move config data to the control plane
This commit is contained in:
247
DDNS.pm
247
DDNS.pm
@@ -4,32 +4,35 @@ use strict;
|
||||
use warnings;
|
||||
use File::Temp qw/tempfile/;
|
||||
use Memoize;
|
||||
use JSON::PP qw/decode_json/;
|
||||
use JSON::PP qw/decode_json encode_json/;
|
||||
|
||||
memoize('_gethosts');
|
||||
|
||||
our $VERSION = '0.5';
|
||||
our $VERSION = '0.6';
|
||||
|
||||
# our $misterdns = '198.251.79.234';
|
||||
our $misterdns = '5.78.68.64';
|
||||
our $defaultmaster = '5.78.68.64'; # could be v4 and v6 like '198.251.79.234;2607:f1c0:86e:b66f:6b86:babb:c367:b0dc'
|
||||
# Control plane update keyfile (zone-management-key)
|
||||
our $keyfile = '/etc/bind/zone-management.key';
|
||||
|
||||
sub new {
|
||||
my $me = shift;
|
||||
my %opts = @_;
|
||||
|
||||
|
||||
# 'server' is where dig/axfr queries go for reading the control plane.
|
||||
# On the hidden master, localhost is correct. On other hosts, you may
|
||||
# pass 'server' => '<master-ip>'.
|
||||
my $server = $opts{server} // 'localhost';
|
||||
|
||||
return bless {
|
||||
'keyfile' => $keyfile,
|
||||
%opts
|
||||
'keyfile' => $keyfile,
|
||||
'server' => $server,
|
||||
%opts
|
||||
}, $me;
|
||||
}
|
||||
|
||||
sub _validateTypeOrDie {
|
||||
my ($t) = @_;
|
||||
|
||||
die "Invalid type"
|
||||
unless ($t =~ /^_(vhosts|pureslave|custom)$/);
|
||||
unless ($t =~ /^_(vhosts|pureslave|custom|config)$/);
|
||||
}
|
||||
|
||||
sub _fqdn {
|
||||
@@ -37,7 +40,6 @@ sub _fqdn {
|
||||
$type ||= '_vhosts';
|
||||
|
||||
_validateTypeOrDie($type);
|
||||
|
||||
return $dom . "$type.private.invalid.";
|
||||
}
|
||||
|
||||
@@ -45,38 +47,33 @@ sub _validateOrDie {
|
||||
my ($dom) = @_;
|
||||
|
||||
die "No domain provided"
|
||||
unless $dom;
|
||||
unless $dom;
|
||||
die "Invalid domain name (must end in a dot)"
|
||||
unless ($dom =~ /^[a-zA-Z0-9\.\-\_]+\.$/);
|
||||
unless ($dom =~ /^[a-zA-Z0-9\.\-\_]+\.$/);
|
||||
}
|
||||
|
||||
sub _lookupOrDie {
|
||||
my ($dom, $type) = @_;
|
||||
my ($this, $dom, $type) = @_;
|
||||
|
||||
_validateOrDie($dom);
|
||||
my $fqdn = _fqdn($dom, $type);
|
||||
|
||||
|
||||
my $answer;
|
||||
my $all = '';
|
||||
my $fh;
|
||||
open($fh, "dig +short -t txt \@${misterdns} $fqdn |")
|
||||
|| die "Can't open dig: $!";
|
||||
open($fh, "dig +short -t txt \@$this->{server} $fqdn |")
|
||||
|| die "Can't open dig: $!";
|
||||
while (<$fh>) {
|
||||
$all .= $_;
|
||||
if ($_ =~ /^\"(.+)\"$/) {
|
||||
$answer = $1;
|
||||
}
|
||||
$all .= $_;
|
||||
if ($_ =~ /^\"(.+)\"$/) {
|
||||
$answer = $1;
