From 693079113d7fc748e7a98d46e04965d0d7d28b60 Mon Sep 17 00:00:00 2001 From: Simon Marsh Date: Thu, 16 Jan 2025 09:34:11 +0000 Subject: [PATCH] major refactor --- dns.sh | 22 +++ dnsconfig.js | 88 +++++++++- domains/010-reverse.js | 127 ++++++++++----- domains/020-burble.com.js | 51 +++--- domains/030-burble.dn42.js | 117 +++++++------- domains/035-evpn.burble.dn42.js | 47 ------ domains/040-collector.dn42.js | 12 +- domains/050-elburb.dn42.js | 14 +- dynamic/nodes.js | 21 ++- dynamic/virtual.js | 277 +++++++++++++++++++------------- 10 files changed, 496 insertions(+), 280 deletions(-) create mode 100755 dns.sh delete mode 100644 domains/035-evpn.burble.dn42.js diff --git a/dns.sh b/dns.sh new file mode 100755 index 0000000..c6fbae9 --- /dev/null +++ b/dns.sh @@ -0,0 +1,22 @@ +#!/bin/bash -e +########################################################################### +# invoke dnscontrol with api keys from vault + +if ! vault token lookup >/dev/null 2>&1 +then + echo >&2 'vault token lookup failed, are you logged in to vault ?' + exit 1 +fi + +keys=$(vault kv get -format=json \ + -mount='burble.dn42/infra' \ + dns/api-keys | \ + jq .data.data) + +export PDNS_API_KEY=$(jq -r .PDNS_API_KEY <<< "$keys") +export CLOUDFLARE_API_KEY=$(jq -r .CLOUDFLARE_API_KEY <<< "$keys") + +dnscontrol "$@" + +########################################################################### +# end of file diff --git a/dnsconfig.js b/dnsconfig.js index 44f5027..ab74760 100644 --- a/dnsconfig.js +++ b/dnsconfig.js @@ -8,7 +8,7 @@ var PDNS = NewDnsProvider( 'dnssec_on_create': true } ); -var CF = NewDnsProvider( +var CLOUDFLARE = NewDnsProvider( 'cloudflare' ); @@ -19,12 +19,92 @@ DEFAULTS( CF_PROXY_DEFAULT_OFF ); +////////////////////////////////////////////////////////////////////////// +// some global variables and constants + +// the current domain var domain; -////////////////////////////////////////////////////////////////////////// +// dn42 reverse zones follow RFC2317 +REVCOMPAT('rfc2317') -// import util files -require_glob('utils/', false) +// reverse maps +var rev4_map = [ ] +var rev6_map = [ ] + +////////////////////////////////////////////////////////////////////////// +// determine reverse zones from maps + +function rev4_zone(ipv4) +{ + var num = IP(ipv4) + + for (var i = 0; i < rev4_map.length; i++) { + + z = rev4_map[i] + + var prefix = z[0] + var mask = z[1] + var zone = z[2] + + if (((num & mask) >>> 0) == prefix) { + return zone + } + } + + console.log("rev4_zone failed to find match: " + ipv4) + return undefined +} + +function rev6_zone(ipv6) +{ + for (var i = 0; i < rev6_map.length; i++) { + + z = rev6_map[i] + + var prefix = z[0] + var zone = z[1] + var plen = prefix.length + + if (ipv6.substring(0, plen) == prefix) { + return zone + } + } + + console.log("rev6_zone failed to find match: " + ipv6) + return undefined +} + +////////////////////////////////////////////////////////////////////////// +// return the fqdn for a name + +function fqdn(name) +{ + if (name === '@') { + return domain+'.'; + } + return name+"."+domain+'.'; +} + +////////////////////////////////////////////////////////////////////////// +// add a forward and reverse zone record + +function host(name, ipv6, ipv4) +{ + if (typeof ipv6 !== 'undefined') { + D_EXTEND(domain, AAAA(name, ipv6)) + var z6 = rev6_zone(ipv6) + D_EXTEND(z6, PTR(ipv6, fqdn(name))) + } + + if (typeof ipv4 !