xCAT/xcat-core
2
0
Fork 0
mirror of https://github.com/xcat2/xcat-core.git synced 2025-06-12 17:30:19 +00:00
Code Issues Releases Wiki Activity
Files
c27f23c2d5b09b39e285f06930ffef22403b4e4f
xcat-core/xCAT-server/lib/xcat/plugins/ddns.pm
Bin Xu eea661e405 merge from master to 2.13 branch for 2.13.9 release. (1) (#4525) 
* fix issueNode range not specified, see man page for syntax. return with no output when site.master is not set #4299

* Fix issue 4246, record rflash process in log file

* dodiscovery: better disksize - ordered by major,minor and no `\n` (#4219)

* better disksize: ordered by major,minor and no `\n`

* nodediscover:`disksize` sent correctly: no need to `split`,`join`

* general sort with explicit key columns, fix search pattern

* dodiscovery: Fix bugs

* dodiscovery: Fix ShellCheck SC2007,SC2004

* dodiscovery: simpler kcmdline parsing, disksize as IEC binary prefix

* Add test case - switch_to_dns_forward_mode

* Modify timeout of login by curl command for OpenBMC

* Add makegocons command

This patch enable goconserver service and manage the node sessions
with a new `makegocons` command.

Implement: #4215

* Refine the Cumulus Linux Section of the Doc (#4249)

* No content in the switches subdirectory in docs, remove

* Change the Network topic to Networking

* Refine and reformat the Cumulus Linux documentation

* Modify the script to build xCAT-genesis-base package (#4292)

* Verify hash ID

* change log messages

* Timeout the ntpd process if ntpd service is not running on ntpserver (#4321)

* enhance nodediscovery process: don't write "NOIP" if the node can not be resloved to an IP (#3995)

* enhance nodediscovery process, if only 1 mac and have \*NOIP\* append, don't write mac table and don't generate dhcp lease entry

* Enhance PR 3995: enhance nodediscovery process: don't write "NOIP" if the node can not be resloved to an IP

* modified depending on comments

* natural_sort_cmp: recursion to iterative implementation (#4314)

* natural_sort_cmp: recursion to iterative implementation

* natural_sort_cmp: correct prototype with parameters, as per `man perlfunc`

* Task 3339, rspconfig ip/netmask/gateway/vlan support

*   * Minor enhance on xcatperftest to put all logs into one file
  * Fix a bug in simulatorctl.sh, and it cause the script cannot be found

* modified depending on comments

* QA list for makehosts (#4284)

* QA list for makehosts

* Fix some bus in makegocons

* Revise test case - switch_to_dns_forward_mode

* Enhancements after the review

* Use IO::Socket to check BMC console port

* Revise test case - switch_to_dns_forward_mode

* modified depending on comments

* Add messages to inform the user of the general action started via xCAT for flashing firmware

* Fix bug, anything in the functional array is the one that's really active, priority will not be 0 if there is pending firmware

* Fix 4338, remove all of  in child process

* fix issue #4354 :The XCATTEST_CN in xcattest can not detect HCP as config file (#4355)

* Fix #4330, close the socket

* Add image name to /opt/xcat/xcatinfo on compute node (#4359)

* Integrate congo console from goconserver with rcons

Enhance the original implement of rcons to support goconserver.
`rcons` will help the user choose from one of the console backend
service based on the console server status of management node.

Implement #4216

* Fix 4363 - discovery broken (#4364)

* do not set exit_code to 1 when the clock is not synced before the timeout (#4362)

* Fix check for MTM values with spaces

* modified depending on comments

* rspconfig admin_password for OpenBMC

* Fix merging in xdcpmerge.sh (#4328)

* Fixes in xdcpmerge.sh

Two fixes:
1. The grep pattern when finding duplicate usernames is missing ":" at the end. So, for example user "test" would also match "test2, etc.". Adding the ":" delimiter fixes the issue.
2. Another issue happens when the file to be merged is a superset of the files on the nodes. For example, if a new user is added and entire passwd file (that is otherwise identical) is sent to be merged. In this case, the $filebackup.nodups file, i.e. the original file with duplicates removed, becomes empty and the condition "if [ -s "$filebackup.nodups" ]" does not execute. Then the merged file ends up being original file with the merge file fully appended, clearly not what was intended.

This is solved by changing the condition to check for file existence "-a" rather then for size. Additionally, I also turn the logic around so that the duplicates are removed from the merge file and then added to the original file. I think this makes logic a bit cleaner and also ensures that existing entries are not reordered or changed in any way.

* Streamlining previous commit

Adjustment to previous commit, streamlining and simplifying logic. Once $mergefile.nodups is created, just concatenate it the original file.

* Update to xdcpmerge

No need to copy $filebackup to $curfile, they are the same.

* Modify for debug conveniently

* add new cases and delete outdated test cases

* Modify genesis build script for centos x86_64

* Add space between at and the time

* Add a print out of the firmware levels for the various UT cases

* Add unit test cases for rspconfig

* rspconfig fix for set hostname

* Enhance the testing case for rspconfig setting hostname

* modified depending on comments

* modified depending on comments

* Add %pretrans script in <lua>. Handle directory to symlink change properly. See comment #3 of https://bugs.launchpad.net/rpm/+bug/633636

* Make xCAT-genesis-base confliects with early version of xCAT-genesis-scripts

* rspconfig dump to allow admins capture logs

* Adding comment

* Improve the error message when BMC does not return a dump ID

* Improve some messages and add timestamp for downloaded dump file

* Improve the message to help Admin figure out where the file is missing

* Leave a log file there when xCAT upgrade in case to debug issue while upgrading (#4389)

* Listen on 0.0.0.0 instead of the hostname

This patch modify the configuration of `makegocons` and `rcons`
for goconserver.

`cat /etc/goconserver/server.conf`
```
global:
  host: 0.0.0.0
  ssl_key_file: /etc/xcat/cert/server-key.pem
  ssl_cert_file: /etc/xcat/cert/server-cert.pem
  ssl_ca_cert_file: /etc/xcat/cert/ca.pem
  logfile: /var/log/goconserver/server.log
api:
  port: 12429
console:
  port: 12430
```

* Support hostname=* for openbmc

* Relay action and snmp configuration support for Coral PDU

* ddns.pm: specify the "directory" option for DNS slaves too (cf. bug #4392)

* Fix issue 4361, modify some sendmsg to message

* 1. add "makeconserver -d" to "rmdef -C", 2. add "makeconserver -C|--cleanup" to remove entries for removed nodes

* When there is a problem with the login, do not hide the message on debug mode. BMCReady does not make sense if the admin does not know how to find that state

* Change function from login_logout_request to login_request, not doing any logout here

* Check that RC is 200 to prevent unknown issues, handle the response generically

* OpenBMC rspconfig dump timeout fixes

* Fix issue 4408, modify error for rspconfig dump

* Clear all BMC Dump logs when BMC firmware flash

* modified depending on comments

* More modifications for pr 4386, to deal with the conflicts

* To handle one case which have 2 implementations, which one is for specific platform, on is for all platforms

* return when current status is RSPCONFIG_DUMP_DOWNLOAD_REQUEST

* fix issue 4417, delete 'clear next_status'

* fix issue 4353: rspconfig needs to support multiple IPs on the BMC and ignore ZeroConfigIPs

* Wait 15 seconds after OpenBMC interface with vlan tag to be activated

* Fix issue #4397: rspconfig <> hostname=xxx show error message when there is multiple network in bmc

* Some sentence modify for makeconservercf -C|--cleanup

* OpenBMC rspconfig dump better dump file name formatting

* Removed the --check and --ipsource option with PR 4258, update the man page

* Improve the message on the HTTP response

* modified depending on comments

* Only handle 404 and 504 in the login request code, defer the rest to deal_with_response()

* rflash stream support

* 1. configure ip/netmask/gateway only on the NIC whose IP match node BMC attribute, 2. add some information for LinkLocal address

* Fix confignetwork bond nic_type detection with multiple bonds

* Modified configonie --ntp command (#4436)

* Add man page for makegocons

This is the guide about how to make goconserver as
a replacement for conserver to help slove the issues reported
for conserver, like: #4043, #3543. For openbmc, the solution of
goconserver is much light-weighted than the conserver which could
help save the system resource. In addition, sshpass is not needed
for openbmc with goconserver.

Implement: #4337

* Add another key for node_info in order not to after the content of $node_info{$node}{bmc}

* enhance rflash stream

* makedhcp does not work well when all service nodes not running dhcp but disjointdhcps=1 (#4426) (#4440)

- if all service nodes not running dhcp, to treat it as disjointdhcps=0
- nodeset will send request to MN by default even if disjointdhcps=1
- Move out of the dhcp service checking from opts pre-check, and do it just before real makedhcp handling.

* rspconfig configure bmc vlan will hung because of PR 4383

* OpenBMC rspconfig dump enhancements

* Changes due to review comments

* Print debug message before login attempt

* Add warning when xCAT throttles SSL connections

* Display first [openbmc_debug] when entering openbmc.pm

* modified error msg

* Make sure credential files have a trailing newline (#4442)

* modified depending on comments

* Fix the typo in the man page of makegocons

* Update the print out based on the review comment, should not use  since the regular expression is removed

* Modify the nodeset disjoint test case accordingly for #4426

* Use short hostname in rcons for goconserver

As the certificate of xcat is signed with short hostname, this
commit force to use the short hostname in  the environment variable for
`congo console`.

