#!/usr/bin/perl
-# Copyright (c) 2010 Peter Palfrader <peter@palfrader.org>
+# Copyright (c) 2010,2012 Peter Palfrader <peter@palfrader.org>
#
# Permission is hereby granted, free of charge, to any person obtaining
# a copy of this software and associated documentation files (the
use strict;
use warnings;
+use threads;
+
use English;
use Getopt::Long;
use FindBin qw($Bin);
+use YAML;
+use File::Basename;
my $CHECK = $Bin.'/dsa-check-zone-rrsig-expiration';
return $ticks;
}
-my $USAGE = "Usage: $PROGRAM_NAME [--help] | [--warn=<nn>] [--critical=<nn>] <indir>\n";
-my $params = { 'warn' => '14d', 'critical' => '7d' };
+sub check_one {
+ $SIG{'KILL'} = sub { threads->exit(); };
+
+ my $zone = shift;
+ my $check = shift;
+ my $extra = shift;
+ my $params = shift;
+
+ my @cmd = ($check, '-w', $params->{'warn'}, '-c', $params->{'critical'});
+ push(@cmd, '-r', $extra->{'initial_refs'}) if exists $extra->{'initial_refs'};
+ push(@cmd, '-d') if $params->{'debug'};
+ push(@cmd, $zone);
+ open(P, '-|', @cmd) or die ("Cannot run $CHECK for $zone\n");
+ my @p = <P>;
+ close P;
+ $p[0] = $zone.': '. $p[0] if (scalar @p > 0);
+
+ my $res = $CHILD_ERROR >> 8;
+
+ return ($res, \@p);
+}
+
+my $USAGE = "Usage: $PROGRAM_NAME [--help] | [--debug] [--timeout=<nn>] [--warn=<nn>] [--critical=<nn>] [--geozonedir=<geodir>] <indir>\n";
+my $params = { 'timeout' => 45, 'warn' => '14d', 'critical' => '7d' };
Getopt::Long::config('bundling');
GetOptions (
'--help' => \$params->{'help'},
+ '--timeout=i' => \$params->{'timeout'},
'--warn=s' => \$params->{'warn'},
+ '--debug' => \$params->{'debug'},
'--critical=s' => \$params->{'critical'},
+ '--geozonedir=s' => \$params->{'geozonedir'},
) or die ($USAGE);
if ($params->{'help'}) {
- print $USAGE;
- exit(0);
+ print $USAGE;
+ exit(0);
};
die ($USAGE) unless (scalar @ARGV == 1);
my $INDIR = shift;
-my @zones;
-chdir $INDIR or die "chdir $INDIR failed? $!\n";
-opendir INDIR, $INDIR or die ("Cannot opendir $INDIR\n");
-for my $file (readdir INDIR) {
- next if ( -l "$file" );
- next unless ( -f "$file" );
- next if $file =~ /^(dsset|keyset)-/;
-
- push @zones, $file;
-}
-closedir(INDIR);
-
-
my $count =
{ 'ok' => [],
'warn' => [],
'unsigned' => [],
};
-my @details;
-for my $zone (sort {$a cmp $b} @zones) {
- my $do_dnssec = 0;
- open(F, '<', $zone) or die ("Cannot open $zone: $!\n");
+my %dnsseczones;
+# load list of classic zones that will do DNSSEC
+chdir $INDIR or die "chdir $INDIR failed? $!\n";
+opendir INDIR, '.' or die ("Cannot opendir $INDIR\n");
+for my $file (sort {$a cmp $b} (readdir INDIR)) {
+ next if ( -l "$file" );
+ next unless ( -f "$file" );
+
+ my $do_dnssec = 1;
+ my $initial_refs = undef;
+ open(F, '<', $file) or die ("Cannot open $file: $!\n");
for (<F>) {
- if (/^; wzf:\s*dnssec\s*=\s*1\s*$/) { $do_dnssec = 1; }
