Linux-Help/dynamic-ip
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Further code cleanup from online reviews

Browse source
This commit is contained in:
Eric Renfro 2017-08-20 00:07:59 -04:00
parent fe249830ed
commit 9e06db14c7
5 changed files with 126 additions and 198 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

69
src/agents.d/aws-sg
View file

@ -4,36 +4,34 @@
source "${DIP_FUNCTIONS}"
if [[ -r "${DIP_BASE_DIR}/conf.d/${DIP_AGENT_NAME}.conf" ]]; then
[[ -r "${DIP_BASE_DIR}/conf.d/${DIP_AGENT_NAME}.conf" ]] && \
source "${DIP_BASE_DIR}/conf.d/${DIP_AGENT_NAME}.conf"
fi
if [[ -r "${DIP_BASE_DIR}/conf.d/${DIP_AGENT_EXEC}.conf" ]]; then
[[ -r "${DIP_BASE_DIR}/conf.d/${DIP_AGENT_EXEC}.conf" ]] && \
source "${DIP_BASE_DIR}/conf.d/${DIP_AGENT_EXEC}.conf"
fi
if [[ -z "$agent_aws_sg_id" ]]; then
logerr "ERROR: Need 'agent_aws_sg_id' to be defined to your Security Group ID"
exit 99
logerr "ERROR: Need 'agent_aws_sg_id' to be defined to your Security Group ID"
exit 99
fi
if [[ -d "${DIP_BASE_DIR}/aws" ]]; then
if [[ ! -r "${DIP_BASE_DIR}/aws/config" ]]; then
logerr "ERROR: AWS config file not found: '${DIP_BASE_DIR}/aws/config'"
exit 99
elif [[ ! -r "${DIP_BASE_DIR}/aws/credentials" ]]; then
logerr "ERROR: AWS credentials file not found: '${DIP_BASE_DIR}/aws/credentials'"
exit 99
else
export AWS_CONFIG_FILE="${DIP_BASE_DIR}/aws/config"
export AWS_SHARED_CREDENTIALS_FILE="${DIP_BASE_DIR}/aws/credentials"
fi
if [[ ! -r "${DIP_BASE_DIR}/aws/config" ]]; then
logerr "ERROR: AWS config file not found: '${DIP_BASE_DIR}/aws/config'"
exit 99
elif [[ ! -r "${DIP_BASE_DIR}/aws/credentials" ]]; then
logerr "ERROR: AWS credentials file not found: '${DIP_BASE_DIR}/aws/credentials'"
exit 99
else
export AWS_CONFIG_FILE="${DIP_BASE_DIR}/aws/config"
export AWS_SHARED_CREDENTIALS_FILE="${DIP_BASE_DIR}/aws/credentials"
fi
else
logerr "ERROR: AWS config directory not found. '${DIP_BASE_DIR}/aws/' is expected to exist and contain 'config' and 'credentials' for AWS access."
exit 99
logerr "ERROR: AWS config directory not found. '${DIP_BASE_DIR}/aws/' is expected to exist and contain 'config' and 'credentials' for AWS access."
exit 99
fi
if [[ -z "$DIP_CUR_IP" ]] || [[ -z "$DIP_OLD_IP" ]]; then
if [[ -z "$DIP_CUR_IP" || -z "$DIP_OLD_IP" ]]; then
logerr "ERROR: Agent expects currentip, and existingip."
exit 98
fi
@ -42,25 +40,24 @@ fi
# Main
if valid_ipv4 "$DIP_CUR_IP"; then
if [[ "${DIP_CUR_IP}/32" = "${DIP_OLD_IP}/32" ]]; then
log "No changes required."
else
log "Updating Security Group IP"
aws ec2 revoke-security-group-ingress --group-id "${agent_aws_sg_id}" --ip-permissions "[{\"IpProtocol\": \"-1\", \"IpRanges\": [{\"CidrIp\": \"${DIP_OLD_IP}/32\"}]}]"
aws ec2 authorize-security-group-ingress --group-id "${agent_aws_sg_id}" --ip-permissions "[{\"IpProtocol\": \"-1\", \"IpRanges\": [{\"CidrIp\": \"${DIP_CUR_IP}/32\"}]}]"
fi
if [[ "${DIP_CUR_IP}/32" = "${DIP_OLD_IP}/32" ]]; then
log "No changes required."
else
log "Updating Security Group IP"
aws ec2 revoke-security-group-ingress --group-id "${agent_aws_sg_id}" --ip-permissions "[{\"IpProtocol\": \"-1\", \"IpRanges\": [{\"CidrIp\": \"${DIP_OLD_IP}/32\"}]}]"
aws ec2 authorize-security-group-ingress --group-id "${agent_aws_sg_id}" --ip-permissions "[{\"IpProtocol\": \"-1\", \"IpRanges\": [{\"CidrIp\": \"${DIP_CUR_IP}/32\"}]}]"
fi
fi
if valid_ipv6 "$DIP_CUR_IP"; then
currentprefix=$(getIPv6Prefix $DIP_CUR_IP)
existingprefix=$(getIPv6Prefix $DIP_OLD_IP)
currentprefix=$(getIPv6Prefix "$DIP_CUR_IP")
existingprefix=$(getIPv6Prefix "$DIP_OLD_IP")
if [[ "$currentprefix" = "$existingprefix" ]]; then
log "No changes required."
else
log "Updating Security Group IPv6"
aws ec2 revoke-security-group-ingress --group-id "${agent_aws-sg_id}" --ip-permissions "[{\"IpProtocol\": \"-1\", \"Ipv6Ranges\": [{\"CidrIpv6\": \"${existingprefix}\"}]}]"
aws ec2 authorize-security-group-ingress --group-id "${agent_aws-sg_id}" --ip-permissions "[{\"IpProtocol\": \"-1\", \"Ipv6Ranges\": [{\"CidrIpv6\": \"${currentprefix}\"}]}]"
fi
if [[ "$currentprefix" = "$existingprefix" ]]; then
log "No changes required."
else
log "Updating Security Group IPv6"
aws ec2 revoke-security-group-ingress --group-id "${agent_aws-sg_id}" --ip-permissions "[{\"IpProtocol\": \"-1\", \"Ipv6Ranges\": [{\"CidrIpv6\": \"${existingprefix}\"}]}]"
aws ec2 authorize-security-group-ingress --group-id "${agent_aws-sg_id}" --ip-permissions "[{\"IpProtocol\": \"-1\", \"Ipv6Ranges\": [{\"CidrIpv6\": \"${currentprefix}\"}]}]"
fi
fi

