summaryrefslogtreecommitdiff
path: root/gemfeed/2024-04-01-KISS-high-availability-with-OpenBSD.html
diff options
context:
space:
mode:
Diffstat (limited to 'gemfeed/2024-04-01-KISS-high-availability-with-OpenBSD.html')
-rw-r--r--gemfeed/2024-04-01-KISS-high-availability-with-OpenBSD.html215
1 files changed, 105 insertions, 110 deletions
diff --git a/gemfeed/2024-04-01-KISS-high-availability-with-OpenBSD.html b/gemfeed/2024-04-01-KISS-high-availability-with-OpenBSD.html
index 16bff225..ed9f17dd 100644
--- a/gemfeed/2024-04-01-KISS-high-availability-with-OpenBSD.html
+++ b/gemfeed/2024-04-01-KISS-high-availability-with-OpenBSD.html
@@ -2,17 +2,12 @@
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<title>KISS high-availability with OpenBSD</title>
<link rel="shortcut icon" type="image/gif" href="/favicon.ico" />
<link rel="stylesheet" href="../style.css" />
<link rel="stylesheet" href="style-override.css" />
</head>
<body>
-<div class="rfx-overlay-grid"></div>
-<div class="rfx-overlay-scanlines"></div>
-<div id="rfx-stars"></div>
-<div class="rfx-vignette"></div>
<p class="header">
<a href="https://foo.zone">Home</a> | <a href="https://codeberg.org/snonux/foo.zone/src/branch/content-md/gemfeed/2024-04-01-KISS-high-availability-with-OpenBSD.md">Markdown</a> | <a href="gemini://foo.zone/gemfeed/2024-04-01-KISS-high-availability-with-OpenBSD.gmi">Gemini</a>
</p>
@@ -103,38 +98,38 @@ _____|_:_:_| (o)-(o) |_:_:_|--&#39;`-. ,--. ksh under-water (((\&#39;/
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
-<pre><i><font color="#ababab">#!/bin/ksh</font></i>
+<pre><i><font color="silver">#!/bin/ksh</font></i>
-<font color="#ff0000">ZONES_DIR</font><font color="#F3E651">=</font><font color="#ff0000">/var/nsd/zones/master</font><font color="#F3E651">/</font>
-<font color="#ff0000">DEFAULT_MASTER</font><font color="#F3E651">=</font><font color="#ff0000">fishfinger</font><font color="#F3E651">.</font><font color="#ff0000">buetow</font><font color="#F3E651">.</font><font color="#ff0000">org</font>
-<font color="#ff0000">DEFAULT_STANDBY</font><font color="#F3E651">=</font><font color="#ff0000">blowfish</font><font color="#F3E651">.</font><font color="#ff0000">buetow</font><font color="#F3E651">.</font><font color="#ff0000">org</font>
+ZONES_DIR=/var/nsd/zones/master/
+DEFAULT_MASTER=fishfinger.buetow.org
+DEFAULT_STANDBY=blowfish.buetow.org
-<font color="#7bc710">determine_master_and_standby ()</font><font color="#ff0000"> {</font>
-<font color="#ff0000"> </font><b><font color="#ffffff">local</font></b><font color="#ff0000"> </font><font color="#ff0000">master</font><font color="#F3E651">=</font><font color="#ff0000">$DEFAULT_MASTER</font>
-<font color="#ff0000"> </font><b><font color="#ffffff">local</font></b><font color="#ff0000"> </font><font color="#ff0000">standby</font><font color="#F3E651">=</font><font color="#ff0000">$DEFAULT_STANDBY</font>
+determine_master_and_standby () {
+ <b><u><font color="#000000">local</font></u></b> master=$DEFAULT_MASTER
+ <b><u><font color="#000000">local</font></u></b> standby=$DEFAULT_STANDBY
-<font color="#ff0000"> </font><font color="#F3E651">.</font>
-<font color="#ff0000"> </font><font color="#F3E651">.</font>
-<font color="#ff0000"> </font><font color="#F3E651">.</font>
-<font color="#ff0000"> </font>
-<font color="#ff0000"> </font><b><font color="#ffffff">local</font></b><font color="#ff0000"> -i </font><font color="#ff0000">health_ok</font><font color="#F3E651">=</font><font color="#bb00ff">1</font>
-<font color="#ff0000"> </font><b><font color="#ffffff">if</font></b><font color="#ff0000"> </font><font color="#F3E651">!</font><font color="#ff0000"> ftp -</font><font color="#bb00ff">4</font><font color="#ff0000"> -o - https</font><font color="#F3E651">://</font><font color="#ff0000">$master</font><font color="#ff0000">/index</font><font color="#F3E651">.</font><font color="#ff0000">txt </font><font color="#F3E651">|</font><font color="#ff0000"> grep -q </font><font color="#bb00ff">"Welcome to $master"</font><font color="#F3E651">;</font><font color="#ff0000"> </font><b><font color="#ffffff">then</font></b>