== 'undefined') { + D_EXTEND(domain, A(name, ipv4)) + var z4 = rev4_zone(ipv4) + D_EXTEND(z4, PTR(ipv4, fqdn(name))) + } +} + +////////////////////////////////////////////////////////////////////////// // import dynamic info require_glob('dynamic/', false) diff --git a/domains/010-reverse.js b/domains/010-reverse.js index e412e96..720e9d8 100644 --- a/domains/010-reverse.js +++ b/domains/010-reverse.js @@ -1,57 +1,112 @@ ////////////////////////////////////////////////////////////////////////// -// define domains -// burble.dn42 -var rz_s4 = REV('172.20.129.0/27'); -var rz_n4 = REV('172.20.129.160/27'); -var rz_6 = REV('fd42:4242:2601::/48'); -var elb_rz_6 = REV('fd8f:a4c9:1c03::/48'); -pdns_domain(rz_s4); -pdns_domain(rz_n4); -pdns_domain(rz_6); -pdns_domain(elb_rz_6); +function primary_rev_zone(zone) { + + D( + zone, + REG_NONE, + DnsProvider(PDNS), + NAMESERVER_TTL(62400), + NAMESERVER('ns1.burble.dn42.'), + DefaultTTL(3600) + ) + +} ////////////////////////////////////////////////////////////////////////// -// special reverse zones + +var z + +////////////////////////////////////////////////////////////////////////// +// burble.dn42 zones + +// ipv4 services range + +z = REV('172.20.129.0/27') +primary_rev_zone(z) +rev4_map.push([ + IP('172.20.129.0'), + IP('255.255.255.224'), + z +]) + +// ipv4 nodes range + +z = REV('172.20.129.160/27') +primary_rev_zone(z) +rev4_map.push([ + IP('172.20.129.160'), + IP('255.255.255.224'), + z +]) + +// ipv6 range + +z = REV('fd42:4242:2601::/48') +primary_rev_zone(z) +rev6_map.push([ 'fd42:4242:2601', z ]) + +////////////////////////////////////////////////////////////////////////// +// elburb.dn42 fake zone + +z = REV('fd8f:a4c9:1c03::/48') +primary_rev_zone(z) +rev6_map.push([ 'fd8f:a4c9:1c03', z ]) + +////////////////////////////////////////////////////////////////////////// +// dn42 reverse zones // b.master.delegation-servers.dn42 -var rz_master = REV('fd42:180:3de0:30::/60'); -pdns_domain(rz_master); + +z = REV('fd42:180:3de0:30::/60') +primary_rev_zone(z) +rev6_map.push([ 'fd42:180:3de0:30', z ]) D_EXTEND( - rz_master, + z, PTR('fd42:180:3de0:30::1', 'b.master.delegation-servers.dn42.') ); -// Registry Services -var rz_regsvc4 = REV('172.22.63.0/28'); -var rz_regsvc6 = REV('fd42:180:3de0:100::/60'); -pdns_domain(rz_regsvc4); +// dn42 registry services + +z = REV('172.22.63.0/28') +primary_rev_zone(z) +rev4_map.push([ + IP('172.22.63.0'), + IP('255.255.255.240'), + z +]) + D_EXTEND( - rz_regsvc4, - PTR('172.22.63.1', 'route.git.dn42.'), - PTR('172.22.63.2', 'git.dn42.'), - PTR('172.22.63.3', 'drone.git.dn42.'), - PTR('172.22.63.4', 'runners.git.dn42.') + z, + PTR('172.22.63.1', 'route.git.dn42.' ), + PTR('172.22.63.2', 'git.dn42.' ), + PTR('172.22.63.3', 'drone.git.dn42.' ), + PTR('172.22.63.4', 'runners.git.dn42.' ) ); -pdns_domain(rz_regsvc6); +z = REV('fd42:180:3de0:100::/60') +primary_rev_zone(z) +rev6_map.push([ 'fd42:180:3de0:100', z ]) + D_EXTEND( - rz_regsvc6, - PTR('fd42:180:3de0:100::1', 'route.git.dn42.'), - PTR('fd42:180:3de0:100:fc5f:3a14:838e:a7a7', 'git.dn42.'), - PTR('fd42:180:3de0:100:42e6:9ff:fe09:bfc0', 'drone.git.dn42.'), - PTR('fd42:180:3de0:100:216:3eff:fecd:471f', 'runners.git.dn42.') + z, + PTR('fd42:180:3de0:100::1', 'route.git.dn42.' ), + PTR('fd42:180:3de0:100:fc5f:3a14:838e:a7a7', 'git.dn42.' ), + PTR('fd42:180:3de0:100:42e6:9ff:fe09:bfc0', 'drone.git.dn42.' ), + PTR('fd42:180:3de0:100:216:3eff:fecd:471f', 'runners.git.dn42.' ) ); -var rz_bdn42_regsvc6 = REV('fd42:180:3de0:110::/60'); -pdns_domain(rz_bdn42_regsvc6); -D_EXTEND( - rz_bdn42_regsvc6, - PTR('fd42:180:3de0:110:92ac:47ff:fe36:8769', 'gitea.regsvcs.uk-lon4.burble.dn42.'), - PTR('fd42:180:3de0:110:f2f9:d9ff:fea5:14ff', 'drone.regsvcs.uk-lon4.burble.dn42.') -); +z = REV('fd42:180:3de0:110::/60') +primary_rev_zone(z) +rev6_map.push([ 'fd42:180:3de0:110', z ]) + +//D_EXTEND( +// rz_bdn42_regsvc6, +// PTR('fd42:180:3de0:110:92ac:47ff:fe36:8769', 