32
src/agents.d/update-dns-r53
View file

@ -13,24 +13,24 @@ if [[ -r "${DIP_BASE_DIR}/conf.d/${DIP_AGENT_EXEC}.conf" ]]; then
fi
if [[ -z "$agent_update_dns_r53_id" ]]; then
logerr "ERROR: Need 'agent_update_dns_r53_id' to be defined to your Route53 Domain ID"
exit 99
logerr "ERROR: Need 'agent_update_dns_r53_id' to be defined to your Route53 Domain ID"
exit 99
fi
if [[ -d "${DIP_BASE_DIR}/aws" ]]; then
if [[ ! -r "${DIP_BASE_DIR}/aws/config" ]]; then
logerr "ERROR: AWS config file not found: '${DIP_BASE_DIR}/aws/config'"
exit 99
elif [[ ! -r "${DIP_BASE_DIR}/aws/credentials" ]]; then
logerr "ERROR: AWS credentials file not found: '${DIP_BASE_DIR}/aws/credentials'"
exit 99
else
export AWS_CONFIG_FILE="${DIP_BASE_DIR}/aws/config"
export AWS_SHARED_CREDENTIALS_FILE="${DIP_BASE_DIR}/aws/credentials"
fi
if [[ ! -r "${DIP_BASE_DIR}/aws/config" ]]; then
logerr "ERROR: AWS config file not found: '${DIP_BASE_DIR}/aws/config'"
exit 99
elif [[ ! -r "${DIP_BASE_DIR}/aws/credentials" ]]; then
logerr "ERROR: AWS credentials file not found: '${DIP_BASE_DIR}/aws/credentials'"
exit 99
else
export AWS_CONFIG_FILE="${DIP_BASE_DIR}/aws/config"
export AWS_SHARED_CREDENTIALS_FILE="${DIP_BASE_DIR}/aws/credentials"
fi
else
logerr "ERROR: AWS config directory not found. '${DIP_BASE_DIR}/aws/' is expected to exist and contain 'config' and 'credentials' for AWS access."
exit 99
logerr "ERROR: AWS config directory not found. '${DIP_BASE_DIR}/aws/' is expected to exist and contain 'config' and 'credentials' for AWS access."
exit 99
fi
if [[ -z "$DIP_CUR_IP" ]] || [[ -z "$DIP_OLD_IP" ]] || [[ -z "$DIP_RECORD" ]]; then
@ -42,11 +42,11 @@ fi
# Main
if valid_ipv4 "$DIP_CUR_IP"; then
log "Updating Route53 DNS IPv4 Record"
log "Updating Route53 DNS IPv4 Record"
/usr/local/bin/cli53 rc --replace "$agent_update_dns_r53_id" "${DIP_RECORD}. 300 A ${DIP_CUR_IP}"
fi
if valid_ipv6 "$DIP_CUR_IP"; then
log "Updating Route53 DNS IPv6 Record"
log "Updating Route53 DNS IPv6 Record"
/usr/local/bin/cli53 rc --replace "$agent_update_dns_r53_id" "${DIP_RECORD}. 300 AAAA ${DIP_CUR_IP}"
fi

