hetzner rdns: filter ipv6 addresses not in the current zone
This commit is contained in:
parent
cae4cf542f
commit
51aff603ff
@ -38,7 +38,6 @@
|
|||||||
"lxc": false
|
"lxc": false
|
||||||
},
|
},
|
||||||
"jabber": {
|
"jabber": {
|
||||||
"ipv4": "192.168.66.22/32",
|
|
||||||
"ipv6": "2a01:4f8:210:31fd:1::16/128",
|
"ipv6": "2a01:4f8:210:31fd:1::16/128",
|
||||||
"rdns6": "jabber.higgsboson.tk",
|
"rdns6": "jabber.higgsboson.tk",
|
||||||
"lxc": false
|
"lxc": false
|
||||||
@ -69,6 +68,7 @@
|
|||||||
"ns1": {
|
"ns1": {
|
||||||
"ns": true,
|
"ns": true,
|
||||||
"lxc": false,
|
"lxc": false,
|
||||||
|
"rdns6": "ns1.higgsboson.tk",
|
||||||
"ipv4": "192.168.66.6/32",
|
"ipv4": "192.168.66.6/32",
|
||||||
"ipv6": "2a01:4f8:210:31fd:1::6/128"
|
"ipv6": "2a01:4f8:210:31fd:1::6/128"
|
||||||
},
|
},
|
||||||
@ -81,7 +81,7 @@
|
|||||||
"dns": {
|
"dns": {
|
||||||
"ipv4": "192.168.66.6/32",
|
"ipv4": "192.168.66.6/32",
|
||||||
"ipv6": "2a01:4f8:210:31fd:1::6/128",
|
"ipv6": "2a01:4f8:210:31fd:1::6/128",
|
||||||
"rdns6": "ns.higgsboson.tk",
|
"rdns6": "ns1.higgsboson.tk",
|
||||||
"dn42": {
|
"dn42": {
|
||||||
"ipv4": "172.23.75.4"
|
"ipv4": "172.23.75.4"
|
||||||
}
|
}
|
||||||
|
|||||||
@ -41,16 +41,14 @@ module Lxc
|
|||||||
|
|
||||||
def perform_request(req)
|
def perform_request(req)
|
||||||
req.basic_auth(@user, @password)
|
req.basic_auth(@user, @password)
|
||||||
resp = Net::HTTP.start(BASE_URI.hostname,
|
resp = Net::HTTP.start(BASE_URI.hostname, BASE_URI.port, use_ssl: true) do |http|
|
||||||
BASE_URI.port,
|
http.request(req)
|
||||||
use_ssl: true) do |http|
|
end
|
||||||
http.request(req)
|
if resp.code.start_with? "2"
|
||||||
end
|
return resp
|
||||||
if resp.code.start_with? "2"
|
else
|
||||||
return resp
|
raise StandardError.new("failed to perform request for '#{req.path}': #{resp.code} - #{resp.body}")
|
||||||
else
|
end
|
||||||
raise StandardError.new("failed to perform request: #{resp.inspect}")
|
|
||||||
end
|
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|||||||
@ -1,35 +1,51 @@
|
|||||||
#!/usr/bin/env ruby
|
#!/usr/bin/env ruby
|
||||||
require "netaddr"
|
require "netaddr"
|
||||||
|
require "set"
|
||||||
require_relative "lib/lxc"
|
require_relative "lib/lxc"
|
||||||
|
|
||||||
def update_hetzner_rdns6(user, password, domain, network)
|
def update_hetzner_rdns6(user, password, domain, subnet, network)
|
||||||
api = Lxc::Hetzner.new(user, password)
|
api = Lxc::Hetzner.new(user, password)
|
||||||
rdns = api.get("/rdns")
|
rdns = api.get("/rdns")
|
||||||
records = {}
|
records = {}
|
||||||
rdns.each do |val|
|
rdns.each do |val|
|
||||||
rec = val["rdns"]
|
rec = val["rdns"]
|
||||||
cidr = NetAddr::CIDR.create(rec["ip"])
|
cidr = NetAddr::CIDR.create(rec["ip"])
|
||||||
next if cidr.version == 4
|
next unless cidr.version == 6 and subnet.contains?(rec["ip"])
|
||||||
records[cidr.ip] = rec["ptr"]
|
records[rec["ip"]] = rec["ptr"]
|
||||||
end
|
end
|
||||||
|
processed_ips = Set.new
|
||||||
|
|
||||||
network.each do |host, data|
|
network.each do |host, data|
|
||||||
cidr = data["ipv6"]
|
cidr = data["ipv6"]
|
||||||
next if cidr.nil?
|
next if cidr.nil?
|
||||||
ipv6 = NetAddr::CIDR.create(cidr).ip
|
cidr = NetAddr::CIDR.create(cidr)
|
||||||
|
next unless cidr.version == 6 and subnet.contains?(data["ipv6"])
|
||||||
hostname = data["rdns6"] || "#{host}.#{domain}"
|
hostname = data["rdns6"] || "#{host}.#{domain}"
|
||||||
ptr = records.delete(ipv6)
|
ip = cidr.ip(Short: true)
|
||||||
|
next if processed_ips.include?(ip)
|
||||||
|
processed_ips << ip
|
||||||
|
ptr = records.delete(ip)
|
||||||
if ptr.nil? or ptr != hostname
|
if ptr.nil? or ptr != hostname
|
||||||
api.post("/rdns/#{ipv6}", ptr: hostname)
|
puts "add ptr: #{ip} -> #{hostname}"
|
||||||
|
api.post("/rdns/#{ip}", ptr: hostname)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
records.each do |ip, ptr|
|
records.each do |ip, ptr|
|
||||||
|
puts "delete ptr: #{ip} -> #{ptr}"
|
||||||
api.delete("/rnds/#{ip}")
|
api.delete("/rnds/#{ip}")
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
credentials = File.read(Lxc::CONFIG_ROOT.join("hetzner.key"))
|
|
||||||
user, password = credentials.split(":")
|
|
||||||
registry = Lxc::Registry.new
|
registry = Lxc::Registry.new
|
||||||
registry.data["zone"] ||= {}
|
registry.data["zone"] ||= {}
|
||||||
domain = registry.data["zone"]["domain"]
|
domain = registry.data["zone"]["domain"] || "lxc"
|
||||||
update_hetzner_rdns6(user, password, domain, registry.data["network"] || {})
|
subnet = registry.data["zone"]["v6_subnet"]
|
||||||
|
if subnet
|
||||||
|
subnet_cidr = NetAddr::CIDR.create(subnet)
|
||||||
|
credentials = File.read(Lxc::CONFIG_ROOT.join("hetzner.key"))
|
||||||
|
user, password = credentials.split(":")
|
||||||
|
network = registry.data["network"] || {}
|
||||||
|
update_hetzner_rdns6(user, password, domain, subnet_cidr, network)
|
||||||
|
else
|
||||||
|
puts "no v6_subnet specified in container.json. skip rdns records"
|
||||||
|
end
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user