'gitea.regsvcs.uk-lon4.burble.dn42.'), +// PTR('fd42:180:3de0:110:f2f9:d9ff:fea5:14ff', 'drone.regsvcs.uk-lon4.burble.dn42.') +//); ////////////////////////////////////////////////////////////////////////// // end of file diff --git a/domains/020-burble.com.js b/domains/020-burble.com.js index 32958e8..afd185f 100644 --- a/domains/020-burble.com.js +++ b/domains/020-burble.com.js @@ -2,7 +2,7 @@ // define domains domain='burble.com'; -cf_domain(domain); +D(domain, REG_NONE, DnsProvider(CLOUDFLARE)) ////////////////////////////////////////////////////////////////////////// // email via gmail, and keybase auth @@ -60,35 +60,40 @@ D_EXTEND( CNAME('paste', cf_tun_uk_lon1, CF_PROXY_ON), CNAME('lg', cf_tun_uk_lon1, CF_PROXY_ON), CNAME('lounge', cf_tun_uk_lon1, CF_PROXY_ON), - CNAME('wiki', cf_tun_uk_lon1, CF_PROXY_ON), - - A('factorio', '188.165.192.158'), - AAAA('factorio', '2001:41d0:2:899e::1') -); + CNAME('wiki', cf_tun_uk_lon1, CF_PROXY_ON) + +) ////////////////////////////////////////////////////////////////////////// -// nodes +// add entries for each node -// normal nodes +nodes.forEach(function(node) { -nodes.forEach(function(n) { - - // ipv4 - if (typeof n[1] !== 'undefined') { - D_EXTEND(domain,A(n[0], n[1])); - D_EXTEND(domain,A('ipv4.' + n[0], n[1])); + var name = node[0] + var ipv4 = node[1] + var ipv6 = node[2] + var pub = node[3] + + // ipv4 forward records + if (typeof ipv4 !== 'undefined') { + // .burble.com + D_EXTEND(domain, A(name, ipv4)) + // ipv4..burble.com + D_EXTEND(domain, A('ipv4.' + name, ipv4)) + } + + // ipv4 forward records + if (typeof ipv6 !== 'undefined') { + // .burble.com + D_EXTEND(domain, AAAA(name, ipv6)) + // ipv6..burble.com + D_EXTEND(domain, AAAA('ipv6.' + name, ipv6)) } - // ipv6 - if (typeof n[2] !== 'undefined') { - D_EXTEND(domain,AAAA(n[0], n[2])); - D_EXTEND(domain,AAAA('ipv6.' + n[0], n[2])); - } - - // DN42 public node - if (n[3] == 'true') { - D_EXTEND(domain,CNAME('dn42-'+n[0], n[0]+'.burble.com.')); + // add dn42-.burble.com for public nodes + if (pub == 'true') { + D_EXTEND(domain, CNAME('dn42-'+name, name+'.burble.com.')) } }); diff --git a/domains/030-burble.dn42.js b/domains/030-burble.dn42.js index 6bbb9a2..ffb2734 100644 --- a/domains/030-burble.dn42.js +++ b/domains/030-burble.dn42.js @@ -2,7 +2,15 @@ // define domains domain='burble.dn42'; -pdns_domain(domain); + +D( + domain, + REG_NONE, + DnsProvider(PDNS), + NAMESERVER_TTL(62400), + NAMESERVER('ns1.burble.dn42.'), + DefaultTTL(3600) +) ////////////////////////////////////////////////////////////////////////// // special records @@ -10,35 +18,35 @@ pdns_domain(domain); D_EXTEND( domain, TXT('canary', "It's Alive!", TTL(1)) -); +) ////////////////////////////////////////////////////////////////////////// // services // IPv4 service names -service('ns1', 'fd42:4242:2601:ac53::1', '172.20.129.1'); -service('dns', 'fd42:4242:2601:ac53::53', '172.20.129.2'); -service('@', 'fd42:4242:2601:ac80::1', '172.20.129.3'); -service('grc', 'fd42:4242:2601:ac12::1', '172.20.129.4'); -service('pingable', 'fd42:4242:2601:ac05::1', '172.20.129.5'); +host('ns1', 'fd42:4242:2601:ac53::1', '172.20.129.1') +host('dns', 'fd42:4242:2601:ac53::53', '172.20.129.2') +host('@', 'fd42:4242:2601:ac80::1', '172.20.129.3') +host('grc', 'fd42:4242:2601:ac12::1', '172.20.129.4') +host('pingable', 'fd42:4242:2601:ac05::1', '172.20.129.5') // 6 was nats // 7 was rproxy -service('whois', 'fd42:4242:2601:ac43::1', '172.20.129.8'); -service('asterisk.fr-par1', 'fd42:4242:2601:36:216:3eff:fe8f:6211', '172.20.129.9'); -service('shell', 'fd42:4242:2601:ac22::1', '172.20.129.10'); -service('traefik-v2', 'fd42:4242:2601:ac81::1', '172.20.129.11'); -service('traefik', 