199
src/dynamic-ip
View file

@ -11,7 +11,9 @@ trim() {
var=${var##+([[:space:]])}
var=${var%%+([[:space:]])}
(( extglobWasOff )) && shopt -u extglob
echo -n "$var"
#echo -n "$var"
var=${var%%\#*}
printf '%s' "$var"
}
detect_ip_version() {
@ -47,11 +49,17 @@ valid_ipv4() {
if [[ $ip =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then
IFS='.' read -ra ipaddr <<< "$ip"
[[ ${ipaddr[0]} -le 255 && ${ipaddr[1]} -le 255 \
&& ${ipaddr[2]} -le 255 && ${ipaddr[3]} -le 255 ]]
[[ $((10#${ipaddr[0]})) -le 255 \
&& $((10#${ipaddr[0]})) -gt 0 \
&& $((10#${ipaddr[1]})) -le 255 \
&& $((10#${ipaddr[1]})) -gt -1 \
&& $((10#${ipaddr[2]})) -le 255 \
&& $((10#${ipaddr[2]})) -gt -1 \
&& $((10#${ipaddr[3]})) -le 255 \
&& $((10#${ipaddr[3]})) -gt -1 ]]
stat=$?
fi
return $stat
return "$stat"
}
valid_ipv6() {
@ -84,53 +92,32 @@ getRecords() {
getIPv4() {
local result
local err
local -a checks
local cmd
if [[ ! -f "${script_dir}/checks.lst" ]]
then
return 1
else
mapfile -t checks < "${script_dir}/checks.lst"
fi
[[ ! -r "${script_dir}/checks.lst" ]] && return 1
for i in "${checks[@]}"
do
i=$(trim "$i")
[[ ${i:0:1} == '#' ]] && continue
[[ -z "$i" ]] && continue
while read -r cmd; do
cmd=$(trim "$cmd")
[[ "$cmd" == \#* ]] && continue
[[ -n "$cmd" ]] || continue
result=$($i)
err=$?
result=$($cmd) || continue
if [[ $err -ne 0 ]]
then
continue
fi
if valid_ipv4 "$result"
then
echo "$result"
return 0
fi
done
return 1
if valid_ipv4 "$result"; then
echo "$result"
return 0
fi
done <"${script_dir}/checks.lst"
return 1
}
getIPv6() {
local result
local err
result=$(/sbin/ip -6 addr | grep inet6 | awk -F '[ \t]+|/' '{print $3}' | grep -v ^::1 | grep -v ^fe80)
err=$?
result=$(/sbin/ip -6 addr | grep inet6 | awk -F '[ \t]+|/' '{print $3}' | grep -v ^::1 | grep -v ^fe80) || return 1
if [[ $err -ne 0 ]]; then
return 1
elif valid_ipv6 "$result"; then
if valid_ipv6 "$result"; then
echo "$result"
return 0
else
return 0
fi
}
@ -138,56 +125,39 @@ getDnsNS() {
local rec=$1
local domain
local result
local err
domain=$(sed 's/[^.]*\.\([^.]*\..*\)/\1/' <<<"$rec")
result=$(dig +short @8.8.8.8 NS "$domain" | sed -e 's/.$//')
err=$?
if [[ $err -eq 0 ]]
then
for d in $result
do
echo "$d"
done
else
logerr "ERROR"
return $err
fi
while read -r result; do
echo "$result"
done < <(dig +short @8.8.8.8 NS "$domain" | sed -e 's/.$//')
}
getDnsRecord() {
local rec=$1
local rectype=$2
local result
local err
local getrecord
for i in $(getDnsNS "$rec")
do
[[ "$i" = "ERROR" ]] && return 1
while read -r getrecord; do
[[ "$getrecord" == "ERROR" ]] && return 1
result=$(dig +short @"$i" "$rectype" "$rec" | head -n1)
err=$?
result=$(dig +short @"$getrecord" "$rectype" "$rec" | head -n1) || continue
[[ -z "$result" ]] && continue
if [[ $err -ne 0 ]] || [[ -z "$result" ]]; then
logerr "ERROR: DNS lookup for $i"
continue
elif valid_ip "$result"; then
if valid_ip "$result"; then
echo "$result"
return 0
else
logerr "ERROR: Lookup failed with: $result"
continue
fi
done
done < <(getDnsNS "$rec")
return 1
}
getIPv6Prefix() {
local rec=$1
local result
local err
if valid_ipv6 "$rec"
then
@ -202,18 +172,11 @@ getIPv6Prefix() {
getZabbixProxyIP() {
local result
local err
result=$(awk -F "=" '/^Server/ { print $2 }' /etc/zabbix/zabbix_proxy.conf)
err=$?
result=$(awk -F "=" '/^Server/ { print $2 }' /etc/zabbix/zabbix_proxy.conf) || return 1
if [[ $err -ne 0 ]]
then
return 1
elif valid_ip "$result"
then
if valid_ip "$result"; then
echo "$result"
return 0
else
return 1
fi
@ -221,18 +184,11 @@ getZabbixProxyIP() {
getShorewallIP() {
local result
local err
result=$(awk -F "=" '/HOME_IP/ { print $2 }' /etc/shorewall/params)
err=$?
result=$(awk -F "=" '/HOME_IP/ { print $2 }' /etc/shorewall/params) || return 1
if [[ $err -ne 0 ]]
then
return 1
elif valid_ip "$result"
then
if valid_ip "$result"; then
echo "$result"
return 0
else
return 1
fi
@ -240,18 +196,11 @@ getShorewallIP() {
getCachedIP() {
local result
local err
result=$(<"$HOME/.cached_ip")
err=$?
result=$(<"$HOME/.cached_ip") || return 1
if [[ $err -ne 0 ]]; then
return 1
elif valid_ip "$result"; then
if valid_ip "$result"; then
echo "$result"
return 0
else
return 0
fi
}
@ -265,8 +214,8 @@ logerr() {
run-parts() {
# Ignore *~ and *, scripts
for i in $(LC_ALL=C; echo "${1%/}"/*[^~,]) ; do
[[ -d $i ]] && continue
for i in ${1%/}/*[^~]; do
[[ -d "$i" ]] && continue
# Don't run *.{rpmsave,rpmorig,rpmnew,swp,cfsaved} scripts
[[ "${i%.cfsaved}" != "${i}" ]] && continue
[[ "${i%.rpmsave}" != "${i}" ]] && continue
@ -308,26 +257,25 @@ run-hook() {
return 0
fi
while read -r hook_script
do
while read -r hook_script; do
log "Running agent: $(basename "$hook_script")"
DIP_FUNCTIONS="$(readlink -f "$0")" \
DIP_AGENT_NAME="$(basename "$(readlink -f "$hook_script")")" \
DIP_AGENT_EXEC="$(basename "$hook_script")" \
DIP_AGENT_DIR="$(dirname "$(readlink -f "$hook_script")")" \
DIP_BASE_DIR="${script_dir}" \
DIP_CUR_IP="$1" \
DIP_OLD_IP="$2" \
DIP_RECORD="$3" \
"$hook_script" "$@"
err=$?
if [[ $err -ne 0 ]]; then
if ! \
DIP_FUNCTIONS="$(readlink -f "$0")" \
DIP_AGENT_NAME="$(basename "$(readlink -f "$hook_script")")" \
DIP_AGENT_EXEC="$(basename "$hook_script")" \
DIP_AGENT_DIR="$(dirname "$(readlink -f "$hook_script")")" \
DIP_BASE_DIR="${script_dir}" \
DIP_CUR_IP="$1" \
DIP_OLD_IP="$2" \
DIP_RECORD="$3" \
"$hook_script" "$@"
then
