DirectSlave - solution to add and remove zones on slave without DirectAdmin

That's odd, because:
have no permission to remove blabla.sla.pl owned by none
Click to expand...
Which indicates some domains would be owned by "none" instead of by named.
Are the directory's also owned by named?
Is there anything about this in the error log of Directslave?
Maybe Sellerone has some ideas about this....
 
Question #1, how did you install it on CentOS 7? Can you provide a list of packages you needed?

Regarding your issue, i actually have (sometimes) the same issue, it does look like that DS is not "grabbing" the owner value for the domain and because it don't match it's not deleting the zone, it happen randomly to me in two different servers, i guess that we would actually need some help/debug from roman_m (the author of DS) here :)

Best regards
 
I probably manage to fix that problem .
You need to specify look on allow var in script. I setup ip/24 instead ip/32 and now it is working correct .
 
That's strange, in my conf i have allower everywhere:
allow 0.0.0.0/0

Are you talking about the file: /usr/local/directslave/etc/directslave.conf ?

Best regards
 
Yes .
Here is my file
Code: 
[root@slave etc]# cat directslave.conf
background      1
server_type     HTTP
host            *
port            2222
sslport         2224
ssl             off
ssl_cert        /usr/local/directslave/ssl/server.crt
ssl_key         /usr/local/directslave/ssl/server.key

debug           1
uid             named
gid             named

pid             /usr/local/directslave/run/directslave.pid
access_log      /usr/local/directslave/log/access.log
error_log       /usr/local/directslave/log/error.log
action_log      /usr/local/directslave/log/action.log

named_workdir   /var/named/slaves
named_conf      /var/named/directslave.conf
retry_time      1200
rndc_path       /sbin/rndc

allow           xxx.xx.xx.xxx/24

authfile        /usr/local/directslave/etc/passwd
 
Almost the same here:
Code: 
background      1
server_type     HTTP
host            IP
port            2222
sslport         2224
ssl             off
ssl_cert        /usr/local/directslave/ssl/server.crt
ssl_key         /usr/local/directslave/ssl/server.key

debug           0
uid             named
gid             named

pid             /usr/local/directslave/run/directslave.pid
access_log      /usr/local/directslave/log/access.log
error_log       /usr/local/directslave/log/error.log
action_log      /usr/local/directslave/log/action.log

named_workdir   /var/named/slaves
named_conf      /var/named/slaves.conf
retry_time      1200
rndc_path       /usr/sbin/rndc

allow           0.0.0.0/0

authfile        /usr/local/directslave/etc/passwd

I need to keep that open Alow because i'm managing with authentication who can access, is not a single box or a single subnet.

But it shouldn't change anything.. if it does work always on creation and randomly in removal, is not that (i think) :)

Best regards
 
Last edited:
Anyway, can you please confirm the packages you did install to make DS work on CentOS 7?

This will be helpful for further references.

Thanks
 
Packages hmmm nothing unusual
yum group install Developments tools
yum install named
yum install perl-pecl
and using pecl i installed missing perl modules.
Nothing more all is working ok .
 
use cpan

kisiek said:
Packages hmmm nothing unusual
yum group install Developments tools
yum install named
yum install perl-pecl
and using pecl i installed missing perl modules.
Nothing more all is working ok .
Click to expand...


To use "allow" directive you need Net::CIDR module, here it is http://search.cpan.org/~mrsam/Net-CIDR-0.18/

I recommend to use native integrated "cpan" shell and not any kind of *ecl.
 
How about problem with perfectly refer SellerOne ?

Regarding your issue, i actually have (sometimes) the same issue, it does look like that DS is not "grabbing" the owner value for the domain and because it don't match it's not deleting the zone, it happen randomly to me in two different servers, i guess that we would actually need some help/debug from roman_m (the author of DS) here
Click to expand...

P.S
I forgot that i apply Roman patch for DSGI about array .
And patch for reload rndc from one of forum user ( it is in this topic )
 
Hi all,

I did an reinstall because i messed up my system. I did remember that I spent 3 days with the install so i kept an log of what i was doing.
This turned out to be an bash script which does the following from an clean Centos 6 system:

- Update all
- Add an new user an disable root login on ssh
- Install all the nessecary perl modules
- Install DS, named and fail2ban
- config it all together (no ssl for DS, fail2ban jails: SSH, Named en DA, Iptables basic sets, named to function as slave), named als slave
- adding startup script and do the chkconfig settings

Save it to any kind of sh file.
Chmod to 777
run it (when calling the script you have to put some arguments: <username> <password> <ip of master>)
delete it ;)

It's my first bash script, so feedback is always welcome.

Here it is...