-<font color="#ff0000"> echo </font><font color="#bb00ff">"https://$master/index.txt IPv4 health check failed"</font>
-<font color="#ff0000"> </font><font color="#ff0000">health_ok</font><font color="#F3E651">=</font><font color="#bb00ff">0</font>
-<font color="#ff0000"> </font><b><font color="#ffffff">elif</font></b><font color="#ff0000"> </font><font color="#F3E651">!</font><font color="#ff0000"> ftp -</font><font color="#bb00ff">6</font><font color="#ff0000"> -o - https</font><font color="#F3E651">://</font><font color="#ff0000">$master</font><font color="#ff0000">/index</font><font color="#F3E651">.</font><font color="#ff0000">txt </font><font color="#F3E651">|</font><font color="#ff0000"> grep -q </font><font color="#bb00ff">"Welcome to $master"</font><font color="#F3E651">;</font><font color="#ff0000"> </font><b><font color="#ffffff">then</font></b>
-<font color="#ff0000"> echo </font><font color="#bb00ff">"https://$master/index.txt IPv6 health check failed"</font>
-<font color="#ff0000"> </font><font color="#ff0000">health_ok</font><font color="#F3E651">=</font><font color="#bb00ff">0</font>
-<font color="#ff0000"> </font><b><font color="#ffffff">fi</font></b>
-<font color="#ff0000"> </font><b><font color="#ffffff">if</font></b><font color="#ff0000"> </font><font color="#F3E651">[</font><font color="#ff0000"> </font><font color="#ff0000">$health_ok</font><font color="#ff0000"> -eq </font><font color="#bb00ff">0</font><font color="#ff0000"> </font><font color="#F3E651">];</font><font color="#ff0000"> </font><b><font color="#ffffff">then</font></b>
-<font color="#ff0000"> </font><b><font color="#ffffff">local</font></b><font color="#ff0000"> </font><font color="#ff0000">tmp</font><font color="#F3E651">=</font><font color="#ff0000">$master</font>
-<font color="#ff0000"> </font><font color="#ff0000">master</font><font color="#F3E651">=</font><font color="#ff0000">$standby</font>
-<font color="#ff0000"> </font><font color="#ff0000">standby</font><font color="#F3E651">=</font><font color="#ff0000">$tmp</font>
-<font color="#ff0000"> </font><b><font color="#ffffff">fi</font></b>
+ .
+ .
+ .
+
+ <b><u><font color="#000000">local</font></u></b> -i health_ok=<font color="#000000">1</font>
+ <b><u><font color="#000000">if</font></u></b> ! ftp -<font color="#000000">4</font> -o - https://$master/index.txt | grep -q <font color="#808080">"Welcome to $master"</font>; <b><u><font color="#000000">then</font></u></b>
+ echo <font color="#808080">"https://$master/index.txt IPv4 health check failed"</font>
+ health_ok=<font color="#000000">0</font>
+ <b><u><font color="#000000">elif</font></u></b> ! ftp -<font color="#000000">6</font> -o - https://$master/index.txt | grep -q <font color="#808080">"Welcome to $master"</font>; <b><u><font color="#000000">then</font></u></b>
+ echo <font color="#808080">"https://$master/index.txt IPv6 health check failed"</font>
+ health_ok=<font color="#000000">0</font>
+ <b><u><font color="#000000">fi</font></u></b>
+ <b><u><font color="#000000">if</font></u></b> [ $health_ok -eq <font color="#000000">0</font> ]; <b><u><font color="#000000">then</font></u></b>
+ <b><u><font color="#000000">local</font></u></b> tmp=$master
+ master=$standby
+ standby=$tmp
+ <b><u><font color="#000000">fi</font></u></b>
-<font color="#ff0000"> </font><font color="#F3E651">.</font>
-<font color="#ff0000"> </font><font color="#F3E651">.</font>
-<font color="#ff0000"> </font><font color="#F3E651">.</font>
-<font color="#ff0000">}</font>
+ .
