named_setup.in 9.84 KB
Newer Older
1
#!/usr/bin/perl -wT
Leigh B. Stoller's avatar
Leigh B. Stoller committed
2
3
#
# EMULAB-COPYRIGHT
4
# Copyright (c) 2000-2005 University of Utah and the Flux Group.
Leigh B. Stoller's avatar
Leigh B. Stoller committed
5
6
# All rights reserved.
#
7
use English;
8
use Socket;
9
use strict;
10
11
12
13

#
# Suck out virtual names and create CNAME map entries.
#
14
15
# This script always does the right thing, so it does not matter who calls it. 
#
16
# usage: named_setup [-norestart]
17
18
#

19
20
21
22
23
24
25
26
#
# Function phototypes
#

sub assemble_zonefile($);
sub make_forward_zonefile($$$);
sub isroutable($);

27
28
29
30
#
# Configure variables
#
my $TB		= "@prefix@";
31
my $TBOPS       = "@TBOPSEMAIL@";
32
my $USERS	= "@USERNODE@";
33
my $DISABLED    = "@DISABLE_NAMED_SETUP@";
34
my $OURDOMAIN   = "@OURDOMAIN@";
35

Leigh B. Stoller's avatar
Leigh B. Stoller committed
36
my $mapdir			= "/etc/namedb";
37
38
39
40
my $mapfile			= "$mapdir/${OURDOMAIN}.db";
my $mapfiletail			= "$mapfile.tail";
my $mapfile_internal		= "$mapdir/${OURDOMAIN}.internal.db";
my $mapfile_internal_head	= "$mapfile_internal.head";
41
my $mapfile_internal_tail	= "$mapfile_internal.tail";
42
43
44
my $vnodesfile			= "$mapdir/vnodes.${OURDOMAIN}.db";
my $vnodesback 			= "$mapdir/vnodes.${OURDOMAIN}.db.backup";
my $reversedir			= "$mapdir/reverse";
45
my $restart_named		= 1;
46
my $dbg	= 0;
47
48
my @row;

49
50
use strict;

51
# If we are disabled, just quietly exit
52
53
54
55
if ($DISABLED) {
    exit 0;
}

56
# We do not want to run this script unless its the real version.
57
if ($EUID != 0) {
58
59
    die("*** $0:\n".
	"    Must be root! Maybe its a development version?\n");
60
61
}
# XXX Hacky!
62
if (0 && $TB ne "/usr/testbed") {
63
64
    die("*** $0:\n".
	"    Wrong version. Maybe its a development version?\n");
65
66
}

67
68
69
70
# un-taint path
$ENV{'PATH'} = '/bin:/usr/bin:/usr/sbin:/usr/local/bin';
delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};

71
72
# Turn off line buffering on output
$| = 1;
73

74
# Testbed Support libraries
75
76
77
use lib "@prefix@/lib";
use libtestbed;
use libdb;
78

79
80
81
82
83
84
85
#
# Check for norestart option.
#
if (@ARGV && $ARGV[0] eq "-norestart") {
    $restart_named = 0;
}

86
#
87
# We need to serialize this script to avoid a trashed map file.
88
#
89
90
91
92
if ((my $locked = TBScriptLock("named", 1)) != TBSCRIPTLOCK_OKAY()) {
    exit(0)
        if ($locked == TBSCRIPTLOCK_IGNORE);
    fatal("Could not get the lock after a long time!\n");
93
94
95
}

#
96
# Grab the list of all nodes, including virtual and widearea nodes
97
#
98
my $db_result =
99
100
    DBQueryFatal("select n.node_id, n.role, n.jailip, i.IP, i.role ".
		 "    from nodes as n ".
101
		 "left join node_types as nt on n.type=nt.type ".
102
		 "left join interfaces as i on n.phys_nodeid=i.node_id ". 
103
104
		 "where (n.role='testnode' or n.role='virtnode') ".
		 "    and (i.IP is not null or n.jailip is not null) ".
105
106
107
		 "    and (i.card is null or ".
		 "         i.role='" . TBDB_IFACEROLE_CONTROL() . "' or " .
		 "         i.role='" . TBDB_IFACEROLE_GW() . "') ");
108

109
110
111
112
#
# Sort out the routable and unroutable addresses, and make a map for reversing
# them
#
113
my %routable;
114
115
116
117
118
119
120
121
122
my %unroutable;
my %reverse;
while (my @row = $db_result->fetchrow_array()) {
    my $node_id = $row[0];
    my $nrole   = $row[1];
    my $jailIP  = $row[2];
    my $IP      = $row[3];
    my $irole   = $row[4];