* Fix issue 3497, make sense for reventlog msg

* Give summary after flash active when no debugmode

* Fix the issue that the IP configuration will fail if bmc attribute is a hostname

* enhance genimage for sles12sp2 (#4450)

* Add dhcp-client-identifier to lease block (#4429)

Machines that use Infiniband for PXE booting need to have the
dhcp-client-identifier set in the lease block.
Without it, they will not get the lease from the server.

* Support multiple bonds on bring-up

* modified depending on comments

* fix the check for rc to 1 on error cases

* modify response for bmcdiscover when error

* Ignore syslog error in monitorctrl when setNodeStatusAttributes (#4459)

* fix issue https://github.com/xcat2/xcat-core/issues/4411 (#4462)

* fix issue Compute nodes fail to get provisioned #4411: covert imgsrv and xcatmaster to their ip addresses in case the hostname cannot be resolved inside initrd for diskless

* More strict check to tell if it is a chroot env to avoid modify DB (#4463)

when genimage for SN image (#4365)

* issues for install license file on accton switches (#4460)

* Add test cases for rflash regular usage against openbmc

* modify depending on xuwei's comment

* add 2 more cases for option d

* enhance rflash upload message

* Do not display message for clearing dumps when only PNOR

* Display hostname even if multiple IP addresses

* modified depending on comments

* polished message

* Modify the default consoleondemand based on the global setting

This commit fix the bug that consoleondemand works incorrectly.

* modify depending on comments

* modified depending on comments

* enhance rflash error messages

* Modify documenation for servicenode attributes

* build rst file from Schema.pm by db2man

* change status back to starts

* modified depending on comments

* rm openbmcevents

* Usage and man page update for rspconfig dump

* let rflash error message flexible

* Add support for the "file -> (noderange) file" syntax in synclist with ServiceNodes (#4445)

* Add support for "file -  (noderange) file" in synclist when using
hierarchical mode. Fixes #4425

  This patch ensures that:
  1. the synclist is correctly parsed when running on a Service Node
  2. all files are synchronized to SNs in hierarchical mode

* Better test condition for #4425, addresses issue in
https://github.com/xcat2/xcat-core/pull/4445#issuecomment-349472901

* Fix issue 4477, if has node-<mac> will not create node-<mtms> for the same node

* fix issue updatenode -f loses directories when copying files to SN #4456 (#4494)

* comment from ErTao

* Crude attempt at including external configuration files in named.conf

* Fixes after the review

* Fix issue 4490, record any error when rflash active process

* add -d usage and manpage

* updatenode -F not work in hierachy env as the user name is FQDN of MN (#4484)

* updatenode -F not work in hierachy env (#4455)
 - add trace when -V is enabled
 - get the DSH_FROM_USERID from updatenode client

*  - when 'updatenode -F' need to push SN first, using root as non-root does not have permission write to 'SNsyncfiledir'
 - move the set DSH_FROM_USERID code out of the loop, and also cover remote client case.

* fix issue for command rspconfig hostname=*

* enhance rflash

* Adjust the server used for kernel/initrd and imgurl for petitboot (#4416)
 - URL for kernel/initrd, get the value from below value tftpserver -> xcatmaster -> myipfn
 - URL for image, get the value from below value nfsserver -> tftpserver -> xcatmaster -> myipfn

* NODE attribute didn't populate in /opt/xcat/xcatinfo after reboot (#4428)

* NODE attribute didn't populate in /opt/xcat/xcatinfo after reboot

* Get NODE from mypostscripts

* Improve the output message for reventlog, use a global variable to set PolicyFile Path

* If debug_msg is not provided, use an empty string

* Check for LinkLocal as well as 169.254 IP address

* Fix issue 4507, add parameter check for rspconfig admin_passwd

* record more information when rflash upload error

* Fix the error when using array ref in updatenode with old version perl, it is introduced by PR#4484 (#4518)

* Do not restart conserver if goconserver was started

If goconserver was enabled, do not start conserver when restart
xcatd on service node.

* remove the /etc/localtime before copy timezone file

* Use CONGO_CLIENT_TYPE to tell goconserver the source of client (#4501)

goconserver could send back message based on the client type
this commit set CONGO_CLIENT_TYPE to xcat to make the message
from goconserver more friendly.

* add rflash -d doc

* only ignore 169.254.x.x for OpenBMC

* Fix issue 4513, print out better error msg for reventlog -s

* Modify or add openbmc test cases or bundle

* add test cases for updatenode -f/F in hierarchy environment, covers issues #4456,#4455 and PR #4425 (#4500)
2017-12-14 05:03:34 -06:00

