fix dns reloader

This commit is contained in:
Kirigaya Kazuto 2022-03-16 13:44:36 +00:00
parent bb27ff9de4
commit d246b74e24
2 changed files with 13 additions and 6 deletions

View File

@ -864,7 +864,7 @@ class Parser:
if line.startswith('AllowedIPs'): if line.startswith('AllowedIPs'):
current_allowed = line.split('=')[1].strip().split(',') current_allowed = line.split('=')[1].strip().split(',')
if line.startswith('Endpoint'): if line.startswith('Endpoint'):
current_endpoint = line.split('=')[1].strip().split(',') current_endpoint = line.split('=')[1].strip()
self.result_peers.append('[Peer]') self.result_peers.append('[Peer]')
@ -911,7 +911,7 @@ class Parser:
if self.flag_enable_dns_reload and current_endpoint: if self.flag_enable_dns_reload and current_endpoint:
task_uuid = str(uuid.uuid4()) task_uuid = str(uuid.uuid4())
self.result_postup.append('systemd-run -u wg-ops-task-{}-dnsreload-{} --timer-property AccuracySec=10 --on-calendar *:*:0/30 /usr/bin/python3 {} {} {} {}'.format( self.result_postup.append('systemd-run -u wg-ops-task-{}-dnsreload-{} --collect --timer-property AccuracySec=10 --on-calendar *:*:0/30 /usr/bin/python3 {} {} {} {}'.format(
self.wg_name, task_uuid, self.path_reload_dns, self.wg_name, current_pubkey, current_endpoint)) self.wg_name, task_uuid, self.path_reload_dns, self.wg_name, current_pubkey, current_endpoint))
self.flag_require_systemd_clean = True self.flag_require_systemd_clean = True
@ -924,6 +924,7 @@ class Parser:
self.result_postdown.append('ip rule del from {} lookup {}'.format(ip_cidr, current_lookup)) self.result_postdown.append('ip rule del from {} lookup {}'.format(ip_cidr, current_lookup))
if self.flag_require_systemd_clean: if self.flag_require_systemd_clean:
self.result_postup.insert(0, 'systemctl stop wg-ops-task-{}-*'.format(self.wg_name))
self.result_postdown.insert(0, 'systemctl stop wg-ops-task-{}-*'.format(self.wg_name)) self.result_postdown.insert(0, 'systemctl stop wg-ops-task-{}-*'.format(self.wg_name))
def get_result(self): def get_result(self):

View File

@ -15,16 +15,20 @@ if __name__ == "__main__":
target_addr = sys.argv[3] target_addr = sys.argv[3]
# resolve dns # resolve dns
target_parts = target_addr.split(':')[0] target_parts = target_addr.split(':')
target_host = target_parts[0] target_host = target_parts[0]
target_port = target_parts[1] target_port = target_parts[1]
target_ip = subprocess.check_output(["dig", "+short", target_host]).decode().strip() target_ip = subprocess.check_output(["dig", "+short", target_host]).decode().strip()
if not target_ip:
sys.stderr.write('unable to resolve domain: {}\n'.format(target_host))
exit(1)
target_endpoint = "{}:{}".format(target_ip, target_port) target_endpoint = "{}:{}".format(target_ip, target_port)
# dump interface # dump interface
wg_raw_info = subprocess.check_output(["wg", "show", interface_name, "dump"]).decode().strip().split('\n') wg_raw_info = subprocess.check_output(["wg", "show", interface_name, "dump"]).decode().strip().split('\n')
if not wg_raw_info: if not wg_raw_info:
print('wireguard interface {} not found'.format(interface_name)) sys.stderr.write('wireguard interface {} not found.\n'.format(interface_name))
exit(1) exit(1)
wg_raw_info = wg_raw_info[1:] wg_raw_info = wg_raw_info[1:]
@ -32,7 +36,7 @@ if __name__ == "__main__":
wg_info = [x for x in wg_info if x[0] == peer_pubkey] wg_info = [x for x in wg_info if x[0] == peer_pubkey]
if not wg_info: if not wg_info:
print('wireguard interface {} peer {} not found.'.format(interface_name, peer_pubkey)) sys.stderr.write('wireguard interface {} peer {} not found.\n'.format(interface_name, peer_pubkey))
exit(1) exit(1)
peer_info = wg_info[0] peer_info = wg_info[0]
@ -44,4 +48,6 @@ if __name__ == "__main__":
try: try:
subprocess.check_call(["wg", "set", interface_name, "peer", peer_pubkey, "endpoint", target_endpoint]) subprocess.check_call(["wg", "set", interface_name, "peer", peer_pubkey, "endpoint", target_endpoint])
except Exception: except Exception:
print(traceback.format_exc()) sys.stderr.write(traceback.format_exc())
else:
print('Endpoint matches: {}, skipping update.'.format(peer_endpoint))