mirror of
https://github.com/google/nomulus.git
synced 2025-07-20 09:46:03 +02:00
Top-level domain name registry service on Google Cloud Platform
f0919f9524
The current setup causes the GCB job to fail validation and not run because it uses backticks in the configuration yaml, which is not allowed -- there is no shell to perform backtick substitution. See the error message here: https://spinnaker.endpoints.domain-registry-dev.cloud.goog/gate/pipelines/01EF5GRMD625613H6Z033DBD3Z In the future please make sure to test the GCB pipeline as instructed in the comments at the beginning of each file before committing. I tried to work around it by downloading the nomulus tool jar file instead (running the nomulus-tool docker image inside a docker image is not advisable). However the "nomulus deploy_spec11_pipeline" command still fails. I'm not sure why. Has the command itself been tested locally? The error message is shown below: ``` Step #2: Aug 09, 2020 3:11:46 AM org.apache.beam.runners.dataflow.DataflowRunner fromOptions Step #2: WARNING: --region not set; will default to us-central1. Future releases of Beam will require the user to set the region explicitly. https://cloud.google.com/compute/docs/regions-zones/regions-zones Step #2: Aug 09, 2020 3:11:46 AM org.apache.beam.sdk.extensions.gcp.options.GcpOptions$GcpTempLocationFactory tryCreateDefaultBucket Step #2: INFO: No tempLocation specified, attempting to use default bucket: dataflow-staging-us-central1-937378958468 Step #2: Aug 09, 2020 3:11:47 AM org.apache.beam.sdk.extensions.gcp.util.RetryHttpRequestInitializer$LoggingHttpBackOffHandler handleResponse Step #2: WARNING: Request failed with code 409, performed 0 retries due to IOExceptions, performed 0 retries due to unsuccessful status codes, HTTP framework says request can be retried, (caller responsible for retrying): https://www.googleapis.com/storage/v1/b?predefinedAcl=projectPrivate&predefinedDefaultObjectAcl=projectPrivate&project=domain-registry-alpha. Step #2: Exception in thread "main" Step #2: java.lang.RuntimeException: Failed to construct instance from factory method DataflowRunner#fromOptions(interface org.apache.beam.sdk.options.PipelineOptions) Step #2: at org.apache.beam.sdk.util.InstanceBuilder.buildFromMethod(InstanceBuilder.java:224) Step #2: at org.apache.beam.sdk.util.InstanceBuilder.build(InstanceBuilder.java:155) Step #2: Step #2: at org.apache.beam.sdk.PipelineRunner.fromOptions(PipelineRunner.java:55) Step #2: at org.apache.beam.sdk.Pipeline.create(Pipeline.java:147) Step #2: Step #2: at google.registry.beam.spec11.Spec11Pipeline.deploy(Spec11Pipeline.java:157) Step #2: at google.registry.tools.DeploySpec11PipelineCommand.run(DeploySpec11PipelineCommand.java:80) Step #2: at google.registry.tools.RegistryCli.runCommand(RegistryCli.java:257) Step #2: at google.registry.tools.RegistryCli.run(RegistryCli.java:182) Step #2: at google.registry.tools.RegistryTool.main(RegistryTool.java:129) Step #2: Caused by: java.lang.reflect.InvocationTargetException Step #2: at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) Step #2: Step #2: at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) Step #2: at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) Step #2: at java.base/java.lang.reflect.Method.invoke(Method.java:566) Step #2: at org.apache.beam.sdk.util.InstanceBuilder.buildFromMethod(InstanceBuilder.java:214) Step #2: ... 8 more Step #2: Caused by: java.lang.IllegalArgumentException: Unable to use ClassLoader to detect classpath elements. Current ClassLoader is jdk.internal.loader.ClassLoaders$AppClassLoader@5cb0d902, only URLClassLoaders are supported. Step #2: at org.apache.beam.runners.core.construction.PipelineResources.detectClassPathResourcesToStage(PipelineResources.java:58) Step #2: Step #2: at org.apache.beam.runners.dataflow.DataflowRunner.fromOptions(DataflowRunner.java:285) Step #2: Step #2: ... 13 more ``` Lastly the "--project" flag refers to the KMS project. While I'm not sure which project is that, I don't think we can use the PROJECT_ID variable as this is a GCB-substituted variable which refers to the project that the GCB job runs in, which in our cases means domain-registry-dev. We shouldn't use that project for KMS. I've changed it to the same project as the one we are deploying to, but please note that we have a separate project ${project_id}-keys that is used for all KMS purposes. This is specified in the config file so if that's what you meant to use, there is no need to specify it in the command line. Actually if you meant use the project to be deployed to for KMS, it also shouldn't be necessary to specify it separately as this information is already known when you specified "nomulus -e ENV". https://team.git.corp.google.com/domain-registry-eng/nomulus-internal/+/refs/heads/master/core/src/main/java/google/registry/config/files/nomulus-config-production.yaml#168 Can you add more description on what the KMS project is supposed to be? I don't think we specify a project for KMS purpose in any other commands. Given that there are several unresolved issues, I've commented out my proposed solution so that deployment can proceed. |
||
|---|---|---|
| buildSrc | ||
| common | ||
| config | ||
| core | ||
| db | ||
| docs | ||
| gradle | ||
| integration | ||
| java-format | ||
| networking | ||
| prober | ||
| processor | ||
| proxy | ||
| python/google/registry/scripts | ||
| release | ||
| services | ||
| third_party/objectify/v4_1 | ||
| util | ||
| .gcloudignore | ||
| .gitignore | ||
| .lgtm.yml | ||
| appengine_war.gradle | ||
| AUTHORS | ||
| build.gradle | ||
| CONTRIBUTING.md | ||
| CONTRIBUTORS | ||
| dependencies.gradle | ||
| dependency_lic.gradle | ||
| gradle.properties | ||
| gradlew | ||
| gradlew.bat | ||
| java_common.gradle | ||
| LICENSE | ||
| nom_build | ||
| nomulus-logo.png | ||
| package-lock.json | ||
| package.json | ||
| projects.gradle | ||
| README.md | ||
| settings.gradle | ||
| utils.gradle | ||
| vnames.json | ||
Nomulus
| Internal Build | FOSS Build | LGTM | License | Code Search |
|---|---|---|---|---|
 |
 |
 |
 |
 |
Overview
Nomulus is an open source, scalable, cloud-based service for operating top-level domains (TLDs). It is the authoritative source for the TLDs that it runs, meaning that it is responsible for tracking domain name ownership and handling registrations, renewals, availability checks, and WHOIS requests. End-user registrants (i.e. people or companies that want to register a domain name) use an intermediate domain name registrar acting on their behalf to interact with the registry.