1686 lines
62 KiB
Perl
Executable File
Raw Blame History

package xCAT_plugin::ddns;
use strict;
use Getopt::Long;
use Net::DNS;
use File::Path;
use xCAT::Table;
use Sys::Hostname;
use xCAT::TableUtils;
use xCAT::NetworkUtils qw/getipaddr/;
use xCAT::Utils;
use Math::BigInt;
use MIME::Base64;
use xCAT::SvrUtils;
use Socket;
use Fcntl qw/:flock/;
use Data::Dumper;
# This is a rewrite of DNS management using nsupdate rather than
# direct zone mangling
my $callback;
my $distro = xCAT::Utils->osver();
my $service = "named";
# is this ubuntu ?
if ($distro =~ /ubuntu.*/i || $distro =~ /debian.*/i) {
$service = "bind9";
}
sub handled_commands
{
my @entries = xCAT::TableUtils->get_site_attribute("dnshandler");
my $site_entry = $entries[0];
unless (defined($site_entry)) {
return { "makedns" => "ddns" };
}
return { "makedns" => "site:dnshandler" };
}
sub getzonesfornet {
my $netent = shift;
my $net = $netent->{net};
my $mask = $netent->{mask};
my @zones = ();
if ($netent->{ddnsdomain}) {
push @zones, $netent->{ddnsdomain};
}
if ($net =~ /:/) { #ipv6, for now do the simple stuff under the assumption we won't have a mask indivisible by 4
$net =~ s/\/(.*)//;
my $maskbits = $1;
if ($maskbits % 4) {
die "Not supporting having a mask like $mask on an ipv6 network like $net";
}
my $netnum = getipaddr($net, GetNumber => 1);
unless ($netnum) { return (); }
$netnum->brsft(128 - $maskbits);
my $prefix = $netnum->as_hex();
my $nibbs = $maskbits / 4;
$prefix =~ s/^0x//;
my $rev;
foreach (reverse(split //, $prefix)) {
$rev .= $_ . ".";
$nibbs--;
}
while ($nibbs) {
$rev .= "0.";
$nibbs--;
}
$rev .= "ip6.arpa.";
push @zones, $rev;
return @zones;
}
#return all in-addr reverse zones for a given mask and net
#for class a,b,c, the answer is easy
#for classless, identify the partial byte, do $netbyte | (0xff&~$maskbyte) to get the highest value
#return sequence from $net to value calculated above
#since old bind.pm only went as far as class c, we will carry that over for now (more people with smaller than class c complained
#and none hit the theoretical conflict. FYI, the 'official' method in RFC 2317 seems cumbersome, but maybe one day it makes sense
#since this is dhcpv4 for now, we'll use the inet_aton, ntop functions to generate the answers (dhcpv6 omapi would be nice...)
my $netn = inet_aton($net);
my $maskn = inet_aton($mask);
unless ($netn and $mask) { return (); }
my $netnum = unpack('N', $netn);
my $masknum = unpack('N', $maskn);
if ($masknum >= 0xffffff00) { #treat all netmasks higher than 255.255.255.0 as class C
$netnum = $netnum & 0xffffff00;
$netn = pack('N', $netnum);
$net = inet_ntoa($netn);
$net =~ s/\.[^\.]*$//;
return (join('.', reverse(split('\.', $net))) . '.IN-ADDR.ARPA.');
} elsif ($masknum > 0xffff0000) { #(/17) to /23
my $tempnumber = ($netnum >> 8);
$masknum = $masknum >> 8;
my $highnet = $tempnumber | (0xffffff & ~$masknum);
foreach ($tempnumber .. $highnet) {
$netnum = $_ << 8;
$net = inet_ntoa(pack('N', $netnum));
$net =~ s/\.[^\.]*$//;
push @zones, join('.', reverse(split('\.', $net))) . '.IN-ADDR.ARPA.';
}
return @zones;
} elsif ($masknum > 0xff000000) { # (/9) to class b /16, could have made it more flexible, for for only two cases, not worth in
my $tempnumber = ($netnum >> 16); #the last two bytes are insignificant, shift them off to make math easier
$masknum = $masknum >> 16;
my $highnet = $tempnumber | (0xffff & ~$masknum);
foreach ($tempnumber .. $highnet) {
$netnum = $_ << 16; #convert back to the real network value
$net = inet_ntoa(pack('N', $netnum));
$net =~ s/\.[^\.]*$//;
$net =~ s/\.[^\.]*$//;
push @zones, join('.', reverse(split('\.', $net))) . '.IN-ADDR.ARPA.';
}
return @zones;
} else { #class a (theoretically larger, but those shouldn't exist)
my $tempnumber = ($netnum >> 24); #the last two bytes are insignificant, shift them off to make math easier
$masknum = $masknum >> 24;
my $highnet = $tempnumber | (0xff & ~$masknum);
foreach ($tempnumber .. $highnet) {
$netnum = $_ << 24; #convert back to the real network value
$net = inet_ntoa(pack('N', $netnum));
$net =~ s/\.[^\.]*$//;
$net =~ s/\.[^\.]*$//;
$net =~ s/\.[^\.]*$//;
push @zones, join('.', reverse(split('\.', $net))) . '.IN-ADDR.ARPA.';
}
return @zones;
}
}
sub get_reverse_zones_for_entity {
my $ctx = shift;
my $node = shift;
my $net;
if (($node =~ /loopback/) || ($node =~ /localhost/))
{
# do not use DNS to resolve localhsot
return;
}
if ($ctx->{hoststab} and $ctx->{hoststab}->{$node} and $ctx->{hoststab}->{$node}->[0]->{ip}) {
$node = $ctx->{hoststab}->{$node}->[0]->{ip};
}
my @tvars = getipaddr($node, GetNumber => 1, GetAllAddresses => 1);
my $tvar;
my @revs;
foreach $tvar (@tvars) {
foreach my $net (keys %{ $ctx->{nets} }) {
if ($ctx->{nets}->{$net}->{netn} == ($tvar & $ctx->{nets}->{$net}->{mask})) {
if ($net =~ /\./) { #IPv4/IN-ADDR.ARPA case.
my $maskstr = unpack("B32", pack("N", $ctx->{nets}->{$net}->{mask}));
my $maskcount = ($maskstr =~ tr/1//);
if ($maskcount >= 24)
{
$maskcount -= ($maskcount % 8); #e.g. treat the 27bit netmask as 24bit
}
else
{
$maskcount += ((8 - ($maskcount % 8)) % 8); #round to the next octet
}
my $newmask = 2**$maskcount - 1 << (32 - $maskcount);
my $rev = inet_ntoa(pack("N", ($tvar & $newmask)));
my @zone;
my @orig = split /\./, $rev;
while ($maskcount) {
$maskcount -= 8;
unshift(@zone, (shift @orig));
}
$rev = join('.', @zone);
$rev .= '.IN-ADDR.ARPA.';
push @revs, $rev;
} elsif ($net =~ /:/) { #v6/ip6.arpa case
$net =~ /\/(.*)/;
my $maskbits = $1;
unless ($maskbits and (($maskbits % 4) == 0)) {
die "Never expected this, $net should have had CIDR / notation... and the mask should be a factor of 4, if not, need work..."
}
my $netnum = Math::BigInt->new($ctx->{nets}->{$net}->{netn});
$netnum->brsft(128 - $maskbits);
my $prefix = $netnum->as_hex();
my $nibbs = $maskbits / 4;
$prefix =~ s/^0x//;
my $rev;
foreach (reverse(split //, $prefix)) {
$rev .= $_ . ".";
$nibbs--;
}
while ($nibbs) {
$rev .= "0.";
$nibbs--;
}
$rev .= "ip6.arpa.";
push @revs, $rev;
}
}
}
}
return @revs;
}
sub process_request {
my $request = shift;
$callback = shift;
my $oldmask = umask(0007);
my $ctx = {};
my @nodes = ();
my $hadargs = 0;
my $allnodes;
my $zapfiles;
my $help;
my $deletemode = 0;
my $external = 0;
my $slave = 0;
my $VERBOSE;
# Since the mandatory rpm perl-Net-DNS for makedns on sles12 (perl-Net-DNS-0.73-1.28) has a bug,
# user has to update it to a newer version
my @rpminfo = `rpm -qi perl-Net-DNS`;
my ($matchedver, $matchedrel);
foreach (@rpminfo) {
if (/Version\s*:\s*0.73/i) {
$matchedver = 1;
} elsif (/Release\s*:\s*1.28/i) {
$matchedrel = 1;
}
}
if ($matchedver && $matchedrel) {
xCAT::MsgUtils->message("E", { error => ["The necessary rpm perl-Net-DNS-0.73-1.28 needs be updated to a higher version for makedns to function. You can get a workable version perl-Net-DNS-0.80-1.x86_64.rpm from xCAT Dependency Repository. e.g. For sles12: zypper install perl-Net-DNS-0.80-1.<arch>"], errorcode => [1] }, $callback);
return;
}
if ($request->{arg}) {
$hadargs = 1;
@ARGV = @{ $request->{arg} };
Getopt::Long::Configure("no_pass_through");
Getopt::Long::Configure("bundling");
if (!GetOptions(
'a|all' => \$allnodes,
'n|new' => \$zapfiles,
'd|delete' => \$deletemode,
'e|external' => \$external,
's|slave' => \$slave,
'V|verbose' => \$VERBOSE,
'h|help' => \$help,
)) {
#xCAT::SvrUtils::sendmsg([1,"TODO: makedns Usage message"], $callback);
makedns_usage($callback);
umask($oldmask);
return;
}
}
if (defined($VERBOSE)) {
$::VERBOSE = $VERBOSE;
} else {
undef $::VERBOSE;
}
if ($::XCATSITEVALS{externaldns}) {
