def _add_all_systems():
for hostname in config.get_servers():
# Is a KVM host?
if config.host(hostname).is_host():
_host_add(hostname)
elif config.host(hostname).is_guest():
_guest_add(hostname)
def rsyslog_newcerts(args):
'''
Generate new tls certs for rsyslog server and all clients defined in install.cfg.
NOTE: This needs to be executed once a year.
'''
x("mkdir -p /etc/pki/rsyslog")
# Copy certs template
template_ca = "{0}template.ca".format(get_install_dir())
x("cp -f /opt/syco/var/rsyslog/template.ca {0}".format(template_ca))
hostname = "{0}.{1}".format(net.get_hostname(), config.general.get_resolv_domain())
_replace_tags(template_ca, hostname)
# Making CA
x("certtool --generate-privkey --outfile /etc/pki/rsyslog/ca.key")
x("certtool --generate-self-signed --load-privkey /etc/pki/rsyslog/ca.key "+
"--outfile /etc/pki/rsyslog/ca.crt " +
"--template {0}".format(template_ca)
)
#
# Create rsyslog SERVER cert
#
for server in get_servers():
_create_cert(server)
def add_ossec_chain():
"""
OSSEC IPtables rules
OSSEC Server
Servers in network -> IN -> udp -> 1514 -> OSSEC Server
Servers in network <- OUT <- udp <- 1514 <- OSSEC Server
OSSEC Client
OSSEC Server -> IN -> udp -> 1514 -> OSSEC Client
OSSEC Server <- OUT <- udp <- 1514 <- OSSEC Client
"""
del_ossec_chain()
if not os.path.exists("/var/ossec"):
return
app.print_verbose("Add iptables chain for OSSEC")
# Create chains.
iptables("-N ossec_in")
iptables("-N ossec_out")
iptables("-A syco_input -p udp -j ossec_in")
iptables("-A syco_output -p udp -j ossec_out")
# Ossec Server
if os.path.exists("/var/ossec/bin/ossec-remoted"):
for server in get_servers():
try:
iptables("-A ossec_in -p udp -s %s --dport 1514 -j allowed_udp" % config.host(server).get_front_ip())
iptables("-A ossec_out -p udp -d %s --dport 1514 -j allowed_udp" % config.host(server).get_front_ip())
except Exception, e:
pass
def rsyslog_newcerts(args):
"""
Generate new tls certs for rsyslog server and all clients defined in install.cfg.
NOTE: This needs to be executed once a year.
"""
x("mkdir -p /etc/pki/rsyslog")
# Copy certs template
template_ca = "{0}template.ca".format(get_install_dir())
x("cp -f /opt/syco/var/rsyslog/template.ca {0}".format(template_ca))
hostname = "{0}.{1}".format(net.get_hostname(),
config.general.get_resolv_domain())
_replace_tags(template_ca, hostname)
# Making CA
x("certtool --generate-privkey --outfile /etc/pki/rsyslog/ca.key")
x("certtool --generate-self-signed --load-privkey /etc/pki/rsyslog/ca.key "
+ "--outfile /etc/pki/rsyslog/ca.crt " +
"--template {0}".format(template_ca))
#
# Create rsyslog SERVER cert
#
for server in get_servers():
_create_cert(server)
def _set_servers(self, hostname):
'''
Set servers/hosts to perform the remote install on.
'''
if (hostname):
self._servers.append(hostname)
if (config.host(hostname).is_host()):
self._servers += config.host(hostname).get_guests()
else:
self._servers = config.get_servers()
sorted(self._servers)
def _set_servers(self, hostname):
"""
Set servers/hosts to perform the remote install on.
"""
if hostname:
self._servers.append(hostname)
if config.host(hostname).is_host():
self._servers += config.host(hostname).get_guests()
else:
self._servers = config.get_servers()
sorted(self._servers)
def _set_servers(self, hostname):
'''
Set servers/hosts to perform the remote install on.
