Statistics
| Branch: | Tag: | Revision:

root / policies / systemSettings / networking / dnsConfiguration / 1.1 / check_dns_configuration.st @ 59a0ddb2

History | View | Annotate | Download (7.5 kB)

1
#####################################################################################
2
# Copyright 2011 Normation SAS
3
#####################################################################################
4
#
5
# This program is free software: you can redistribute it and/or modify
6
# it under the terms of the GNU General Public License as published by
7
# the Free Software Foundation, Version 3.
8
#
9
# This program is distributed in the hope that it will be useful,
10
# but WITHOUT ANY WARRANTY; without even the implied warranty of
11
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
12
# GNU General Public License for more details.
13
#
14
# You should have received a copy of the GNU General Public License
15
# along with this program.  If not, see <http://www.gnu.org/licenses/>.
16
#
17
#####################################################################################
18

    
19
#Check the dns configuration, and correct it if required
20
#CAUTION : the loop for windows does not work well, a bug is opened (#82)
21

    
22
bundle agent check_dns_configuration {
23
classes:
24

    
25
        	        # DNS Resolver edition ?
26
	                "dns_resolver_edit" not => strcmp("&DNS_RESOLVERS_EDIT&","false");
27

    
28
        	        # DNS Search suffix edition ?
29
	                "dns_searchlist_edit" not => strcmp("&DNS_SEARCHLIST_EDIT&","false");
30

    
31
        	        # DNS options edition ?
32
	                "dns_options_edit" not => strcmp("&DNS_OPTIONS_EDIT&","false");
33

    
34
	vars:
35

    
36
			"resolvers" slist => {&DNS_RESOLVERS: { "&it&" };separator=", "&};
37

    
38
			"searchlist"  slist => {&DNS_SEARCHLIST: { "&it&" };separator=", "&};
39

    
40
			"options"  slist => {&DNS_OPTIONS: { "&it&" };separator=", "&};
41

    
42
			"spaced_searchlist" string => join(" ", "searchlist");
43

    
44
			"spaced_options" string => join(" ", "options");
45

    
46
		windows::
47
			"searchkey" string => join("\,", searchlist);
48
			"resolvkey" string => join("\,", resolvers); 
49
			"adapters" string => execresult("\"${g.rudder_sbin}\registrydns.bat\"", "noshell"),
50
				comment => "Fetching all the adapter";
51
			"adapterslist" slist => splitstring("$(adapters)", ";", "15");
52

    
53
	files:
54

    
55
                linux::
56

    
57
                        "$(sys.resolv)"
58
                                create        => "true",
59
                                edit_line     => resolv_edition("$(this.spaced_searchlist)",  "@(this.resolvers)", "$(this.spaced_options)"),
60
                                classes => class_trigger("dns_repaired", "cant_repair_dns", "dns_kept");
61

    
62

    
63
&if(NOVA)&
64
	methods:
65
		windows.dns_resolver_edit::
66
			"any" usebundle => checkDNS($(adapterslist), $(resolvkey));
67

    
68
	databases:
69

    
70
		windows.dns_resolver_edit::
71
			"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters"
72
				database_operation => "verify",
73
				database_type => "ms_registry",
74
				database_rows => { "NameServer,REG_SZ,$(resolvkey)"},
75
				comment => "Set the top level resolver",
76
				classes => class_trigger("dns_repaired_resolver", "cant_repair_dns_resolver", "dns_resolver_kept");
77

    
78
		windows.dns_searchlist_edit::
79
			"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters"
80
				database_operation => "verify",
81
				database_type => "ms_registry",
82
				database_rows => { "SearchList,REG_SZ,$(searchkey)"},
83
				comment => "Set the search list",
84
				classes => if_else("dns_repaired_searchlist", "cant_repair_dns_searchlist", "dns_searchlist_kept");
85
&endif&
86
	
87
	reports:
88

    
89
                dns_resolver_edit::
90
                        "@@ConfigureDNS@@log_debug@@&TRACKINGKEY&@@dnsConfiguration@@None@@$(g.execRun)##$(g.uuid)@#Settings are to edit DNS resolvers";
91

    
92
                dns_searchlist_edit::
93
                        "@@ConfigureDNS@@log_debug@@&TRACKINGKEY&@@dnsConfiguration@@None@@$(g.execRun)##$(g.uuid)@#Settings are to edit DNS searchlist";
94