+ .
+ .
+}
</pre>
<br />
<span>The failover scripts looks for the <span class='inlinecode'> ; Enable failover</span> string in the DNS zone files and swaps the <span class='inlinecode'>A</span> and <span class='inlinecode'>AAAA</span> records of the DNS entries accordingly:</span><br />
@@ -143,42 +138,42 @@ http://www.gnu.org/software/src-highlite -->
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
-<pre><font color="#ff0000">fishfinger$ grep failover /var/nsd/zones/master/foo</font><font color="#F3E651">.</font><font color="#ff0000">zone</font><font color="#F3E651">.</font><font color="#ff0000">zone</font>
-<font color="#ff0000"> </font><font color="#bb00ff">300</font><font color="#ff0000"> IN A </font><font color="#bb00ff">46.23</font><font color="#F3E651">.</font><font color="#bb00ff">94.99</font><font color="#ff0000"> </font><font color="#F3E651">;</font><font color="#ff0000"> Enable failover</font>
-<font color="#ff0000"> </font><font color="#bb00ff">300</font><font color="#ff0000"> IN AAAA 2a03</font><font color="#F3E651">:</font><font color="#bb00ff">6000</font><font color="#F3E651">:</font><font color="#ff0000">6f67</font><font color="#F3E651">:</font><font color="#bb00ff">624</font><font color="#F3E651">::</font><font color="#bb00ff">99</font><font color="#ff0000"> </font><font color="#F3E651">;</font><font color="#ff0000"> Enable failover</font>
-<font color="#ff0000">www </font><font color="#bb00ff">300</font><font color="#ff0000"> IN A </font><font color="#bb00ff">46.23</font><font color="#F3E651">.</font><font color="#bb00ff">94.99</font><font color="#ff0000"> </font><font color="#F3E651">;</font><font color="#ff0000"> Enable failover</font>
-<font color="#ff0000">www </font><font color="#bb00ff">300</font><font color="#ff0000"> IN AAAA 2a03</font><font color="#F3E651">:</font><font color="#bb00ff">6000</font><font color="#F3E651">:</font><font color="#ff0000">6f67</font><font color="#F3E651">:</font><font color="#bb00ff">624</font><font color="#F3E651">::</font><font color="#bb00ff">99</font><font color="#ff0000"> </font><font color="#F3E651">;</font><font color="#ff0000"> Enable failover</font>
-<font color="#ff0000">standby </font><font color="#bb00ff">300</font><font color="#ff0000"> IN A </font><font color="#bb00ff">23.88</font><font color="#F3E651">.</font><font color="#bb00ff">35.144</font><font color="#ff0000"> </font><font color="#F3E651">;</font><font color="#ff0000"> Enable failover</font>
-<font color="#ff0000">standby </font><font color="#bb00ff">300</font><font color="#ff0000"> IN AAAA 2a01</font><font color="#F3E651">:</font><font color="#ff0000">4f8</font><font color="#F3E651">:</font><font color="#ff0000">c17</font><font color="#F3E651">:</font><font color="#ff0000">20f1</font><font color="#F3E651">::</font><font color="#bb00ff">42</font><font color="#ff0000"> </font><font color="#F3E651">;</font><font color="#ff0000"> Enable failover</font>
+<pre>fishfinger$ grep failover /var/nsd/zones/master/foo.zone.zone
+ <font color="#000000">300</font> IN A <font color="#000000">46.23</font>.<font color="#000000">94.99</font> ; Enable failover
+ <font color="#000000">300</font> IN AAAA 2a03:<font color="#000000">6000</font>:6f67:<font color="#000000">624</font>::<font color="#000000">99</font> ; Enable failover
+www <font color="#000000">300</font> IN A <font color="#000000">46.23</font>.<font color="#000000">94.99</font> ; Enable failover