$external = 1;
}
if ($help)
{
makedns_usage($callback);
umask($oldmask);
return;
}
if ($deletemode && (!$request->{node}->[0]))
{
makedns_usage($callback);
umask($oldmask);
return;
}
$ctx->{deletemode} = $deletemode;
# check for site.domain
my @entries = xCAT::TableUtils->get_site_attribute("domain");
my $site_entry = $entries[0];
unless (defined($site_entry)) {
xCAT::SvrUtils::sendmsg([ 1, "domain not defined in site table" ], $callback);
umask($oldmask);
return;
}
$ctx->{domain} = $site_entry;
if ($::VERBOSE)
{
my $rsp;
push @{ $rsp->{data} },
"domain name = $site_entry";
xCAT::MsgUtils->message("I", $rsp, $callback);
}
if ($external) #need to check if /etc/resolv.conf existing
{
my $resolv = "/etc/resolv.conf";
my $cmd = "egrep '^nameserver|^search' $resolv";
my $acmd = "egrep '^nameserver|^domain' $resolv";
if (xCAT::Utils->isAIX())
{
$cmd = $acmd;
}
my @output = xCAT::Utils->runcmd($cmd, 0);
if ($::VERBOSE)
{
my $rsp;
my $outp = join(', ', @output);
push @{ $rsp->{data} },
"output from /etc/resolv.conf: $outp";
xCAT::MsgUtils->message("I", $rsp, $callback);
}
if ($::RUNCMD_RC != 0)
{
xCAT::SvrUtils::sendmsg([ 1, "You are using -e flag to update DNS records to an external DNS server, please ensure /etc/resolv.conf existing and pointed to this external DNS server." ], $callback);
umask($oldmask);
return;
}
}
# check for selinux disabled
my $rc = xCAT::Utils->isSELINUX();
if ($rc == 0)
{
xCAT::SvrUtils::sendmsg([ 0, "Warning:SELINUX is not disabled. The makedns command will not be able to generate a complete DNS setup. Disable SELINUX and run the command again." ], $callback);
}
my @entries = xCAT::TableUtils->get_site_attribute("nameservers");
my $sitens = $entries[0];
unless (defined($site_entry)) {
xCAT::SvrUtils::sendmsg([ 1, "nameservers not defined in site table" ], $callback);
umask($oldmask);
return;
}
if ($::VERBOSE)
{
my $rsp;
push @{ $rsp->{data} },
"nameservers = $sitens";
xCAT::MsgUtils->message("I", $rsp, $callback);
}
my $networkstab = xCAT::Table->new('networks', -create => 0);
unless ($networkstab) { xCAT::SvrUtils::sendmsg([ 1, 'Unable to enumerate networks, try to run makenetworks' ], $callback); }
my @networks = $networkstab->getAllAttribs('net', 'mask', 'ddnsdomain', 'domain', 'nameservers');
# exclude the net if it is using an external dns server.
foreach my $net (@networks)
{
if ($net and $net->{nameservers})
{
my $valid = 0;
my @myips;
my @myipsd = xCAT::NetworkUtils->my_ip_facing($net->{net});
my $myipsd_l = @myipsd;
unless ($myipsd[0]) { @myips = @myipsd[ 1 .. ($myipsd_l - 1) ]; }
foreach (split /,/, $net->{nameservers})
{
chomp $_;
foreach my $myip (@myips) {
if (($_ eq $myip) || ($_ eq '<xcatmaster>') || ($_ eq $sitens))
{
$valid += 1;
}
}
}
unless ($valid > 0)
{
$net = undef;
}
}
}
# if ($request->{node}) { #we have a noderange to process
# @nodes = @{$request->{node}};
#} elsif ($allnodes) {
if ($allnodes) {
#read all nodelist specified nodes
} else {
if (not $request->{node} and $deletemode) {
#when this was permitted, it really ruined peoples' days
xCAT::SvrUtils::sendmsg([ 1, "makedns -d without noderange or -a is not supported" ], $callback);
umask($oldmask);
return;
}
my @contents;
my $domain;
if ($request->{node}) { #leverage makehosts code to flesh out the options
require xCAT_plugin::hosts;
my @content1;
my @content2;
xCAT_plugin::hosts::add_hosts_content(nodelist => $request->{node}, callback => $callback, hostsref => \@content1);
xCAT_plugin::hosts::donics(nodes => $request->{node}, callback => $callback, hostsref => \@content2);
@contents = (@content1, @content2);
} else {
#legacy behavior, read from /etc/hosts
my $hostsfile;
open($hostsfile, "<", "/etc/hosts");
flock($hostsfile, LOCK_SH);
@contents = <$hostsfile>;
flock($hostsfile, LOCK_UN);
close($hostsfile);
}
my $addr;
my $name;
my $canonical;
my $aliasstr;
my @aliases;
my $names;
my @hosts;
my %nodehash;
my @eachhost;
my $invalid;
foreach (@contents) {
chomp; #no newline
s/#.*//; #strip comments;
s/^[ \t\n]*//; #remove leading whitespace
next unless ($_); #skip empty lines
($addr, $names) = split /[ \t]+/, $_, 2;
if ($addr !~ /^\d+\.\d+\.\d+\.\d+$/ and $addr !~ /^[abcdef0123456789:]+$/) {
xCAT::SvrUtils::sendmsg(":Ignoring line $_ in /etc/hosts, address seems malformed.", $callback);
next;
}
unless ($names =~ /^[a-z0-9\. \t\n-]+$/i) {
xCAT::SvrUtils::sendmsg(":Ignoring line $_ in /etc/hosts, names $names contain invalid characters (valid characters include a through z, numbers and the '-', but not '_'", $callback);
next;
}
$invalid = "";
@eachhost = split(/ /,$names);
foreach my $hname (@eachhost) {
if ($hname =~ /^\./) {
xCAT::SvrUtils::sendmsg(":Ignoring line $_ in /etc/hosts, name $hname start with . ", $callback);
$invalid = $names;
last;
}
}
if ($invalid) {
next;
}
my ($host, $ip) = xCAT::NetworkUtils->gethostnameandip($addr);
push @hosts, $host;
$nodehash{$addr}{names} = $names;
$nodehash{$addr}{host} = $host;
}
# get the domains for each node - one call for all nodes in hosts file
my $nd = xCAT::NetworkUtils->getNodeDomains(\@hosts);
my %nodedomains = %$nd;
foreach my $n (keys %nodehash) {
$addr = $n;
$names = $nodehash{$n}{names};
# - need domain for this node
my $host = $nodehash{$n}{host};
$domain = $nodedomains{$host};
# remove the first . at domain name since it's not accepted by high dns parser
if ($domain =~ /^\./) { $domain =~ s/^\.//; }
($canonical, $aliasstr) = split /[ \t]+/, $names, 2;
if ($aliasstr) {
@aliases = split /[ \t]+/, $aliasstr;
} else {
@aliases = ();
}
my %names = ();
my $node = $canonical;
xCAT::SvrUtils::sendmsg(":Handling $node in /etc/hosts.", $callback);
unless ($canonical =~ /$domain/) {
$canonical .= "." . $domain;
}
# for only the sake of comparison, ensure consistant dot suffix
unless ($canonical =~ /\.\z/) { $canonical .= '.' }
foreach my $alias (@aliases) {
unless ($alias =~ /\.$domain\z/) {
$alias .= "." . $domain;
}
unless ($alias =~ /\.\z/) {
$alias .= '.';
}
if ($alias eq $canonical) {
next;
}
# remember alias for CNAM records later
$ctx->{aliases}->{$node}->{$alias} = 1;
}
# exclude the nodes not belong to any nets defined in networks table
# because only the nets defined in networks table will be add
# zones later.
my $found = 0;
foreach (@networks)
{
if (xCAT::NetworkUtils->ishostinsubnet($addr, $_->{mask}, $_->{net}))
{
$found = 1;
}
}
if ($found)
{
push @nodes, $node;
$ctx->{nodeips}->{$node}->{$addr} = 1;
}
else
{
unless ($node =~ /localhost/)
{
xCAT::SvrUtils::sendmsg(":Ignoring host $node, it does not belong to any nets defined in networks table or the net it belongs to is configured to use an external nameserver.", $callback);
}
}
}
}
my $hoststab = xCAT::Table->new('hosts', -create => 0);
if ($hoststab) {
$ctx->{hoststab} = $hoststab->getNodesAttribs(\@nodes, ['ip']);
}
$ctx->{nodes} = \@nodes;
foreach (@networks) {
my $maskn;
if ($_->{mask}) { #better be IPv4, we only do CIDR for v6, use the v4/v6 agnostic just in case
$maskn = getipaddr($_->{mask}, GetNumber => 1); #pack("N",inet_aton($_->{mask}));
} elsif ($_->{net} =~ /\/(.*)/) { #CIDR
my $maskbits = $1;
my $numbits;
if ($_->{net} =~ /:/) { #v6
$numbits = 128;
} elsif ($_->{net} =~ /\./) {
$numbits = 32;
} else {
umask($oldmask);
die "Network " . $_->{net} . " appears to be malformed in networks table";
}
$maskn = Math::BigInt->new("0b" . ("1" x $maskbits) . ("0" x ($numbits - $maskbits)));
}
$ctx->{nets}->{ $_->{net} }->{mask} = $maskn;
my $net = $_->{net};
$net =~ s/\/.*//;
$ctx->{nets}->{ $_->{net} }->{netn} = getipaddr($net, GetNumber => 1);
my $currzone;
foreach $currzone (getzonesfornet($_)) {
