multi-master with mysql backend

Warren Kumari warren at kumari.net
Mon Feb 14 21:17:11 UTC 2011 

On Feb 14, 2011, at 12:54 PM, Torinthiel wrote:

> Dnia 2011-02-14 15:52 Mike Mitchell napisał(a):
>
>> I'd keep two copies of the BIND config, one that has all the zones as
> "master", and one that has all the zones as "slave".  When the  
> master dies,
> run a little script on a slave that freezes the zones, edits the SOA  
> to make
> that server the MNAME and increment the serial, then thaws the zone.  
> Swap
> out the config with the "master" config, and now you have a new  
> master.
>>
>> Before the broken master comes back online, swap out its config  
>> with the
> "slave" config.
>>
>> No need for rsync or mysql, BIND replication does all the work for  
>> you.
> Just be sure the updates go to the server listed in the MNAME field  
> of the
> SOA.
>
> Nice idea. I'd go even further - why keep two configs? Have a file  
> with your
> list of zones, and two scripts that generate either master or slave  
> config.

I'm probably going to regret this, but I'm basically doing what you  
suggest for some (~15-20) personal domains. Every now and then someone  
asks me to run a mailing list for them, please "just host a website",  
etc. I got tired of updating named.conf on a bunch of servers, cp ~/ 
configs/base_bind.db /etc/namedb/example.com, add stuff to apache, go  
poke postfix on N mailhosts, kick mailman, etc so I finally invested  
the time and effort into setting up puppet -- it was *well* worth it...

Now I have a Python dictionary that looks like:
{
"ac4wk.com":        {"bind": "local",   "postfix_virtual": True,  
"base_web": True,  "redirect": False },
"af7.org":               {"bind": "local",   "postfix_virtual": True,  
"base_web": True,  "redirect": False },
.....
}
and a little script that creates a set of Puppet arrays. Puppet then  
reads these and does magic.
"bind":"local" specifies to use a template that lists my machines as  
MX and www and similar
postfix_virtual add the domain to the virtual lines in postfix to the  
mailservers know to accept mail for it
base_web creates directories, add the site to the apache config and  
copies some base html files.
redirect: Can be set to a different domains and will then setup a  
domain to serve a 302 redirect to some other domain..

My master has
    # And setup bind.
   $bind_type = "master"
   include bind

and slaves have:
   # And setup bind.
   $bind_type = "slave"
   $bindmaster = "198.186.192.250"

   include bind
   bind::db_files {["22.194.204.in-addr.arpa", "58.177.216.in- 
addr.arpa"]:}

in the node manifest.

named.conf is automatically generated from a template, containing some  
base config and:

// Section managed by Puppet.
<% if bind_type == "master" then %>
   <% zones.each do |zone| -%>
// <%= zone %> -- Zone stanza generated by puppet.
    zone "<%= zone %>" {
        type master;
        file "/etc/namedb/<%= zone %>";
        auto-dnssec maintain;
        update-policy {
          grant local-ddns subdomain * ANY;
          grant tsig_1.kumari.net. zonesub ANY;
          };
        allow-transfer { xfer; };
    };

   <% end -%>
<% else %>
   <% zones.each do |zone| -%>
// <%= zone %> -- Zone stanza generated by puppet.

    zone "<%= zone %>" {
        type slave;
        file "/etc/namedb/slave/<%= zone %>";
        allow-transfer { xfer; };
        masters { <%= bindmaster %>; };
    };

   <% end -%>
<% end %>


This means that adding a new domain now just involves adding a line to  
the python dictionary and running a script to convert the python to  
the puppet arrays -- takes all of 20 seconds.
Making a slave become a master (which I've done a few times as a test)  
involves simply changing the line in the manifest.


I realize that this is getting off topic, but puppet has made my life  
way easier (this part was a insignificant part of it) and I wanted to  
share :-P

W

> Now you are keeping one common config on both severs, which changes  
> only
> when you add/remove a zone, and two scripts which are almost  
> identical,
> except for one line (master address). This should be easier to  
> maintain.
> Now, just in case, you could put on startup scripts the one that  
> generates
> slave config, so if it reboots you don't have two master servers.
> And you could cook up a more complicated script, that tries to ping  
> the
> other server and runs master config generation, freeze, soa change,  
> thaw,
> reload and send you an email - and you have fully automated HA.
> Torinthiel
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

--
Some people are like Slinkies......Not really good for anything but  
they still bring a smile to your face when you push them down the  
stairs.

More information about the bind-users mailing list