forked from univention/ucs-appliance-container
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy path62-setup-post-dns-fallback
147 lines (135 loc) · 4.73 KB
/
62-setup-post-dns-fallback
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
#!/bin/bash
#
# Univention Container Mode - setup-post-dns-fallback
#
# Copyright 2020-2021 Univention GmbH
#
# http://www.univention.de/
#
# All rights reserved.
#
# The source code of this program is made available
# under the terms of the GNU Affero General Public License version 3
# (GNU AGPL V3) as published by the Free Software Foundation.
#
# Binary versions of this program provided by Univention to you as
# well as other copyrighted, protected or trademarked materials like
# Logos, graphics, fonts, specific documentations and configurations,
# cryptographic keys etc. are subject to a license agreement between
# you and Univention and not subject to the GNU AGPL V3.
#
# In the case you use this program under the terms of the GNU AGPL V3,
# the program is provided in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public
# License with the Debian GNU/Linux or Univention distribution in file
# /usr/share/common-licenses/AGPL-3; if not, see
# <http://www.gnu.org/licenses/>.
## util(s)
source /usr/lib/univention-container-mode/utils.sh || exit 1
## function(s)
# function name() { # name: (IN)[>(OUT)]
# echo function
# }
## ucr shell
eval "$(ucr shell hostname domainname server/role ldap/master)"
## declare
declare -a ucrchanges
# ucrchanges+=("key=value")
declare -a ucrremoves
# ucrremoves+=("key")
declare -A ucrcounter
# ucrcounter[<STRING>]=<INT>
declare -A ucrcommit
# ucrcommit+=/<PATH>/<FILE> OR ucrcommit[<FILE>]=/<PATH>/<FILE>
ucrcommit[source.list]=/etc/apt/sources.list.d/*
ucrcommit[resolv.conf]=/etc/resolv.conf
debug "### START SCRIPT($(pwd)/$0) ###"
## Setup domain-name-service fallback for container mode environment
#
UniventionSystemRepositoryHostname=$(ucr get repository/online/server | awk -F/ '{print $3}')
#
# fallback localhost
FallBackLocalhost=("::1" "127.0.0.1" "127.0.1.1")
#
# fallback resolver
FallBackResolver=("1.1.1.1" "8.8.8.8" "9.9.9.9")
#
# check all nameserver dig @nameserver host +short and validate ldap master too
NS=FALSE
for i in {1..3}; do
ns=$(ucr get nameserver${i})
[[ -z ${ns} ]] || {
ping -c 3 -W 3 ${ns} >/dev/null 2>&1 || /bin/true && {
# check ldap master ( lan )
timeout 3 \
dig @${ns} ${ldap_master} +short | egrep --quiet -- "^[a-f0-9]" &&
NS=TRUE || ucr set nameserver${i}=$(
dig ${ldap_master} aaaa ${ldap_master} a +short | head -1
)
# check repository ( wan )
timeout 3 \
dig @${ns} ${UniventionSystemRepositoryHostname} +short | egrep --quiet -- "^[a-f0-9]" &&
NS=TRUE || /bin/true
}
}
done
#
# check all dns/forwarder dig @dns/forwarder host +short ( ignore loopback )
FW=FALSE
for i in {1..3}; do
fw=$(ucr get dns/forwarder${i})
[[ -z ${fw} ]] || {
[[ ${fw} =~ ^(127|::|0) ]] && continue
ping -c 3 -W 3 ${fw} >/dev/null 2>&1 || /bin/true && {
# check repository ( wan )
timeout 3 \
dig @${fw} ${UniventionSystemRepositoryHostname} +short | egrep --quiet -- "^[a-f0-9]" &&
FW=TRUE || /bin/true
}
}
done
#
# check domain-name-service
dig ${UniventionSystemRepositoryHostname} +short | egrep --quiet -- "^[a-f0-9]" || {
[[ ${NS} =~ ^TRUE$ ]] && univention-config-registry commit /etc/resolv.conf
[[ ${FW} =~ ^FALSE$ ]] && {
dig ${UniventionSystemRepositoryHostname} +short | egrep --quiet -- "^[a-f0-9]" ||
univention-config-registry set \
"nameserver1=${FallBackLocalhost[0]}" "nameserver2=${FallBackLocalhost[1]}" "nameserver3=${FallBackLocalhost[2]}" \
"dns/forwarder1=${FallBackResolver[0]}" "dns/forwarder2=${FallBackResolver[1]}" "dns/forwarder3=${FallBackResolver[2]}"
}
}
#
# set force localhost nameserver for system role master
[[ "${server_role}" == "domaincontroller_master" ]] && {
univention-config-registry set \
"nameserver1=${FallBackLocalhost[0]}" "nameserver2=${FallBackLocalhost[1]}" "nameserver3=${FallBackLocalhost[2]}"
[[ ${FW} =~ ^FALSE$ ]] &&
univention-config-registry set \
"dns/forwarder1=${FallBackResolver[0]}" "dns/forwarder2=${FallBackResolver[1]}" "dns/forwarder3=${FallBackResolver[2]}"
}
#
# restart service unit(s)
for service in apache2 bind9 univention-bind-ldap; do
systemctl restart -- ${service}.service >/dev/null 2>&1 || /bin/true
done
#
## Setup domain-name-service fallback for container mode environment
debug "### STOPP SCRIPT($(pwd)/$0) ###"
## ucr removes
UniventionConfigRegistryUnSet ${ucrremoves[@]}
## ucr changes
UniventionConfigRegistrySet ${ucrchanges[@]}
## ucr commit
UniventionConfigCommit ${ucrcommit[@]}
## cleanup
unset \
ldap_master \
server_role \
hostname domainname \
ucrchanges ucrremoves ucrcounter ucrcommit
debug "### CLEAN SCRIPT($(pwd)/$0) ###"