|
||||
}
|
||||
}
|
||||
if ($answer) {
|
||||
# We found a record; that's all I care about.
|
||||
return 1;
|
||||
return 1;
|
||||
} else {
|
||||
die "query failed: $all\n";
|
||||
}
|
||||
else {
|
||||
die "query failed: $all\n";
|
||||
}
|
||||
|
||||
# Unreached
|
||||
die "Failed to find existing DNS record for $fqdn";
|
||||
}
|
||||
|
||||
sub __docmd {
|
||||
@@ -84,17 +81,17 @@ sub __docmd {
|
||||
|
||||
my ($tmpfh, $filename) = tempfile();
|
||||
close $tmpfh;
|
||||
|
||||
|
||||
my $fh;
|
||||
open($fh, "|nsupdate -k $this->{keyfile} > $filename")
|
||||
|| die "Can't open nsupdate: $!";
|
||||
|
||||
|| die "Can't open nsupdate: $!";
|
||||
|
||||
print $fh "server localhost\nzone private.invalid.\n$cmd\nshow\nsend\n";
|
||||
close $fh;
|
||||
|
||||
open($fh, $filename) || die "Can't re-open tmpfile $filename: $!";
|
||||
while (<$fh>) {
|
||||
print;
|
||||
print;
|
||||
}
|
||||
close $fh;
|
||||
|
||||
@@ -119,25 +116,21 @@ sub _txt_from_line {
|
||||
return $txt;
|
||||
}
|
||||
|
||||
|
||||
sub _parse_txt_payload {
|
||||
my ($raw) = @_;
|
||||
return (undef, undef) unless defined $raw;
|
||||
return ('', undef) unless defined $raw;
|
||||
|
||||
my $v = $raw;
|
||||
$v =~ s/^\s+|\s+$//g;
|
||||
|
||||
# Legacy format: plain string (single master or ';' separated list)
|
||||
my $payload;
|
||||
if ($v =~ /^[\[{]/) {
|
||||
my $obj;
|
||||
eval { $obj = decode_json($v); 1 } or do {
|
||||
# If JSON decoding fails, treat as legacy string.
|
||||
$obj = undef;
|
||||
};
|
||||
eval { $obj = decode_json($v); 1 } or $obj = undef;
|
||||
|
||||
if (defined $obj) {
|
||||
$payload = $obj if ref($obj) eq 'HASH';
|
||||
|
||||
# Normalize masters string from supported JSON shapes.
|
||||
if (ref($obj) eq 'HASH') {
|
||||
if (defined $obj->{masters}) {
|
||||
@@ -157,7 +150,6 @@ sub _parse_txt_payload {
|
||||
}
|
||||
}
|
||||
|
||||
# Normalize formatting for BIND masters blocks: no spaces, no trailing ';'
|
||||
$v = '' unless defined $v;
|
||||
$v =~ s/\s+//g;
|
||||
$v =~ s/;+$//;
|
||||
@@ -173,51 +165,37 @@ sub _quote_txt_rdata {
|
||||
return "\"$s\"";
|
||||
}
|
||||
|
||||
{
|
||||
my ($s) = @_;
|
||||
$s = '' unless defined $s;
|
||||
$s =~ s/\\/\\\\/g;
|
||||
$s =~ s/\"/\\\"/g;
|
||||
return "\"$s\"";
|
||||
}
|
||||
|
||||
|
||||
sub _gethosts {
|
||||
my ($this, $type) = @_;
|
||||
|
||||
unless (!defined($type)) {
|
||||
_validateTypeOrDie($type);
|
||||
unless (!defined($type) || $type eq '') {
|
||||
_validateTypeOrDie($type);
|
||||
}
|
||||
|
||||
my $fh;
|
||||
open($fh, "dig -t AXFR \@${misterdns} private.invalid. |")
|
||||
|| die "Can't open dig: $!";
|
||||
open($fh, "dig -t AXFR \@$this->{server} private.invalid. |")
|
||||
|| die "Can't open dig: $!";
|
||||
|
||||
my @vh;
|
||||
|
||||
while (<$fh>) {
|
||||
if ($type) {
|
||||
if (/^(\S+)\.$type\.private\.invalid\.\s+\d+\s+IN\s+TXT\s+/) {
|
||||
my $z = $1;
|
||||
my ($m, $payload) = _parse_txt_payload(_txt_from_line($_));
|
||||
push (@vh, { zone => $z, type => $type, master => $m, payload => $payload });
|
||||
}
|
||||
} else {
|
||||
# Querying everything
|
||||
if (/^(\S+)\.(\S+)\.private\.invalid\.\s+\d+\s+IN\s+TXT\s+/) {
|
||||
my ($z, $t) = ($1, $2);
|
||||
my ($m, $payload) = _parse_txt_payload(_txt_from_line($_));
|
||||
push (@vh, { zone => $z, type => $t, master => $m, payload => $payload });
|
||||
}
|
||||
}
|
||||
if ($type) {
|
||||
if (/^(\S+)\.$type\.private\.invalid\.\s+\d+\s+IN\s+TXT\s+/) {
|
||||
my $z = $1;
|
||||
my ($m, $payload) = _parse_txt_payload(_txt_from_line($_));
|
||||
push(@vh, { zone => $z, type => $type, master => $m, payload => $payload });
|
||||
}
|
||||
} else {
|
||||
if (/^(\S+)\.(\S+)\.private\.invalid\.\s+\d+\s+IN\s+TXT\s+/) {
|
||||
my ($z, $t) = ($1, $2);
|
||||
my ($m, $payload) = _parse_txt_payload(_txt_from_line($_));
|
||||
push(@vh, { zone => $z, type => $t, master => $m, payload => $payload });
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
return @vh;