+www <font color="#000000">300</font> IN AAAA 2a03:<font color="#000000">6000</font>:6f67:<font color="#000000">624</font>::<font color="#000000">99</font> ; Enable failover
+standby <font color="#000000">300</font> IN A <font color="#000000">23.88</font>.<font color="#000000">35.144</font> ; Enable failover
+standby <font color="#000000">300</font> IN AAAA 2a01:4f8:c17:20f1::<font color="#000000">42</font> ; Enable failover
</pre>
<br />
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
-<pre><font color="#7bc710">transform ()</font><font color="#ff0000"> {</font>
-<font color="#ff0000"> sed -E </font><font color="#bb00ff">'</font>
-<font color="#bb00ff"> /IN A .*; Enable failover/ {</font>
-<font color="#bb00ff"> /^standby/! {</font>
-<font color="#bb00ff"> s/^(.*) 300 IN A (.*) ; (.*)/</font><font color="#ffffff">\1</font><font color="#bb00ff"> 300 IN A '</font><font color="#ff0000">$(</font><font color="#ff0000">cat /var/nsd/run/master_a</font><font color="#F3E651">)</font><font color="#bb00ff">' ; </font><font color="#ffffff">\3</font><font color="#bb00ff">/;</font>
-<font color="#bb00ff"> }</font>
-<font color="#bb00ff"> /^standby/ {</font>
-<font color="#bb00ff"> s/^(.*) 300 IN A (.*) ; (.*)/</font><font color="#ffffff">\1</font><font color="#bb00ff"> 300 IN A '</font><font color="#ff0000">$(</font><font color="#ff0000">cat /var/nsd/run/standby_a</font><font color="#F3E651">)</font><font color="#bb00ff">' ; </font><font color="#ffffff">\3</font><font color="#bb00ff">/;</font>
-<font color="#bb00ff"> }</font>
-<font color="#bb00ff"> }</font>
-<font color="#bb00ff"> /IN AAAA .*; Enable failover/ {</font>
-<font color="#bb00ff"> /^standby/! {</font>
-<font color="#bb00ff"> s/^(.*) 300 IN AAAA (.*) ; (.*)/</font><font color="#ffffff">\1</font><font color="#bb00ff"> 300 IN AAAA '</font><font color="#ff0000">$(</font><font color="#ff0000">cat /var/nsd/run/master_aaaa</font><font color="#F3E651">)</font><font color="#bb00ff">' ; </font><font color="#ffffff">\3</font><font color="#bb00ff">/;</font>
-<font color="#bb00ff"> }</font>
-<font color="#bb00ff"> /^standby/ {</font>
-<font color="#bb00ff"> s/^(.*) 300 IN AAAA (.*) ; (.*)/</font><font color="#ffffff">\1</font><font color="#bb00ff"> 300 IN AAAA '</font><font color="#ff0000">$(</font><font color="#ff0000">cat /var/nsd/run/standby_aaaa</font><font color="#F3E651">)</font><font color="#bb00ff">' ; </font><font color="#ffffff">\3</font><font color="#bb00ff">/;</font>
-<font color="#bb00ff"> }</font>
-<font color="#bb00ff"> }</font>
-<font color="#bb00ff"> / ; serial/ {</font>
-<font color="#bb00ff"> s/^( +) ([0-9]+) .*; (.*)/</font><font color="#ffffff">\1</font><font color="#bb00ff"> '</font><font color="#ff0000">$(</font><font color="#ff0000">date </font><font color="#F3E651">+%</font><font color="#ff0000">s</font><font color="#F3E651">)</font><font color="#bb00ff">' ; </font><font color="#ffffff">\3</font><font color="#bb00ff">/;</font>
-<font color="#bb00ff"> }</font>
-<font color="#bb00ff"> '</font>
-<font color="#ff0000">}</font>
+<pre>transform () {
+ sed -E <font color="#808080">'</font>
+<font color="#808080"> /IN A .*; Enable failover/ {</font>
+<font color="#808080"> /^standby/! {</font>
+<font color="#808080"> s/^(.*) 300 IN A (.*) ; (.*)/</font>\1<font color="#808080"> 300 IN A '</font>$(cat /var/nsd/run/master_a)<font color="#808080">' ; </font>\3<font color="#808080">/;</font>
+<font color="#808080"> }</font>