Code: 
#!/bin/sh

if [ -z "$1" ]; then
 echo "useage <username> <userpass> <master ip>";
 exit 0;
fi
if [ -z "$2" ]; then
 echo "useage <username> <userpass> <master ip>";
 exit 0;
fi
if [ -z "$3" ]; then
 echo "useage <username> <userpass> <master ip>";
 exit 0;
fi
echo "Saving most outputs to /root/install.log";

echo "doing updates and installs"
yum update -y > /root/install.log
yum install epel-release -y >> /root/install.log
yum install bind fail2ban perl-Time-HiRes.x86_64 -y >> /root/install.log

service named start >> /root/install.log
service named stop >> /root/install.log

echo "creating user "$1" and adding to wheel"
useradd -G wheel $1 > /root/install.log
echo $2 |passwd $1 --stdin  >> /root/install.log
echo "disable root acces to ssh"
sed -i '/PermitRootLogin/ c\PermitRootLogin no' /etc/ssh/sshd_config
service sshd restart  >> /root/install.log

echo "ïnstalling perl modules"
cd ~
wget -q http://www.cpan.org/authors/id/R/RS/RSAVAGE/Crypt-PasswdMD5-1.40.tgz  >> /root/install.log
tar -xf Crypt-PasswdMD5-1.40.tgz
cd Crypt-PasswdMD5-1.40
perl Makefile.PL
make  >> /root/install.log
make test  >> /root/install.log
make install  >> /root/install.log

cd ~
wget -q http://www.cpan.org/authors/id/B/BI/BINGOS/Config-Auto-0.44.tar.gz  >> /root/install.log
tar -xf Config-Auto-0.44.tar.gz
cd Config-Auto-0.44
perl Makefile.PL
make  >> /root/install.log
make test  >> /root/install.log
make install  >> /root/install.log

cd ~
wget -q http://www.cpan.org/authors/id/R/RH/RHANDOM/Net-Server-2.008.tar.gz  >> /root/install.log
tar -xf Net-Server-2.008.tar.gz
cd Net-Server-2.008
perl Makefile.PL
make  >> /root/install.log
make test >> /root/install.log
make install >> /root/install.log

cd ~
wget -q http://www.cpan.org/authors/id/M/MR/MRSAM/Net-CIDR-0.18.tar.gz  >> /root/install.log
tar -xf Net-CIDR-0.18.tar.gz
cd Net-CIDR-0.18
perl Makefile.PL
make  >> /root/install.log
make test >> /root/install.log
make install >> /root/install.log

echo "installing and confugrating directslave"
cd ~
wget -q http://regme.in/download/directslave-2.1-beta.tar.gz  >> /root/install.log
tar -xf directslave-2.1-beta.tar.gz
mv directslave /usr/local/
cd /usr/local/directslave

chown named:named -R /usr/local/directslave
cp /usr/local/directslave/etc/directslave.conf /usr/local/directslave/etc/directslave.conf.copy

sed -i '/background/ c\background      1' /usr/local/directslave/etc/directslave.conf
sed -i '/uid/ c\uid             named' /usr/local/directslave/etc/directslave.conf
sed -i '/gid/ c\gid             named' /usr/local/directslave/etc/directslave.conf
sed -i '/^ssl             on$/ c\ssl             off' /usr/local/directslave/etc/directslave.conf
sed -i '/^debug/ c\debug           0' /usr/local/directslave/etc/directslave.conf

#mkdir /etc/namedb
mkdir -p /etc/namedb/secondary
touch /etc/namedb/secondary/named.conf
chown named:named -R /etc/namedb
echo "preparing named for jail2ban"
mkdir /var/log/named
touch /var/log/named/security.log
chmod a+w -R /var/log/named

echo "
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

options {
        listen-on port 53 { any; };
        listen-on-v6 port 53 { any; };
        directory       \"/var/named\";
        dump-file       \"/var/named/data/cache_dump.db\";
        statistics-file \"/var/named/data/named_stats.txt\";
        memstatistics-file \"/var/named/data/named_mem_stats.txt\";
        allow-query     { any; };
        allow-recursion { none; };
		allow-notify	{ "$3"; };
		allow-transfer	{ none; };
        dnssec-enable yes;
        dnssec-validation yes;

        /* Path to ISC DLV key */
        bindkeys-file \"/etc/named.iscdlv.key\";

        managed-keys-directory \"/var/named/dynamic\";
};



logging {
		channel security_file {
			file \"/var/log/named/security.log\" versions 3 size 30m;
			severity dynamic;
			print-time yes;
		};
		category security {
			security_file;
		};
        channel default_debug {
                file \"data/named.run\";
                severity dynamic;
        };
};

zone \".\" IN {
        type hint;
        file \"named.ca\";
};

include \"/etc/named.rfc1912.zones\";
include \"/etc/named.root.key\";

include \"/etc/namedb/directslave.conf\";