$ctx->{zonestotouch}->{$currzone} = 1;
if ($::VERBOSE)
{
my $rsp;
push @{ $rsp->{data} },
"zone info for this $net: $currzone";
xCAT::MsgUtils->message("I", $rsp, $callback);
}
}
}
my $passtab = xCAT::Table->new('passwd');
my $pent = $passtab->getAttribs({ key => 'omapi', username => 'xcat_key' }, ['password']);
if ($pent and $pent->{password}) {
$ctx->{privkey} = $pent->{password};
} #do not warn/error here yet, if we can't generate or extract, we'll know later
my @entries = xCAT::TableUtils->get_site_attribute("forwarders");
my $site_entry = $entries[0];
if (defined($site_entry)) {
my @forwarders = split /[ ,]/, $site_entry;
$ctx->{forwarders} = \@forwarders;
}
my @slave_ips;
my $dns_slaves = get_dns_slave();
if (scalar @$dns_slaves) {
foreach my $slave_hn (@$dns_slaves) {
my $slave_ip = xCAT::NetworkUtils->getipaddr($slave_hn);
push @slave_ips, $slave_ip;
}
$ctx->{slaves} = \@slave_ips;
}
$ctx->{domain} =~ s/^\.//; # remove . if it's the first char of domain name
$ctx->{zonestotouch}->{ $ctx->{domain} } = 1;
foreach (@networks) {
if ($_->{domain}) {
$_->{domain} =~ s/^\.//; # remove . if it's the first char of domain name
$ctx->{zonestotouch}->{ $_->{domain} } = 1;
}
}
# get the listen on port for the DNS server from site.dnsinterfaces
my @dnsifinsite = xCAT::TableUtils->get_site_attribute("dnsinterfaces");
if (@dnsifinsite)
#syntax should be like host|ifname1,ifname2;host2|ifname3,ifname2 etc or simply ifname,ifname2
{
my $dnsinterfaces = $dnsifinsite[0];
my $listenonifs;
foreach my $dnsif (split /;/, $dnsinterfaces) {
if ($dnsif =~ /\|/) { # there's host in the string
my ($hosts, $dnsif) = split /\|/, $dnsif;
if (!xCAT::NetworkUtils->thishostisnot($hosts)) {
$listenonifs = $dnsif;
} else {
# this host string might be a xcat group, try to test each node in the group
foreach my $host (xCAT::NodeRange->noderange($hosts)) {
unless (xCAT::NetworkUtils->thishostisnot($host)) {
$listenonifs = $dnsif;
last;
}
}
}
} else {
$listenonifs = $dnsif;
}
# get the ip for each interface and set it to $ctx->{dnslistenonifs}
if ($listenonifs) {
$listenonifs = "lo," . $listenonifs;
# get the ip address for each interface
my (@listenipv4, @listenipv6);
for my $if (split /,/, $listenonifs) {
my @ifaddrs = `ip addr show $if`;
foreach (@ifaddrs) {
if (/^\s*inet\s+([^ ]*)/) {
my $ip = $1;
$ip =~ s/\/.*//;
push @listenipv4, $ip;
} elsif (/^\s*inet6\s+([^ ]*)/) {
my $ip = $1;
$ip =~ s/\/.*//;
push @listenipv6, $ip;
}
}
}
if (@listenipv4) {
$ctx->{dnslistenonifs}->{ipv4} = \@listenipv4;
}
if (@listenipv6) {
$ctx->{dnslistenonifs}->{ipv6} = \@listenipv6;
}
last;
}
}
}
xCAT::SvrUtils::sendmsg("Getting reverse zones, this may take several minutes for a large cluster.", $callback);
foreach (@nodes) {
my @revzones = get_reverse_zones_for_entity($ctx, $_);
unless (@revzones)
{
if ($::VERBOSE)
{
my $rsp;
push @{ $rsp->{data} },
"No reverse zones for $_ ";
xCAT::MsgUtils->message("I", $rsp, $callback);
}
next;
}
$ctx->{revzones}->{$_} = \@revzones;
foreach (@revzones) {
$ctx->{zonestotouch}->{$_} = 1;
}
}
xCAT::SvrUtils::sendmsg("Completed getting reverse zones.", $callback);
if (1) {
#TODO: function to detect and return 1 if the master server is
# DNS SOA for all the zones we care about here, we are examining
# files to assure that our key is in named.conf, the zones we
# care about are there, and that if active directory is in use,
# allow the domain controllers to update specific zones
@entries = xCAT::TableUtils->get_site_attribute("directoryprovider");
$site_entry = $entries[0];
if (defined($site_entry) and $site_entry eq 'activedirectory') {
@entries = xCAT::TableUtils->get_site_attribute("directoryservers");
$site_entry = $entries[0];
if (defined($site_entry)) {
my @dservers = split /[ ,]/, $site_entry;
$ctx->{adservers} = \@dservers;
############################
# - should this include all domains?
# - multi-domains not supported with activedirectory
# - TODO in future release
###################
$ctx->{adzones} = {
"_msdcs." . $ctx->{domain} => 1,
"_sites." . $ctx->{domain} => 1,
"_tcp." . $ctx->{domain} => 1,
"_udp." . $ctx->{domain} => 1,
};
}
}
@entries = xCAT::TableUtils->get_site_attribute("dnsupdaters");
$site_entry = $entries[0];
if (defined($site_entry)) {
my @nservers = split /[ ,]/, $site_entry;
$ctx->{dnsupdaters} = \@nservers;
}
unless ($external) { # only generate the named.conf and zone files for xCAT dns when NOT using external dns
if ($zapfiles || $slave) { #here, we unlink all the existing files to start fresh
if ($::VERBOSE)
{
my $rsp;
push @{ $rsp->{data} },
"Stop named service";
xCAT::MsgUtils->message("I", $rsp, $callback);
}
if (xCAT::Utils->isAIX())
{
system("/usr/bin/stopsrc -s $service");
}
else
{
#system("service $service stop"); #named may otherwise hold on to stale journal filehandles
xCAT::Utils->stopservice("named");
}
my $conf = get_conf();
unlink $conf;
my $DBDir = get_dbdir();
if ($::VERBOSE)
{
my $rsp;
push @{ $rsp->{data} },
"get_dbdir: $DBDir";
xCAT::MsgUtils->message("I", $rsp, $callback);
}
foreach (<$DBDir/db.*>) {
unlink $_;
}
}
#We manipulate local namedconf
$ctx->{dbdir} = get_dbdir();
$ctx->{zonesdir} = get_zonesdir();
chmod 0775, $ctx->{dbdir}; # assure dynamic dns can actually execute against the directory
if ($::VERBOSE)
{
my $rsp;
push @{ $rsp->{data} },
"Update Named Conf dir $ctx->{dbdir} $ctx->{zonesdir}";
xCAT::MsgUtils->message("I", $rsp, $callback);
}
update_namedconf($ctx, $slave);
unless ($slave)
{
update_zones($ctx);
}
if ($ctx->{restartneeded}) {
xCAT::SvrUtils::sendmsg("Restarting $service", $callback);
if (xCAT::Utils->isAIX())
{
#try to stop named
my $cmd = "/usr/bin/stopsrc -s $service";
my @output = xCAT::Utils->runcmd($cmd, 0);
$cmd = "/usr/bin/startsrc -s $service";
@output = xCAT::Utils->runcmd($cmd, 0);
my $outp = join('', @output);
if ($::RUNCMD_RC != 0)
{
my $rsp = {};
$rsp->{data}->[0] = "Command failed: $cmd. Error message: $outp.\n";
xCAT::MsgUtils->message("E", $rsp, $callback);
return;
}
}
else
{
#my $cmd = "service $service stop";
#my @output=xCAT::Utils->runcmd($cmd, 0);
#my $outp = join('', @output);
#if ($::RUNCMD_RC != 0)
#{
# my $rsp = {};
# $rsp->{data}->[0] = "Command failed: $cmd. Error message: $outp.\n";
# xCAT::MsgUtils->message("E", $rsp, $callback);
# return;
#}
#$cmd = "service $service start";
#@output=xCAT::Utils->runcmd($cmd, 0);
#$outp = join('', @output);
#if ($::RUNCMD_RC != 0)
#{
# my $rsp = {};
# $rsp->{data}->[0] = "Command failed: $cmd. Error message: $outp.\n";
# xCAT::MsgUtils->message("E", $rsp, $callback);
# return;
#}
my $retcode = xCAT::Utils->restartservice("named");
if ($retcode != 0) {
my $rsp = {};
$rsp->{data}->[0] = "failed to start named.\n";
xCAT::MsgUtils->message("E", $rsp, $callback);
return;
}
}
xCAT::SvrUtils::sendmsg("Restarting named complete", $callback);
}
}
} else {
unless ($ctx->{privkey}) {
xCAT::SvrUtils::sendmsg([ 1, "Unable to update DNS due to lack of credentials in passwd to communicate with remote server" ], $callback);
}
}
if ($slave)
{
return;
}
# check if named is active before update dns records.
unless ($external) { # only start xCAT local dns when NOT using external dns
if (xCAT::Utils->isAIX())
{
my $cmd = "/usr/bin/lssrc -s $service |grep active";
my @output = xCAT::Utils->runcmd($cmd, 0);
if ($::RUNCMD_RC != 0)
{
$cmd = "/usr/bin/startsrc -s $service";
@output = xCAT::Utils->runcmd($cmd, 0);
my $outp = join('', @output);
if ($::RUNCMD_RC != 0)
{
my $rsp = {};
$rsp->{data}->[0] = "Command failed: $cmd. Error message: $outp.\n";
