diff options
| author | B Stack <bgstack15@gmail.com> | 2018-06-05 21:54:43 -0400 |
|---|---|---|
| committer | B Stack <bgstack15@gmail.com> | 2018-06-05 21:57:10 -0400 |
| commit | 9411d13c4940ccce70070327b1e40b690ed2813c (patch) | |
| tree | 35960e6640da83b4e1f5984f97865bb89bda644a /sapsnug.sh | |
| download | former-gists-9411d13c4940ccce70070327b1e40b690ed2813c.tar.gz former-gists-9411d13c4940ccce70070327b1e40b690ed2813c.tar.bz2 former-gists-9411d13c4940ccce70070327b1e40b690ed2813c.zip | |
initial retrieval from github
Diffstat (limited to 'sapsnug.sh')
| -rw-r--r-- | sapsnug.sh/description | 1 | ||||
| -rw-r--r-- | sapsnug.sh/sapsnug.sh | 97 | ||||
| -rw-r--r-- | sapsnug.sh/snippet of clone.yml | 14 |
3 files changed, 112 insertions, 0 deletions
diff --git a/sapsnug.sh/description b/sapsnug.sh/description new file mode 100644 index 0000000..2a7101c --- /dev/null +++ b/sapsnug.sh/description @@ -0,0 +1 @@ +Wrapper for ansible to use nsupdate -g
\ No newline at end of file diff --git a/sapsnug.sh/sapsnug.sh b/sapsnug.sh/sapsnug.sh new file mode 100644 index 0000000..d897acb --- /dev/null +++ b/sapsnug.sh/sapsnug.sh @@ -0,0 +1,97 @@ +#!/bin/sh +# File: /etc/ansible/books/stable/clone/dependencies/sapsnug.sh +# Author: bgstack15 +# Startdate: 2018-04-05 10:12 +# Title: Script to Accept Parameters to Send to Nsupdate Using Gsstsig +# Purpose: To wrap nsupdate -g in ansible +# History: +# Usage: +# Run as root, or define variables SNUG_PASSWORD and SNUG_USERNAME +# Variables: +# SNUG_DEBUG with any value will direct output to cat instead of nsupdate -g. +# SNUG_DELIM="%" will replace this character with newlines, which nsupdate uses as statement delimiters +# Examples: +# SNUG_PASSWORD="example" SNUG_USERNAME="bgstack15" ./sapsnug.sh "update add 12.20.200.10.in-addr.arpa 300 IN PTR clonetest212.prod1.example.com." +# Reference: +# original research +# learn if root user framework.sh +# just use stdin for kinit https://serverfault.com/questions/422778/how-to-automate-kinit-process-to-obtain-tgt-for-kerberos/422783#422783 +# Improve: +# Documentation: +# This script exists because the nsupdate for ptr to our AD only works with gsstsig. +# Execute this manually with: +# kinit -E -k "$( hostname -s | tr '[[:lower:]]' '[[:upper:]]' )$" +# # DELETE ENTRY, single session +# nsupdate <<'EOF' +# update delete clonetest212.prod1.example.com. A +# send +# gsstsig +# update delete 12.20.200.10.in-addr.arpa ptr +# send +# EOF +# # CREATE ENTRY, single session +# nsupdate <<'EOF' +# update add clonetest212.prod1.example.com. 86400 A 10.200.20.12 +# send +# gsstsig +# update add 12.20.200.10.in-addr.arpa 300 IN PTR clonetest212.prod1.example.com. +# send +# EOF + +# Define functions +fail_out() { + # call: fail_out 1 "this will leave now with rc 1." + local trc="${1}" ; shift + test -n "${@}" && printf "%s\n" "${@}" 1>&2 + exit "${trc:-1}" +} + +# learn if root user +test "${USER}" = "root" && is_root=1 +test -n "${SUDO_USER}" && is_root="sudo" + +# prepare to get kerberos ticket +if test -z "${is_root}" ; +then + # not root, so need to use environment variables + test -z "${SNUG_USERNAME}" && fail_out 1 "${0}: SNUG_USERNAME is not defined, or was not run as root. Aborted." + test -z "${SNUG_PASSWORD}" && fail_out 1 "${0}: SNUG_PASSWORD is not defined, or was not run as root. Aborted." +fi + +# get kerberos ticket +if test -n "${is_root}" ; +then + # do it with host kerberos ticket + /bin/kinit -E -k "$( hostname -s | tr '[[:lower:]]' '[[:upper:]]' )$" +else + # do it with username and password + SNUG_USERNAME="$( printf "%s" "${SNUG_USERNAME}" | sed -r -e 's/^.*\\//;' -e 's/@.*$//;' )" + printf "%s" "${SNUG_PASSWORD}" | /bin/kinit "${SNUG_USERNAME}" 1>/dev/null ; trc=$? + case "${trc}" in + 0) : ;; + *) fail_out "${trc}" "${0}: kinit exited unexpectedly with code ${trc}. Aborted." ;; + esac +fi + +# fail out if klist fails +/usr/bin/klist 1>/dev/null 2>&1 ; trc=$? +case "${trc}" in + 0) : ;; + *) fail_out "${trc}" "${0}: klist exited unexpectedly with code ${trc}. Aborted." ;; +esac + +# run nsupdate with the commands +{ + printf "%s\n" "$@" | sed -r -e "s/${SNUG_DELIM:-%}\s?/\n/g;" + echo "send" + echo "quit" +} | { + if test -n "${SNUG_DEBUG}" ; + then + cat - ; trc=$? + else + nsupdate -g ; trc=$? + fi +} + +exit "${trc}"
\ No newline at end of file diff --git a/sapsnug.sh/snippet of clone.yml b/sapsnug.sh/snippet of clone.yml new file mode 100644 index 0000000..8aa0129 --- /dev/null +++ b/sapsnug.sh/snippet of clone.yml @@ -0,0 +1,14 @@ +# Reference: +# derive the in-addr.arpa reversed IP address https://github.com/ansible/ansible/issues/18738#issuecomment-264737140 + +- name: add reverse ptr records to dns for new servers + # whenever ansible adds support for nsupdate with gsstsig, please migrate to that method! + shell: /etc/ansible/books/stable/clone/dependencies/sapsnug.sh "update add {{ (item.ip.split('.'))[::-1]|join('.') }}.in-addr.arpa 300 IN PTR {{ item.name }}.{{ item.dns_zone | default(default_dns_zone) }}." + environment: + SNUG_USERNAME: "{{ vc_username }}" + SNUG_PASSWORD: "{{ vc_password }}" + #SNUG_DEBUG: yes + SNUG_DELIM: '%' + with_items: + - "{{ vms }}" + register: sapsnug
\ No newline at end of file |