'fd42:4242:2601:ac82::1', '172.20.129.12'); -service('traefik-eu', 'fd42:4242:2601:ac83::1', '172.20.129.13'); -service('traefik-na', 'fd42:4242:2601:ac84::1', '172.20.129.14'); +host('whois', 'fd42:4242:2601:ac43::1', '172.20.129.8') +host('asterisk.fr-par1', 'fd42:4242:2601:36:216:3eff:fe8f:6211', '172.20.129.9') +host('shell', 'fd42:4242:2601:ac22::1', '172.20.129.10') +host('traefik-v2', 'fd42:4242:2601:ac81::1', '172.20.129.11') +host('traefik', 'fd42:4242:2601:ac82::1', '172.20.129.12') +host('traefik-eu', 'fd42:4242:2601:ac83::1', '172.20.129.13') +host('traefik-na', 'fd42:4242:2601:ac84::1', '172.20.129.14') // services 172.20.129.15 -> 172.20.129.20 are unassigned -service('shell.ca-bhs1', 'fd42:4242:2601:100c:72ef:f1ff:febb:d521', '172.20.129.21'); -service('shell.us-ash1', 'fd42:4242:2601:1017:72ef:f1ff:febb:d521', '172.20.129.22'); -service('shell.fr-rbx1', 'fd42:4242:2601:1006:72ef:f1ff:febb:d521', '172.20.129.23'); -service('shell.de-fra2', 'fd42:4242:2601:100b:72ef:f1ff:febb:d521', '172.20.129.24'); -service('shell.uk-lon1', 'fd42:4242:2601:1015:72ef:f1ff:febb:d521', '172.20.129.25'); -service('shell.fr-par1', 'fd42:4242:2601:1016:216:3eff:fe01:2f1f', '172.20.129.28'); -service('shell.us-nyc2', 'fd42:4242:2601:101d:72ef:f1ff:febb:d521', '172.20.129.26'); -service('shell.us-lax2', 'fd42:4242:2601:1018:72ef:f1ff:febb:d521', '172.20.129.27'); +host('shell.ca-bhs1', 'fd42:4242:2601:100c:72ef:f1ff:febb:d521', '172.20.129.21') +host('shell.us-ash1', 'fd42:4242:2601:1017:72ef:f1ff:febb:d521', '172.20.129.22') +host('shell.fr-rbx1', 'fd42:4242:2601:1006:72ef:f1ff:febb:d521', '172.20.129.23') +host('shell.de-fra2', 'fd42:4242:2601:100b:72ef:f1ff:febb:d521', '172.20.129.24') +host('shell.uk-lon1', 'fd42:4242:2601:1015:72ef:f1ff:febb:d521', '172.20.129.25') +host('shell.fr-par1', 'fd42:4242:2601:1016:216:3eff:fe01:2f1f', '172.20.129.28') +host('shell.us-nyc2', 'fd42:4242:2601:101d:72ef:f1ff:febb:d521', '172.20.129.26') +host('shell.us-lax2', 'fd42:4242:2601:1018:72ef:f1ff:febb:d521', '172.20.129.27') // shell aliases @@ -66,15 +74,15 @@ D_EXTEND( // internal anycasts -service('rpki', 'fd42:4242:2601:ac10::1'); -service('dns64', 'fd42:4242:2601:ac53::64'); -service('dns-slave', 'fd42:4242:2601:ac00::53:1'); -service('dns-secondary', 'fd42:4242:2601:acf0::50:1'); -service('ldap', 'fd42:4242:2601:acf0::60:1'); -service('traefik-tier2', 'fd42:4242:2601:acf0::70:1'); -service('traefik-eu-tier2', 'fd42:4242:2601:acf0::75:1'); -service('traefik-na-tier2', 'fd42:4242:2601:acf0::76:1'); -service('traefik-infra', 'fd42:4242:2601:acf0::80:1'); +host('rpki', 'fd42:4242:2601:ac10::1') +host('dns64', 'fd42:4242:2601:ac53::64') +host('dns-slave', 'fd42:4242:2601:ac00::53:1') +host('dns-secondary', 'fd42:4242:2601:acf0::50:1') +host('ldap', 'fd42:4242:2601:acf0::60:1') +host('traefik-tier2', 'fd42:4242:2601:acf0::70:1') +host('traefik-eu-tier2', 'fd42:4242:2601:acf0::75:1') +host('traefik-na-tier2', 'fd42:4242:2601:acf0::76:1') +host('traefik-infra', 'fd42:4242:2601:acf0::80:1') // nomad container services D_EXTEND( @@ -173,36 +181,33 @@ D_EXTEND( ); ////////////////////////////////////////////////////////////////////////// -// hosts - -D_EXTEND( - domain, - - // dmz special config - AAAA('dmz.uk-lon1', '2a04:92c5:2:1::1'), - AAAA('dmz.de-fra1', '2a0d:5941:1:17c::4e2a'), - AAAA('dmz.ca-bhs2', '2607:5300:120:81a::1') - -); - +// add entries for each node // main nodes -nodes.forEach(function(n) { - var hex = (n[4] + 32).toString(16); - var ip4 = (n[5] == 'undefined' ? undefined : n[5]); +nodes.forEach(function(node) { - // main IP - host(n[0],'fd42:4242:2601:'+hex+'::1', ip4); - // subnet IPs - host('tier1.'