xCAT::MsgUtils->message("E", $rsp, $callback);
return;
}
}
}
else
{
my $needtostart = 1;
# If named is already restarted in the same time, then to avoid starting it again.
# Rare case (#3082): to avoid two named daemon co-existing
if ($ctx->{restartneeded}) {
sleep 1;
$needtostart = xCAT::Utils->checkservicestatus("named");
}
if ($needtostart != 0)
{
my $retcode = xCAT::Utils->startservice("named");
if ($retcode != 0)
{
my $rsp = {};
$rsp->{data}->[0] = "failed to start named.\n";
xCAT::MsgUtils->message("E", $rsp, $callback);
return;
}
}
}
}
#now we stick to Net::DNS style updates, with TSIG if possible. TODO: kerberized (i.e. Windows) DNS server support, maybe needing to use nsupdate -g....
if ($external)
{
# based on /etc/resolv.conf
$ctx->{resolver} = Net::DNS::Resolver->new();
}
else
{
# default to localhost
$ctx->{resolver} = Net::DNS::Resolver->new(nameservers => ['127.0.0.1']);
}
my $ret = add_or_delete_records($ctx);
unless ($ret) {
xCAT::SvrUtils::sendmsg("DNS setup is completed", $callback);
}
umask($oldmask);
}
sub get_zonesdir {
my $ZonesDir = get_dbdir();
my @entries = xCAT::TableUtils->get_site_attribute("bindzones");
my $site_entry = $entries[0];
if (defined($site_entry)) {
$ZonesDir = $site_entry;
}
return "$ZonesDir";
}
sub get_conf {
my $conf = "/etc/named.conf";
# is this ubuntu ?
if ($distro =~ /ubuntu.*/i || $distro =~ /debian.*/i) {
$conf = "/etc/bind/named.conf";
}
my @entries = xCAT::TableUtils->get_site_attribute("bindconf");
my $site_entry = $entries[0];
if (defined($site_entry)) {
$conf = $site_entry;
}
return "$conf";
}
sub get_dbdir {
my $DBDir;
my @entries = xCAT::TableUtils->get_site_attribute("binddir");
my $site_entry = $entries[0];
if (defined($site_entry)) {
$DBDir = $site_entry;
}
if (-d "$DBDir") {
return "$DBDir"
} elsif (-d "/var/named") {
return "/var/named/";
} elsif (-d "/var/lib/named") {
# Temp fix for bugzilla 73119
chown(scalar(getpwnam('root')), scalar(getgrnam('named')), "/var/lib/named");
return "/var/lib/named/";
}
elsif (-d "/var/lib/bind") {
return "/var/lib/bind/";
}
else {
mkpath "/var/named/";
chown(scalar(getpwnam('named')), scalar(getgrnam('named')), "/var/named");
return "/var/named/";
}
}
sub isvalidip {
#inet_pton/ntop good for ensuring an ip looks like an ip? or do string compare manually?
#for now, do string analysis, one problem with pton/ntop is that 010.1.1.1 would look diff from 10.1.1.1)
my $candidate = shift;
if ($candidate =~ /^(\d+)\.(\d+)\.(\d+).(\d+)\z/) {
return (
$1 >= 0 and $1 <= 255 and
$2 >= 0 and $2 <= 255 and
$3 >= 0 and $3 <= 255 and
$4 >= 0 and $4 <= 255
);
}
}
sub update_zones {
my $ctx = shift;
my $currzone;
my $dbdir = $ctx->{dbdir};
my $name = hostname;
my $node = $name;
# get the domain for the node - which is the local hostname
my ($host, $nip) = xCAT::NetworkUtils->gethostnameandip($node);
my @hosts;
push(@hosts, $host);
my $nd = xCAT::NetworkUtils->getNodeDomains(\@hosts);
my %nodedomains = %$nd;
my $domain = $nodedomains{$host};
xCAT::SvrUtils::sendmsg("Updating zones.", $callback);
if ($domain =~ /^\./) { # remove . if it's the first char of domain name
$domain =~ s/^\.//;
}
unless ($name =~ /\./) {
$name .= "." . $domain;
}
unless ($name =~ /\.\z/) {
$name .= '.';
}
my $ip = $node;
if ($ctx->{hoststab} and $ctx->{hoststab}->{$node} and $ctx->{hoststab}->{$node}->[0]->{ip}) {
$ip = $ctx->{hoststab}->{$node}->[0]->{ip};
unless (isvalidip($ip)) {
xCAT::SvrUtils::sendmsg([ 1, "The hosts table entry for $node indicates $ip as an ip address, which is not a valid address" ], $callback);
next;
}
} else {
unless ($ip = inet_aton($ip)) {
print "Unable to find an IP for $node in hosts table or via system lookup (i.e. /etc/hosts";
xCAT::SvrUtils::sendmsg([ 1, "Unable to find an IP for $node in hosts table or via system lookup (i.e. /etc/hosts" ], $callback);
next;
}
$ip = inet_ntoa($ip);
}
my @neededzones = keys %{ $ctx->{zonestotouch} };
push @neededzones, keys %{ $ctx->{adzones} };
my ($sec, $min, $hour, $mday, $mon, $year, $rest) = localtime(time);
my $serial = ($mday * 100) + (($mon + 1) * 10000) + (($year + 1900) * 1000000);
foreach $currzone (@neededzones) {
my $zonefilename = $currzone;
if ($currzone =~ /IN-ADDR\.ARPA/) {
$currzone =~ s/\.IN-ADDR\.ARPA.*//;
my @octets = split /\./, $currzone;
$currzone = join('.', reverse(@octets));
$zonefilename = $currzone;
#If needed, the below, but it was a fairly painfully restricted paradigm for zonefile names...
#} elsif (not $zonefilename =~ /_/) {
# $zonefilename =~ s/\..*//; #compatible with bind.pm
}
unless (-f $dbdir . "/db.$zonefilename") {
my $zonehdl;
open($zonehdl, ">>", $dbdir . "/db.$zonefilename");
flock($zonehdl, LOCK_EX);
seek($zonehdl, 0, 0);
truncate($zonehdl, 0);
print $zonehdl '$TTL 86400' . "\n";
print $zonehdl '@ IN SOA ' . $name . " root.$name ( $serial 10800 3600 604800 86400 )\n";
print $zonehdl " IN NS $name\n";
if ($name =~ /$currzone/) { #Must guarantee an A record for the DNS server
print $zonehdl "$name IN A $ip\n";
}
flock($zonehdl, LOCK_UN);
close($zonehdl);
if ($distro =~ /ubuntu.*/i || $distro =~ /debian.*/i) {
chown(scalar(getpwnam('root')), scalar(getgrnam('bind')), $dbdir . "/db.$zonefilename");
}
else {
chown(scalar(getpwnam('named')), scalar(getgrnam('named')), $dbdir . "/db.$zonefilename");
}
$ctx->{restartneeded} = 1;
}
}
xCAT::SvrUtils::sendmsg("Completed updating zones.", $callback);
}
sub update_namedconf {
my $ctx = shift;
my $slave = shift;
my $namedlocation = get_conf();
my $nameconf;
my @newnamed;
my $gotoptions = 0;
my $gotkey = 0;
my %didzones;
if (-r $namedlocation) {
my @currnamed = ();
open($nameconf, "<", $namedlocation);
flock($nameconf, LOCK_SH);
@currnamed = <$nameconf>;
flock($nameconf, LOCK_UN);
close($nameconf);
my $i = 0;
for ($i = 0 ; $i < scalar(@currnamed) ; $i++) {
my $line = $currnamed[$i];
if ($line =~ /^options +\{/) {
$gotoptions = 1;
my $skip = 0;
do {
#push @newnamed,"\t\t//listen-on-v6 { any; };\n";
if ($ctx->{forwarders} and $line =~ /forwarders \{/) {
push @newnamed, "\tforwarders \{\n";
$skip = 1;
foreach (@{ $ctx->{forwarders} }) {
push @newnamed, "\t\t" . $_ . ";\n";
}
push @newnamed, "\t};\n";
} elsif ($ctx->{slaves} and $line =~ /allow-transfer \{/) {
push @newnamed, "\tallow-transfer \{\n";
$skip = 1;
foreach (@{ $ctx->{slaves} }) {
push @newnamed, "\t\t" . $_ . ";\n";
}
push @newnamed, "\t};\n";
} elsif ($ctx->{slaves} and $line =~ /also-notify \{/) {
push @newnamed, "\talso-notify \{\n";
$skip = 1;
foreach (@{ $ctx->{slaves} }) {
push @newnamed, "\t\t" . $_ . ";\n";
}
push @newnamed, "\t};\n";
} elsif (defined($ctx->{dnslistenonifs}) and defined($ctx->{dnslistenonifs}->{ipv4}) and $line =~ /listen-on \{/) {
push @newnamed, "\tlisten-on \{\n";
$skip = 1;
foreach (@{ $ctx->{dnslistenonifs}->{ipv4} }) {
push @newnamed, "\t\t" . $_ . ";\n";
}
push @newnamed, "\t};\n";
} elsif (defined($ctx->{dnslistenonifs}) and defined($ctx->{dnslistenonifs}->{ipv6}) and $line =~ /listen-on-v6 \{/) {
push @newnamed, "\tlisten-on-v6 \{\n";
$skip = 1;
foreach (@{ $ctx->{dnslistenonifs}->{ipv6} }) {
push @newnamed, "\t\t" . $_ . ";\n";
}
push @newnamed, "\t};\n";
} elsif ($skip) {
if ($line =~ /};/) {
$skip = 0;
}
} else {
push @newnamed, $line;
}
$i++;
$line = $currnamed[$i];
} while ($line !~ /^\};/);
push @newnamed, $line;
} elsif ($line =~ /^zone "([^"]*)" in \{/) {
my $currzone = $1;
if ($ctx->{zonestotouch}->{$currzone} or $ctx->{adzones}->{$currzone}) {
$didzones{$currzone} = 1;
my @candidate = ($line);
my $needreplace = 1;
do {
$i++;
$line = $currnamed[$i];
push @candidate, $line;
if ($line =~ /key xcat_key/) {