'''
if (hostname):
self.servers.append(hostname)
if (config.host(hostname).is_host()):
self.servers += config.host(hostname).get_guests()
else:
self.servers = config.get_servers()
sorted(self.servers)
def install_ossecd(args):
'''
Install OSSEC server in the server
'''
#OSSEC DOWNLOAD URL
ossec_download = "http://www.ossec.net/files/ossec-hids-2.6.tar.gz"
#Installing OSSEC
x('yum install gcc make perl-Time-HiRes')
x("wget -P /tmp/ " + ossec_download)
x("tar -C /tmp -zxf /tmp/ossec-hids* ")
x("rm -rf /tmp/ossec-hids*.tar.gz")
x("mv /tmp/ossec-hids* /tmp/ossecbuild")
x('\cp -f /opt/syco/var/ossec/osseconf/preloaded-vars-server.conf /tmp/ossecbuild/etc/preloaded-vars.conf'
)
x('/tmp/ossecbuild/install.sh')
#Generating keys for ossec all klients to work
for server in get_servers():
x('/tmp/ossecbuild/contrib/ossec-batch-manager.pl -a -n ' + server +
'.fareoffice.com -p ' + config.host(server).get_back_ip())
x("grep " + server +
".fareoffice.com /var/ossec/etc/client.keys > /var/ossec/etc/" +
server + ".fareoffice.com_client.keys")
#Setting upp server config and local rules from syco
('\cp -f /opt/syco/var/ossec/osseconf/ossec_server.conf /var/ossec/etc/ossec.conf'
)
x('\cp -f /opt/syco/var/ossec/osseconf/local_rules.xml /var/ossec/rules/local_rules.xml'
)
x('chown root:ossec /var/ossec/rules/local_rules.xml')
x('chmod 550 /var/ossec/rules/local_rules.xml')
x('chown root:ossec /var/ossec/etc/ossec.conf')
#Enabling syslog logging
x('/var/ossec/bin/ossec-control enable client-syslog')
#Restaring OSSEC server
x('/var/ossec/bin/ossec-control restart')
x('/var/ossec/bin/ossec-remoted start')
#Cleaning upp install
x('rm -rf /tmp/ossecbuild')
x('yum remove gcc make perl-Time-HiRes')
def install_ossecd(args):
'''
Install OSSEC server in the server
'''
#OSSEC DOWNLOAD URL
ossec_download = "http://www.ossec.net/files/ossec-hids-2.6.tar.gz"
#Installing OSSEC
x('yum install gcc make perl-Time-HiRes')
x("wget -P /tmp/ "+ossec_download)
x("tar -C /tmp -zxf /tmp/ossec-hids* ")
x("rm -rf /tmp/ossec-hids*.tar.gz")
x("mv /tmp/ossec-hids* /tmp/ossecbuild")
x('\cp -f /opt/syco/var/ossec/osseconf/preloaded-vars-server.conf /tmp/ossecbuild/etc/preloaded-vars.conf')
x('/tmp/ossecbuild/install.sh')
#Generating keys for ossec all klients to work
for server in get_servers():
x('/tmp/ossecbuild/contrib/ossec-batch-manager.pl -a -n '+server+'.fareoffice.com -p '+config.host(server).get_back_ip())
x("grep "+server+".fareoffice.com /var/ossec/etc/client.keys > /var/ossec/etc/"+server+".fareoffice.com_client.keys")
#Setting upp server config and local rules from syco
('\cp -f /opt/syco/var/ossec/osseconf/ossec_server.conf /var/ossec/etc/ossec.conf')
x('\cp -f /opt/syco/var/ossec/osseconf/local_rules.xml /var/ossec/rules/local_rules.xml')
x('chown root:ossec /var/ossec/rules/local_rules.xml')
x('chmod 550 /var/ossec/rules/local_rules.xml')
x('chown root:ossec /var/ossec/etc/ossec.conf')
#Enabling syslog logging
x('/var/ossec/bin/ossec-control enable client-syslog')
#Restaring OSSEC server
x('/var/ossec/bin/ossec-control restart')
x('/var/ossec/bin/ossec-remoted start')
#Cleaning upp install
x('rm -rf /tmp/ossecbuild')
x('yum remove gcc make perl-Time-HiRes')
def _generate_client_keys():
'''
Generating keys for all ossec clients.
And prepare separate key files that can be downloaded by each client.
