diff options
author | Daniel Baumann <daniel.baumann@open-infrastructure.net> | 2022-06-14 05:48:35 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@open-infrastructure.net> | 2022-06-14 11:59:26 +0000 |
commit | eaa69380ee40333fce799e44dd6191f8f0a0dd76 (patch) | |
tree | 775593ae545584f76b6008b4c521a6c307e2a69d | |
parent | Consistently using curly braces for variables in git-whoami. (diff) | |
download | service-tools-eaa69380ee40333fce799e44dd6191f8f0a0dd76.tar.xz service-tools-eaa69380ee40333fce799e44dd6191f8f0a0dd76.zip |
Adding support for individual TSIG files per record, zone, and nameserver rather than having one global key for all updates in dehydrated-nsupdate.
Signed-off-by: Daniel Baumann <daniel.baumann@open-infrastructure.net>
-rwxr-xr-x | dehydrated/bin/dehydrated-nsupdate | 35 |
1 files changed, 30 insertions, 5 deletions
diff --git a/dehydrated/bin/dehydrated-nsupdate b/dehydrated/bin/dehydrated-nsupdate index 61c2e84..5bb253a 100755 --- a/dehydrated/bin/dehydrated-nsupdate +++ b/dehydrated/bin/dehydrated-nsupdate @@ -136,13 +136,38 @@ fi NAMESERVERS="$(echo "${NAMESERVERS}" | sed -e 's| |\n|g' | sort -u -V)" # update nameservers -if [ -n "${TSIG_KEYFILE}" ] && [ -e "${TSIG_KEYFILE}" ] -then - NSUPDATE_OPTIONS="-k ${TSIG_KEYFILE}" -fi - for NAMESERVER in ${NAMESERVERS} do + if [ -e "/etc/dehydrated/tsig/$(basename "${TXT_RECORD}" .).key" ] + then + # specific key per record + KEY="/etc/dehydrated/tsig/$(basename "${TXT_RECORD}" .).key" + elif [ -e "/etc/dehydrated/tsig/$(basename "${ZONE}" .).key" ] + then + # specific key per zone + KEY="/etc/dehydrated/tsig/$(basename "${ZONE}" .).key" + elif [ -e "/etc/dehydrated/tsig/$(basename "${NAMESERVER}" .).key" ] + then + # specific key per nameserver + KEY="/etc/dehydrated/tsig/$(basename "${NAMESERVER}" .).key" + elif [ -e "/etc/dehydrated/tsig.key" ] + then + # global key (filesystem) + KEY="/etc/dehydrated/tsig.key" + elif [ -n "${TSIG_KEYFILE}" ] && [ -e "${TSIG_KEYFILE}" ] + then + # global key (conffile) + KEY="${TSIG_KEYFILE}" + else + # no key + KEY="" + fi + + if [ -n "${KEY}" ] + then + NSUPDATE_OPTIONS="-k ${KEY}" + fi + echo -n " + sending '${HOOK_ACTION}' for ${TXT_RECORD} to ${NAMESERVER}..." # shellcheck disable=SC2086 |