$needreplace = 0;
}
} while ($line !~ /^\};/); #skip the old file zone
unless ($needreplace) {
push @newnamed, @candidate;
next;
}
$ctx->{restartneeded} = 1;
push @newnamed, "zone \"$currzone\" in {\n", "\ttype master;\n", "\tallow-update {\n", "\t\tkey xcat_key;\n";
my @list;
if (not $ctx->{adzones}->{$currzone}) {
if ($ctx->{dnsupdaters}) {
@list = @{ $ctx->{dnsupdaters} };
}
} else {
if ($ctx->{adservers}) {
@list = @{ $ctx->{adservers} };
}
}
foreach (@list) {
push @newnamed, "\t\t$_;\n";
}
if ($currzone =~ /IN-ADDR\.ARPA/) {
my $net = $currzone;
$net =~ s/.IN-ADDR\.ARPA.*//;
my @octets = split /\./, $net;
$net = join('.', reverse(@octets));
push @newnamed, "\t};\n", "\tfile \"db.$net\";\n", "};\n";
} else {
my $zfilename = $currzone;
#$zfilename =~ s/\..*//;
push @newnamed, "\t};\n", "\tfile \"db.$zfilename\";\n", "};\n";
}
} else {
push @newnamed, $line;
do {
$i++;
$line = $currnamed[$i];
push @newnamed, $line;
} while ($line !~ /^\};/);
}
} elsif ($line =~ /^key xcat_key/) {
$gotkey = 1;
if ($ctx->{privkey}) {
#for now, assume the field is correct
#push @newnamed,"key xcat_key {\n","\talgorithm hmac-md5;\n","\tsecret \"".$ctx->{privkey}."\";\n","};\n\n";
push @newnamed, $line;
do {
$i++;
$line = $currnamed[$i];
push @newnamed, $line;
} while ($line !~ /^\};/);
} else {
push @newnamed, $line;
while ($line !~ /^\};/) { #skip the old file zone
if ($line =~ /secret \"([^"]*)\"/) {
my $passtab = xCAT::Table->new("passwd", -create => 1);
$passtab->setAttribs({ key => "omapi", username => "xcat_key" }, { password => $1 });
}
$i++;
$line = $currnamed[$i];
push @newnamed, $line;
}
}
} elsif ($line !~ /generated by xCAT/) {
push @newnamed, $line;
}
}
}
unless ($gotoptions) {
push @newnamed, "options {\n";
push @newnamed, "\tdirectory \"" . $ctx->{zonesdir} . "\";\n";
unless ($slave && xCAT::Utils->isLinux()) {
push @newnamed, "\tallow-recursion { any; };\n";
}
#push @newnamed,"\t\t//listen-on-v6 { any; };\n";
if ($ctx->{forwarders}) {
push @newnamed, "\tforwarders {\n";
foreach (@{ $ctx->{forwarders} }) {
push @newnamed, "\t\t$_;\n";
}
push @newnamed, "\t};\n";
}
if ($slave) {
push @newnamed, "\tallow-transfer { any; };\n";
} else {
if ($ctx->{slaves}) {
push @newnamed, "\tnotify yes;\n";
push @newnamed, "\tallow-transfer {\n";
foreach (@{ $ctx->{slaves} }) {
push @newnamed, "\t\t$_;\n";
}
push @newnamed, "\t};\n";
push @newnamed, "\talso-notify {\n";
foreach (@{ $ctx->{slaves} }) {
push @newnamed, "\t\t$_;\n";
}
push @newnamed, "\t};\n";
}
}
# add the listen-on option
if (defined($ctx->{dnslistenonifs}) and defined($ctx->{dnslistenonifs}->{ipv4})) {
push @newnamed, "\tlisten-on \{\n";
foreach (@{ $ctx->{dnslistenonifs}->{ipv4} }) {
push @newnamed, "\t\t" . $_ . ";\n";
}
push @newnamed, "\t};\n"
}
if (defined($ctx->{dnslistenonifs}) and defined($ctx->{dnslistenonifs}->{ipv6})) {
push @newnamed, "\tlisten-on-v6 \{\n";
foreach (@{ $ctx->{dnslistenonifs}->{ipv6} }) {
push @newnamed, "\t\t" . $_ . ";\n";
}
push @newnamed, "\t};\n";
}
push @newnamed, "};\n\n";
}
# include external configuration file(s) if present in site.namedincludes
my @entries = xCAT::TableUtils->get_site_attribute("namedincludes");
my $site_entry = $entries[0];
if (defined($site_entry)) {
my @includes = split /[ ,]/, $site_entry;
foreach (@includes) {
if (defined($_)) {
push @newnamed, "include \"$_\";\n";
}
}
push @newnamed, "\n";
}
unless ($slave) {
unless ($gotkey) {
unless ($ctx->{privkey}) { #need to generate one
$ctx->{privkey} = encode_base64(genpassword(32));
chomp($ctx->{privkey});
}
push @newnamed, "key xcat_key {\n", "\talgorithm hmac-md5;\n", "\tsecret \"" . $ctx->{privkey} . "\";\n", "};\n\n";
$ctx->{restartneeded} = 1;
}
}
my $cmd = "grep '^nameserver' /etc/resolv.conf | awk '{print \$2}'";
my @output = xCAT::Utils->runcmd($cmd, 0);
my $zone;
foreach $zone (keys %{ $ctx->{zonestotouch} }) {
if ($didzones{$zone}) { next; }
$ctx->{restartneeded} = 1; #have to add a zone, a restart will be needed
push @newnamed, "zone \"$zone\" in {\n";
if ($slave) {
push @newnamed, "\ttype slave;\n";
push @newnamed, "\tmasters { $output[0]; };\n";
} else {
push @newnamed, "\ttype master;\n", "\tallow-update {\n", "\t\tkey xcat_key;\n", "\t};\n";
foreach (@{ $ctx->{dnsupdaters} }) {
push @newnamed, "\t\t$_;\n";
}
}
if ($zone =~ /IN-ADDR\.ARPA/) {
my $net = $zone;
$net =~ s/.IN-ADDR\.ARPA.*//;
my @octets = split /\./, $net;
$net = join('.', reverse(@octets));
push @newnamed, "\tfile \"db.$net\";\n", "};\n";
} else {
my $zfilename = $zone;
#$zfilename =~ s/\..*//;
push @newnamed, "\tfile \"db.$zfilename\";\n", "};\n";
}
}
foreach $zone (keys %{ $ctx->{adzones} }) {
if ($didzones{$zone}) { next; }
$ctx->{restartneeded} = 1; #have to add a zone, a restart will be needed
push @newnamed, "zone \"$zone\" in {\n";
if ($slave) {
push @newnamed, "\ttype slave;\n";
push @newnamed, "\tmasters { $output[0]; };\n";
} else {
push @newnamed, "\ttype master;\n", "\tallow-update {\n", "\t\tkey xcat_key;\n";
foreach (@{ $ctx->{adservers} }) {
push @newnamed, "\t\t$_;\n";
}
}
my $zfilename = $zone;
#$zfilename =~ s/\..*//;
push @newnamed, "\t};\n", "\tfile \"db.$zfilename\";\n", "};\n\n";
}
# For AIX, add a hint zone
if (xCAT::Utils->isAIX())
{
unless (grep(/hint/, @newnamed))
{
push @newnamed, "zone \"\.\" in {\n", "\ttype hint;\n", "\tfile \"db\.cache\";\n", "};\n\n";
# Toutch the stub zone file
system("/usr/bin/touch $ctx->{dbdir}.'/db.cache'");
$ctx->{restartneeded} = 1;
if ($ctx->{forwarders})
{
my $dbcachefile = $ctx->{dbdir} . '/db.cache';
my $cmd = qq~dig @"$ctx->{forwarders}[0]" . ns >> $dbcachefile~;
my $outref = xCAT::Utils->runcmd("$cmd", 0);
if ($::RUNCMD_RC != 0)
{
my $rsp = {};
$rsp->{data}->[0] = "Failed to run command: $cmd.\n";
xCAT::MsgUtils->message("W", $rsp, $callback, 1);
}
}
}
}
my $newnameconf;
open($newnameconf, ">>", $namedlocation);
flock($newnameconf, LOCK_EX);
seek($newnameconf, 0, 0);
truncate($newnameconf, 0);
if ($newnameconf !~ /generated by xCAT/) {
print $newnameconf "\#generated by xCAT: /opt/xcat/sbin/makedns command \n";
}
for my $l (@newnamed) { print $newnameconf $l; }
flock($newnameconf, LOCK_UN);
close($newnameconf);
if ($distro =~ /ubuntu.*/i || $distro =~ /debian.*/i) {
chown(scalar(getpwnam('root')), scalar(getgrnam('bind')), $namedlocation);
}
else {
chown(scalar(getpwnam('root')), scalar(getgrnam('named')), $namedlocation);
}
}
sub add_or_delete_records {
my $ctx = shift;
xCAT::SvrUtils::sendmsg("Updating DNS records, this may take several minutes for a large cluster.", $callback);
unless ($ctx->{privkey}) {
my $passtab = xCAT::Table->new('passwd');
my $pent = $passtab->getAttribs({ key => 'omapi', username => 'xcat_key' }, ['password']);
if ($pent and $pent->{password}) {
$ctx->{privkey} = $pent->{password};
} else {
xCAT::SvrUtils::sendmsg([ 1, "Unable to find omapi key in passwd table" ], $callback);
}
}
my $node;
my @ips;
$ctx->{nsmap} = {}; #will store a map to known NS records to avoid needless redundant queries to sort nodes into domains
$ctx->{updatesbyzone} = {}; #sort all updates into their respective zones for bulk update for fewer DNS transactions
# get node domains
my $nd = xCAT::NetworkUtils->getNodeDomains(\@{ $ctx->{nodes} });
my %nodedomains = %{$nd};
foreach $node (@{ $ctx->{nodes} }) {
my $name = $node;
if (($name =~ /loopback/) || ($name =~ /localhost/))
{
next;
}
my $domain = $nodedomains{$node};
if ($domain =~ /^\./) { $domain =~ s/^\.//; } # remove . if it's the first char of domain name
unless ($name =~ /\.$domain\z/) { $name .= "." . $domain } # $name needs to represent fqdn, but must preserve $node as a nodename for cfg lookup