'''
install_dir = get_install_dir()
for server in get_servers():
fqdn = '{0}'.format(server)
fqdn2 = '{0}.{1}'.format(server, config.general.get_resolv_domain())
x("{0}ossecbuild/contrib/ossec-batch-manager.pl -a --name {1} --ip {2}"
.format(install_dir, fqdn,
config.host(server).get_front_ip()))
# Prepare separate key files that can be downloaded by each client.
x("grep {0} /var/ossec/etc/client.keys > ".format(fqdn) +
"/var/ossec/etc/{0}_client.keys".format(fqdn2))
x('chmod 640 /var/ossec/etc/*.keys')
x('chown ossec:ossec /var/ossec/etc/*.keys')
def umount_syco(args):
'''
SSH Umount all syco servers on ~/mount/XX
Tested on Ubuntu and os x.
'''
app.print_verbose("Umount syco servers.")
# Cache master password.
app.get_root_password()
user_name = pwd.getpwuid(os.getuid()).pw_name
for hostname in config.get_servers():
ip = config.host(hostname).get_back_ip()
mount_dir = os.environ['HOME'] + "/mount/" + hostname
if os.access(mount_dir, os.W_OK):
shell_run("umount " + mount_dir)
def _setup_backup_for_all_servers():
servers = config.get_servers()
total_servers = len(servers)
checked_servers = 0
while(len(servers)):
checked_servers += 1
hostname = servers.pop()
ip = config.host(hostname).get_back_ip()
remote_server = ssh.Ssh(ip, app.get_root_password())
if (remote_server.is_alive()):
remote_server.install_ssh_key()
_configure_backup_pathes(remote_server, ip, hostname)
else:
servers.insert(0, hostname)
app.print_error("Server " + hostname + " is not alive.")
if (checked_servers > total_servers):
total_servers = len(servers)
checked_servers = 0
time.sleep(60)
def _setup_backup_for_all_servers():
servers = config.get_servers()
total_servers = len(servers)
checked_servers = 0
while (len(servers)):
checked_servers += 1
hostname = servers.pop()
ip = config.host(hostname).get_back_ip()
remote_server = ssh.Ssh(ip, app.get_root_password())
if (remote_server.is_alive()):
remote_server.install_ssh_key()
_configure_backup_pathes(remote_server, ip, hostname)
else:
servers.insert(0, hostname)
app.print_error("Server " + hostname + " is not alive.")
if (checked_servers > total_servers):
total_servers = len(servers)
checked_servers = 0
time.sleep(60)
def umount_syco(args):
'''
SSH Umount all syco servers on ~/mount/XX
Tested on Ubuntu and os x.
'''
app.print_verbose("Umount syco servers.")
# Cache master password.
app.get_root_password()
user_name = pwd.getpwuid(os.getuid()).pw_name
for hostname in config.get_servers():
ip = config.host(hostname).get_back_ip()
mount_dir = os.environ['HOME'] + "/mount/" + hostname
if os.access(mount_dir, os.W_OK):
shell_run("umount " + mount_dir)
def rsyslog_newcerts():
'''
Script to generate new tls certs for rsyslog server and all klients.
got to run one every year.
Will get servers name from install.cfg and generat tls certs for eatch server listed.
'''
x("mkdir /etc/pki/rsyslog")
hostname = socket.gethostname()
#Making CA
x("certtool --generate-privkey --outfile /etc/pki/rsyslog/ca-key.pem")
x("certtool --generate-self-signed --load-privkey /etc/pki/rsyslog/ca-key.pem --outfile /etc/pki/rsyslog/ca.pem --template /opt/syco/var/rsyslog/template.ca")
#Making rsyslog SERVER cert
x("\cp -f /opt/syco/var/rsyslog/template.server /tmp/template."+hostname)
x("sed -i 's/SERVERNAME/"+hostname+"/g' /tmp/template."+hostname)
x("sed -i 's/SERIAL/1/g' /tmp/template."+hostname)
x("certtool --generate-privkey --outfile /etc/pki/rsyslog/"+hostname+"-key.pem")
x("certtool --generate-request --load-privkey /etc/pki/rsyslog/"+hostname+"-key.pem --outfile /etc/pki/rsyslog/"+hostname+"-req.pem --template /tmp/template."+hostname)
x("certtool --generate-certificate --load-request /etc/pki/rsyslog/"+hostname+"-req.pem --outfile /etc/pki/rsyslog/"+hostname+"-cert.pem \