    
95
                (linux.dns_repaired)|(windows.dns_repaired_resolver.!cant_repair_dns_resolver.dns_repaired_searchlist.!cant_repair_dns_searchlist)::
96
                        "@@ConfigureDNS@@result_repaired@@&TRACKINGKEY&@@dnsConfiguration@@None@@$(g.execRun)##$(g.uuid)@#DNS settings were updated";
97
                        
98
                cant_repair_dns::
99
                        "@@ConfigureDNS@@result_error@@&TRACKINGKEY&@@dnsConfiguration@@None@@$(g.execRun)##$(g.uuid)@#Could not edit the $(sys.resolv) configuration file";
100

    
101
                cant_repair_dns_searchlist::
102
                        "@@ConfigureDNS@@result_error@@&TRACKINGKEY&@@dnsConfiguration@@None@@$(g.execRun)##$(g.uuid)@#Could not set DNS search list in the Windows registry";
103

    
104
                cant_repair_dns_resolver::
105
                        "@@ConfigureDNS@@result_error@@&TRACKINGKEY&@@dnsConfiguration@@None@@$(g.execRun)##$(g.uuid)@#Could not set DNS resolver list in the Windows registry";
106

    
107
		linux.dns_kept.!dns_repaired.!cant_repair_dns::
108
                        "@@ConfigureDNS@@result_success@@&TRACKINGKEY&@@dnsConfiguration@@None@@$(g.execRun)##$(g.uuid)@#The DNS is correctly configured";
109

    
110
		#windows and something to do
111
		windows.((dns_resolver_edit.dns_resolver_kept.!dns_repaired_resolver)|!dns_resolver_edit).((dns_searchlist_edit.dns_searchlist_kept.!dns_repaired_searchlist)|!dns_searchlist_edit)::
112
			"@@ConfigureDNS@@result_success@@&TRACKINGKEY&@@dnsConfiguration@@None@@$(g.execRun)##$(g.uuid)@#The DNS is correctly configured";
113

    
114
&if(COMMUNITY)&
115
		windows::
116
			"@@ConfigureDNS@@result_error@@&TRACKINGKEY&@@dnsConfiguration@@None@@$(g.execRun)##$(g.uuid)@#Can't repair the dns configuration on a Windows with community edition";
117
&endif&	
118
}
119

    
120
&if(NOVA)&
121
######################################################
122
# For each adapter passed in arguement, add the value
123
# NameServer, regKey
124
######################################################
125
bundle agent checkDNS(adapter, regKey) {
126
	classes:
127
		"valid" expression => regcmp("{.*","$(adapter)"),
128
			comment => "A valid adapter starts with {";
129

    
130

    
131
	databases:
132
		valid::
133
			"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\$(adapter)"
134
				database_operation => "verify",
135
				database_type => "ms_registry",
136
				database_rows => { "NameServer,REG_SZ,$(regKey)"},
137
				classes => class_trigger("dns_repaired_resolver", "cant_repair_dns_resolver", "dns_resolver_kept");
138

    
139
}
140
&endif&
141

    
142
#######################################################
143
# Add lines in the file, formated for resolv.conf file
144
bundle edit_line resolv_edition(search, list, options) {
145

    
146
        classes:
147

    
148
                        # DNS Resolver edition ?
149
                        "dns_resolver_edit" not => strcmp("&DNS_RESOLVERS_EDIT&","false");
150

    
151
                        # DNS Search suffix edition ?
152
                        "dns_searchlist_edit" not => strcmp("&DNS_SEARCHLIST_EDIT&","false");
153

    
154
                        # DNS options edition ?
155
                        "dns_options_edit" not => strcmp("&DNS_OPTIONS_EDIT&","false");
156

    
157
        delete_lines:
158

    
159
                dns_searchlist_edit::
160
                        "search.*";
161

    
162
                dns_resolver_edit::
163
                        "nameserver.*";
164

    
165
                dns_options_edit::
166
                        "options.*";
167

    
168
        insert_lines:
169

    
170
"#############################################################
171
### This file is protected by your Rudder infrastructure. ###
172
### Manually editing the file might lead your Rudder      ###
173
### infrastructure to change back the server’s            ###
174
### configuration and/or to raise a compliance alert.     ###
175
#############################################################
176
"
177
                location => start,
178
                insert_type => "preserve_block";
179

    
180
		dns_options_edit::
181
			"options $(options)";
182

    
183
		dns_searchlist_edit::
184
			"search $(search)";
185

    
186
		dns_resolver_edit::
187
			"nameserver $(list)";
188

    
189
}