Update to be compatible with Ubuntu 12 and newer
This commit is contained in:
parent
929ef89a40
commit
0e61e8274c
|
@ -70,7 +70,7 @@ def do_dns_update(env, force=False):
|
|||
additional_records = get_custom_dns_config(env)
|
||||
|
||||
# Write zone files.
|
||||
os.makedirs('/etc/nsd/zones', exist_ok=True)
|
||||
os.makedirs('/etc/' + env.get("NSD_PACKAGE", "nsd") + '/zones', exist_ok=True)
|
||||
updated_domains = []
|
||||
for i, (domain, zonefile) in enumerate(zonefiles):
|
||||
# Build the records to put in the zone.
|
||||
|
@ -78,7 +78,7 @@ def do_dns_update(env, force=False):
|
|||
|
||||
# See if the zone has changed, and if so update the serial number
|
||||
# and write the zone file.
|
||||
if not write_nsd_zone(domain, "/etc/nsd/zones/" + zonefile, records, env, force):
|
||||
if not write_nsd_zone(domain, "/etc/" + env.get("NSD_PACKAGE", "nsd") + "/zones/" + zonefile, records, env, force):
|
||||
# Zone was not updated. There were no changes.
|
||||
continue
|
||||
|
||||
|
@ -119,7 +119,7 @@ def do_dns_update(env, force=False):
|
|||
|
||||
# Kick nsd if anything changed.
|
||||
if len(updated_domains) > 0:
|
||||
shell('check_call', ["/usr/sbin/service", "nsd", "restart"])
|
||||
shell('check_call', ["/usr/sbin/service", env.get("NSD_PACKAGE", "nsd"), "restart"])
|
||||
|
||||
# Write the OpenDKIM configuration tables.
|
||||
if write_opendkim_tables(zonefiles, env):
|
||||
|
@ -465,8 +465,8 @@ server:
|
|||
identity: ""
|
||||
|
||||
# The directory for zonefile: files.
|
||||
zonesdir: "/etc/nsd/zones"
|
||||
"""
|
||||
nsdconf += ' zonesdir: "/etc/' + env.get("NSD_PACKAGE", "nsd") + '/zones"'
|
||||
|
||||
# Since we have bind9 listening on localhost for locally-generated
|
||||
# DNS queries that require a recursive nameserver, and the system
|
||||
|
@ -499,11 +499,11 @@ zone:
|
|||
|
||||
# Check if the nsd.conf is changing. If it isn't changing,
|
||||
# return False to flag that no change was made.
|
||||
with open("/etc/nsd/nsd.conf") as f:
|
||||
with open("/etc/" + env.get("NSD_PACKAGE", "nsd") + "/nsd.conf") as f:
|
||||
if f.read() == nsdconf:
|
||||
return False
|
||||
|
||||
with open("/etc/nsd/nsd.conf", "w") as f:
|
||||
with open("/etc/" + env.get("NSD_PACKAGE", "nsd") + "/nsd.conf", "w") as f:
|
||||
f.write(nsdconf)
|
||||
|
||||
return True
|
||||
|
@ -562,7 +562,7 @@ def sign_zone(domain, zonefile, env):
|
|||
"-n",
|
||||
|
||||
# zonefile to sign
|
||||
"/etc/nsd/zones/" + zonefile,
|
||||
"/etc/" + env.get("NSD_PACKAGE", "nsd") + "/zones/" + zonefile,
|
||||
|
||||
# keys to sign with (order doesn't matter -- it'll figure it out)
|
||||
dnssec_keys["KSK"],
|
||||
|
@ -577,7 +577,7 @@ def sign_zone(domain, zonefile, env):
