Adding a text only minimal version of livecd
+  Added ability to access livecd dns from outside VM (kraman@gmail.com)
+
+* Fri Apr 27 2012 Krishna Raman <kraman@gmail.com> 0.8.4-1
+- cleaning up spec files (dmcphers@redhat.com)
+
+* Sat Apr 21 2012 Krishna Raman <kraman@gmail.com> 0.8.3-1
+- new package built with tito

metadata

@@ -0,0 +1,186 @@
+--- !ruby/object:Gem::Specification 
+name: openshift-origin-dns-bind
+version: !ruby/object:Gem::Version 
+  hash: 39
+  prerelease: false
+  segments: 
+  - 0
+  - 8
+  - 12
+  version: 0.8.12
+platform: ruby
+authors: 
+- Krishna Raman
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2012-10-23 00:00:00 -04:00
+default_executable: 
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  name: openshift-origin-controller
+  prerelease: false
+  requirement: &id001 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 3
+        segments: 
+        - 0
+        version: "0"
+  type: :runtime
+  version_requirements: *id001
+- !ruby/object:Gem::Dependency 
+  name: json
+  prerelease: false
+  requirement: &id002 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 3
+        segments: 
+        - 0
+        version: "0"
+  type: :runtime
+  version_requirements: *id002
+- !ruby/object:Gem::Dependency 
+  name: dnsruby
+  prerelease: false
+  requirement: &id003 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 3
+        segments: 
+        - 0
+        version: "0"
+  type: :runtime
+  version_requirements: *id003
+- !ruby/object:Gem::Dependency 
+  name: rake
+  prerelease: false
+  requirement: &id004 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 3
+        segments: 
+        - 0
+        version: "0"
+  type: :development
+  version_requirements: *id004
+- !ruby/object:Gem::Dependency 
+  name: rspec
+  prerelease: false
+  requirement: &id005 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 3
+        segments: 
+        - 0
+        version: "0"
+  type: :development
+  version_requirements: *id005
+- !ruby/object:Gem::Dependency 
+  name: bundler
+  prerelease: false
+  requirement: &id006 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 3
+        segments: 
+        - 0
+        version: "0"
+  type: :development
+  version_requirements: *id006
+- !ruby/object:Gem::Dependency 
+  name: mocha
+  prerelease: false
+  requirement: &id007 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 3
+        segments: 
+        - 0
+        version: "0"
+  type: :development
+  version_requirements: *id007
+description: Provides
+email: 
+- kraman@gmail.com
+executables: []
+
+extensions: []
+
+extra_rdoc_files: []
+
+files: 
+- lib/openshift-origin-dns-bind/engine/engine.rb
+- lib/openshift-origin-dns-bind/config/initializers/openshift-origin-dns-bind.rb
+- lib/openshift-origin-dns-bind/config/initializers/openshift-origin-dns-bind-defaults.conf
+- lib/openshift-origin-dns-bind/lib/openshift/bind_plugin.rb
+- lib/openshift-origin-dns-bind.rb
+- doc/examples/Kexample.com.+157+37399.private
+- doc/examples/192.168.0.reverse.db
+- doc/examples/dhclient.conf
+- doc/examples/dhcpnamedforward.te
+- doc/examples/example.com.db
+- doc/examples/Kexample.com.+157+37399.key
+- doc/examples/dhcpnamedforward.fc
+- doc/examples/dhclient-up-hooks
+- doc/examples/named.conf
+- doc/README.local_dns
+- README.md
+- Rakefile
+- Gemfile
+- rubygem-openshift-origin-dns-bind.spec
+- openshift-origin-dns-bind.gemspec
+- LICENSE
+- COPYRIGHT
+has_rdoc: true
+homepage: http://openshift.redhat.com
+licenses: 
+- ASL
+post_install_message: 
+rdoc_options: []
+
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
+      version: "0"
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
+      version: "0"
+requirements: []
+
+rubyforge_project: openshift-origin-dns-bind
+rubygems_version: 1.3.7
+signing_key: 
+specification_version: 3
+summary: Provides
+test_files: []
+