--load-ca-certificate /etc/pki/rsyslog/ca.pem --load-ca-privkey /etc/pki/rsyslog/ca-key.pem --template /tmp/template."+hostname)
#Making serial
serial=2
for server in get_servers():
app.print_verbose("Generating tls certs for rsyslog client "+server)
x("\cp -f /opt/syco/var/rsyslog/template.server /tmp/template."+server)
x("sed -i 's/SERVERNAME/"+server+"/g' /tmp/template."+server)
x("sed -i 's/SERIAL/"+str(serial)+"/g' /tmp/template."+hostname)
x("certtool --generate-privkey --outfile /etc/pki/rsyslog/"+server+".fareoffice.com-key.pem")
x("certtool --generate-request --load-privkey /etc/pki/rsyslog/"+server+".fareoffice.com-key.pem --outfile /etc/pki/rsyslog/"+server+".fareoffice.com-req.pem --template /tmp/template."+server)
x("certtool --generate-certificate --load-request /etc/pki/rsyslog/"+server+".fareoffice.com-req.pem --outfile /etc/pki/rsyslog/"+server+".fareoffice.com-cert.pem \
--load-ca-certificate /etc/pki/rsyslog/ca.pem --load-ca-privkey /etc/pki/rsyslog/ca-key.pem --template /tmp/template."+server)
serial=serial+1
def _generate_client_keys():
'''
Generating keys for all ossec clients.
And prepare separate key files that can be downloaded by each client.
'''
install_dir = get_install_dir()
for server in get_servers():
fqdn = '{0}.{1}'.format(server, config.general.get_resolv_domain())
x("{0}ossecbuild/contrib/ossec-batch-manager.pl -a -n {1} -p {2}".format(
install_dir, fqdn, config.host(server).get_front_ip())
)
# Prepare separate key files that can be downloaded by each client.
x(
"grep {0} /var/ossec/etc/client.keys > ".format(fqdn) +
"/var/ossec/etc/{0}_client.keys".format(fqdn)
)
x('chmod 640 /var/ossec/etc/*.keys')
x('chown ossec:ossec /var/ossec/etc/*.keys')
def mount_syco(args):
'''
SSH Mount all syco servers to ~/mount/XX
Tested on Ubuntu and os x.
'''
app.print_verbose("Mount syco servers.")
# Cache master password.
app.get_root_password()
user_name = pwd.getpwuid(os.getuid()).pw_name
# What servers to install
remote_host = []
if args[1] == "":
remote_host = config.get_servers()
else:
remote_host.append(args[1])
for hostname in remote_host:
ip = config.host(hostname).get_back_ip()
app.print_verbose("Mount ~/mount/" + hostname + " from " + ip)
obj = ssh.Ssh(ip, app.get_root_password())
if (obj.is_alive()):
obj.install_ssh_key()
# ssh_mount_server
mount_dir = os.environ['HOME'] + "/mount/" + hostname
if not os.access(mount_dir, os.W_OK):
os.makedirs(mount_dir)
shell_run("umount " + mount_dir, user=user_name)
sshopt = "-o StrictHostKeychecking=no -o BatchMode=yes -o PasswordAuthentication=no -o GSSAPIAuthentication=no"
shell_run("sshfs root@" + ip + ":/opt/ " + mount_dir +
" -oauto_cache,reconnect " + sshopt,
user=user_name)
def add_ossec_chain():
'''
OSSEC IPtables rules
OSSEC Server
Servers in network -> IN -> udp -> 1514 -> OSSEC Server
Servers in network <- OUT <- udp <- 1514 <- OSSEC Server
OSSEC Client
OSSEC Server -> IN -> udp -> 1514 -> OSSEC Client
OSSEC Server <- OUT <- udp <- 1514 <- OSSEC Client
'''
del_ossec_chain()
if not os.path.exists('/var/ossec'):
return
app.print_verbose("Add iptables chain for OSSEC")
# Create chains.
iptables("-N ossec_in")
iptables("-N ossec_out")
iptables("-A syco_input -p udp -j ossec_in")
iptables("-A syco_output -p udp -j ossec_out")
# Ossec Server
if (os.path.exists('/var/ossec/bin/ossec-remoted')):
for server in get_servers():
try:
iptables(
"-A ossec_in -p udp -s %s --dport 1514 -j allowed_udp" %
config.host(server).get_front_ip())
iptables(
"-A ossec_out -p udp -d %s --dport 1514 -j allowed_udp" %
config.host(server).get_front_ip())
except Exception, e:
pass
def mount_syco(args):
'''
SSH Mount all syco servers to ~/mount/XX
Tested on Ubuntu and os x.