|
||||
}
|
||||
|
||||
# Find the type of domin that $dom is. If we don't find it, return
|
||||
# undef. (The domain $dom ends in a dot; the DNS info we find won't;
|
||||
# hence the concat of the extra "." after the lc.)
|
||||
sub type {
|
||||
my ($this, $dom) = @_;
|
||||
|
||||
@@ -225,55 +203,42 @@ sub type {
|
||||
|
||||
my @vh = $this->get();
|
||||
foreach my $i (@vh) {
|
||||
if (lc($i->{zone})."." eq lc($dom)) {
|
||||
return $i->{type}
|
||||
;
|
||||
}
|
||||
if (lc($i->{zone}) . "." eq lc($dom)) {
|
||||
return $i->{type};
|
||||
}
|
||||
}
|
||||
|
||||
# Didn't find it.
|
||||
return undef;
|
||||
}
|
||||
|
||||
|
||||
# Set (create or replace) an existing control-plane record. This is used by
|
||||
# the add-* scripts when --edit is specified.
|
||||
# It deletes the existing TXT RDATA for the fqdn and writes the new value.
|
||||
sub set {
|
||||
my ($this, $dom, $value, $type) = @_;
|
||||
_validateOrDie($dom);
|
||||
my $fqdn = _fqdn($dom, $type);
|
||||
|
||||
# If it doesn't exist, fail explicitly; callers can decide whether to add.
|
||||
my $existingtype = $this->type($dom);
|
||||
die "Domain $dom does not exist; cannot edit"
|
||||
unless $existingtype;
|
||||
die "Domain $dom exists as type $existingtype; cannot edit as $type"
|
||||
if (defined $type && $existingtype ne $type);
|
||||
|
||||
$this->__docmd("update delete $fqdn TXT");
|
||||
$this->__docmd("update add $fqdn 60 TXT " . _quote_txt_rdata($value));
|
||||
$this->cleanup();
|
||||
}
|
||||
|
||||
sub add {
|
||||
my ($this, $dom, $master, $type) = @_;
|
||||
my ($this, $dom, $txt_payload, $type) = @_;
|
||||
_validateOrDie($dom);
|
||||
my $fqdn = _fqdn($dom, $type);
|
||||
|
||||
if (my $existingtype = $this->type($dom)) {
|
||||
die "Domain $dom already exists [of type $existingtype]";
|
||||
die "Domain $dom already exists [of type $existingtype]";
