diff options
| author | Aaron LI <aly@aaronly.me> | 2018-03-04 18:41:37 +0800 |
|---|---|---|
| committer | Aaron LI <aly@aaronly.me> | 2018-03-14 11:35:08 +0800 |
| commit | c1c03239eef42fb55961d98d64bc82c0c84b0986 (patch) | |
| tree | 5f4baae7432ada5f3e68a87be4706f43245b9a77 | |
| parent | 90a558152c16e547b079091c3a36d1da8ddebdfd (diff) | |
| download | ansible-dfly-vps-c1c03239eef42fb55961d98d64bc82c0c84b0986.tar.bz2 | |
filter/dns: add dkim_record
| -rw-r--r-- | filter_plugins/dns.py | 46 |
1 files changed, 45 insertions, 1 deletions
diff --git a/filter_plugins/dns.py b/filter_plugins/dns.py index 5b26b29..89f2159 100644 --- a/filter_plugins/dns.py +++ b/filter_plugins/dns.py @@ -2,6 +2,9 @@ """ Custom Ansible template filters for DNS management. + +WARNING: +The templating is done on the local/control machine! """ import os @@ -74,6 +77,47 @@ def next_serial(fqdn): return str(int(current_serial) + 1) +def dkim_record(privkey, selector="mail"): + """ + Generate the DKIM record from the given private key. + + The long key strings is NOT joined due to the length limit of a + DNS record. + + Example + ------- + mail._domainkey IN TXT ( "v=DKIM1; k=rsa; s=email; " + "p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu7LZbXj5HBjT5yoMCnCd" + "5eBLBZ1s/WP0hPQSignjEu4pCtOsPf7f/knhDDD7eMOSlOAa91Dq6e8B0aNKfV2m" + "7e88SvHLnWVhH+kUNIdSQRTrTL6Pt1WAH0XjgDcd0f2MB+ho5GIeRJnLWHoRtrSU" + "oBKgMxnvW8aco/Z/z0/qn5Tcsrz7wP/W7c/eX38SRuanrKUVnE8FqvvshZzaPfqe" + "46WrqKDI6mfeYa0up/1ikUWgAHKVZEXTUCPVBUXxHbyK7a6MgZW+BYkYEeypMnYV" + "iq9k+TIHNNjlGbOLXqujn2j/L0r7ORjZX16C1qNf54qvMeklDK1+8KW872F6s+kV" + "KwIDAQAB" ) + """ + cmd = ['openssl', 'rsa', '-pubout', '-outform', 'PEM'] + p = subprocess.Popen(cmd, universal_newlines=True, + stdin=subprocess.PIPE, + stdout=subprocess.PIPE, + stderr=subprocess.PIPE) + pubkey, stderr = p.communicate(privkey) + if p.returncode: + raise Exception("openssl failed to extract the public key") + + lines = [l for l in pubkey.split('\n') + if len(l) > 0 and l[0] != '-'] + lines[0] = 'p=' + lines[0] + lines = ['\t\t"' + l + '"' for l in lines] + lines[-1] += ' )' + record = [ + selector+'._domainkey\tIN\tTXT\t( "v=DKIM1; k=rsa; s=email; "' + ] + lines + return record + + class FilterModule(object): def filters(self): - return {"next_serial": next_serial} + return { + "next_serial": next_serial, + "dkim_record": dkim_record, + } |