dnsmanager/deployment/primary-watchdog.sh

#!/bin/sh

# Watchdog for the primary name server.
export PATH=/bin:/sbin:/usr/bin:/usr/sbin

REMOTE="gandi"
REMOTE_DIR="/var/powerdns/"
DIR="$REMOTE_DIR"

VERBOSITY="0"

echo "directory: $DIR"

local_update() {
	[ "$VERBOSITY" = "1" ] && echo "local update of domain $1"
	pdns_control bind-reload-now $1 | grep "no such domain"

	# In case the update cannot be done, it might be because the zone wasn't loaded at all.
	if [ $? -eq 0 ]; then
		pdns_control bind-add-zone $1 $DIR/$1
	fi
}

local_delete() {
	[ "$VERBOSITY" = "1" ] && echo "TODO: local delete of domain $1"
}

remote_update() {
	[ "$VERBOSITY" = "1" ] && echo "remote update on $REMOTE $REMOTE_DIR/$1"
	scp -q $DIR/$1 $REMOTE:$REMOTE_DIR
}

remote_delete() {
	[ "$VERBOSITY" = "1" ] && echo "remote delete on $REMOTE $REMOTE_DIR/$1"
	ssh -q $REMOTE rm $REMOTE_DIR/$1
}

action() {
	event=$1
	file=$2

	echo $event | grep "MOVED_TO" >/dev/null
	if [ $? -eq 0 ]; then
		echo "$file has been modified"
		local_update $file
		remote_update $file
	fi

	echo $event | grep "DELETE" >/dev/null
	if [ $? -eq 0 ]; then
		echo "$file has been deleted"
		local_delete $file
		remote_delete $file
	fi
}

# NOTE: dnsmanagerd writes bind9 files in $DIR and with a suffix ".wip" then moves them
#       to remove the suffix. This way, the final file is expected to never be corrupted,
#       for example by copying it to the secondary DNS server while the zone not being
#       fully written to the file.
#
# Therefore, the different interesting actions we should monitor are:
# - moved_to: a zone file has been modified
# - delete: a domain has been removed
opts="-e moved_to -e delete -m"
echo "inotifywait ${opts} --format '%:e %f' $DIR"
inotifywait ${opts} --format '%:e %f' $DIR | while read LINE; do action $LINE ; done