diff --git a/dnssec_generate.py b/dnssec_generate.py deleted file mode 100755 index bbef6a5..0000000 --- a/dnssec_generate.py +++ /dev/null @@ -1,52 +0,0 @@ -#!/usr/bin/python3 - -import json -import os -import re -import subprocess -import argparse - - -path = os.path.dirname(os.path.abspath(__file__)) -try: - with open(path + '/dnssec_domains.json') as dnssec_zones: - zones = json.load(dnssec_zones) -except: - zones = [] - - - -if __name__ == '__main__': - parser = argparse.ArgumentParser(description="Gestion de DNSSEC") - parser.add_argument('-v', '--verbose', help="Mode verbeux", action="store_true") - args = parser.parse_args() - verbose = args.verbose - ds_records = {} - for zone in zones: - if verbose: - print("Getting CDS of %s:" % (zone,)) - print("/usr/sbin/knotcs zone-read %s @ CDS" % (zone,)) - cdss = subprocess.check_output(['/usr/sbin/knotc', 'zone-read', zone, '@', 'CDS'])[:-1].decode('utf-8').split('\n') - if verbose: - print("CDS of %s = %s" % (zone, cdss)) - for cds in cdss: - ds = {} - try: - cds = cds.split(' ') - ds['subzone'] = cds[1] - ds['id'] = cds[4] - ds['algo'] = cds[5] - ds['type'] = cds[6] - ds['fp'] = cds[7] - except: - print('Unable to find ksk for', zone) - continue - ds['ttl'] = 172800 - if not zone in ds_records: - ds_records[zone] = [] - ds_records[zone].append(ds) - if verbose: - print("DS record of %s : %s" % (zone, ds)) - print("\n\n") - with open('dnssec.json', 'w') as dnssec: - json.dump(ds_records, dnssec) diff --git a/knot.py b/knot.py new file mode 100755 index 0000000..827df87 --- /dev/null +++ b/knot.py @@ -0,0 +1,35 @@ +import json +import os +import subprocess + + +def get_ds(zone, verbose=False): + if verbose: + print("Getting CDS of %s:" % (zone,)) + print("/usr/sbin/knotc zone-read %s @ CDS" % (zone,)) + try: + cdss = subprocess.check_output(['/usr/sbin/knotc', 'zone-read', zone, '@', 'CDS'])[:-1].decode('utf-8').split('\n') + except subprocess.CalledProcessError: + return [] + dss = [] + if verbose: + print("CDS of %s = %s" % (zone, cdss)) + for cds in cdss: + ds = {} + try: + cds = cds.split(' ') + ds['subzone'] = cds[1] + ds['id'] = cds[4] + ds['algo'] = cds[5] + ds['type'] = cds[6] + ds['fp'] = cds[7] + except: + if verbose: + print('Unable to find ksk for', zone) + continue + ds['ttl'] = 172800 + if verbose: + print("DS record of %s : %s" % (zone, ds)) + print("\n\n") + dss.append(ds) + return dss diff --git a/main.py b/main.py index d600ca9..a17f1ff 100755 --- a/main.py +++ b/main.py @@ -11,6 +11,8 @@ import sys from re2oapi import Re2oAPIClient +import knot + path = os.path.dirname(os.path.abspath(__file__)) config = ConfigParser() @@ -90,7 +92,9 @@ try: except: serial = 1 -def write_dns_file(zone): +zone_names = [] + +def write_dns_file(zone, verbose=False): global serial zone_name = zone['name'][1:] @@ -214,11 +218,9 @@ def write_dns_file(zone): ) if zone['name'][1:] == "crans.org": - with open(path + '/dnssec.json') as ds: - zones_ds = json.load(ds) ds_records = "" - for zone in zones_ds: - for ds in zones_ds[zone]: + for extension in filter(lambda zone: zone.endswith('.crans.org'), zone_names): + for ds in knot.get_ds(extension, verbose): ds_records += template_ds.format(**ds) + "\n" else: ds_records = "\n" @@ -244,13 +246,16 @@ def write_dns_file(zone): f.write(zone_file_content) -def write_dns_files(api_client, processes): +def write_dns_files(api_client, processes, verbose=False): + global zone_names + zones = api_client.list("dns/zones") + zone_names = [zone["name"][1:] for zone in zones] if processes: with Pool(processes) as pool: - pool.map(write_dns_file, api_client.list("dns/zones")) + pool.map(write_dns_file, zones) else: - for zone in api_client.list("dns/zones"): - write_dns_file(zone) + for zone in zones: + write_dns_file(zone, verbose) def get_ip_reverse(ip, prefix_length): @@ -417,11 +422,12 @@ if __name__ == '__main__': parser.add_argument('-f', '--force', '--forced', help="Forcer la régénaration des fichiers de zone.", action='store_true') parser.add_argument('-k', '--keep', help="Ne pas changer le statut du service.", action='store_true') parser.add_argument('-p', '--processes', help="Regénérer en utilisant n processus en parallèle (par défaut ne pas parallèliser).", metavar='n', nargs=1, type=int, default=[0]) - parser.add_argument('-n', '--no-reload', help="Ne pas recharger les zones dans knot", action='store_true') + parser.add_argument('-n', '--no-reload', help="Ne pas recharger les zones dans knot.", action='store_true') + parser.add_argument('-v', '--verbose', help="Afficher des informations de debug.", action='store_true') args = parser.parse_args() if args.force: - write_dns_files(api_client, args.processes[0]) + write_dns_files(api_client, args.processes[0], args.verbose) write_dns_reverse_file(api_client) with open(path + '/serial.json', 'w') as serial_json: json.dump(serial + 1, serial_json) @@ -438,7 +444,7 @@ if __name__ == '__main__': service['service_name'] == 'dns' and \ service['need_regen']: increase_serial = True - write_dns_files(api_client, args.processes[0]) + write_dns_files(api_client, args.processes[0], args.verbose) write_dns_reverse_file(api_client) if not args.keep: api_client.patch(service['api_url'], data={'need_regen': False})