if ($ctx->{hoststab} and $ctx->{hoststab}->{$node} and $ctx->{hoststab}->{$node}->[0]->{ip}) {
@ips = ($ctx->{hoststab}->{$node}->[0]->{ip});
} else {
@ips = getipaddr($node, GetAllAddresses => 1);
if (not @ips and keys %{ $ctx->{nodeips}->{$node} }) {
@ips = keys %{ $ctx->{nodeips}->{$node} };
}
if (!defined($ips[0])) {
xCAT::SvrUtils::sendmsg([ 1, "Unable to find an IP for $node in hosts table or via system lookup (i.e. /etc/hosts)" ], $callback);
next;
}
}
foreach my $ip (@ips) {
$ctx->{currip} = $ip;
#time to update, A and PTR records, IPv6 still TODO
if ($ip =~ /\./) { #v4
$ip = join('.', reverse(split(/\./, $ip)));
$ip .= '.IN-ADDR.ARPA.';
} elsif ($ip =~ /:/) { #v6
$ip = getipaddr($ip, GetNumber => 1);
$ip = $ip->as_hex();
$ip =~ s/^0x//;
$ip = join('.', reverse(split(//, $ip)));
$ip .= '.ip6.arpa.';
} else {
die "ddns did not understand $ip result of lookup";
}
#ok, now it is time to identify which zones should actually hold the forward (A) and reverse (PTR) records and a nameserver to handle the request
my $revzone = $ip;
$ctx->{currnode} = $node;
$ctx->{currname} = $name;
$ctx->{currrevname} = $ip;
my $tmpdm;
unless ($domain =~ /\.$/) { $tmpdm = $domain . '.'; } #example.com becomes example.com.
find_nameserver_for_dns($ctx, $revzone);
find_nameserver_for_dns($ctx, $tmpdm);
}
}
my $zone;
foreach $zone (keys %{ $ctx->{updatesbyzone} }) {
unless (defined($ctx->{nsmap}->{$zone}) && $ctx->{nsmap}->{$zone}) {
next;
}
# the ns for zone might be multiple ones which separated with ,
foreach my $zoneserver (split(',', $ctx->{nsmap}->{$zone})) {
my $ip = xCAT::NetworkUtils->getipaddr($zoneserver);
if (!defined $ip) {
xCAT::SvrUtils::sendmsg([ 1, "Please make sure $zoneserver exist either in /etc/hosts or DNS." ], $callback);
return 1;
}
my $resolver = Net::DNS::Resolver->new(nameservers => [$ip]);
my $entry;
my $numreqs = 300; # limit to 300 updates in a payload, something broke at 644 on a certain sample, choosing 300 for now
my $update = Net::DNS::Update->new($zone);
foreach $entry (@{ $ctx->{updatesbyzone}->{$zone} }) {
if ($ctx->{deletemode}) {
$update->push(update => rr_del($entry));
} else {
$update->push(update => rr_add($entry));
}
$numreqs -= 1;
if ($numreqs == 0) {
# sometimes even the xcat_key is correct, but named still replies NOTAUTH, so retry
for (1 .. 3) {
$update->sign_tsig("xcat_key", $ctx->{privkey});
$numreqs = 300;
my $reply = $resolver->send($update);
if ($reply) {
if ($reply->header->rcode eq 'NOTAUTH') {
next;
}
if ($reply->header->rcode ne 'NOERROR') {
xCAT::SvrUtils::sendmsg([ 1, "Failure encountered updating $zone, error was " . $reply->header->rcode . ". See more details in system log." ], $callback);
}
}
else {
xCAT::SvrUtils::sendmsg([ 1, "No reply received when sending DNS update to zone $zone" ], $callback);
}
last;
}
$update = Net::DNS::Update->new($zone); #new empty request
}
}
if ($numreqs != 300) { #either no entries at all to begin with or a perfect multiple of 300
# sometimes even the xcat_key is correct, but named still replies NOTAUTH, so retry
for (1 .. 3) {
$update->sign_tsig("xcat_key", $ctx->{privkey});
my $reply = $resolver->send($update);
if ($reply) {
if ($reply->header->rcode eq 'NOTAUTH') {
next;
}
if ($reply->header->rcode ne 'NOERROR') {
xCAT::SvrUtils::sendmsg([ 1, "Failure encountered updating $zone, error was " . $reply->header->rcode . ". See more details in system log." ], $callback);
}
}
else {
xCAT::SvrUtils::sendmsg([ 1, "No reply received when sending DNS update to zone $zone" ], $callback);
}
last;
}
# sometimes resolver does not work if the update zone request sent so quick
sleep 1;
}
}
}
xCAT::SvrUtils::sendmsg("Completed updating DNS records.", $callback);
}
sub find_nameserver_for_dns {
my $ctx = shift;
my $zone = shift;
my $node = $ctx->{currnode};
my $ip = $ctx->{currip};
my $rname = $ctx->{currrevname};
my $name = $ctx->{currname};
unless ($name =~ /\.\z/) { $name .= '.' }
my @rrcontent;
if ($ip =~ /:/) {
@rrcontent = ("$name IN AAAA $ip");
} else {
@rrcontent = ("$name IN A $ip");
}
foreach (keys %{ $ctx->{nodeips}->{$node} }) {
unless ($_ eq $ip) {
if ($_ =~ /:/) {
push @rrcontent, "$name IN AAAA $_";
} else {
push @rrcontent, "$name IN A $_";
}
}
}
if (defined $ctx->{aliases}->{$node}) {
foreach (keys %{ $ctx->{aliases}->{$node} }) {
push @rrcontent, "$_ IN CNAME $name";
}
}
if ($ctx->{deletemode}) {
push @rrcontent, "$name TXT";
push @rrcontent, "$name A";
}
if ($zone =~ /IN-ADDR.ARPA/ or $zone =~ /ip6.arpa/) { #reverse style
@rrcontent = ("$rname IN PTR $name");
}
while ($zone) {
unless (defined $ctx->{nsmap}->{$zone}) { #ok, we already thought about this zone and made a decision
if ($zone =~ /^\.*192.IN-ADDR.ARPA\.*/ or $zone =~ /^\.*172.IN-ADDR.ARPA\.*/ or $zone =~ /127.IN-ADDR.ARPA\.*/ or $zone =~ /^\.*IN-ADDR.ARPA\.*/ or $zone =~ /^\.*ARPA\.*/) {
$ctx->{nsmap}->{$zone} = 0; #ignore zones that are likely to appear, but probably not ours
} elsif ($::XCATSITEVALS{ddnsserver}) {
$ctx->{nsmap}->{$zone} = $::XCATSITEVALS{ddnsserver};
} else {
my $reply = $ctx->{resolver}->query($zone, 'NS');
if ($reply) {
if ($reply->header->rcode ne 'NOERROR') {
xCAT::SvrUtils::sendmsg([ 1, "Failure encountered querying $zone, error was " . $reply->header->rcode ], $callback);
}
my @zoneserver;
foreach my $record ($reply->answer) {
if ($record->nsdname =~ /blackhole.*\.iana\.org/) {
$ctx->{nsmap}->{$zone} = 0;
} else {
push @zoneserver, $record->nsdname;
}
}
unless (defined($ctx->{nsmap}->{$zone})) {
$ctx->{nsmap}->{$zone} = join(',', @zoneserver);
}
} else {
$ctx->{nsmap}->{$zone} = 0;
}
}
}
if ($ctx->{nsmap}->{$zone}) { #we have a nameserver for this zone, therefore this zone is one to update
push @{ $ctx->{updatesbyzone}->{$zone} }, @rrcontent;
last;
} else { #we have it defined, but zero, means search higher domains. Possible to shortcut further by pointing to the right domain, maybe later
if ($zone !~ /\./) {
xCAT::SvrUtils::sendmsg([ 1, "Unable to find reverse zone to hold $node" ], $callback, $node);
last;
}
$zone =~ s/^[^\.]*\.//; #strip all up to and including first dot
unless ($zone) {
xCAT::SvrUtils::sendmsg([ 1, "Unable to find zone to hold $node" ], $callback, $node);
last;
}
}
}
}
sub genpassword
{
#Generate a pseudo-random password of specified length
my $length = shift;
my $password = '';
my $characters =
'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890';
srand; #have to reseed, rand is not rand otherwise
while (length($password) < $length)
{
$password .= substr($characters, int(rand 63), 1);
}
return $password;
}
sub makedns_usage
{
my $callback = shift;
my $rsp;
push @{ $rsp->{data} },
"\n makedns - sets up domain name services (DNS).";
push @{ $rsp->{data} }, " Usage: ";
push @{ $rsp->{data} }, "\tmakedns [-h|--help ]";
push @{ $rsp->{data} }, "\tmakedns [-V|--verbose]";
push @{ $rsp->{data} }, "\tmakedns [-V|--verbose] [-e|--external] [-n|--new ] [noderange]";
push @{ $rsp->{data} }, "\tmakedns [-V|--verbose] [-e|--external] [-d|--delete noderange]";
push @{ $rsp->{data} }, "\n";
xCAT::MsgUtils->message("I", $rsp, $callback);
return 0;
}
sub get_dns_slave
{
# get all service nodes with servicenode.nameserver=2
my @sns;
my @slaves;
my $sntab = xCAT::Table->new('servicenode');
my @ents = $sntab->getAllAttribs('node', 'nameserver');
foreach my $sn (@ents)
{
if ($sn->{'nameserver'} == 2)
{
push @sns, $sn->{'node'};
}
}
@slaves = xCAT::NodeRange::noderange(join(',', @sns));
return \@slaves;
}
1;
Reference in New Issue View Git Blame Copy Permalink