logerr "WARNING: Agent $(basename "$hook_script") had errors"
let errors++
fi
done < <(run-parts "${hook_dir}")
return $errors
return "$errors"
}
run-update() {
@ -335,14 +283,8 @@ run-update() {
local eip=$2
local rec=$3
if [[ "$cip" != "$eip" ]]
then
run-hook "${script_dir}/update.d" "$cip" "$eip" "$rec"
err=$?
if [[ $err -gt 0 ]]; then
return $err
fi
if [[ "$cip" != "$eip" ]]; then
run-hook "${script_dir}/update.d" "$cip" "$eip" "$rec" || return $?
else
log "No change detected"
fi
@ -381,12 +323,12 @@ getCurrentIP() {
case "$iptype" in
4) log "Checking if internet IP has changed for $record"
currentip=$(getCurrentLocalIP 4) || return $?
currentip=$(getCurrentLocalIP 4) || return "$?"
externalip=$(getDnsRecord "$record" "A") || return 2
return 0
;;
6) log "Checking if internet IPv6 has changed for $record"
currentip=$(getCurrentLocalIP 6) || return $?
currentip=$(getCurrentLocalIP 6) || return "$?"
externalip=$(getDnsRecord "$record" "AAAA") || return 2
return 0
;;
@ -402,19 +344,16 @@ check-update() {
[[ -z "$record" ]] && return 1
getCurrentIP "$iptype" "$record"
err=$?
local status=$?
case $err in
case $status in
0) if [[ "$currentip" != "$externalip" ]]; then
log "Updates found: $externalip is not $currentip"
log "Running Agents for $record"
run-update "$currentip" "$externalip" "$record"
err=$?
if [[ $err -ne 0 ]]; then
logerr "WARNING: Agents had $err errors"
else
if run-update "$currentip" "$externalip" "$record"; then
log "Agents ran successfully"
else
logerr "WARNING: Agents had $? errors"
fi
else
log "No change detected"
@ -429,7 +368,7 @@ check-update() {
;;
*) logerr "Unknown fatal error occurred"
logerr "(${BASH_SOURCE[0]}:${LINENO}): ${FUNCNAME[0]:+${FUNCNAME[0]}(): }"
exit $err
exit $status
;;
esac
}

12
src/plugins/update-ipv4
View file

@ -7,15 +7,11 @@ if [[ -z "$check_record" ]]; then
exit 1
else
if [[ -r "$check_record" ]]; then
for d in $(getRecords "$check_record"); do
if check-update 4 "$d"; then
let updateerrors++
fi
done
while read -r d; do
check-update 4 "$d" || let updateerrors++
done < <(getRecords "$d")
else
if check-update 4 "$check_record"; then
let updateerrors++
fi
check-update 4 "$check_record" || let updateerrors++
fi
fi

12
src/plugins/update-ipv6
View file

@ -7,15 +7,11 @@ if [[ -z "$check_record" ]]; then
exit 1
else
if [[ -r "$check_record" ]]; then
for d in $(getRecords "$check_record"); do
if ! check-update 6 "$check_record"; then
let updateerrors++
fi
done
while read -r d; do
check-update 6 "$d" || let updateerrors++
done < <(getRecords "$d")
else
if ! check-update 6 "$check_record"; then
let updateerrors++
fi
check-update 6 "$check_record" || let updateerrors++
fi
fi