create_opendkim_key.sh: add support for creating missing _domainkey zone.

2019-01-05 04:03:45 +01:00 · 2019-01-05 04:03:45 +01:00 · 593e906704
commit 593e906704
parent 350d05bb8f
2 changed files with 347 additions and 103 deletions
--- a/conf/create_opendkim_key.conf.sample
+++ b/conf/create_opendkim_key.conf.sample
@ -7,12 +7,12 @@
 # DNS Server
 # ----------
-# - dns_server
+# - dns_dkim_zone_master_server
 # - 
 # - The DNS Server who is serving the update zone and is used 
 # - for the dynamic updates (nsupdate) 
 # - 
-dns_server="b.ns.oopen.de"
+#dns_dkim_zone_master_server=""
 # - update_dns
 # -
@ -109,7 +109,7 @@ dns_server="b.ns.oopen.de"
 # - Script increases the serial for a given domain or a given 
 # - hostname's concerning domain.
 # -
-# - Defaults to /root/bin/bind/bind_set_new_serial.sh
+# - Defaults to '/root/bin/bind/bind_set_new_serial.sh'
 # -
 #set_new_serial_script="/root/bin/bind/bind_set_new_serial.sh"
@ -117,7 +117,25 @@ dns_server="b.ns.oopen.de"
 # -
 # - Script adds DKIM subdomain delegation for a given domain
 # -
-#create_dkim_delegation_script="bind_create_dkim_delegation.sh"
+# - Defaults to '/root/bin/bind/bind_create_dkim_delegation.sh'
 # -
 #create_dkim_delegation_script="/root/bin/bind/bind_create_dkim_delegation.sh"
 # - add_dkim_zone_master_script
 # -
 # - Script adds zone _domainkey.<dkim domain> as master zone
 # -
 # - Defaults to '/root/bin/bind/bind_add_dkim_zone_master.sh'
 # -
 #add_dkim_zone_master_script="/root/bin/bind/bind_add_dkim_zone_master.sh"
 # - add_dkim_zone_slave_script
 # -
 # - Script adds zone _domainkey.<dkim domain> as slave zone
 # -
 # - Defaults to '/root/bin/bind/bind_add_dkim_zone_slave.sh'
 # -
 #add_dkim_zone_slave_script="/root/bin/bind/bind_add_dkim_zone_slave.sh"
--- a/create_opendkim_key.sh
+++ b/create_opendkim_key.sh
@ -26,7 +26,8 @@ DEFAULT_dns_ssh_key="/root/.ssh/id_rsa-opendkim"
 DEFAULT_set_new_serial_script="/root/bin/bind/bind_set_new_serial.sh"
 DEFAULT_create_dkim_delegation_script="/root/bin/bind/bind_create_dkim_delegation.sh"
-#DEFAULT_
+DEFAULT_add_dkim_zone_master_script="/root/bin/bind/bind_add_dkim_zone_master.sh"
 DEFAULT_add_dkim_zone_slave_script="/root/bin/bind/bind_add_dkim_zone_slave.sh"
 opendkim_dir="/etc/opendkim"
@ -204,27 +205,27 @@ info (){
 echo_done() {
   if $terminal ; then
-      echo -e "\033[75G[ \033[32mdone\033[m ]"
+      echo -e "\033[80G[ \033[32mdone\033[m ]"
   fi
 }
 echo_ok() {
   if $terminal ; then
-      echo -e "\033[75G[ \033[32mok\033[m ]"
+      echo -e "\033[80G[ \033[32mok\033[m ] "
   fi
 }
 echo_failed(){
   if $terminal ; then
-      echo -e "\033[75G[ \033[1;31mfailed\033[m ]"
+      echo -e "\033[80G[ \033[1;31mfailed\033[m ]"
   fi
 }
 echo_skipped() {
   if $terminal ; then
-      echo -e "\033[75G[ \033[33m\033[1mskipped\033[m ]"
+      echo -e "\033[80G[ \033[33m\033[1mskipped\033[m ]"
   fi
 }
 echo_wait(){
   if $terminal ; then
-      echo -en "\033[75G[ \033[5m\033[1m...\033[m ]"
+      echo -en "\033[80G[ \033[5m\033[1m...\033[m ]"
   fi
 }
@ -346,7 +347,7 @@ while getopts bd:D:hns:t:z: opt ; do
   case $opt in
 		b) BATCH_MODE=true ;;
      d) dkim_domain=$OPTARG ;;
-      D) dns_server=$OPTARG ;;
+      D) dns_dkim_zone_master_server=$OPTARG ;;
      h) usage ;;
      n) update_dns=false ;;
      s) key_secret=$OPTARG ;;
@ -496,9 +497,12 @@ fi
 if $update_dns && [[ -z "$ttl" ]]; then
 	ttl="$DEFAULT_ttl"
 fi
-if $update_dns && [[ -z "$dns_server" ]]; then
+if $update_dns && [[ -z "$dns_dkim_zone_master_server" ]]; then
   fatal "No DNS server for updating given!"
 fi
 if [[ -z "$(dig +short ${dkim_domain} NS)" ]] ; then
   fatal "No Nameserver for domain '${dkim_domain}' found!"
 fi
 if $update_dns ; then
   cname_record="*._domainkey.${dkim_domain}. IN CNAME ${dkim_domain}.${update_zone}."
@ -512,6 +516,8 @@ fi
 #Scripts envoked at DNS Server
 [[ -z "$set_new_serial_script" ]] && set_new_serial_script="$DEFAULT_set_new_serial_script"
 [[ -z "$create_dkim_delegation_script" ]] && create_dkim_delegation_script="$DEFAULT_create_dkim_delegation_script"
 [[ -z "$add_dkim_zone_master_script" ]] && add_dkim_zone_master_script="$DEFAULT_add_dkim_zone_master_script"
 [[ -z "$add_dkim_zone_slave_script" ]] && add_dkim_zone_slave_script="$DEFAULT_add_dkim_zone_slave_script"
 blank_line
@ -530,7 +536,7 @@ if $terminal ; then
 		echo -e "   Create/Update DKIM TXT record....: \033[33mNo\033[m"
 	fi
 	echo ""
-   echo "   DNS Server.......................: $dns_server"
+   echo "   DNS Master Server................: $dns_dkim_zone_master_server"
   if [[ -z "$ttl" ]] || [[ "${ttl,,}" = "none" ]] ; then
      echo -e "   TTL for the DKIM TXT Record......: \033[33m- Not set -\033[m"
   else
@ -558,6 +564,16 @@ if $terminal && ! $BATCH_MODE ; then
 		fatal "Abort by user request - Answer as not 'YES'"
 	fi
   echo ""
 else
   declare -i _count=0
   declare -i _stop=${#dkim_domain}+2
   echo ""
   echo "*${dkim_domain}*"
    while [[ $_count -lt $_stop ]] ; do 
      echo -n "=" 
      ((_count++))
   done
   echo ""   
 fi
@ -566,7 +582,19 @@ key_dir=${key_base_dir}/${dkim_domain}
 dkim_domain_shortname="${dkim_domain%.*}"
 declare -a generated_files_arr=()
 declare -a dns_dkim_zone_slave_server_arr=()
 for _server in $(dig +short ${dkim_domain} NS) ; do
   # - Eliminate trailing '.' character(s)
   # -
   _server="${_server%"${_server##*[!\.]}"}"
   [[ "$_server" = "$dns_dkim_zone_master_server" ]] && continue
   dns_dkim_zone_slave_server_arr+=("$_server")
 done
 _create_delegation=false
 _create_dkim_zone=false
 _wait=false
 if $update_dns && [[ "$dkim_domain" != "$update_zone" ]] ; then
@ -592,7 +620,13 @@ if $update_dns && [[ "$dkim_domain" != "$update_zone" ]] ; then
         if ! $_create_delegation ; then
            _tmp_string="; ----- Delegation DKIM Keys ${dkim_domain}"
            for _server in $(dig +short ${dkim_domain} NS) ; do
-               _tmp_string="$_tmp_string\n${update_zone}.   IN NS    $_server"
+
               # - Eliminate trailing '.' character(s)
               # -
               _server="${_server%"${_server##*[!\.]}"}"
               _tmp_string="$_tmp_string\n${update_zone}.   IN NS    ${_server}."
            done
@ -620,6 +654,7 @@ if $_create_delegation ; then
   # - Generate Subdomain delegation for zone update_zone
   # -
   if $terminal ; then
      echo ""
      echo ""
      echo -e  "   \033[32mGenerate Subdomain delegation for zone \033[37m\033[1m${update_zone}\033[m"
      echo ""
@ -637,6 +672,7 @@ if $_create_delegation ; then
 	# - Check if Nameserver is accessable via ssh
 	# -
 	echononl "Check if Nameserver '$_dns_master' is accessable via ssh .."
   echo_wait
   ssh -q -p $dns_ssh_port \
      -o BatchMode=yes \
      -o StrictHostKeyChecking=no \
@ -650,7 +686,9 @@ if $_create_delegation ; then
   fi
   # - Check if Script '$set_new_serial_script' is accessable via ssh .."
-   echononl "Check if Script '$set_new_serial_script' .."
+   # -
   echononl "Check Script '$set_new_serial_script' .."
   echo_wait
   ssh -q -p $dns_ssh_port \
      -o BatchMode=yes \
      -o StrictHostKeyChecking=no \
@ -664,7 +702,9 @@ if $_create_delegation ; then
   fi
   # - Check if Script '$create_dkim_delegation_script' is accessable via ssh .."
-   echononl "Check if Script '$create_dkim_delegation_script'.."
+   # -
   echononl "Check Script '$create_dkim_delegation_script'.."
   echo_wait
   ssh -q -p $dns_ssh_port \
      -o BatchMode=yes \
      -o StrictHostKeyChecking=no \
@ -679,7 +719,9 @@ if $_create_delegation ; then
   blank_line
   _delegation_created=false
   echononl "Create NS Record (delegation) for '$update_zone'.."
   echo_wait
   ssh -q -p $dns_ssh_port \
      -o BatchMode=yes \
      -o StrictHostKeyChecking=no \
@ -693,7 +735,6 @@ if $_create_delegation ; then
            else
               echo ""
               echo "   [ Info ]  DKIM subdomain delegation for ${update_zone} already exists."
 						echo ""
            fi
            ;;
@ -703,9 +744,9 @@ if $_create_delegation ; then
            else
               echo ""
               echo "   [ Info ]  DKIM subdomain delegation for ${update_zone} successfully added."
               	echo ""
            fi
            _delegation_created=true
            ;;
      11)	$terminal && echo_failed
            fatal "No zonefile for domain '$dkim_domain' found!"
@ -729,6 +770,8 @@ if $_create_delegation ; then
 	echononl "Increase serial an reload zone ($dkim_domain).."
   echo_wait
   if $_delegation_created ; then
      ssh -q -p $dns_ssh_port \
         -o BatchMode=yes \
         -o StrictHostKeyChecking=no \
@ -742,7 +785,6 @@ if $_create_delegation ; then
               else
                  echo ""
                  echo "   [ Info ]  Serial is replaced and Zone is reloaded (${update_zone})."
               	echo ""
               fi
               ;;
@ -772,18 +814,201 @@ if $_create_delegation ; then
               ;;
      esac
   else
      echo_skipped
   fi
 fi # if $_create_delegation
 # - Check if zonefile creation is needed
 # -
 for _server in ${dns_dkim_zone_slave_server_arr[@]} ; do
   if [[ -z "$(dig +short @$_server ${update_zone}. NS)" ]] ; then
      _create_dkim_zone=true
      break
   fi
 done
 if ! $_create_dkim_zone && [[ -z "$(dig +short @$dns_dkim_zone_master_server +short ${update_zone}. NS)" ]] ; then
   _create_dkim_zone=true
 fi
 if $_create_dkim_zone ; then
-if [[ -z "$(dig +short ${update_zone}. NS)" ]] ; then
+   blank_line
-   fatal "No NS Record found for zone \033[1m${update_zone}.\033[m"
+
   # - Check if Script '$add_dkim_zone_master_script' is accessable via ssh .."
   # -
   echononl "Check Script '$add_dkim_zone_master_script'.."
   echo_wait
   ssh -q -p $dns_ssh_port \
      -o BatchMode=yes \
      -o StrictHostKeyChecking=no \
      -i $dns_ssh_key \
      $dns_ssh_user@$dns_dkim_zone_master_server "sudo $add_dkim_zone_master_script check" > /dev/null 2>&1
   if [[ $? -gt 0 ]] ;then
 		echo_failed
      fatal "Script '$add_dkim_zone_master_script' is NOT accessable via ssh!"
 	else
      echo_ok
   fi
   # - Check if Script '$add_dkim_zone_slave_script' is accessable on slave servers
   # -
   for _server in ${dns_dkim_zone_slave_server_arr[@]} ; do
      echononl "Check Script '$add_dkim_zone_master_script'at $_server .."
      echo_wait
      ssh -q -p $dns_ssh_port \
         -o BatchMode=yes \
         -o StrictHostKeyChecking=no \
         -i $dns_ssh_key \
         $dns_ssh_user@$_server "sudo $add_dkim_zone_slave_script check" > /dev/null 2>&1
      if [[ $? -gt 0 ]] ;then
         echo_failed
         fatal "Script '$add_dkim_zone_master_script' is NOT accessable via ssh!"
      else
         echo_ok
      fi
   done
   blank_line
   # - Create zone zone $update_zone at dns master
   # -
   if $terminal ; then
      echo ""
      echo ""
      echo -e  "   \033[32mCreate zone \033[37m\033[1m${update_zone}\033[m at dns master."
      echo ""
   fi
   echononl "Create zone '${update_zone}' at dns master '${_dns_master}'.."
   echo_wait
   ssh -q -p $dns_ssh_port \
      -o BatchMode=yes \
      -o StrictHostKeyChecking=no \
      -i $dns_ssh_key \
      $dns_ssh_user@$dns_dkim_zone_master_server "sudo $add_dkim_zone_master_script $dkim_domain" > /dev/null 2>&1
      ret_val=$?
   case $ret_val in
      0) 	$terminal && echo_ok
            if $terminal ; then
               info "Master zone \033[1m${update_zone}\033[m and zone file created."
            else
               echo ""
               echo "   [ Info ] Master zone '${update_zone}'and zone file created."
            fi
            ;;
      1) 	$terminal && echo_ok
            if $terminal ; then
               info "Master zone \033[1m${update_zone}\033[m already exists, zone file created."
            else
               echo ""
               echo "   [ Info ] Master zone '${update_zone}' already exists, zone file created."
            fi
            ;;
      2) 	$terminal && echo_skipped
            if $terminal ; then
               info "Master zone \033[1m${update_zone}\033[m and zone file already exists."
            else
               echo ""
               echo "   [ Info ] Master zone '${update_zone}' and zone file already exists."
            fi
            ;;
      10)	$terminal && echo_failed
            fatal "Missing option for zone definition!"
            ;;
      15)	$terminal && echo_failed
            fatal "DKIM domain '$dkim_domain' not supported by this nameserver!"
            ;;
      20)	$terminal && echo_failed
            fatal "Adding Zone definition for '${update_zone}' failed!"