'''
app.print_verbose("Mount syco servers.")
# Cache master password.
app.get_root_password()
user_name = pwd.getpwuid(os.getuid()).pw_name
# What servers to install
remote_host = []
if args[1] == "":
remote_host = config.get_servers()
else:
remote_host.append(args[1])
for hostname in remote_host:
ip = config.host(hostname).get_back_ip()
app.print_verbose("Mount ~/mount/" + hostname + " from " + ip)
obj = ssh.Ssh(ip, app.get_root_password())
if (obj.is_alive()):
obj.install_ssh_key()
# ssh_mount_server
mount_dir = os.environ['HOME'] + "/mount/" + hostname
if not os.access(mount_dir, os.W_OK):
os.makedirs(mount_dir)
shell_run("umount " + mount_dir, user=user_name)
sshopt = "-o StrictHostKeychecking=no -o BatchMode=yes -o PasswordAuthentication=no -o GSSAPIAuthentication=no"
shell_run("sshfs root@" + ip + ":/opt/ " + mount_dir + " -oauto_cache,reconnect " + sshopt, user=user_name)
def test_config(self):
self.assertEqual(config.get_servers(), ['syco-mysql-primary', 'syco-mysql-secondary', 'syco-install', 'syco-ldap', 'syco-vh01', 'syco-ntp'])
self.assertEqual(config.get_hosts(), ['syco-vh01'])
def _generate_zone(location):
p = re.compile('[\s]*([\d]*)[\s]*[;][\s]*Serial')
if location == "internal":
o = open("/var/named/chroot/etc/named.conf","a") #open for append
o.write("view 'internt' {\n")
o.write("match-clients { " + localnet + "; };\n")
o.close()
else:
o = open("/var/named/chroot/etc/named.conf","a") #open for append
o.write("view 'external' {\n")
o.write("match-clients { any; };\n")
o.close()
'''
Getting records from zone files
and creating zone file for records
'''
for zone in config_f.options('zone'):
rzone = config_f.get('zone',zone)
config_zone.read(app.SYCO_PATH + 'var/dns/'+zone)
print zone
'''
Crating zone file and setting right settings form zone.cfg file
'''
o = open("/var/named/chroot/var/named/data/" + location + "." + zone + ".zone","w") #open for write
for line in open(app.SYCO_PATH + "var/dns/template.zone"):
line = line.replace("$IPMASTER$",ipmaster)
line = line.replace("$IPSLAVE$",ipslave)
line = line.replace("$NAMEZONE$",zone)
serial = p.findall (line)
print line
if len(serial) > 0:
line = str(int(serial[0]) + 1) + " ; Serial\n"
o.write(line + "\n")
#Wrinting out arecord to zone file
if location == "internal":
'''
Getting internal network address if thy are any else go back to use external address
Generating A record from domain file and adding them to zone file.
'''
try:
config_zone.options("internal_" + zone + "_arecords")
except ConfigParser.NoSectionError:
for option in config_zone.options(zone + "_arecords"):
o.write (option + "." + zone + "."+ " IN A " + config_zone.get(zone + "_arecords",option) + " \n")
print option + "." + zone+"." + "A" + config_zone.get(zone + "_arecords",option)+"."
if zone == config.general.get_resolv_domain():
servers = config.get_servers()
for hostname in servers:
o.write (hostname + "." + zone + "." + " IN A " + config.host(hostname).get_back_ip() + " \n")
print "INTERNAL"+hostname + config.host(hostname).get_back_ip()
else:
for option in config_zone.options("internal_" + zone + "_arecords"):
o.write (option + "." + zone + "."+ " IN A " + config_zone.get("internal_" + zone + "_arecords",option) + " \n")
print option + "." + zone + "." + "A" + config_zone.get("internal_" + zone+"_arecords",option) + "."
'''
If domain is the same as local domain
Gett all ip from local servers and add them to records.
