-
Notifications
You must be signed in to change notification settings - Fork 3
/
publish_zones.sh
executable file
·138 lines (117 loc) · 4.51 KB
/
publish_zones.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
u#!/bin/bash
if [[ $EUID -ne 0 ]]; then
echo "ERROR: You must be a root user. Quitting." 2>&1
exit 1
else
echo "Publish sequence started:"
fi
DATE=`date -I`
check_rcode() {
RCODE=$?
if [ $RCODE -eq 0 ]; then
echo " Succes!";
else
echo " Failed - aborting now";
exit $RCODE
fi
}
# Generate config
#
echo "- Generating zones"
#./create_zones.sh
echo " (skipped as per design)"
check_rcode
# Generate config
#
echo "- Generating config"
#./create_configs.sh
echo " (skipped as per design)"
check_rcode
#
# Backups
#
# $1 = host, $2 = file, $3 = target file
backup_file() {
echo "- Backup $1 files: $2 to $3"
# Note: -n, only backup if we haven't called this script
# today yet (usually when it fails we do not want to keep
# the failing attempts)
mv -n $2 $3
#check_rcode
}
# We don't do backups ;-)
#backup_file nsd4 /etc/nsd/workbench/nsd4.conf /etc/nsd/workbench/nsd4.conf.${DATE}
#backup_file knot /etc/knot/workbench/knot.conf /etc/knot/workbench/knot.conf.${DATE}
#backup_file bind9 /etc/bind/workbench/bind9.conf /etc/bind/workbench/bind9.conf.${DATE}
#backup_file yadifa /etc/yadifa/workbench/yadifad.conf /etc/yadifa/workbench/yadifad.conf.${DATE}
#backup_file powerdns /etc/powerdns/workbench/powerdns.conf /etc/powerdns/workbench/powerdns.conf.${DATE}
#
#
# Updated files
#
#
# Config files
# $1 = host, $2 = file, $3 = target file
update_file() {
echo "- Update config file for $1 from source $2 to target $3"
# TODO do we want the -n, or maybe not?
cp $2 $3
check_rcode
}
#update_file nsd output/servers/nsd/nsd.conf /var/workbench/nsd.conf
#update_file nsd output/servers/nsd/update.sh /var/workbench/update.sh
update_file nsd4 output/servers/nsd4/nsd4.conf /etc/nsd/workbench
update_file nsd4 output/servers/nsd4/update.sh /etc/nsd/workbench
update_file knot output/servers/knot/knot.conf /etc/knot/workbench
update_file knot output/servers/knot/update.sh /etc/knot/workbench
update_file bind9 output/servers/bind9/bind9.conf /etc/bind/workbench
update_file bind9 output/servers/bind9/update.sh /etc/bind/workbench
cp -a ./powerdns_clean.sql /etc/powerdns
cp -a ./powerdns_slaves.sql /etc/powerdns
update_file powerdns output/servers/powerdns/powerdns.conf /etc/powerdns/workbench/named-backend.conf
update_file powerdns output/servers/powerdns/update.sh /etc/powerdns/workbench
update_file yadifa output/servers/yadifa/yadifa.conf /etc/yadifa/workbench
update_file yadifa output/servers/yadifa/update.sh /etc/yadifa/workbench
#update_file bind10 configs/bind10_transfers.txt /home/jelte/bind10_transfers.txt
# Powerdns has bind9 as supermaster
# TODO: fix description
# add check_rcode
# Zones
# Currently the only master is bind9, when we add more we need to
# change this. Probably port all to the generator tool
# By convention, all zones are placed in /var/dns-workbench/zones (except for the two rfc3597 zones needed for Yadifa)
# and the update script in /etc/$nameserver
rm /var/dns-workbench/rfc3597zones/*
rm /var/dns-workbench/zones/*
cp -a output/final/* /var/dns-workbench/zones
check_rcode
#
#
# Apply the updates
#
#
apply_update() {
echo "- Apply the new configuration on $1"
bash $1/update.sh
# If things fail here, we continue anyway, in general
}
# BIND first (others, like Yadifa and PowerDBS depend on it
apply_update /etc/bind/workbench
apply_update /etc/nsd/workbench
apply_update /etc/knot/workbench
# Now comes a dirty trick...
# Modify the yadifa config
sed -i "s/masters\/workbench\/types.wb.sidnlabs.nl/masters\/rfc3597workbench\/types.wb.sidnlabs.nl/" /etc/yadifa/workbench/yadifa.conf
sed -i "s/masters\/workbench\/types-signed.wb.sidnlabs.nl/masters\/rfc3597workbench\/types-signed.wb.sidnlabs.nl/" /etc/yadifa/workbench/yadifa.conf
# Wait a few seconds for bind to load
sleep 3
# Translate two zones to RFC3597-format - hoping to pick up the most recent version from BIND (via IPv6, obviously)
dig +onesoa +unknownformat axfr types.wb.sidnlabs.nl @2a00:d78:0:712:94:198:159:39 > /var/dns-workbench/rfc3597zones/types.wb.sidnlabs.nl
dig +onesoa +unknownformat axfr types-signed.wb.sidnlabs.nl @2a00:d78:0:712:94:198:159:39 > /var/dns-workbench/rfc3597zones/types-signed.wb.sidnlabs.nl
# Then reload Yadifa (and hope for the best, but please check the serial):
sleep 1
apply_update /etc/yadifa/workbench
apply_update /etc/powerdns/workbench
# TODO: maybe add some more check_rcode? We forgot to do this when we where busy hacking
echo "- All done! - consider to run ANALYZE; on sqlite3"
# https://doc.powerdns.com/authoritative/backends/generic-sqlite3.html