+<font color="#808080"> /^standby/ {</font>
+<font color="#808080"> s/^(.*) 300 IN A (.*) ; (.*)/</font>\1<font color="#808080"> 300 IN A '</font>$(cat /var/nsd/run/standby_a)<font color="#808080">' ; </font>\3<font color="#808080">/;</font>
+<font color="#808080"> }</font>
+<font color="#808080"> }</font>
+<font color="#808080"> /IN AAAA .*; Enable failover/ {</font>
+<font color="#808080"> /^standby/! {</font>
+<font color="#808080"> s/^(.*) 300 IN AAAA (.*) ; (.*)/</font>\1<font color="#808080"> 300 IN AAAA '</font>$(cat /var/nsd/run/master_aaaa)<font color="#808080">' ; </font>\3<font color="#808080">/;</font>
+<font color="#808080"> }</font>
+<font color="#808080"> /^standby/ {</font>
+<font color="#808080"> s/^(.*) 300 IN AAAA (.*) ; (.*)/</font>\1<font color="#808080"> 300 IN AAAA '</font>$(cat /var/nsd/run/standby_aaaa)<font color="#808080">' ; </font>\3<font color="#808080">/;</font>
+<font color="#808080"> }</font>
+<font color="#808080"> }</font>
+<font color="#808080"> / ; serial/ {</font>
+<font color="#808080"> s/^( +) ([0-9]+) .*; (.*)/</font>\1<font color="#808080"> '</font>$(date +%s)<font color="#808080">' ; </font>\3<font color="#808080">/;</font>
+<font color="#808080"> }</font>
+<font color="#808080"> '</font>
+}
</pre>
<br />
<span>After the failover, the script reloads <span class='inlinecode'>nsd</span> and performs a sanity check to see if DNS still works. If not, a rollback will be performed:</span><br />
@@ -187,48 +182,48 @@ http://www.gnu.org/software/src-highlite -->
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
-<pre><i><font color="#ababab">#! Race condition !#</font></i>
-<font color="#ff0000"> </font>
-<b><font color="#ffffff">if</font></b><font color="#ff0000"> </font><font color="#F3E651">[</font><font color="#ff0000"> -f </font><font color="#ff0000">$zone_file</font><font color="#F3E651">.</font><font color="#ff0000">bak </font><font color="#F3E651">];</font><font color="#ff0000"> </font><b><font color="#ffffff">then</font></b>
-<font color="#ff0000"> mv </font><font color="#ff0000">$zone_file</font><font color="#F3E651">.</font><font color="#ff0000">bak </font><font color="#ff0000">$zone_file</font>
-<b><font color="#ffffff">fi</font></b>
+<pre><i><font color="silver">#! Race condition !#</font></i>
+
+<b><u><font color="#000000">if</font></u></b> [ -f $zone_file.bak ]; <b><u><font color="#000000">then</font></u></b>
+ mv $zone_file.bak $zone_file
+<b><u><font color="#000000">fi</font></u></b>
-<font color="#ff0000">cat </font><font color="#ff0000">$zone_file</font><font color="#ff0000"> </font><font color="#F3E651">|</font><font color="#ff0000"> transform </font><font color="#F3E651">&gt;</font><font color="#ff0000"> </font><font color="#ff0000">$zone_file</font><font color="#F3E651">.</font><font color="#ff0000">new</font><font color="#F3E651">.</font><font color="#ff0000">tmp </font>
+cat $zone_file | transform &gt; $zone_file.new.tmp
-<font color="#ff0000">grep -v </font><font color="#bb00ff">' ; serial'</font><font color="#ff0000"> </font><font color="#ff0000">$zone_file</font><font color="#F3E651">.</font><font color="#ff0000">new</font><font color="#F3E651">.</font><font color="#ff0000">tmp </font><font color="#F3E651">&gt;</font><font color="#ff0000"> </font><font color="#ff0000">$zone_file</font><font color="#F3E651">.</font><font color="#ff0000">new</font><font color="#F3E651">.</font><font color="#ff0000">noserial</font><font color="#F3E651">.</font><font color="#ff0000">tmp</font>