123
    #
124
125
    # For most nodes, we get the IP address from the interfaces table; but, for
    # virtual nodes, we get it from the jailip column
126
    #
127
    if (defined($jailIP)) {
128
129
130
131
132
133
	$IP = $jailIP;
    }
    if (!$IP) {
	warn "named_setup: No IP for node $node_id!\n";
	next;
    }
134

135
136
137
138
    #
    # Special treatment for gateway interfaces - we give act as if they are a
    # separate node
    #
139
    if ($irole && $irole eq TBDB_IFACEROLE_GW()) {
140
141
	$node_id = "$node_id-gw";
    }
142

143
144
145
146
147
148
149
150
    #
    # Make a little structure so that we can make decisions later about this
    # node (ie. handling virt nodes differently)
    #
    my $node_rec = {
	IP   => $IP,
	role => $nrole
    };
151

152
153
154
155
156
157
158
159
    #
    # Sort it into the right pile based on whether or not it's routable
    #
    if (isroutable($IP)) {
	$routable{$node_id} = $node_rec;
    } else {
	$unroutable{$node_id} = $node_rec;
    }
160

161
162
163
164
165
166
167
168
169
170
    #
    # Put it into a map so we can generate the reverse zone file later
    #
    $IP =~ /(\d+\.\d+\.\d+)\.(\d+)/;
    if ($1 && $2) {
	my $subnet = $1;
	my $host = $2;
	push @{$reverse{$subnet}}, [$host, $node_id];
    } else {
	warn "Poorly formed IP address $IP\n";
171
172
173
174
    }
}

#
175
# Get the list of currently-reserved nodes so that we can make CNAMEs for them
176
#
177
$db_result =
178
    DBQueryFatal("select node_id,pid,eid,vname from reserved");
179

180
181
my %cnames;
while (my ($node_id,$pid,$eid,$vname) = $db_result->fetchrow_array()) {
182

183
184
185
186
187
188
    #
    # Handle some rare cases where a node can get reserved without a vname -
    # such as calling nalloc directly
    #
    if (!defined($vname)) {
	$vname = $node_id;
189
    }
190
191

    push @{$cnames{$node_id}}, "$vname.$eid.$pid";
192
193
194
195
}


#
196
# Make the zone file for routable IP addresses
197
#
198
199
make_forward_zonefile($mapfiletail,\%routable,\%cnames);
assemble_zonefile($mapfile);
200

201
#
202
203
# Make the zone file that includes both routable and unroutable IP addresses,
# if the site has a .head file for it
204
205
#
if (-e $mapfile_internal_head) {
206
207
208
    make_forward_zonefile($mapfile_internal_tail,
	{%routable, %unroutable},\%cnames);
    assemble_zonefile($mapfile_internal);
209
}
210

211

212
213
214
215
216
217
218
219
220
221
222
223
224
#
# Look for reverse zone files that we may need to make
#
opendir(DIR,$reversedir) or fatal("Unable to open directory $reversedir\n");
while (my $dirent = readdir(DIR)) {
    if ($dirent !~ /((\d+\.\d+\.\d+)\.db)\.head/) {
	next;
    }
    my $subnet = $2;
    my $basename = $1;

    my $filename = "$reversedir/$basename.tail";
    open MAP, ">$filename" || fatal("Couldn't open $filename: $!\n");
225
226
227
228
229
    if ($reverse{$subnet}) {
	foreach my $aref (sort {$$a[0] <=> $$b[0]} @{$reverse{$subnet}}) {
	    my ($host, $name) = @$aref;
	    printf MAP "$host\tIN\tPTR\t$name.$OURDOMAIN.\n";
	}
230
231
232
    }
    close MAP;

233
    assemble_zonefile("$reversedir/$basename");
234
235
236
237
    
}
closedir DIR;

238
#
239
# Get the nameserver to reload the zone files.
240
241
242
# This is better than HUPing the nameserver directly. Notet that we look
# for a local port of named first.
#
243
244
245
246
247
248
249
250
if ($restart_named) {
    if (-x "/usr/local/sbin/rndc") {
	system("/usr/local/sbin/rndc reload > /dev/null") == 0 or
	    fatal("/usr/local/sbin/rndc reload failed!\n");
    } else {
	system("named.reload > /dev/null") == 0 or
	    fatal("named.reload failed!\n");
    }
251
}
252
253
TBScriptUnlock();
exit(0);
254

255
256
257
#
# Die and tell someone about it
#
258
sub fatal {
259
    my $msg = $_[0];
260

