We use cookies to ensure you get the best experience on our website
Home Esplora Aiuto
Registrati Accedi
0ct0pu5
/
desec-stack
1
0
Forka 0
File Problemi 0 Pull Requests 0 Wiki
Albero (Tree): 1693dbff2d
Rami (Branch) Tag
desec-stack
/
api
/
desecapi
/
management
/
commands
/
check-slaves.py

check-slaves.py 3.7 KB
Cronologia Originale

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495 
  1. from datetime import timedelta
    2. 

  2. from socket import gethostbyname
    3. 

  3. from time import sleep
    4. 

  4. 

  5. from django.conf import settings
    6. 

  6. from django.core.mail import get_connection, mail_admins
    7. 

  7. from django.core.management import BaseCommand
    8. 

  8. from django.utils import timezone
    9. 

  9. import dns.message, dns.query, dns.rdatatype
    10. 

  10. 

  11. from desecapi import pdns
    12. 

  12. from desecapi.models import Domain
    13. 

  13. 

  14. 

  15. def query_serial(zone, server):
    16. 

  16.     query = dns.message.make_query(zone, 'SOA')
    17. 

  17.     response = dns.query.tcp(query, server)
    18. 

  18. 

  19.     for rrset in response.answer:
    20. 

  20.         if rrset.rdtype == dns.rdatatype.SOA:
    21. 

  21.             return int(rrset[0].serial)
    22. 

  22.     return None
    23. 

  23. 

  24. 

  25. class Command(BaseCommand):
    26. 

  26.     help = 'Check slaves for consistency with nsmaster.'
    27. 

  27. 

  28.     def __init__(self, *args, **kwargs):
    29. 

  29.         self.servers = {gethostbyname(server): server for server in settings.WATCHDOG_SLAVES}
    30. 

  30.         super().__init__(*args, **kwargs)
    31. 

  31. 

  32.     def add_arguments(self, parser):
    33. 

  33.         parser.add_argument('domain-name', nargs='*',
    34. 

  34.                             help='Domain name to check. If omitted, will check all recently published domains.')
    35. 

  35.         parser.add_argument('--delay', type=int, default=120, help='Delay SOA checks to allow pending AXFRs to finish.')
    36. 

  36.         parser.add_argument('--window', type=int, default=settings.WATCHDOG_WINDOW_SEC,
    37. 

  37.                             help='Check domains that were published no longer than this many seconds ago.')
    38. 

  38. 

  39.     def find_outdated_servers(self, zone, local_serial):
    40. 

  40.         """
    41. 

  41.         Returns a dict, the key being the outdated slave name, and the value being the slave's current zone serial.
    42. 

  42.         """
    43. 

  43.         outdated = {}
    44. 

  44.         for server in self.servers:
    45. 

  45.             remote_serial = query_serial(zone, server)
    46. 

  46.             if not remote_serial or remote_serial < local_serial:
    47. 

  47.                 outdated[self.servers[server]] = remote_serial
    48. 

  48. 

  49.         return outdated
    50. 

  50. 

  51.     def handle(self, *args, **options):
    52. 

  52.         threshold = timezone.now() - timedelta(seconds=options['window'])
    53. 

  53.         recent_domain_names = Domain.objects.filter(published__gt=threshold).values_list('name', flat=True)
    54. 

  54.         serials = {zone: s for zone, s in pdns.get_serials().items() if zone.rstrip('.') in recent_domain_names}
    55. 

  55. 

  56.         if options['domain-name']:
    57. 

  57.             serials = {zone: serial for zone, serial in serials.items() if zone.rstrip('.') in options['domain-name']}
    58. 

  58. 

  59.         print('Sleeping for {} seconds before checking {} domains ...'.format(options['delay'], len(serials)))
    60. 

  60.         sleep(options['delay'])
    61. 

  61. 

  62.         outdated_zone_count = 0
    63. 

  63.         outdated_slaves = set()
    64. 

  64. 

  65.         output = []
    66. 

  66.         for zone, local_serial in serials.items():
    67. 

  67.             outdated_serials = self.find_outdated_servers(zone, local_serial)
    68. 

  68.             outdated_slaves.update(outdated_serials.keys())
    69. 

  69. 

  70.             if outdated_serials:
    71. 

  71.                 output.append(f'{zone} ({local_serial}) is outdated on {outdated_serials}')
    72. 

  72.                 print(output[-1])
    73. 

  73.                 outdated_zone_count += 1
    74. 

  74.             else:
    75. 

  75.                 print(f'{zone} ok')
    76. 

  76. 

  77.         output.append(f'Checked {len(serials)} domains, {outdated_zone_count} were outdated.')
    78. 

  78.         print(output[-1])
    79. 

  79. 

  80.         self.report(outdated_slaves, output)
    81. 

  81. 

  82.     def report(self, outdated_slaves, output):
    83. 

  83.         if not outdated_slaves:
    84. 

  84.             return
    85. 

  85. 

  86.         subject = f'ALERT {len(outdated_slaves)} slaves out of sync'
    87. 

  87.         message = f'The following {len(outdated_slaves)} slaves are out of sync:\n'
    88. 

  88.         for outdated_slave in outdated_slaves:
    89. 

  89.             message += f'* {outdated_slave}\n'
    90. 

  90.         message += '\n'
    91. 

  91.         message += f'Current slave IPs: {self.servers}'
    92. 

  92.         message += '\n'
    93. 

  93.         message += '\n'.join(output)
    94. 

  94. 

  95.         mail_admins(subject, message, connection=get_connection('django.core.mail.backends.smtp.EmailBackend'))
    96.

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5