-<font color="#ff0000">grep -v </font><font color="#bb00ff">' ; serial'</font><font color="#ff0000"> </font><font color="#ff0000">$zone_file</font><font color="#ff0000"> </font><font color="#F3E651">&gt;</font><font color="#ff0000"> </font><font color="#ff0000">$zone_file</font><font color="#F3E651">.</font><font color="#ff0000">old</font><font color="#F3E651">.</font><font color="#ff0000">noserial</font><font color="#F3E651">.</font><font color="#ff0000">tmp</font>
+grep -v <font color="#808080">' ; serial'</font> $zone_file.new.tmp &gt; $zone_file.new.noserial.tmp
+grep -v <font color="#808080">' ; serial'</font> $zone_file &gt; $zone_file.old.noserial.tmp
-<font color="#ff0000">echo </font><font color="#bb00ff">"Has zone $zone_file changed?"</font>
-<b><font color="#ffffff">if</font></b><font color="#ff0000"> diff -u </font><font color="#ff0000">$zone_file</font><font color="#F3E651">.</font><font color="#ff0000">old</font><font color="#F3E651">.</font><font color="#ff0000">noserial</font><font color="#F3E651">.</font><font color="#ff0000">tmp </font><font color="#ff0000">$zone_file</font><font color="#F3E651">.</font><font color="#ff0000">new</font><font color="#F3E651">.</font><font color="#ff0000">noserial</font><font color="#F3E651">.</font><font color="#ff0000">tmp</font><font color="#F3E651">;</font><font color="#ff0000"> </font><b><font color="#ffffff">then</font></b>
-<font color="#ff0000"> echo </font><font color="#bb00ff">"The zone $zone_file hasn't changed"</font>
-<font color="#ff0000"> rm </font><font color="#ff0000">$zone_file</font><font color="#F3E651">.*.</font><font color="#ff0000">tmp</font>
-<font color="#ff0000"> </font><b><font color="#ffffff">return</font></b><font color="#ff0000"> </font><font color="#bb00ff">0</font>
-<b><font color="#ffffff">fi</font></b>
+echo <font color="#808080">"Has zone $zone_file changed?"</font>
+<b><u><font color="#000000">if</font></u></b> diff -u $zone_file.old.noserial.tmp $zone_file.new.noserial.tmp; <b><u><font color="#000000">then</font></u></b>
+ echo <font color="#808080">"The zone $zone_file hasn't changed"</font>
+ rm $zone_file.*.tmp
+ <b><u><font color="#000000">return</font></u></b> <font color="#000000">0</font>
+<b><u><font color="#000000">fi</font></u></b>
-<font color="#ff0000">cp </font><font color="#ff0000">$zone_file</font><font color="#ff0000"> </font><font color="#ff0000">$zone_file</font><font color="#F3E651">.</font><font color="#ff0000">bak</font>
-<font color="#ff0000">mv </font><font color="#ff0000">$zone_file</font><font color="#F3E651">.</font><font color="#ff0000">new</font><font color="#F3E651">.</font><font color="#ff0000">tmp </font><font color="#ff0000">$zone_file</font>
-<font color="#ff0000">rm </font><font color="#ff0000">$zone_file</font><font color="#F3E651">.*.</font><font color="#ff0000">tmp</font>
-<font color="#ff0000">echo </font><font color="#bb00ff">"Reloading nsd"</font>
-<font color="#ff0000">nsd-control reload</font>
+cp $zone_file $zone_file.bak
+mv $zone_file.new.tmp $zone_file
+rm $zone_file.*.tmp
+echo <font color="#808080">"Reloading nsd"</font>
+nsd-control reload
-<b><font color="#ffffff">if</font></b><font color="#ff0000"> </font><font color="#F3E651">!</font><font color="#ff0000"> zone_is_ok </font><font color="#ff0000">$zone</font><font color="#F3E651">;</font><font color="#ff0000"> </font><b><font color="#ffffff">then</font></b>