+n[0], 'fd42:4242:2601:'+hex+'::1'); - host('tier2.'+n[0], 'fd42:4242:2601:'+hex+'02::1'); + var name = node[0] + var index = node[4] + var bdn42_ipv4 = node[5] - // create dn42-xxx CNAME for dn42 nodes - if (n[3] == 'true') { - D_EXTEND(domain,CNAME('dn42-'+n[0], n[0]+'.burble.dn42.')); - } -}); + var hex = (index + 32).toString(16); + + var tier1 = 'fd42:4242:2601:' + hex + '::1' + var tier2 = 'fd42:4242:2601:' + hex + '02::1' + + // main node address ( = tier1 address) + host(name, tier1, bdn42_ipv4) + + // subnet addresses + host('tier1.' + name, tier1) + host('tier2.' + name, tier2) + +}) + + +////////////////////////////////////////////////////////////////////////// +// add in all the containers and vms // containers and VMs diff --git a/domains/035-evpn.burble.dn42.js b/domains/035-evpn.burble.dn42.js deleted file mode 100644 index 615fdef..0000000 --- a/domains/035-evpn.burble.dn42.js +++ /dev/null @@ -1,47 +0,0 @@ -////////////////////////////////////////////////////////////////////////// -// define domains - -domain='evpn.burble.dn42'; -D( - domain, - REG_NONE, - DnsProvider(PDNS), - DefaultTTL(3600), - NAMESERVER_TTL(86400), - NAMESERVER('ns.de-fra1.evpn.burble.dn42.'), - NAMESERVER('ns.us-nyc1.evpn.burble.dn42.') -); - -////////////////////////////////////////////////////////////////////////// - -D_EXTEND( - domain, - - // nameservers - AAAA('ns.de-fra1', 'fd42:4242:2601:331:72e8:bff:fe58:b51b'), - AAAA('ns.us-nyc1', 'fd42:4242:2601:329:216:3eff:fe47:e097'), - - // BGP reflectors - AAAA('reflector.de-fra1', 'fd42:4242:2601:331:216:3eff:fed5:85f2'), - AAAA('reflector.us-nyc1', 'fd42:4242:2601:329:216:3eff:fed5:85f2'), - - // borg backup - AAAA('borg.fr-par1', 'fd42:4242:2601:336:216:3eff:fe60:9eee'), - AAAA('borg.fr-par3', 'fd42:4242:2601:326:216:3eff:fe3f:e8d3'), - AAAA('borg.uk-lon2', 'fd42:4242:2601:32e:216:3eff:febf:de10'), - CNAME('borg', 'borg.fr-par2.evpn.burble.dn42.') -) - - -////////////////////////////////////////////////////////////////////////// -// hosts - -// main nodes -nodes.forEach(function(n) { - var hex = (n[4] + 32).toString(16); - D_EXTEND(domain, AAAA(n[0], 'fd42:4242:2601:3'+hex+'::1')); -}); - -////////////////////////////////////////////////////////////////////////// -// end of file - diff --git a/domains/040-collector.dn42.js b/domains/040-collector.dn42.js index a212423..3f2bc20 100644 --- a/domains/040-collector.dn42.js +++ b/domains/040-collector.dn42.js @@ -2,12 +2,20 @@ // define domain domain='collector.dn42'; -pdns_domain(domain); + +D( + domain, + REG_NONE, + DnsProvider(PDNS), + NAMESERVER_TTL(62400), + NAMESERVER('ns1.burble.dn42.'), + DefaultTTL(3600) +) ////////////////////////////////////////////////////////////////////////// // ssh interface -service('@', 'fd42:4242:2601:ac12::1', '172.20.129.4'); +host('@', 'fd42:4242:2601:ac12::1', '172.20.129.4') D_EXTEND( domain, diff --git a/domains/050-elburb.dn42.js b/domains/050-elburb.dn42.js index f67e0cc..7876e56 100644 --- a/domains/050-elburb.dn42.js +++ b/domains/050-elburb.dn42.js @@ -1,8 +1,16 @@ ////////////////////////////////////////////////////////////////////////// -// define domains +// fake elburb.dn42 domain domain='elburb.dn42'; -pdns_domain(domain); + +D( + domain, + REG_NONE, + DnsProvider(PDNS), + NAMESERVER_TTL(62400), + NAMESERVER('ns1.burble.dn42.'), + DefaultTTL(3600) +) ////////////////////////////////////////////////////////////////////////// // special records @@ -15,7 +23,7 @@ D_EXTEND( ////////////////////////////////////////////////////////////////////////// // services -service('@', 'fd42:4242:2601:ac80::1', '172.20.129.3'); +host('@', 'fd42:4242:2601:ac80::1', '172.20.129.3') D_EXTEND( domain, diff --git a/dynamic/nodes.js b/dynamic/nodes.js index b942739..2bc20ff 100644 --- a/dynamic/nodes.js +++ b/dynamic/nodes.js @@ -1,3 +1,5 @@ +////////////////////////////////////////////////////////////////////////// + var nodes = [ // 1 has no IPv4 address [ 'uk-red1', '2.58.203.147', '2a05:4140:19:91::a', 'false', 2, undefined ], @@ -30,4 +32,21 @@ var nodes = [ [ 'us-nyc2', '109.205.61.64', '2605:4840:2:5abe::1', 'true', 29, '172.20.129.176' ], [ 'fr-par2', '51.158.36.207', '2001:bc8:1201:712:fabc:12ff:fe48:ec7c', 'true', 30, '172.20.129.182' ], [ 'fr-gra1', '51.38.41.47', '2001:41d0:303:682f::1', 'true', 31, '172.20.129.164' ] -]; +] + +////////////////////////////////////////////////////////////////////////// +// build node/index map + +var node_map = { } + +nodes.forEach(function(node) { + + var name = node[0] + var index = node[4] + + node_map[name] = index +}) + + +////////////////////////////////////////////////////////////////////////// +// end of file diff --git a/dynamic/virtual.js b/dynamic/virtual.js index 52f3a96..7965271 100644 --- a/dynamic/virtual.js +++ b/dynamic/virtual.js @@ -1,22 +1,64 @@ -var virtual = [ +////////////////////////////////////////////////////////////////////////// - // public services +var virtual = [ ] - // acme - [ 'acme.tier2.uk-lon1', 'fd42:4242:2601:3502:4285:15ff:feee:d66c' ], - [ 'acme.tier2.fr-par1', 'fd42:4242:2601:3602:4285:15ff:feee:d66c' ], - [ 'acme.tier2.de-fra1', 'fd42:4242:2601:3102:4285:15ff:feee:d66c' ], - [ 'acme.tier2.fr-rbx1', 'fd42:4242:2601:2602:4285:15ff:feee:d66c' ], - // peerfinder - [ 'peerfinder.us-lax1', 'fd42:4242:2601:2a:7283:bfff:fe29:d7e4' ], - [ 'peerfinder.de-fra1', 'fd42:4242:2601:31:7283:bfff:fe29:d7e4' ], - [ 'peerfinder.fr-par1', 'fd42:4242:2601:36:7283:bfff:fe29:d7e4' ], - [ 'peerfinder.uk-lon1', 'fd42:4242:2601:35:7283:bfff:fe29:d7e4' ], - [ 'peerfinder.us-nyc1', 'fd42:4242:2601:29:7283:bfff:fe29:d7e4' ], - [ 'peerfinder.se-sto1', 'fd42:4242:2601:2d:7283:bfff:fe29:d7e4' ], - [ 'peerfinder.ca-bhs1', 'fd42:4242:2601:2c:7283:bfff:fe29:d7e4' ], - [ 'peerfinder.us-ash1', 'fd42:4242:2601:37:7283:bfff:fe29:d7e4' ], +////////////////////////////////////////////////////////////////////////// +// add name/addr pairs to an array + +function vgroup(name, index, ident, nodes) +{ + nodes.forEach(function(node) { + + var ix = node_map[node] + 32 + var ipv6 + + switch(index) { + case 0: + ipv6 = 'fd42:4242:2601:' + ix.toString(16) + ':' + ident + fullname = name + '.' + node + break + case 1: + ipv6 = 'fd42:4242:2601:' + ix.toString(16) + ':' + ident + fullname = name + '.tier1.' + node + break + case 2: + ipv6 = 'fd42:4242:2601:' + ix.toString(16) + '02:' + ident + fullname = name + '.tier2.' + node + break + default: + console.log("vgroup unknown index: " + index) + } + + virtual.push([fullname, ipv6]) + }) +} + +////////////////////////////////////////////////////////////////////////// +// public services + +// acme +vgroup('acme', 2, '4285:15ff:feee:d66c', [ + 'uk-lon1', + 'fr-par1', + 'de-fra1', + 'fr-rbx1' +]) + +// peerfinder +vgroup('peerfinder', 0, '7283:bfff:fe29:d7e4', [ + 'uk-lon1', + 'de-fra1', + 'fr-par1', + 'fr-rbx1', + 'se-sto1', + 'us-nyc1', + 'us-lax1', + 'ca-bhs1', + 'us-ash1' +]) + +virtual.push( // voip [ 'dialup.tier2.fr-par1', 'fd42:4242:2601:3602:216:3eff:fe0b:d2b1' ], @@ -32,10 +74,115 @@ var virtual = [ [ 'dns-master.ca-bhs1', 'fd42:4242:2601:2c:216:3eff:fe97:45a4' ], // collector - [ 'collector.fr-par1', 'fd42:4242:2601:36:62e4:b9ff:fe9a:33d1' ], + [ 'collector.fr-par1', 'fd42:4242:2601:36:62e4:b9ff:fe9a:33d1' ] +) +////////////////////////////////////////////////////////////////////////// - // burble.dn42 