261
    TBScriptUnlock();
262
    SENDMAIL($TBOPS, "Named Setup Failed", $msg);
263
264
    die($msg);
}
265
266

#
267
# Put together a zone file from its consituent head and tail pieces
268
#
269
270
sub assemble_zonefile($) {
    my ($mapfile) = @_;
271
272

    my $mapfileback = "$mapfile.backup";
273
274
    my $mapfilehead = "$mapfile.head";
    my $mapfiletail = "$mapfile.tail";
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321

    #
    # Concat the head and tail files to create the new map.
    #
    if (-e $mapfile) {
	system("mv -f $mapfile $mapfileback") == 0 or
	fatal("Could not back up $mapfile to $mapfileback\n");
    }

    #
    # Generate a warning so that no one tries to edit the file by hand
    #
    open(MAP, ">$mapfile") || fatal("Couldn't open $mapfile\n");
    print MAP
    ";\n".
    "; ******************************************************************\n".
    "; DO NOT EDIT THIS FILE. IT IS A CREATION, A FIGMENT, A CONTRIVANCE!\n".
    ";\n".
    "; Edit the \"head\" file, then run ${TB}bin/named_setup.\n".
    "; ******************************************************************\n".
    ";\n";

    #
    # Now copy in the head part of the map, looking for the serial
    # number so it can be bumped up.
    #
    open(MAPHEAD, "<$mapfilehead") || fatal("Couldn't open $mapfilehead\n");
    while (<MAPHEAD>) {
	if ( /;\s*Serial\s+/i ) {
	    my $serial = `date +%s`;
	    chop $serial;

	    print MAP "\t\t\t$serial\t; Serial Number -- DO NOT EDIT\n";
	}
	else {
	    print MAP "$_";
	}
    }
    close(MAPHEAD);
    close(MAP);

    #
    # Now the tail of the map.
    # 
    system("cat $mapfiletail >> $mapfile") == 0 or
    fatal("Failed to concat $mapfiletail to $mapfile\n");
}
322

323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
#
# Make a forward zone file, from the given map of addresses and CNAMEs
#
sub make_forward_zonefile($$$) {
    my ($filename, $addresses, $cnames) = @_;
    open(MAP, ">$filename") || fatal("Couldn't open $filename\n");
    print MAP "\n";
    print MAP ";\n";
    print MAP "; DO NOT EDIT below this point. Auto generated map entries!\n";
    print MAP ";\n";
    print MAP "\n";

    #
    # Start out with the A records for the nodes
    #
    print MAP "\n";
    print MAP ";\n";
    print MAP "; Nodes\n";
    print MAP ";\n";
    print MAP "\n";
    while (my ($node_id, $node_rec) = each %$addresses) {

	#
	# Special treatment for virtual nodes - we only bother to print them
	# out if some has reserved them (ie. if they have a CNAME)
	#
	if (($node_rec->{role} eq "virtnode") && (!$cnames->{$node_id})) {
	    next;
	}

	print MAP "$node_id\tIN\tA\t$node_rec->{IP}\n";
	print MAP "\tIN\tMX 10\t$USERS.\n";
    }

    #
    # Switch the TTL to 1 second for CNAMEs so that people will changes quickly
    # as experiments swap in and out
    #
    print MAP "\n";
    print MAP "\$TTL\t1\n\n";

    print MAP "\n";
    print MAP ";\n";
    print MAP "; CNAMEs for reserved nodes\n";
    print MAP ";\n";
    print MAP "\n";

    while (my ($pname, $vnames) = each %$cnames) {
	#
	# Only print out CNAMEs for nodes that are actually going into this map
	#
	next unless ($addresses->{$pname});

	#
	# Write out every CNAME for this pnode
	#
	foreach my $vname (@$vnames) {
	    my $formatted_vname = sprintf "%-50s", $vname;
	    print MAP "$formatted_vname\tIN\tCNAME\t$pname\n";
	}
    }

    print MAP "\n";
    close(MAP);
}

389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
#
# Is an IP routable?
#
sub isroutable($)
{
    my ($IP)  = @_;
    my ($a,$b,$c,$d) = ($IP =~ /^(\d*)\.(\d*)\.(\d*)\.(\d*)/);

    #
    # These are unroutable:
    # 10.0.0.0        -   10.255.255.255  (10/8 prefix)
    # 172.16.0.0      -   172.31.255.255  (172.16/12 prefix)
    # 192.168.0.0     -   192.168.255.255 (192.168/16 prefix)
    #

    # Easy tests.
    return 0
	if (($a eq "10") ||
	    ($a eq "192" && $b eq "168"));

    # Lastly
    return 0
	if (inet_ntoa((inet_aton($IP) & inet_aton("255.240.0.0"))) eq
	    "172.16.0.0");

    return 1;
}