[main.py] Intègre la gestion du DNSSEC

dnssec_generate.py

@@ -1,52 +0,0 @@
-#!/usr/bin/python3
-
-import json
-import os
-import re
-import subprocess
-import argparse
-
-
-path = os.path.dirname(os.path.abspath(__file__))
-try:
-    with open(path + '/dnssec_domains.json') as dnssec_zones:
-        zones = json.load(dnssec_zones)
-except:
-    zones = []
-
-
-
-if __name__ == '__main__':
-    parser = argparse.ArgumentParser(description="Gestion de DNSSEC")
-    parser.add_argument('-v', '--verbose', help="Mode verbeux", action="store_true")
-    args = parser.parse_args()
-    verbose = args.verbose
-    ds_records = {}
-    for zone in zones:
-        if verbose:
-            print("Getting CDS of %s:" % (zone,))
-            print("/usr/sbin/knotcs zone-read %s @ CDS" % (zone,))
-        cdss = subprocess.check_output(['/usr/sbin/knotc', 'zone-read', zone, '@', 'CDS'])[:-1].decode('utf-8').split('\n')
-        if verbose:
-            print("CDS of %s = %s" % (zone, cdss))
-        for cds in cdss:
-            ds = {}
-            try:
-                cds = cds.split(' ')
-                ds['subzone'] = cds[1]
-                ds['id'] = cds[4]
-                ds['algo'] = cds[5]
-                ds['type'] = cds[6]
-                ds['fp'] = cds[7]
-            except:
-                print('Unable to find ksk for', zone)
-                continue
-            ds['ttl'] = 172800
-            if not zone in ds_records:
-                ds_records[zone] = []
-            ds_records[zone].append(ds)
-            if verbose:
-                print("DS record of %s : %s" % (zone, ds))
-                print("\n\n")
-    with open('dnssec.json', 'w') as dnssec:
-        json.dump(ds_records, dnssec)

knot.py

@@ -0,0 +1,35 @@
+import json
+import os
+import subprocess
+
+
+def get_ds(zone, verbose=False):
+    if verbose:
+        print("Getting CDS of %s:" % (zone,))
+        print("/usr/sbin/knotc zone-read %s @ CDS" % (zone,))
+    try:
+        cdss = subprocess.check_output(['/usr/sbin/knotc', 'zone-read', zone, '@', 'CDS'])[:-1].decode('utf-8').split('\n')
+    except subprocess.CalledProcessError:
+        return []
+    dss = []
+    if verbose:
+        print("CDS of %s = %s" % (zone, cdss))
+    for cds in cdss:
+        ds = {}
+        try:
+            cds = cds.split(' ')
+            ds['subzone'] = cds[1]
+            ds['id'] = cds[4]
+            ds['algo'] = cds[5]
+            ds['type'] = cds[6]
+            ds['fp'] = cds[7]
+        except:
+            if verbose:
+                print('Unable to find ksk for', zone)
+            continue
+        ds['ttl'] = 172800
+        if verbose:
+            print("DS record of %s : %s" % (zone, ds))
+            print("\n\n")
+        dss.append(ds)
+    return dss

main.py

@@ -11,6 +11,8 @@ import sys
 
 from re2oapi import Re2oAPIClient
 
+import knot
+
 
 path = os.path.dirname(os.path.abspath(__file__))
 config = ConfigParser()
@@ -90,7 +92,9 @@ try:
 except:
     serial = 1
 
-def write_dns_file(zone):
+zone_names = []
+
+def write_dns_file(zone, verbose=False):
     global serial
 
     zone_name = zone['name'][1:]
@@ -214,11 +218,9 @@ def write_dns_file(zone):
     )
 
     if zone['name'][1:] == "crans.org":
-        with open(path + '/dnssec.json') as ds:
-            zones_ds = json.load(ds)
         ds_records = ""
-        for zone in zones_ds:
+        for extension in filter(lambda zone: zone.endswith('.crans.org'), zone_names):
-            for ds in zones_ds[zone]:
+            for ds in knot.get_ds(extension, verbose):
                 ds_records += template_ds.format(**ds) + "\n"
     else:
         ds_records = "\n"
@@ -244,13 +246,16 @@ def write_dns_file(zone):
         f.write(zone_file_content)
 
 
-def write_dns_files(api_client, processes):
+def write_dns_files(api_client, processes, verbose=False):
+    global zone_names
+    zones = api_client.list("dns/zones")
+    zone_names = [zone["name"][1:] for zone in zones]
     if processes:
         with Pool(processes) as pool:
-            pool.map(write_dns_file, api_client.list("dns/zones"))
+            pool.map(write_dns_file, zones)
     else:
-        for zone in api_client.list("dns/zones"):
+        for zone in zones:
-            write_dns_file(zone)
+            write_dns_file(zone, verbose)
 
 
 def get_ip_reverse(ip, prefix_length):
@@ -417,11 +422,12 @@ if __name__ == '__main__':
     parser.add_argument('-f', '--force', '--forced', help="Forcer la régénaration des fichiers de zone.", action='store_true')
     parser.add_argument('-k', '--keep', help="Ne pas changer le statut du service.", action='store_true')
     parser.add_argument('-p', '--processes', help="Regénérer en utilisant n processus en parallèle (par défaut ne pas parallèliser).", metavar='n', nargs=1, type=int, default=[0])
-    parser.add_argument('-n', '--no-reload', help="Ne pas recharger les zones dans knot", action='store_true')
+    parser.add_argument('-n', '--no-reload', help="Ne pas recharger les zones dans knot.", action='store_true')
+    parser.add_argument('-v', '--verbose', help="Afficher des informations de debug.", action='store_true')
     args = parser.parse_args()
 
     if args.force:
-        write_dns_files(api_client, args.processes[0])
+        write_dns_files(api_client, args.processes[0], args.verbose)
         write_dns_reverse_file(api_client)
         with open(path + '/serial.json', 'w') as serial_json:
             json.dump(serial + 1, serial_json)
@@ -438,7 +444,7 @@ if __name__ == '__main__':
                     service['service_name'] == 'dns' and \
                     service['need_regen']:
                 increase_serial = True
-                write_dns_files(api_client, args.processes[0])
+                write_dns_files(api_client, args.processes[0], args.verbose)
                 write_dns_reverse_file(api_client)
                 if not args.keep:
                     api_client.patch(service['api_url'], data={'need_regen': False})