infrastructure +// traefik + +// public tier1 +var traefik_v2 = [ 'fr-rbx1', 'uk-lon1', 'de-fra1', 'se-sto1' ] +vgroup('traefik-v2', 1, '72e5:84ff:fee8:897c', traefik_v2) +vgroup('traefik-v2', 2, '4290:5fff:fecd:eeb8', traefik_v2) + +// internal tier2 +vgroup('traefik-tier2', 2, 'c2f9:1fff:fe7d:ee8c', [ + 'fr-rbx1', + 'de-fra2' +]) + +// containerd and runtimes + +vgroup('containerd', 2, 'e227:c2ff:fe6e:1548', [ + 'fr-rbx1', + 'se-sto1', + 'uk-lon1', + 'de-fra1', + 'de-fra2' +]) + +virtual.push( + [ 'dockerd.tier2.fr-rbx1', 'fd42:4242:2601:2602:92bb:c9ff:fe53:c957' ], + [ 'containerd-dev.tier2.fr-gra1', 'fd42:4242:2601:3f02:92ea:d7ff:fe27:e94e' ], + [ 'containerd-host.tier2.se-sto1', 'fd42:4242:2601:2d02:f2da:93ff:fee0:97fa' ] +) + +// legacy vault + +vgroup('vault', 2, 'b267:51ff:feed:503f', [ + 'uk-lon1', + 'de-fra2', + 'fr-par1' +]) + +// dns + +vgroup('dns-secondary', 0, '9293:33ff:fe69:c7f2', [ + 'uk-lon1', + 'de-fra1', + 'us-lax1', + 'us-nyc1' +]) + +vgroup('dns-recursor', 2, '62b5:41ff:fe65:8e3', [ + 'uk-lon1', + 'de-fra1', + 'us-lax1', + 'us-nyc1' +]) + +vgroup('dns-edge', 0, 'd2f4:8ff:fec6:c157', [ + 'uk-lon1', 'uk-lon3', 'uk-lon4', 'uk-lon6', + 'fr-par1', 'fr-par2', 'fr-rbx1', 'fr-gra1', + 'de-fra1', 'de-fra2', 'de-fra3', + 'nl-ams1', 'nl-ams3', + 'no-trd1', 'se-sto1', 'ch-zur1', + 'us-nyc1', 'us-nyc2', 'us-nyc3', + 'us-lax1', 'us-lax2', + 'ca-bhs1', 'us-ash1' +]) + +vgroup('dns-dns64', 0, '42ef:47ff:feb6:6c44', [ + 'uk-lon1', + 'de-fra1', + 'de-fra2', + 'fr-par1', + 'fr-rbx1', + 'no-trd1', + 'se-sto1', + 'us-nyc1', + 'us-lax1', + 'ca-bhs1', + 'us-ash1' +]) + +virtual.push( + [ 'dns-primary.tier2.de-fra2', 'fd42:4242:2601:2b02:12b0:ff:fe69:edbe' ] +) + +// ldap + +vgroup('ldap-slave', 0, '7222:61ff:fec9:5bd0', [ + 'us-nyc2', + 'us-lax1', + 'fr-par1' +]) + +virtual.push( + [ 'ldap-master.tier2.de-fra1', 'fd42:4242:2601:3102:2203:43ff:feae:28bb' ] +) + +// reflectors + +vgroup('mesh-reflector', 2, 'f22c:89ff:fef5:ef7', [ + 'fr-rbx1', + 'ca-bhs1' +]) + +// other misc services + +virtual.push( // management @@ -55,94 +202,8 @@ var virtual = [ // misc [ 'styx.tier2.us-nyc3', 'fd42:4242:2601:3a02:216:3eff:fe87:3e3a' ], + [ 'mail.tier2.uk-lon1', 'fd42:4242:2601:3502:216:3eff:fe68:6f6a' ] +) - // traefik - [ 'traefik-v2.tier1.fr-rbx1', 'fd42:4242:2601:26:72e5:84ff:fee8:897c' ], - [ 'traefik-v2.tier2.fr-rbx1', 'fd42:4242:2601:2602:4290:5fff:fecd:eeb8' ], - [ 'traefik-v2.tier1.uk-lon1', 'fd42:4242:2601:35:72e5:84ff:fee8:897c' ], - [ 'traefik-v2.tier2.uk-lon1', 'fd42:4242:2601:3502:4290:5fff:fecd:eeb8' ], - [ 'traefik-v2.tier1.de-fra1', 'fd42:4242:2601:31:72e5:84ff:fee8:897c' ], - [ 'traefik-v2.tier2.de-fra1', 'fd42:4242:2601:3102:4290:5fff:fecd:eeb8' ], - [ 'traefik-v2.tier1.se-sto1', 'fd42:4242:2601:2d:72e5:84ff:fee8:897c' ], - [ 'traefik-v2.tier2.se-sto1', 'fd42:4242:2601:2d02:4290:5fff:fecd:eeb8' ], - - [ 'traefik-tier2.tier2.fr-rbx1', 'fd42:4242:2601:2602:c2f9:1fff:fe7d:ee8c' ], - [ 'traefik-tier2.tier2.de-fra2', 'fd42:4242:2601:2b02:c2f9:1fff:fe7d:ee8c' ], - - [ 'traefik-infra.tier2.fr-gra1', 'fd42:4242:2601:3f02:5297:7ff:fe3f:57e7' ], - [ 'traefik-infra.tier2.fr-rbx1', 'fd42:4242:2601:2602:5297:7ff:fe3f:57e7' ], - - // containerd and runtimes - [ 'containerd.tier2.fr-rbx1', 'fd42:4242:2601:2602:e227:c2ff:fe6e:1548' ], - [ 'containerd.tier2.se-sto1', 'fd42:4242:2601:2d02:e227:c2ff:fe6e:1548' ], - [ 'containerd.tier2.uk-lon1', 'fd42:4242:2601:3502:e227:c2ff:fe6e:1548' ], - [ 'containerd.tier2.de-fra1', 'fd42:4242:2601:3102:e227:c2ff:fe6e:1548' ], - [ 'containerd.tier2.de-fra2', 'fd42:4242:2601:2b02:e227:c2ff:fe6e:1548' ], - - [ 'dockerd.tier2.fr-rbx1', 'fd42:4242:2601:2602:92bb:c9ff:fe53:c957' ], - - [ 