-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathalternc-slavedns
215 lines (192 loc) · 6.3 KB
/
alternc-slavedns
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
#!/bin/bash
# Synchronize a dns server with alternc's remote server :
# the configuration files contains definitions for remote masters.
CONFDIR=/etc/alternc/slavedns
CACHEDIR=/var/cache/slavedns
BINDDIR=/etc/bind/slavedns
BINDINCLUDE=/etc/bind/slavedns.conf
WGETRC=${HOME}/.wgetrc
WGET=wget
WGETFLAGS="-q"
NAMED="/etc/init.d/bind restart"
NAMED_CHECKCONF="/usr/sbin/named-checkconf"
DEFAULTS="defaults.conf"
DEFAULTSFILE="${CONFDIR}/${DEFAULTS}"
DEBUG=false
usage() {
cat <<EOF
$0 [ -f ] [ -d ] [ -h ] [ config ]
Performs a sync of the list of domains to replicate from master.
Multiple master servers can be used, one per file in $CONFDIR
If a config file is specified on the command line, only that server
will be synced. The $BINDINCLUDE file will also be generated to include
the right configuration.
-f: refresh domain list even if it hasn't changed
-d: show everything we're doing
-h: this help
EOF
}
for i; do
case "$i" in
-f)
FORCE=yes
;;
-d)
DEBUG=true
;;
-h)
usage
exit 0
;;
*)
CONFIGS="${CONFIGS} ${i}"
;;
esac
done
cd $CONFDIR
if [ -z "$CONFIGS" ]; then
CONFIGS=`ls $CONFDIR | grep -v ~`
fi
TIMEOUT=5
CreateBindConf() {
CFILE="$1"
# create a new config for this host, in a tempfile
while read domain; do
# check if the data is valid, this will also display the domain in debug mode
if echo $domain | grep -i '^\([a-z0-9]\([-a-z0-9]*[a-z0-9]\)\?\.\)*[a-z0-9]\([-a-z0-9]*[a-z0-9]\)$'; then
echo "validated domain $domain" | MaybeCat
else
echo invalid domain listing: $domain, skipping file $CFILE >&2
rm -f ${BINDDIR}/${CFILE}.$$
return
fi
master=`grep -l "^$domain\$" ${CACHEDIR}/* | head -1`
if [ "$master" != "${CACHEDIR}/${CFILE}" ]; then
echo "domain $domain already present in another master ($master), skipping" >&2
continue
fi
cat >> ${BINDDIR}/${CFILE}.$$ <<EOF
zone "$domain" {
type slave;
allow-query { any; };
file "$domain";
masters { ${MASTERIP}; };
};
EOF
done < ${CACHEDIR}/${CFILE}
mv ${BINDDIR}/${CFILE}.$$ ${BINDDIR}/${CFILE}
INCLUDE_STR="include \"${BINDDIR}/${CFILE}\";"
grep -q "${INCLUDE_STR}" ${BINDINCLUDE} || echo ${INCLUDE_STR} >>${BINDINCLUDE}
}
SetWgetPass() {
USER="$1"
PASS="$2"
if [ -e ${WGETRC} ]; then
mv ${WGETRC} ${WGETRC}.$$
fi
touch ${WGETRC}
chmod og-r ${WGETRC}
cat >> ${WGETRC} <<EOF
http_user = ${USER}
http_passwd = ${PASS}
EOF
}
ResetWgetConf() {
mv -f ${WGETRC}.$$ ${WGETRC} 2>/dev/null || rm -f ${WGETRC}
}
MaybeCat() {
if $DEBUG; then
cat
else
cat > /dev/null
fi
return 0
}
# Main procedure : parse each config file and download the raw slave list.
# if something changed in a list, call CreateBindConf $i
RELOAD=""
for conf in ${CONFIGS}; do
[ "${DEFAULTS}" = "${conf}" -o "slavedns.conf" = "${conf}" ] && continue
URL=""
# source defaults
. ${DEFAULTSFILE}
# source this site's config
. $CONFDIR/${conf}
if [ -z "$URL" ]; then
if [ -z "$PROTOCOL" ]; then
if [ "$SSL" ]; then
PROTOCOL=https
else
PROTOCOL=http
fi
fi
URL=${PROTOCOL}://${HOST}/admin/domlist.php
fi
if [ ! -z "$INTEGRITY" ] ; then
if [ $INTEGRITY -eq 1 ] ; then
URL="$URL?integrity=1"
fi
fi
if [ -z "$URL" -a -z "$HOST" -o -z "$MASTERIP" ]; then
echo "error in the config file '${conf}'" >&2
else
touch ${CACHEDIR}/${conf}
rm -f ${CACHEDIR}/${conf}.temp
[ "${LOGIN}" ] && SetWgetPass ${LOGIN} ${PASSWORD}
${WGET} ${URL} ${WGETFLAGS} -O ${CACHEDIR}/${conf}.temp -t 1 -T ${TIMEOUT} 2>&1 | MaybeCat
[ "${LOGIN}" ] && ResetWgetConf
if [ -s "${CACHEDIR}/${conf}.temp" ]; then
# If there are integrity check setup,
# Get of the checksum of the file and compare it
if [ ! -z "$INTEGRITY" ] ; then
if [ $INTEGRITY -eq 1 ] ; then
# Get the checksum
checksum="$( tail -1 "${CACHEDIR}/${conf}.temp" )"
echo "$checksum ${CACHEDIR}/${conf}.temp" > "${CACHEDIR}/${conf}.temp.md5sum"
# Get it of the file
tmpff="$( cat "${CACHEDIR}/${conf}.temp" |grep -v "$checksum")"
echo -e "$tmpff" > "${CACHEDIR}/${conf}.temp"
# Calculate checksum
md5sum --warn --check --status "${CACHEDIR}/${conf}.temp.md5sum"
checkmd=$?
if [ "x$checkmd" != "x0" ] ; then
echo "Error: bad checksum for $conf"
echo "+++ BEGIN +++"
echo -e "$tmpff"
echo "+++ END +++"
echo -n "Local checksum: "
cat "${CACHEDIR}/${conf}.temp.md5sum"
# Clean the file and do the next conf file
rm "${CACHEDIR}/${conf}.temp.md5sum" "${CACHEDIR}/${conf}.temp"
continue
fi
fi
fi
test -e "${CACHEDIR}/${conf}.temp.md5sum" && rm "${CACHEDIR}/${conf}.temp.md5sum"
# If the slave file has changed, synchronize it.
if ! [ "${FORCE}" ] && cmp ${CACHEDIR}/${conf}.temp ${CACHEDIR}/${conf} > /dev/null; then
echo "no change found for '${conf}'"
else
echo "change detected for '${conf}', applying"
mv -f ${CACHEDIR}/${conf}.temp ${CACHEDIR}/${conf}
# Now parse the slave file and send it to /etc/bind/slavedns
CreateBindConf ${conf}
if /usr/sbin/named-checkconf ${BINDDIR}/${conf}; then
RELOAD="yes"
else
echo "error: file ${conf} is not correct" >&2
fi
fi
else
echo "downloaded file for '${conf}' has zero size" >&2
rm -f ${CACHEDIR}/${conf}.temp
fi
fi
done # Main loop on config files
if [ "$RELOAD" ]; then
if $NAMED_CHECKCONF >&2 ; then
${NAMED} >/dev/null
else
echo "Error in named configuration - bind not reloaded" >&2
fi
fi