re2o/dns
5
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity Actions

Add parameters for tls and knot

Browse source
This commit is contained in:
root 2020-01-17 16:23:33 +01:00
parent 0970c4f2cb
commit 27f52af557
3 changed files with 27 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

16
README.md
View file

@ -6,10 +6,24 @@ This service uses Re2o API to generate DNS zone files
## Requirements ## Requirements
* python3 * python3
* knot * knot (only if using knot)
* requirements in https://gitlab.federez.net/re2o/re2oapi * requirements in https://gitlab.federez.net/re2o/re2oapi
## Scripts ## Scripts
* `main.py`: Generates the zone files and reloads the zones * `main.py`: Generates the zone files and reloads the zones
* `dnssec_generate.py`: Generate the DS records for the zones in `dnssec_domains.json` and writes them to `dnssec.json` * `dnssec_generate.py`: Generate the DS records for the zones in `dnssec_domains.json` and writes them to `dnssec.json`
## Configuration file
The template of the configuration file is given in `config.ini.example`. You should copy it into `config.ini` and modify at least the first 3 paramters :
| Parameter | Default value | Description |
|------------|--------------------|--------------------------------|
| `hostname` | `re2o.example.net` | Hostname of your re2o instance |
| `username` | `my_api_username` | Username to access the api |
| `password` | `my_api_password` | Password to access the api |
| `use_tls` | `true` | Use TLS to connect to the api |
| `use_knot` | `false` | Use knot specific commands |
For boolean parameters, according to https://docs.python.org/3/library/configparser.html, 'yes'/'no', 'on'/'off', 'true'/'false' and '1'/'0' are valid parameters.

2
config.ini.example
View file

@ -2,3 +2,5 @@
hostname = re2o.example.net hostname = re2o.example.net
username = my_api_username username = my_api_username
password = my_api_password password = my_api_password
use_tls = true
use_knot = false

16
main.py
View file

@ -11,7 +11,6 @@ import sys
from re2oapi import Re2oAPIClient from re2oapi import Re2oAPIClient
import knot
path = os.path.dirname(os.path.abspath(__file__)) path = os.path.dirname(os.path.abspath(__file__))
@ -21,6 +20,11 @@ config.read(path+'/config.ini')
api_hostname = config.get('Re2o', 'hostname') api_hostname = config.get('Re2o', 'hostname')
api_password = config.get('Re2o', 'password') api_password = config.get('Re2o', 'password')
api_username = config.get('Re2o', 'username') api_username = config.get('Re2o', 'username')
use_tls = config.getboolean('Re2o', 'use_tls')
use_knot = config.getboolean('Re2o', 'use_knot')
if use_knot:
import knot
template_soa = ( template_soa = (
"$ORIGIN {zone}.\n" "$ORIGIN {zone}.\n"
@ -217,7 +221,7 @@ def write_dns_file(zone, verbose=False):
for x in zone['dname_records'] for x in zone['dname_records']
) )
if zone['name'][1:] == "crans.org": if use_knot and zone['name'][1:] == "crans.org":
ds_records = "" ds_records = ""
for extension in filter(lambda zone: zone.endswith('.crans.org'), zone_names): for extension in filter(lambda zone: zone.endswith('.crans.org'), zone_names):
for ds in knot.get_ds(extension, verbose): for ds in knot.get_ds(extension, verbose):
@ -275,7 +279,6 @@ def write_dns_reverse_file(api_client):
# because some iptype may share the same prefix # because some iptype may share the same prefix
# in which case we must append to the file zone already created # in which case we must append to the file zone already created
zone_v6 = [] zone_v6 = []
for zone in api_client.list("dns/reverse-zones"): for zone in api_client.list("dns/reverse-zones"):
# We start by defining the soa, ns, mx which are comon to v4/v6 # We start by defining the soa, ns, mx which are comon to v4/v6
now = datetime.datetime.now(datetime.timezone.utc) now = datetime.datetime.now(datetime.timezone.utc)
@ -413,7 +416,7 @@ def write_dns_reverse_file(api_client):
f.write(zone_file_content) f.write(zone_file_content)
zone_v6.append(zone6_name) zone_v6.append(zone6_name)
api_client = Re2oAPIClient(api_hostname, api_username, api_password, use_tls=False) api_client = Re2oAPIClient(api_hostname, api_username, api_password, use_tls=use_tls)
client_hostname = socket.gethostname().split('.', 1)[0] client_hostname = socket.gethostname().split('.', 1)[0]
@ -422,7 +425,8 @@ if __name__ == '__main__':
parser.add_argument('-f', '--force', '--forced', help="Forcer la régénaration des fichiers de zone.", action='store_true') parser.add_argument('-f', '--force', '--forced', help="Forcer la régénaration des fichiers de zone.", action='store_true')
parser.add_argument('-k', '--keep', help="Ne pas changer le statut du service.", action='store_true') parser.add_argument('-k', '--keep', help="Ne pas changer le statut du service.", action='store_true')
parser.add_argument('-p', '--processes', help="Regénérer en utilisant n processus en parallèle (par défaut ne pas parallèliser).", metavar='n', nargs=1, type=int, default=[0]) parser.add_argument('-p', '--processes', help="Regénérer en utilisant n processus en parallèle (par défaut ne pas parallèliser).", metavar='n', nargs=1, type=int, default=[0])
parser.add_argument('-n', '--no-reload', help="Ne pas recharger les zones dans knot.", action='store_true') if use_knot:
parser.add_argument('-n', '--no-reload', help="Ne pas recharger les zones dans knot.", action='store_true')
parser.add_argument('-v', '--verbose', help="Afficher des informations de debug.", action='store_true') parser.add_argument('-v', '--verbose', help="Afficher des informations de debug.", action='store_true')
args = parser.parse_args() args = parser.parse_args()
@ -452,7 +456,7 @@ if __name__ == '__main__':
with open(path + '/serial.json', 'w') as serial_json: with open(path + '/serial.json', 'w') as serial_json:
json.dump(serial + 1, serial_json) json.dump(serial + 1, serial_json)
if not args.no_reload: if use_knot and not args.no_reload:
error = os.system('/usr/sbin/knotc zone-reload >/dev/null 2>&1') error = os.system('/usr/sbin/knotc zone-reload >/dev/null 2>&1')
if error: if error:
# reload again and display the error message # reload again and display the error message