" > /etc/named.conf

/usr/local/directslave/bin/pass $1 $2
/usr/local/directslave/bin/directslave --check  >> /root/install.log
rm /usr/local/directslave/run/directslave.pid


echo "setting basic iptables"
service iptables stop  >> /root/install.log
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
iptables -F
iptables -N LOGGING
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 2222 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
iptables -A INPUT -p udp -m udp --dport 53 -j ACCEPT
iptables -A INPUT -j LOGGING
iptables -A LOGGING -m limit --limit 2/min -j LOG --log-prefix "IPTables-Dropped: "
iptables -A LOGGING -j DROP
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
service iptables save >> /root/install.log


echo "install and configure fail2ban"
cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
sed -i '/^\[sshd\]/ a enabled = true' /etc/fail2ban/jail.local
sed -i '/\[sshd-ddos\]/ a enabled = true' /etc/fail2ban/jail.local
sed -i '/\[selinux-ssh\]/ a enabled = true' /etc/fail2ban/jail.local
sed -i '/\[named-refused\]/ a enabled = true' /etc/fail2ban/jail.local
sed -i '/\[directadmin\]/ a enabled = true' /etc/fail2ban/jail.local
sed -i '/logpath = \/var\/log\/directadmin\/login.log/ c\logpath = /usr/local/directslave/log/access.log' /etc/fail2ban/jail.local


echo "building directslave service"
echo "
#!/bin/sh

# directslave daemon            Start/Stop/Status/Restart

# chkconfig: 2345 80 20
# description: Allow you to use DirectAdmin Multi-Server function \
#              without need to have a DirectAdmin license, \
#              for manage external DNS Server.
# processname: directslave
# config: /usr/local/directslave/etc/directslave.conf
# pidfile: /usr/local/directslave/run/directslave.pid

# Source function library
. /etc/rc.d/init.d/functions

PROGBIN=\"/usr/local/directslave/bin/directslave --run\"
PROGLOCK=/var/lock/subsys/directslave
PROGNAME=directslave

#check the command line for actions

start() {
        echo -n \"Starting DirectSlave: \"
        daemon \$PROGBIN
        echo
        touch \$PROGLOCK
}

stop() {
        echo -n \"Stopping DirectSlave: \"
        killproc \$PROGNAME
        echo
        rm -f \$PROGLOCK
}

reload() {
        echo -n \"Reloading DirectSlave config file: \"
        killproc \$PROGNAME -HUP
        echo
}
case \"\$1\" in
        start)
                start
                ;;
        stop)
                stop
                ;;
        status)
                status $PROGNAME
                ;;
        restart)
                stop
                start
                ;;
        reload)
                reload
                ;;
        *)
                echo \"Usage: \$1 {start|stop|status|reload|restart}\"
                exit 1
esac

exit 0
" > /etc/rc.d/init.d/directslave

echo "setting chkconfig and starting up"
chown root:root /etc/rc.d/init.d/directslave
chmod 755 /etc/rc.d/init.d/directslave
chkconfig --add directslave
chkconfig --level 2345 directslave on
chkconfig --level 345 fail2ban on
chkconfig iptables on
chkconfig --level 345 named on


service iptables restart >> /root/install.log
service fail2ban start >> /root/install.log
service named restart >> /root/install.log
service directslave restart >> /root/install.log

echo "all done!"
exit 0;
 

Attachments

Last edited:
You are not aplying patch from previus posts ?
Can you write down that only work on Centos 6 :)
 
@jordivn - can I make a suggestion?

Could we put your script into a public github repo so that there's a single definitive source for the script that can be maintained and updated over time?

My largest frustration with the DirectAdmin forum is that there is so much amazing information here but it can take many hours to sort through multiple 22+ page threads to find tweaks, suggestions, improvements etc to something like this.

If we can put the script it into a public github repo then the script will be easily found, have a history of changes and allow others to submit pull requests to provide suggested improvements. This DA thread can be updated to include the github repo link on the first page so that people don't have to hunt through the thread for newer versions, patches etc.

It would also mean we can use the repo Wiki to create documentation. I have been wanting to create a decent tutorial showing someone how to spin up a $5/month Digital Ocean droplet and have DirectSlave up and running and configured in 10 mins. I'd be happy to write that up and add it to the repo so again there's a single definitive location for the "how to" guide rather than digging through 22+ pages of thread.

I'd be very happy to jam on this with you. If you're not familiar with github I'd be very happy to set up the repo for you and work with you on this.

Thoughts?
 
Hi All,

It's just a script what worked for me (getting an second dns server for DA).
Feel free to modify it and put it on github (i dont have any expirents with that).
My only intentions are to share it. I'm not going to maintain it in some way (I don't have to install it that ofthen :o )
If any of you would like it to maintain or improve, you're welcome.
 
Hi to all the DirectSlave users! :)

I've got something amazing for you.

This is a brand NEW DirectSlave GO/3.0 - rock solid, bare metal cross-compiled, statically linked binary package.

No more perl, no CPAN, no modules, no dependencies - just install it as system services and start having fun.

Reduced memory & CPU consumption, exactly for tiny virtual instances (with 512Mb RAM).

Written in Go, available for Linux (x32, amd64 & arm) & FreeBSD (x32, amd64).

Feel free to contact me for getting a beta in one or two weeks :)
 
Last edited:
Sounds amazing indeed. Great work. :)
Unfortunately I don't have a vps or server for DS available right now, otherwise I would be pleased to test the beta with you guys!
 
You must log in or register to reply here.
Back
Top