-<font color="#ff0000"> echo </font><font color="#bb00ff">"Rolling back $zone_file changes"</font>
-<font color="#ff0000"> cp </font><font color="#ff0000">$zone_file</font><font color="#ff0000"> </font><font color="#ff0000">$zone_file</font><font color="#F3E651">.</font><font color="#ff0000">invalid</font>
-<font color="#ff0000"> mv </font><font color="#ff0000">$zone_file</font><font color="#F3E651">.</font><font color="#ff0000">bak </font><font color="#ff0000">$zone_file</font>
-<font color="#ff0000"> echo </font><font color="#bb00ff">"Reloading nsd"</font>
-<font color="#ff0000"> nsd-control reload</font>
-<font color="#ff0000"> zone_is_ok </font><font color="#ff0000">$zone</font>
-<font color="#ff0000"> </font><b><font color="#ffffff">return</font></b><font color="#ff0000"> </font><font color="#bb00ff">3</font>
-<b><font color="#ffffff">fi</font></b>
+<b><u><font color="#000000">if</font></u></b> ! zone_is_ok $zone; <b><u><font color="#000000">then</font></u></b>
+ echo <font color="#808080">"Rolling back $zone_file changes"</font>
+ cp $zone_file $zone_file.invalid
+ mv $zone_file.bak $zone_file
+ echo <font color="#808080">"Reloading nsd"</font>
+ nsd-control reload
+ zone_is_ok $zone
+ <b><u><font color="#000000">return</font></u></b> <font color="#000000">3</font>
+<b><u><font color="#000000">fi</font></u></b>
-<b><font color="#ffffff">for</font></b><font color="#ff0000"> cleanup </font><b><font color="#ffffff">in</font></b><font color="#ff0000"> invalid bak</font><font color="#F3E651">;</font><font color="#ff0000"> </font><b><font color="#ffffff">do</font></b>
-<font color="#ff0000"> </font><b><font color="#ffffff">if</font></b><font color="#ff0000"> </font><font color="#F3E651">[</font><font color="#ff0000"> -f </font><font color="#ff0000">$zone_file</font><font color="#F3E651">.</font><font color="#ff0000">$cleanup</font><font color="#ff0000"> </font><font color="#F3E651">];</font><font color="#ff0000"> </font><b><font color="#ffffff">then</font></b>
-<font color="#ff0000"> rm </font><font color="#ff0000">$zone_file</font><font color="#F3E651">.</font><font color="#ff0000">$cleanup</font>
-<font color="#ff0000"> </font><b><font color="#ffffff">fi</font></b>
-<b><font color="#ffffff">done</font></b>
+<b><u><font color="#000000">for</font></u></b> cleanup <b><u><font color="#000000">in</font></u></b> invalid bak; <b><u><font color="#000000">do</font></u></b>
+ <b><u><font color="#000000">if</font></u></b> [ -f $zone_file.$cleanup ]; <b><u><font color="#000000">then</font></u></b>
+ rm $zone_file.$cleanup
+ <b><u><font color="#000000">fi</font></u></b>
+<b><u><font color="#000000">done</font></u></b>
-<font color="#ff0000">echo </font><font color="#bb00ff">"Failover of zone $zone to $MASTER completed"</font>
-<b><font color="#ffffff">return</font></b><font color="#ff0000"> </font><font color="#bb00ff">1</font>
+echo <font color="#808080">"Failover of zone $zone to $MASTER completed"</font>
+<b><u><font color="#000000">return</font></u></b> <font color="#000000">1</font>
</pre>
<br />
<span>A non-zero return code (here, 3 when a rollback and 1 when a DNS failover was performed) will cause CRON to send an E-Mail with the whole script output.</span><br />
@@ -285,13 +280,13 @@ http://www.gnu.org/software/src-highlite -->
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