'''
if zone == config.general.get_resolv_domain():
servers = config.get_servers()
for hostname in servers:
o.write (hostname + "." + zone + "."+ " IN A " + config.host(hostname).get_back_ip() + " \n")
print hostname + config.host(hostname).get_back_ip()
'''
Getting all Cnames from domain file
If there exist any names for internal network then they are used for inernal viem
Else external names are used.
Cnames are the added to file
'''
try:
config_zone.options("internal_" + zone + "_cname")
except ConfigParser.NoSectionError:
for option in config_zone.options(zone + "_cname"):
out = str(option) + " IN CNAME " + config_zone.get(zone + "_cname",option) + "\n"
out2 =out.replace('$DATA_CENTER$',data_center)
o.write(out2)
print out2
else:
for option in config_zone.options("internal_" + zone + "_cname"):
out= str(option) + " IN CNAME "+ str(config_zone.get("internal_" + zone + "_cname",option)) + "\n"
out2 = out.replace('$DATA_CENTER$',data_center)
o.write(out2)
print out2
else:
for option in config_zone.options(zone + "_arecords"):
o.write (option + "." + zone + "." + " IN A " + config_zone.get(zone + "_arecords",option) + " \n")
print option+"." + zone + "." + "A" + config_zone.get(zone + "_arecords",option) + "."
for option in config_zone.options(zone+"_cname"):
out= str(option) + " IN CNAME " + str(config_zone.get(zone + "_cname",option)) + "\n"
out2 = out.replace('$DATA_CENTER$',data_center)
o.write(out2)
print out2
o.close()
'''
Creating zone revers file for recursive getting if domain names.
'''
o = open("/var/named/chroot/var/named/data/" + location + "." + rzone + ".zone","w") #open for append
for line in open(app.SYCO_PATH + "var/dns/recursiv-template.zone"):
line = line.replace("$IPMASTER$",ipmaster[::-1])
line = line.replace("$IPSLAVE$",ipslave[::-1])
line = line.replace("$NAMEZONE$", zone)
line = line.replace("$RZONE$" ,rzone)
serial = p.findall (line)
if len(serial) > 0:
line = str(int(serial[0]) + 1) + " ; Serial\n"
o.write(line + "\n")
o.close()
'''
Adding the new zreated zone files to named.com to be used
'''
o = open("/var/named/chroot/etc/named.conf","a") #open for append
for line in open(app.SYCO_PATH + "var/dns/" + role + "-zone.conf"):
line = line.replace("$IPMASTER$",ipmaster)
line = line.replace("$IPSLAVE$",ipslave)
line = line.replace("$NAMEZONE$",zone)
line = line.replace("$RZONE$" ,rzone)
line = line.replace("$LOCATION$" ,location)
o.write(line + "\n")
o.close()
'''
Adding differin view to the config file
'''
if location == "internal":
o = open("/var/named/chroot/etc/named.conf","a") #open for append
o.write("}; \n")
o.close()
else:
o = open("/var/named/chroot/etc/named.conf","a") #open for append
o.write("};\n")
o.close()
'''
def _generate_zone(location):
p = re.compile('[\s]*([\d]*)[\s]*[;][\s]*Serial')
if location == "internal":
o = open("/var/named/chroot/etc/named.conf", "a") #open for append
o.write("view 'internt' {\n")
o.write("match-clients { " + localnet + "; };\n")
o.close()
else:
o = open("/var/named/chroot/etc/named.conf", "a") #open for append
o.write("view 'external' {\n")
o.write("match-clients { any; };\n")
o.close()
'''
Getting records from zone files
and creating zone file for records
'''
for zone in config_f.options('zone'):
rzone = config_f.get('zone', zone)
config_zone.read(app.SYCO_PATH + 'var/dns/' + zone)
print zone
'''
Crating zone file and setting right settings form zone.cfg file
'''
o = open("/var/named/chroot/var/named/data/" + location + "." +
zone + ".zone", "w") #open for write
for line in open(app.SYCO_PATH + "var/dns/template.zone"):
line = line.replace("$IPMASTER$", ipmaster)
line = line.replace("$IPSLAVE$", ipslave)
line = line.replace("$NAMEZONE$", zone)
serial = p.findall(line)
print line
if len(serial) > 0:
line = str(int(serial[0]) + 1) + " ; Serial\n"
o.write(line + "\n")
#Wrinting out arecord to zone file
if location == "internal":
'''
Getting internal network address if thy are any else go back to use external address
Generating A record from domain file and adding them to zone file.
