Previously I wrote about Foreman and PowerDNS and it was very development focussed. I came up with Debian packages which should greatly simplify installation and moves us closer to installer support. Since this was the first time I packaged anything on Debian, I should thank Michael Moll for his help.

Manually installing everything

From here on I assume you run in a fresh Debian Jessie install, but it works the same on Wheezy. Personally I started a docker container so let's set that up first:

docker run -i -t debian:jessie /bin/bash

Now inside your machine we run some commands to get it installed:

# Set up nightly sources within the container
cat >> /etc/apt/sources.list <<EOF
deb jessie nightly # Replace with wheezy if on wheezy
deb plugins nightly

# Add the key
which curl || ( apt-get update && apt-get install -y curl )
curl | apt-key add -
apt-get update

# Set up MySQL
apt-get install -y mysql-server
service mysql start # Needed inside docker

# Set up PowerDNS - Use dbconfig-common to set up the database
apt-get install -y pdns-backend-mysql
# We want to get rid of the simplebind backend
rm -f /etc/powerdns/pdns.d/pdns.simplebind*
service pdns restart

# Create the zone in the pdns database (which is the default)
mysql -p pdns <<EOF
INSERT INTO domains (name, type) VALUES ('${ZONE}', 'master');
INSERT INTO records (domain_id, name, type, content) VALUES (LAST_INSERT_ID(), '${ZONE}', 'SOA', 'ns1.${ZONE} hostmaster.${ZONE}. 0 3600 1800 1209600 3600');
pdnssec rectify-zone $ZONE

# Install and configure the proxy
apt-get install -y ruby-smart-proxy-dns-powerdns
sed -i 's/#\(:http_port: 8000\)/\1/' /etc/foreman-proxy/settings.yml
cat > /etc/foreman-proxy/settings.d/dns.yml <<EOF
:enabled: true
:use_provider: dns_powerdns
cat > /etc/foreman-proxy/settings.d/dns_powerdns.yml <<EOF
:powerdns_mysql_hostname: "localhost"
:powerdns_mysql_username: "pdns"
:powerdns_mysql_password: "$(sed -n '/password/ s/gmysql-password=// p' /etc/powerdns/pdns.d/pdns.local.gmysql*)"
:powerdns_mysql_database: "pdns"
:powerdns_pdnssec: "pdnssec"
service foreman-proxy restart

We should be all up and running now. Let's perform some basic tests:

# We're going to use dig, which is in dnsutils
apt-get install -y dnsutils

# Basic verification of PowerDNS works correctly
dig NS @localhost

# Let's create
curl -d -d type=A -d value= http://localhost:8000/dns/
dig @localhost

You may see no result for due to the packet cache. In that case you can either wait a bit or flush the cache:

pdns_control purge

Hopefully that wasn't too hard and you now have a running proxy. Note that it's insecure since we didn't bother configuring certificates.

Looking forward

Once foreman-packaging PR 791 is merged, it should be even easier and can be integrated into the installer. puppet-foreman_proxy PR 189 is a start. As soon as it's merged, foreman-installer PR 154 should complete the support.

Now the world is not limited to Debian, so another PR will need to be made foreman-packaging to add RPMs. If we stick to conventions then puppet-foreman_proxy and foreman-installer should already support RPM-based systems with the same code as the Debian systems.