'containerd-dev.tier2.fr-gra1', 'fd42:4242:2601:3f02:92ea:d7ff:fe27:e94e' ], - [ 'containerd-host.tier2.se-sto1', 'fd42:4242:2601:2d02:f2da:93ff:fee0:97fa' ], - - // legacy bdn42 vault - [ 'vault.tier2.uk-lon1', 'fd42:4242:2601:3502:b267:51ff:feed:503f' ], - [ 'vault.tier2.de-fra2', 'fd42:4242:2601:2b02:b267:51ff:feed:503f' ], - [ 'vault.tier2.fr-par1', 'fd42:4242:2601:3602:b267:51ff:feed:503f' ], - - // misc - [ 'mail.tier2.uk-lon1', 'fd42:4242:2601:3502:216:3eff:fe68:6f6a' ], - - // dns - [ 'dns-primary.tier2.de-fra2', 'fd42:4242:2601:2b02:12b0:ff:fe69:edbe' ], - - [ 'dns-secondary.uk-lon1', 'fd42:4242:2601:35:9293:33ff:fe69:c7f2' ], - [ 'dns-secondary.de-fra1', 'fd42:4242:2601:31:9293:33ff:fe69:c7f2' ], - [ 'dns-secondary.us-lax1', 'fd42:4242:2601:2a:9293:33ff:fe69:c7f2' ], - [ 'dns-secondary.us-nyc1', 'fd42:4242:2601:29:9293:33ff:fe69:c7f2' ], - - [ 'dns-recursor.tier2.uk-lon1', 'fd42:4242:2601:3502:62b5:41ff:fe65:8e3' ], - [ 'dns-recursor.tier2.de-fra1', 'fd42:4242:2601:3102:62b5:41ff:fe65:8e3' ], - [ 'dns-recursor.tier2.us-nyc1', 'fd42:4242:2601:2902:62b5:41ff:fe65:8e3' ], - [ 'dns-recursor.tier2.us-lax1', 'fd42:4242:2601:2a02:62b5:41ff:fe65:8e3' ], - - [ 'dns-edge.us-ash1', 'fd42:4242:2601:37:d2f4:8ff:fec6:c157' ], - [ 'dns-edge.fr-gra1', 'fd42:4242:2601:3f:d2f4:8ff:fec6:c157' ], - [ 'dns-edge.ca-bhs1', 'fd42:4242:2601:2c:d2f4:8ff:fec6:c157' ], - [ 'dns-edge.fr-rbx1', 'fd42:4242:2601:26:d2f4:8ff:fec6:c157' ], - [ 'dns-edge.uk-lon6', 'fd42:4242:2601:27:d2f4:8ff:fec6:c157' ], - [ 'dns-edge.se-sto1', 'fd42:4242:2601:2d:d2f4:8ff:fec6:c157' ], - [ 'dns-edge.fr-par2', 'fd42:4242:2601:3e:d2f4:8ff:fec6:c157' ], - [ 'dns-edge.nl-ams3', 'fd42:4242:2601:3c:d2f4:8ff:fec6:c157' ], - [ 'dns-edge.uk-lon1', 'fd42:4242:2601:35:d2f4:8ff:fec6:c157' ], - [ 'dns-edge.us-nyc2', 'fd42:4242:2601:3d:d2f4:8ff:fec6:c157' ], - [ 'dns-edge.us-nyc3', 'fd42:4242:2601:3a:d2f4:8ff:fec6:c157' ], - [ 'dns-edge.us-lax2', 'fd42:4242:2601:38:d2f4:8ff:fec6:c157' ], - [ 'dns-edge.uk-lon4', 'fd42:4242:2601:25:d2f4:8ff:fec6:c157' ], - [ 'dns-edge.nl-ams1', 'fd42:4242:2601:32:d2f4:8ff:fec6:c157' ], - [ 'dns-edge.us-nyc1', 'fd42:4242:2601:29:d2f4:8ff:fec6:c157' ], - [ 'dns-edge.uk-lon3', 'fd42:4242:2601:30:d2f4:8ff:fec6:c157' ], - [ 'dns-edge.us-lax1', 'fd42:4242:2601:2a:d2f4:8ff:fec6:c157' ], - [ 'dns-edge.fr-par1', 'fd42:4242:2601:36:d2f4:8ff:fec6:c157' ], - [ 'dns-edge.de-fra2', 'fd42:4242:2601:2b:d2f4:8ff:fec6:c157' ], - [ 'dns-edge.ch-zur1', 'fd42:4242:2601:28:d2f4:8ff:fec6:c157' ], - [ 'dns-edge.de-fra1', 'fd42:4242:2601:31:d2f4:8ff:fec6:c157' ], - [ 'dns-edge.no-trd1', 'fd42:4242:2601:39:d2f4:8ff:fec6:c157' ], - - [ 'dns-dns64.de-fra1', 'fd42:4242:2601:31:42ef:47ff:feb6:6c44' ], - [ 'dns-dns64.fr-par1', 'fd42:4242:2601:36:42ef:47ff:feb6:6c44' ], - [ 'dns-dns64.no-trd1', 'fd42:4242:2601:39:42ef:47ff:feb6:6c44' ], - [ 'dns-dns64.uk-lon1', 'fd42:4242:2601:35:42ef:47ff:feb6:6c44' ], - [ 'dns-dns64.us-lax1', 'fd42:4242:2601:2a:42ef:47ff:feb6:6c44' ], - [ 'dns-dns64.us-nyc1', 'fd42:4242:2601:29:42ef:47ff:feb6:6c44' ], - [ 'dns-dns64.de-fra2', 'fd42:4242:2601:2b:42ef:47ff:feb6:6c44' ], - - // ldap - [ 'ldap-slave.us-nyc2', 'fd42:4242:2601:3d:7222:61ff:fec9:5bd0' ], - [ 'ldap-slave.us-lax1', 'fd42:4242:2601:2a:7222:61ff:fec9:5bd0' ], - [ 'ldap-slave.fr-par1', 'fd42:4242:2601:36:7222:61ff:fec9:5bd0' ], - [ 'ldap-master.tier2.de-fra1', 'fd42:4242:2601:3102:2203:43ff:feae:28bb' ], - - // network - [ 'mesh-reflector.tier2.ca-bhs1', 'fd42:4242:2601:2c02:f22c:89ff:fef5:ef7' ], - [ 'mesh-reflector.tier2.fr-rbx1', 'fd42:4242:2601:2602:f22c:89ff:fef5:ef7' ] -]; +////////////////////////////////////////////////////////////////////////// +// end of file