[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: A bunch of questions about commitinfo
From: |
Greg A. Woods |
Subject: |
Re: A bunch of questions about commitinfo |
Date: |
Fri, 9 Nov 2001 14:08:39 -0500 (EST) |
[ On Friday, November 9, 2001 at 11:17:47 (+0100), Marc Haber wrote: ]
> Subject: Re: A bunch of questions about commitinfo
>
> Drilling people doesn't work :-(
Well, no, it doesn't always -- but if you have other checks and balances
such as peer pressure it can encourage people to be more careful! ;-)
> What I am planning is generating a named.conf fragment in the
> commitinfo script, so that in case of new zones being added to the
> repository the corresponding zone entry in the named.conf file can be
> generated automatically. Also, I'd like to automatically add
> allow-query clauses to named.conf for every zone that is loaded
> automatically.
Don't even try to do it that way.
Don't ever version any generated files -- only version the sources to
the programs which do the work.
I.e. always automatically generate _all_ of the named.conf include file
for all of the zones that will be installed into the running
configuration (then test it along with the zone files themselves, of
course) and just version the sources for the script that generates it.
For example this shell script will generate a file suitable for
including from within the main /etc/named.conf given a list of zone
names. As you can see this example generates a config suitable for a
slave server. I name my forward zone files with the same name as the
zone, but I name the in-addr.arpa zone files with the IPV4 network
number (usually without trailing ".0"s). If you do this you can use
"ls" and the inverse of the little awk program below to create the zone
name and instead just use "ls -1 | tr ..." in your directory of zone
files instead of keeping a list and reading from it as below (in fact as
you'll see I generate the list from a named-master.conf file which is
for now still manually maintained, partly to accomodate internal
documentation).
(warning this is slightly edited from the original and not tested in
this form)
#! /bin/sh
# set your authoriative nameserver's IP# here
#
AUTH_SERVER_IP="1.2.3.4"
# list any master zone files....
#
MASTERS="/etc/namedb/named-master.conf"
argv0=$(basename $0)
# WARNING: this script could fail to interlock properly if it can be
# invoked simultaneously with more than one name! Don't do that!
#
LOCKDIR=/etc/namedb/$(basename $0).lock
if [ -e $LOCKDIR ] ; then
echo "It appears there's already an instance of $0 running..." 1>&2
exit 1
fi
if mkdir $LOCKDIR ; then
: #got it!
else
echo "Oops, just missed grabbing $LOCKDIR! Try later...." 1>&2
exit 1
fi
rm -f /etc/namedb/named-slave.conf-new
echo "# Created with $0: $(date)" > /etc/namedb/named-slave.conf-new
echo "# By: $(who am i)" >> /etc/namedb/named-slave.conf-new
cat >> /etc/namedb/named-slave.conf-new <<EOF
#
# named-slave.conf - zones to secondary from the authoritative nameserver
#
# NOTE: only use this file *only* on the secondary server(s)!
#
# # ###
# # # ## ##### # # # # # #### ###
# # # # # # # ## # # ## # # # ###
# # # # # # # # # # # # # # # #
# # # ###### ##### # # # # # # # # ###
# # # # # # # # ## # # ## # # ###
## ## # # # # # # # # # #### ###
#
# THIS FILE IS UPDATED AUTOMATICALLY!
#
EOF
# create a list of all zones we are master for
#
rm -f /etc/namedb/master.list-new
awk -F'"' '$0 ~ /zone "/ { print $2 }' $MASTERS > /etc/namedb/master.list-new
mv -f /etc/namedb/master.list-new /etc/namedb/master.list
for zone in $(tr '[A-Z]' '[a-z]' < /etc/namedb/master.list) ; do
case "${zone}" in
*.in-addr.arpa)
forward=$(echo "$zone" | \
sed -e 's/\.in-addr\.arpa//' | \
awk -F. '
{
printf("%d", $NF);
for (i=(NF-1); i>0; i--) {
printf(".%d", $i);
}
}' \
)
echo "zone \"${zone}\" {"
echo " type slave;"
echo " file \"slave/${forward}\";"
echo " masters {"
echo " ${AUTH_SERVER_IP};"
echo " };"
echo "};"
echo ""
;;
*)
echo "zone \"${zone}\" {"
echo " type slave;"
echo " file \"slave/${zone}\";"
echo " masters {"
echo " ${AUTH_SERVER_IP};"
echo " };"
echo "};"
echo ""
;;
esac
done >> /etc/namedb/named-slave.conf-new
#
# include this generated file with the following statement in named.conf:
#
# include "named-slave.conf";
#
mv -f /etc/namedb/named-slave.conf-new /etc/namedb/named-slave.conf
chmod 444 /etc/namedb/named-slave.conf
# finally update ns2
# (do this in a loop for multiple secondaries)
#
rcp /etc/namedb/named-slave.conf ns2.sec:/etc/namedb
rsh ns2.sec /usr/sbin/ndc reload
rmdir $LOCKDIR
exit 0
--
Greg A. Woods
+1 416 218-0098 VE3TCP <address@hidden> <address@hidden>
Planix, Inc. <address@hidden>; Secrets of the Weird <address@hidden>