-<pre><i><font color="#ababab"># Weekly auto-failover for Let's Encrypt automation</font></i>
-<b><font color="#ffffff">local</font></b><font color="#ff0000"> -i -r </font><font color="#ff0000">week_of_the_year</font><font color="#F3E651">=</font><font color="#ff0000">$(</font><font color="#ff0000">date </font><font color="#F3E651">+%</font><font color="#ff0000">U</font><font color="#F3E651">)</font>
-<b><font color="#ffffff">if</font></b><font color="#ff0000"> </font><font color="#F3E651">[</font><font color="#ff0000"> </font><font color="#ff0000">$(</font><font color="#F3E651">(</font><font color="#ff0000"> week_of_the_year </font><font color="#F3E651">%</font><font color="#ff0000"> </font><font color="#bb00ff">2</font><font color="#ff0000"> </font><font color="#F3E651">))</font><font color="#ff0000"> -eq </font><font color="#bb00ff">0</font><font color="#ff0000"> </font><font color="#F3E651">];</font><font color="#ff0000"> </font><b><font color="#ffffff">then</font></b>
-<font color="#ff0000"> </font><b><font color="#ffffff">local</font></b><font color="#ff0000"> </font><font color="#ff0000">tmp</font><font color="#F3E651">=</font><font color="#ff0000">$master</font>
-<font color="#ff0000"> </font><font color="#ff0000">master</font><font color="#F3E651">=</font><font color="#ff0000">$standby</font>
-<font color="#ff0000"> </font><font color="#ff0000">standby</font><font color="#F3E651">=</font><font color="#ff0000">$tmp</font>
-<b><font color="#ffffff">fi</font></b>
+<pre><i><font color="silver"># Weekly auto-failover for Let's Encrypt automation</font></i>
+<b><u><font color="#000000">local</font></u></b> -i -r week_of_the_year=$(date +%U)
+<b><u><font color="#000000">if</font></u></b> [ $(( week_of_the_year % <font color="#000000">2</font> )) -eq <font color="#000000">0</font> ]; <b><u><font color="#000000">then</font></u></b>
+ <b><u><font color="#000000">local</font></u></b> tmp=$master
+ master=$standby
+ standby=$tmp
+<b><u><font color="#000000">fi</font></u></b>
</pre>
<br />
<span>This way, a DNS failover is performed weekly so that the ACME automation can update the Let&#39;s Encrypt certificates (for master and standby) before they expire on each VM.</span><br />
@@ -354,11 +349,11 @@ http://www.gnu.org/software/src-highlite -->
<br />
<a class='textlink' href='../'>Back to the main site</a><br />
<p class="footer">
- Generated with <a href="https://codeberg.org/snonux/gemtexter">Gemtexter 3.0.1-develop</a> |
- served by <a href="https://www.OpenBSD.org">OpenBSD</a>/<a href="https://man.openbsd.org/relayd.8">relayd(8)</a>+<a href="https://man.openbsd.org/httpd.8">httpd(8)</a> |
- <a href="https://foo.zone/site-mirrors.html">Site Mirrors</a>
- <br />
- Webring: <a href="https://shring.sh/foo.zone/previous">previous</a> | <a href="https://shring.sh">shring</a> | <a href="https://shring.sh/foo.zone/next">next</a>
+ Generated with <a href="https://codeberg.org/snonux/gemtexter">Gemtexter 3.0.1-develop</a> |
+ served by <a href="https://www.OpenBSD.org">OpenBSD</a>/<a href="https://man.openbsd.org/relayd.8">relayd(8)</a>+<a href="https://man.openbsd.org/httpd.8">httpd(8)</a> |
+ <a href="https://foo.zone/site-mirrors.html">Site Mirrors</a>
+ <br />
+ Webring: <a href="https://shring.sh/foo.zone/previous">previous</a> | <a href="https://shring.sh">shring</a> | <a href="https://shring.sh/foo.zone/next">next</a>
</p>
</body>
</html>
generated by cgit v1.2.3 (git 2.25.1) at 2026-04-17 17:31:34 +0000