|
|||
# We want to be able to validate DS records too, but multiple forms may be valid depending
|
||||
# on the digest type. So we'll write all (both) valid records. Only one DS record should
|
||||
# actually be deployed. Preferebly the first.
|
||||
with open("/etc/nsd/zones/" + zonefile + ".ds", "w") as f:
|
||||
with open("/etc/" + env.get("NSD_PACKAGE", "nsd") + "/zones/" + zonefile + ".ds", "w") as f:
|
||||
for digest_type in ('2', '1'):
|
||||
rr_ds = shell('check_output', ["/usr/bin/ldns-key2ds",
|
||||
"-n", # output to stdout
|
||||
|
|
|
@ -213,7 +213,7 @@ def check_dnssec(domain, env, dns_zonefiles, is_checking_primary=False):
|
|||
# See if the domain has a DS record set at the registrar. The DS record may have
|
||||
# several forms. We have to be prepared to check for any valid record. We've
|
||||
# pre-generated all of the valid digests --- read them in.
|
||||
ds_correct = open('/etc/nsd/zones/' + dns_zonefiles[domain] + '.ds').read().strip().split("\n")
|
||||
ds_correct = open('/etc/' + env.get("NSD_PACKAGE", "nsd") + '/zones/' + dns_zonefiles[domain] + '.ds').read().strip().split("\n")
|
||||
digests = { }
|
||||
for rr_ds in ds_correct:
|
||||
ds_keytag, ds_alg, ds_digalg, ds_digest = rr_ds.split("\t")[4].split(" ")
|
||||
|
|
|
@ -27,11 +27,9 @@ fi
|
|||
# * ldnsutils: Helper utilities for signing DNSSEC zones.
|
||||
# * openssh-client: Provides ssh-keyscan which we use to create SSHFP records.
|
||||
|
||||
apt_install nsd ldnsutils openssh-client
|
||||
apt_install $NSD_PACKAGE ldnsutils openssh-client
|
||||
|
||||
# Prepare nsd's configuration.
|
||||
|
||||
mkdir -p /var/run/nsd
|
||||
mkdir -p /var/run/$NSD_PACKAGE
|
||||
|
||||
# Create DNSSEC signing keys.
|
||||
|
||||
|
|
|
@ -8,8 +8,8 @@ if [[ $EUID -ne 0 ]]; then
|
|||
fi
|
||||
|
||||
# Check that we are running on Ubuntu 14.04 LTS (or 14.04.xx).
|
||||
if [ "`lsb_release -d | sed 's/.*:\s*//' | sed 's/14\.04\.[0-9]/14.04/' `" != "Ubuntu 14.04 LTS" ]; then
|
||||
echo "Mail-in-a-Box only supports being installed on Ubuntu 14.04, sorry. You are running:"
|
||||
if [ `lsb_release -d | sed 's/.*:\sUbuntu *//' | cut -d'.' -f1` -lt 12 ]; then
|
||||
echo "Mail-in-a-Box only supports being installed on Ubuntu 12 and newer, sorry. You are running:"
|
||||
echo
|
||||
lsb_release -d | sed 's/.*:\s*//'
|
||||
echo
|
||||
|
|
|
@ -8,6 +8,13 @@ source setup/functions.sh # load our functions
|
|||
# machine with enough memory? If not, this shows an error and exits.
|
||||
source setup/preflight.sh
|
||||
|
||||
# if Ubuntu major version is less than 14 use nsd3 package
|
||||
if [ `lsb_release -d | sed 's/.*:\sUbuntu *//' | cut -d'.' -f1` -lt 14 ]; then
|
||||
NSD_PACKAGE="nsd3"
|
||||
else
|
||||
NSD_PACKAGE="nsd"
|
||||
fi
|
||||
|
||||
# Ensure Python reads/writes files in UTF-8. If the machine
|
||||
# triggers some other locale in Python, like ASCII encoding,
|
||||
# Python may not be able to read/write files. Here and in
|
||||
|
@ -109,6 +116,7 @@ PUBLIC_IPV6=$PUBLIC_IPV6
|
|||
PRIVATE_IP=$PRIVATE_IP
|
||||
PRIVATE_IPV6=$PRIVATE_IPV6
|
||||
CSR_COUNTRY=$CSR_COUNTRY
|
||||
NSD_PACKAGE=$NSD_PACKAGE
|
||||
EOF
|
||||
|
||||
# Start service configuration.
|
||||
|
|
Loading…
Reference in New Issue