Nomulus runs on Google App Engine and is written primarily in Java. It is the software that Google Registry uses to operate TLDs such as .google, .app, .how, .soy, and .みんな. It can run any number of TLDs in a single shared registry system using horizontal scaling. Its source code is publicly available in this repository under the Apache 2.0 free and open source license.
Getting started
The following resources provide information on getting the code and setting up a running system:
- Install guide
- View the source code for the GAE app and for the GKE proxy
- Other docs
- Javadoc
- Nomulus discussion group, for any other questions
If you are thinking about running a production registry service using our platform, please drop by the user group and introduce yourself and your use case. To report issues or make contributions, use GitHub issues and pull requests.
Capabilities
Nomulus has the following capabilities:
- Extensible Provisioning Protocol (EPP): An XML protocol that is the standard format for communication between registrars and registries. It includes operations for registering, renewing, checking, updating, and transferring domain names.
- DNS interface: The registry provides a pluggable interface that can be implemented to handle different DNS providers. It includes a sample implementation using Google Cloud DNS as well as an RFC 2136 compliant implementation that works with BIND.
- WHOIS: A text-based protocol that returns ownership and contact information on registered domain names.
- Registration Data Access Protocol (RDAP): A JSON API that returns structured, machine-readable information about domain name ownership. It is essentially a newer version of WHOIS.
- Registry Data Escrow (RDE): A daily export of all ownership information for a TLD to a third party escrow provider to allow take-over by another registry operator in the event of serious failure. This is required by ICANN for all new gTLDs.
- Premium pricing: Communicates prices for premium domain names (i.e. those that are highly desirable) and supports configurable premium registration and renewal prices. An extensible interface allows fully programmatic pricing.
- Billing history: A full history of all billable events is recorded, suitable for ingestion into an invoicing system.
- Registration periods: Qualified Launch Partner, Sunrise, Landrush, Claims, and General Availability periods of the standard gTLD lifecycle are all supported.
- Brand protection for trademark holders (via TMCH): Allows rights-holders to protect their brands by blocking registration of domains using their trademark. This is required by ICANN for all new gTLDs.
- Registrar support console: A self-service web console that registrars can use to manage their accounts in the registry system.
- Reporting: Support for required external reporting (such as ICANN monthly registry reports, CZDS, Billing and Registration Activity) as well as internal reporting using BigQuery.
- Administrative tool: Performs the full range of administrative tasks needed to manage a running registry system, including creating and configuring new TLDs.
- DNS interface: An interface for DNS operations is provided so you can write an implementation for your chosen provider, along with a sample implementation that uses Google Cloud DNS. If you are using Google Cloud DNS you may need to understand its capabilities and provide your own multi-AS solution.
- GAE Proxy: App Engine Standard only serves HTTP/S traffic. A proxy to forward traffic on EPP and WHOIS ports to App Engine via HTTPS is provided. Instructions on setting up the proxy on Google Kubernetes Engine is available. Running the proxy on GKE supports IPv4 and IPv6 access, per ICANN's requirements for gTLDs. The proxy can also run as a single jar file, or on other Kubernetes providers, with modifications.
Additional components
Registry operators interested in deploying Nomulus will likely require some additional components that are need to be configured separately.
- A way to invoice registrars for domain name registrations and accept payments. Nomulus records the information required to generate invoices in billing events.
- Fully automated reporting to meet ICANN's requirements for gTLDs. Nomulus includes substantial reporting functionality but some additional work will be required by the operator in this area.
- A secure method for storing cryptographic keys. A keyring interface is provided for plugging in your own implementation (see configuration doc for details).
- System status and uptime monitoring.
Outside references
- Donuts Registry has helped review the code and provided valuable feedback
- CoCCa and FRED are other open-source registry platforms in use by many TLDs
- We are not aware of any fully open source domain registrar projects, but open source EPP Toolkits (not yet tested with Nomulus; may require integration work) include:
- Some Open Source DNS Projects that may be useful, but which we have not tested: