Changeset 582 for trunk/cgi-bin/IPDB.pm

Timestamp:

01/04/13 17:19:57 (11 years ago)

Author:

Kris Deugau

Message:

/trunk

Begin adding DNS integration via RPC. See #1.
IPDB.pm

• Add a global in IPDB.pm to identify the URL for RPC DNS changes. A blank URL means this capability is disabled. (also MyIPDB.pm)
• Accept extra parameters in addMaster() for DNS changes (default rDNS pattern, DNS location/scope/view) and while we're at it, add space to handle VRF as an informational field
• Drop maskbits from INSERTs in addMaster()
• Make the RPC call to add a reverse zone when adding a new master block. To assist with export caching, we split the zone into /16 or /24 chunks and add each one separately.

main.cgi

• Retrieve DNS locations for adding a master block
• Pass the HTTP user in to addMaster() for logging in the DNS backend

Modify templates for add master
Remove long-obsolete function in widgets.js, add function for:
Add rDNS pattern reference page

Note the RPC calls require at least dnsadmin:trunk@r447 to work properly.

File:

• trunk/cgi-bin/IPDB.pm (modified) (7 diffs)

trunk/cgi-bin/IPDB.pm

@@ -17 +17 @@
 use Net::SMTP;
 use NetAddr::IP qw(:lower Compact );
+use Frontier::Client;
 use POSIX;
 use vars qw($VERSION @ISA @EXPORT @EXPORT_OK %EXPORT_TAGS);
@@ -87 +88 @@
 our $syslog_facility = 'local2';
 
+our $rpc_url = '';
+
 # Let's initialize the globals.
 ## IPDB::initIPDBGlobals()
@@ -214 +217 @@
   my $dbh = shift;
   my $cidr = new NetAddr::IP shift;
+  my %args = @_;
+
+  $args{vrf} = '' if !$args{vrf};
+  $args{rdns} = '' if !$args{rdns};
+  $args{defloc} = '' if !$args{defloc};
+  $args{rwhois} = 'n' if !$args{rwhois};        # fail "safe", sort of.
+  $args{rwhois} = 'n' if $args{rwhois} ne 'n' and $args{rwhois} ne 'y';
 
   # Allow transactions, and raise an exception on errors so we can catch it later.
@@ -228 +238 @@
 ##fixme: rwhois should be globally-flagable somewhere, much like a number of other things
 ## maybe a db table called "config"?
-      $dbh->do("INSERT INTO masterblocks (cidr,rwhois) VALUES (?,?)", undef, ($cidr,'y') );
+      $dbh->do("INSERT INTO masterblocks (cidr,rwhois,vrf,rdns) VALUES (?,?,?,?)", undef, ($cidr, 'y', $args{vrf}, $args{rdns}) );
 
 # Unrouted blocks aren't associated with a city (yet).  We don't rely on this
 # elsewhere though;  legacy data may have traps and pitfalls in it to break this.
 # Thus the "routed" flag.
-      $dbh->do("INSERT INTO freeblocks (cidr,maskbits,city,routed,parent,rdepth) VALUES (?,?,?,?,?,?)", undef,
-        ($cidr, $cidr->masklen, '<NULL>', 'm', $cidr, 1) );
+      $dbh->do("INSERT INTO freeblocks (cidr,city,routed,parent,rdepth,vrf) VALUES (?,?,?,?,?,?)", undef,
+        ($cidr, '<NULL>', 'm', $cidr, 1, $args{vrf}) );
 
       # If we get here, everything is happy.  Commit changes.
@@ -278 +288 @@
       # freeblocks
       $sth = $dbh->prepare("DELETE FROM freeblocks WHERE cidr <<= ?");
-      my $sth2 = $dbh->prepare("INSERT INTO freeblocks (cidr,maskbits,city,routed,parent,rdepth)".
-        " VALUES (?,?,'<NULL>','m',?,1)");
+      my $sth2 = $dbh->prepare("INSERT INTO freeblocks (cidr,city,routed,parent,rdepth,vrf)".
+        " VALUES (?,'<NULL>','m',?,1,?)");
       foreach my $newblock (@blocklist) {
         $sth->execute($newblock);
-        $sth2->execute($newblock, $newblock->masklen, $cidr);
+        $sth2->execute($newblock, $cidr, $args{vrf});
       }
 
@@ -291 +301 @@
       # master
       $dbh->do("DELETE FROM masterblocks WHERE cidr <<= ?", undef, ($cidr) );
-      $dbh->do("INSERT INTO masterblocks (cidr,rwhois) VALUES (?,?)", undef, ($cidr, 'y') );
+      $dbh->do("INSERT INTO masterblocks (cidr,rwhois,vrf,rdns) VALUES (?,?,?,?)", undef, ($cidr, 'y', $args{vrf}, $args{rdns}) );
 
       # *whew*  If we got here, we likely suceeded.
@@ -303 +313 @@
     return ('FAIL',$msg);
   } else {
+
+    # Only attempt rDNS if the IPDB side succeeded
+    if ($rpc_url) {
+      # Make an object to represent the XML-RPC server.
+      my $server = Frontier::Client->new(url => $rpc_url, debug => 0);
+      my $result;
+
+# Note *not* splitting reverse zones negates any benefit from caching the exported data.
+# IPv6 address space is far too large to split usefully, and in any case (also due to
+# the large address space) doesn't support the iterated template records v4 zones do
+# that causes the bulk of the slowdown that needs the cache anyway.
+
+      my @zonelist;
+# allow splitting reverse zones to be disabled, maybe, someday
+#if ($splitrevzones && !$cidr->{isv6}) {
+      if (1 && !$cidr->{isv6}) {
+        my $splitpoint = ($cidr->masklen <= 16 ? 16 : 24);      # hack pthui
+        @zonelist = $cidr->split($splitpoint);
+      } else {
+        @zonelist = ($cidr);
+      }
+      my @fails;
+      ##fixme:  remove hardcoding where possible
+      foreach my $subzone (@zonelist) {
+        my %rpcargs = (
+          rpcuser => $args{user},
+          rpcsystem => 'ipdb',
+          revzone => "$subzone",
+          revpatt => $args{rdns},
+          defloc => $args{defloc},
+          group => 1,   # not sure how these two could sanely be exposed, tbh...
+          state => 1,   # could make them globally configurable maybe
+        );
+        eval {
+          $result = $server->call('dnsdb.addRDNS', %rpcargs);
+        };
+        if ($@) {
+          my $msg = $@;
+          $msg =~ s/Fault returned from XML RPC Server, fault code 4: error executing RPC `dnsdb.addRDNS'\.\s//;
+          push @fails, ("$subzone" => $msg);
+        }
+      }
+      if (@fails) {
+        return ('WARN',"Warning(s) adding $cidr to reverse DNS:\n".join("\n", @fails));
+      }
+    }
     return ('OK','OK');
   }