+ if (/^; wzf:\s*dnssec\s*=\s*0\s*$/) { $do_dnssec = 0; }
+ if (/^; check-initial-refs\s*=\s*(.*?)\s*$/) { $initial_refs = $1; }
};
close F;
- unless ($do_dnssec) {
- push @{$count->{'unsigned'}}, $zone;
- next;
+ if ($do_dnssec) {
+ die "Duplicate zone $file?\n" if exists $dnsseczones{$file};
+ $dnsseczones{$file} = {};
+ $dnsseczones{$file}->{'initial_refs'} = $initial_refs if defined $initial_refs;
+ } else {
+ push @{$count->{'unsigned'}}, $file;
};
+}
+closedir(INDIR);
+# load list of geodns zones that will do DNSSEC
+if (defined $params->{'geozonedir'}) {
+ chdir $params->{'geozonedir'} or die "chdir $params->{'geozonedir'} failed? $!\n";
+ opendir INDIR, '.' or die ("Cannot opendir $params->{'geozonedir'}\n");
+ for my $file (sort {$a cmp $b} (readdir INDIR)) {
+ next unless $file =~ /\.zone$/;
- open(P, '-|', ($CHECK, '-w', $params->{'warn'}, '-c', $params->{'critical'}, $zone)) or die ("Cannot run $CHECK for $zone\n");
- my @p = <P>;
- close P;
- $p[0] = $zone.': '. $p[0] if (scalar @p > 0);
- push @details, @p;
+ my $zone = basename($file, '.zone');
+ die "Duplicate zone $zone?\n" if exists $dnsseczones{$zone};
+ $dnsseczones{$zone} = {};
+ }
+ closedir(INDIR);
+}
- my $res = $CHILD_ERROR >> 8;
- if ($res == 0) { push @{$count->{'ok'}}, $zone; }
- elsif ($res == 1) { push @{$count->{'warn'}}, $zone; }
- elsif ($res == 2) { push @{$count->{'critical'}}, $zone; }
- else { push @{$count->{'unknown'}}, $zone; };
-};
+my @details;
+
+my %threads;
+for my $zone (sort {$a cmp $b} keys %dnsseczones) {
+ die "Duplicate zone $zone?\n" if defined $threads{$zone};
+ my $thr = threads->create({'context' => 'list'},
+ \&check_one, $zone, $CHECK, $dnsseczones{$zone}, $params);
+ $threads{$zone} = $thr;
+}
+
+my $begin = time;
+while (time - $begin <= $params->{timeout}) {
+ for my $zone (sort {$a cmp $b} keys %threads) {
+ next unless $threads{$zone}->is_joinable();
+
+ my ($res, $det) = $threads{$zone}->join();
+
+ push @details, @$det;
+
+ if ($res == 0) { push @{$count->{'ok'}}, $zone; }
+ elsif ($res == 1) { push @{$count->{'warn'}}, $zone; }
+ elsif ($res == 2) { push @{$count->{'critical'}}, $zone; }
+ else { push @{$count->{'unknown'}}, $zone; };
+ delete $threads{$zone};
+ }
+ last if scalar keys %threads == 0;
+ print STDERR (scalar keys %threads), " threads left: ", join(" ", keys %threads), "\n" if $params->{'debug'};
+ sleep 1;
+}
+for my $zone (sort {$a cmp $b} keys %threads) {
+ push @{$count->{'warn'}}, $zone;
+ push @details, "$zone: timeout during check\n";
+ $threads{$zone}->kill('KILL')->detach();
+}
+
+for my $k (keys %$count) {
+ @{$count->{$k}} = sort {$a cmp $b} @{$count->{$k}};
+}
my $exit;
my %state_mapping = (
printf "unsigned: %d", scalar @{$count->{'unsigned'}};
print "\n";
print $_ for (@details);
-exit $exit;
+exit ((defined $exit) ? $exit : 0);