|
||||
}
|
||||
|
||||
# TXT RDATA must be quoted for JSON (and is safe for legacy strings too).
|
||||
$this->__docmd("update add $fqdn 60 TXT " . _quote_txt_rdata($master));
|
||||
|
||||
$this->__docmd("update add $fqdn 60 TXT " . _quote_txt_rdata($txt_payload));
|
||||
$this->cleanup();
|
||||
}
|
||||
|
||||
sub set {
|
||||
my ($this, $dom, $txt_payload, $type) = @_;
|
||||
_validateOrDie($dom);
|
||||
|
||||
# Ensure it exists (for friendly errors)
|
||||
_lookupOrDie($this, $dom, $type);
|
||||
my $fqdn = _fqdn($dom, $type);
|
||||
|
||||
$this->__docmd("update delete $fqdn TXT\nupdate add $fqdn 60 TXT " . _quote_txt_rdata($txt_payload));
|
||||
$this->cleanup();
|
||||
}
|
||||
|
||||
sub del {
|
||||
my ($this, $dom, $type) = @_;
|
||||
|
||||
_lookupOrDie($dom, $type);
|
||||
_lookupOrDie($this, $dom, $type);
|
||||
my $fqdn = _fqdn($dom, $type);
|
||||
|
||||
$this->__docmd("update delete $fqdn TXT");
|
||||
@@ -282,24 +247,20 @@ sub del {
|
||||
|
||||
sub get {
|
||||
my ($this, $type) = @_;
|
||||
|
||||
return $this->_gethosts($type);
|
||||
}
|
||||
|
||||
sub cleanup {
|
||||
my ($this) = @_;
|
||||
# Merge the .jnl file in with the domain file
|
||||
system("rndc sync -clean private.invalid");
|
||||
# Rebuild and reload the master vhosts files
|
||||
system("/usr/local/bin/sync-unified-master");
|
||||
}
|
||||
|
||||
|
||||
sub is_dnssec {
|
||||
my ($this, $dom) = @_;
|
||||
|
||||
_validateOrDie($dom);
|
||||
$dom =~ s/^(.+)\.$/$1/; # remove trailing dot
|
||||
$dom =~ s/^(.+)\.$/$1/;
|
||||
|
||||
my @vh = $this->get();
|
||||
foreach my $i (@vh) {
|
||||
@@ -311,11 +272,67 @@ sub is_dnssec {
|
||||
return 0;
|
||||
}
|
||||
|
||||
sub default_master {
|
||||
my ($this, $type) = @_;
|
||||
sub _default_config {
|
||||
return {
|
||||
default_master => '5.78.68.64',
|
||||
vhost_default_web_ip => '190.92.153.173',
|
||||
soa_mname => 'mister-dns.martnet.com.',
|
||||
soa_rname => 'root.martnet.com.',
|
||||
ns => [ 'ns1.martnet.com.', 'ns2.martnet.com.' ],
|
||||
vhost_mx => [
|
||||
{ priority => 5, host => '@' },
|
||||
{ priority => 10, host => 'mx2.martnet.com.' },
|
||||
{ priority => 15, host => 'mx3.martnet.com.' },
|
||||
],
|
||||
master_ddns_keyname => 'master-ddns-tsig',
|
||||
master_ddns_keyfile => '/etc/bind/master-ddns-tsig.key',
|
||||
};
|
||||
}
|
||||
|
||||
# This could return different masters for different types
|
||||
return $defaultmaster;
|
||||
sub get_config {
|
||||
my ($this) = @_;
|
||||
|
||||
# Stored at: global._config.private.invalid.
|
||||
my @cfg = $this->get('_config');
|
||||
foreach my $r (@cfg) {
|
||||
next unless lc($r->{zone}) eq 'global';
|
||||
my $p = $r->{payload};
|
||||
if (defined $p && ref($p) eq 'HASH') {
|
||||
# Merge defaults for any missing keys
|
||||
my $d = _default_config();
|
||||
for my $k (keys %$d) {
|
||||
$p->{$k} = $d->{$k} unless exists $p->{$k};
|
||||
}
|
||||
return $p;
|
||||
}
|
||||
}
|
||||
return _default_config();
|
||||
}
|
||||
|
||||
sub set_config {
|
||||
my ($this, $cfg_hashref) = @_;
|
||||
die "Config must be a hashref" unless (defined $cfg_hashref && ref($cfg_hashref) eq 'HASH');
|
||||
|
||||
# Always store canonical JSON
|
||||
my $txt = encode_json($cfg_hashref);
|
||||
|
||||
my $dom = "global.";
|
||||
my $type = "_config";
|
||||
|
||||
# Upsert behavior: if record exists, set, else add.
|
||||
my $existing;
|
||||
eval { $existing = $this->type($dom); 1 };
|
||||
if ($existing) {
|
||||
$this->set($dom, $txt, $type);
|
||||
} else {
|
||||
$this->add($dom, $txt, $type);
|
||||
}
|
||||
}
|
||||
|
||||
sub default_master {
|
||||
my ($this) = @_;
|
||||
my $cfg = $this->get_config();
|
||||
return $cfg->{default_master};
|
||||
}
|
||||
|
||||
1;
|
||||
|
||||
Reference in New Issue
Block a user