'''
try:
config_zone.options("internal_" + zone + "_arecords")
except ConfigParser.NoSectionError:
for option in config_zone.options(zone + "_arecords"):
o.write(option + "." + zone + "." +
" IN A " +
config_zone.get(zone + "_arecords", option) +
" \n")
print option + "." + zone + "." + "A" + config_zone.get(
zone + "_arecords", option) + "."
if zone == config.general.get_resolv_domain():
servers = config.get_servers()
for hostname in servers:
o.write(hostname + "." + zone + "." +
" IN A " +
config.host(hostname).get_back_ip() +
" \n")
print "INTERNAL" + hostname + config.host(
hostname).get_back_ip()
else:
for option in config_zone.options("internal_" + zone +
"_arecords"):
o.write(option + "." + zone + "." +
" IN A " + config_zone.get(
"internal_" + zone + "_arecords", option) +
" \n")
print option + "." + zone + "." + "A" + config_zone.get(
"internal_" + zone + "_arecords", option) + "."
'''
If domain is the same as local domain
Gett all ip from local servers and add them to records.
'''
if zone == config.general.get_resolv_domain():
servers = config.get_servers()
for hostname in servers:
o.write(hostname + "." + zone + "." +
" IN A " +
config.host(hostname).get_back_ip() +
" \n")
print hostname + config.host(
hostname).get_back_ip()
'''
Getting all Cnames from domain file
If there exist any names for internal network then they are used for inernal viem
Else external names are used.
Cnames are the added to file
'''
try:
config_zone.options("internal_" + zone + "_cname")
except ConfigParser.NoSectionError:
for option in config_zone.options(zone + "_cname"):
out = str(
option) + " IN CNAME " + config_zone.get(
zone + "_cname", option) + "\n"
out2 = out.replace('$DATA_CENTER$', data_center)
o.write(out2)
print out2
else:
for option in config_zone.options("internal_" + zone +
"_cname"):
out = str(option) + " IN CNAME " + str(
config_zone.get("internal_" + zone + "_cname",
option)) + "\n"
out2 = out.replace('$DATA_CENTER$', data_center)
o.write(out2)
print out2
else:
for option in config_zone.options(zone + "_arecords"):
o.write(option + "." + zone + "." + " IN A " +
config_zone.get(zone + "_arecords", option) +
" \n")
print option + "." + zone + "." + "A" + config_zone.get(
zone + "_arecords", option) + "."
for option in config_zone.options(zone + "_cname"):
out = str(option) + " IN CNAME " + str(
config_zone.get(zone + "_cname", option)) + "\n"
out2 = out.replace('$DATA_CENTER$', data_center)
o.write(out2)
print out2
o.close()
'''
Creating zone revers file for recursive getting if domain names.
'''
o = open("/var/named/chroot/var/named/data/" + location + "." +
rzone + ".zone", "w") #open for append
for line in open(app.SYCO_PATH + "var/dns/recursiv-template.zone"):
line = line.replace("$IPMASTER$", ipmaster[::-1])
line = line.replace("$IPSLAVE$", ipslave[::-1])
line = line.replace("$NAMEZONE$", zone)
line = line.replace("$RZONE$", rzone)
serial = p.findall(line)
if len(serial) > 0:
line = str(int(serial[0]) + 1) + " ; Serial\n"
o.write(line + "\n")
o.close()
'''
Adding the new zreated zone files to named.com to be used
'''
o = open("/var/named/chroot/etc/named.conf", "a") #open for append
for line in open(app.SYCO_PATH + "var/dns/" + role + "-zone.conf"):
line = line.replace("$IPMASTER$", ipmaster)
line = line.replace("$IPSLAVE$", ipslave)
line = line.replace("$NAMEZONE$", zone)
line = line.replace("$RZONE$", rzone)
line = line.replace("$LOCATION$", location)
o.write(line + "\n")
o.close()
'''
Adding differin view to the config file
'''
if location == "internal":
o = open("/var/named/chroot/etc/named.conf", "a") #open for append
o.write("}; \n")
o.close()
else:
o = open("/var/named/chroot/etc/named.conf", "a") #open for append
o.write("};\n")
o.close()
'''