            ;;
      21)	$terminal && echo_failed
            fatal "Adding Zonefile  for '${update_zone}' failed!"
            ;;
      22)	$terminal && echo_failed
            fatal "Change owner for newly created zonefile failed!"
            ;;
      23)	$terminal && echo_failed
            fatal "Reload bind configuration failed!"
            ;;
      99)	$terminal && echo_failed
            fatal "Fatal error!"
            ;;
      *)    $terminal && echo_failed
            fatal "Unknown exit code from remote script \"$create_dkim_delegation_script\"!"
            ;;
   esac
   # - Create zone $update_zone ar dns slave(s)
   # -
   if $terminal ; then
      echo ""
      echo ""
      echo -e  "   \033[32mCreate zone \033[37m\033[1m${update_zone}\033[m at dns slave(s)."
      echo ""
   fi
   for _server in ${dns_dkim_zone_slave_server_arr[@]} ; do
      echononl "Create zone '${update_zone}' at dns slave '${_server}'.."
      echo_wait
      ssh -q -p $dns_ssh_port \
         -o BatchMode=yes \
         -o StrictHostKeyChecking=no \
         -i $dns_ssh_key \
         $dns_ssh_user@$_server "sudo $add_dkim_zone_slave_script $dkim_domain" > /dev/null 2>&1
         ret_val=$?
      case $ret_val in
         0) 	$terminal && echo_ok
               if $terminal ; then
                  info "Slave zone \033[1m${update_zone}\033[m at '${_server}' configured."
               else
                  echo ""
                  echo "   [ Info ] Slave zone '${update_zone}' at '${_server}' configured."
               fi
               echononl "Sleeping 5 seconds.."
               echo_wait
               echo_ok
               sleep 5
               ;;
         1) 	$terminal && echo_skipped
               if $terminal ; then
                  info "Slave zone \033[1m${update_zone}\033[m already exists at '${_server}'."
               else
                  echo ""
                  echo "   [ Info ] Slave zone '${update_zone}' already exists '${_server}'."
               fi
               ;;
         15)	$terminal && echo_failed
               fatal "Variable for DNS Master Server (DKIM_DNS_MASTER) not present!"
               ;;
         21)	$terminal && echo_failed
               fatal "Adding Slave Zone '${update_zone}' at '${_server}' failed!"
               ;;
         23)	$terminal && echo_failed
               fatal "Reload bind configuration failed!"
               ;;
         99)	$terminal && echo_failed
               fatal "Fatal error!"
               ;;
         *)    $terminal && echo_failed
               fatal "Unknown exit code from remote script \"$create_dkim_delegation_script\"!"
               ;;
      esac
   done
 fi
 # - Generate private/public keys
 # -
 if $terminal ; then
   echo ""
   echo ""
   echo -e  "   \033[32mGenerate Generate private/public keys\033[m"
   echo ""
@ -931,13 +1156,13 @@ if $update_dns ; then
   # -
   if $terminal ; then
      echo ""
-      echo -e  "   \033[32mUpdate DNS Server \033[37m\033[1m${dns_server}\033[m"
+      echo -e  "   \033[32mUpdate DNS Server \033[37m\033[1m${dns_dkim_zone_master_server}\033[m"
      echo ""
   fi
   echononl "   Update zone '$update_zone' .."
   cat <<EOF | nsupdate -v > $log_file 2>&1
-server $dns_server
+server $dns_dkim_zone_master_server
 zone $update_zone
 key ${key_algo}:$key_name $key_secret
 update delete ${dkim_domain}.${update_zone}.
@ -1021,6 +1246,7 @@ if $terminal ; then
 fi
 echononl "   Restart OpenDKIM.."
 echo_wait
 if $systemd_supported ; then
   systemctl restart opendkim > $log_file 2>&1
   if [[ $? -eq 0 ]] ; then