asif
/
CloudflareDDNS
1
0
Fork 0
Code Issues Pull Requests Releases 2 Activity

Compare commits

base: asif:029cef1d7f4b1a3e43b31d8bce5a8dc51755f796
Branches Tags
asif:master
asif:2.2
asif:2.1
...
compare: asif:ac4cf940ff7d12df3a1f8aaed00453ca7aecad09
Branches Tags
asif:master
asif:2.2
asif:2.1

20 Commits
029cef1d7f ... ac4cf940ff

Author SHA1 Message Date
Asif Bacchus ac4cf940ff refactor(SAMPLE): remove un-needed email address 2021-05-09 10:44:21 -06:00
Asif Bacchus dc13e1d412 refactor(LOGWATCH): use new log tags 
- update to reference new log tags
- adjust count to separate tally messages
- add CF-ERR tag reports
- re-add level 5 reporting detail
 2021-05-09 10:43:05 -06:00
Asif Bacchus e344b027f9 refactor: remove err label on code 99 2021-05-09 10:28:17 -06:00
Asif Bacchus 8801e55e30 style: fix typo, invalid hosts warning summary 2021-05-09 10:24:15 -06:00
Asif Bacchus b05192a613 fix: wrong pipeline variable ref in writelog 2021-05-09 09:49:47 -06:00
Asif Bacchus d796bf6f63 fix: wrong variable referenced for list to update 2021-05-09 09:47:41 -06:00
Asif Bacchus db8a615d36 refactor: use function to write to log 
- much more consistent
- one place to change all entries
 2021-05-09 09:46:15 -06:00
Asif Bacchus 31eb503245 style: change 'domain' to 'host' 
terminology is more correct and less potentially confusing
 2021-05-09 08:48:56 -06:00
Asif Bacchus 3f9d164285 style: rename functions to clear spellcheck 2021-05-09 08:45:24 -06:00
Asif Bacchus 39f5445c28 perf: simpler iteration condition checking 
- less complex conditions
- easier code to understand
- cleans up extraneous delimiters
- skips null entries immediately
 2021-05-09 08:44:47 -06:00
Asif Bacchus 220263c1f9 refactor: change log tags 
- separate tags for summary vs individual messages for accurate logwatch
 counting
- update code 99 exit to match other errors
- change CF error tags to match new format
 2021-05-09 07:08:44 -06:00
Asif Bacchus fe0f9caef1 feature: process multiple CF API errors 
- handle multiple CF API errors properly by grouping and reporting
- update error messages
- unify CF error tags in log to CF-ERROR
 2021-05-09 06:49:49 -06:00
Asif Bacchus d9600c822f style: alphabetize functions 2021-05-09 06:39:55 -06:00
Asif Bacchus 5569bbc535 refactor: remove cfEmail 
- authorized email not required by CF when using bearer token
 2021-05-09 04:35:46 -06:00
Asif Bacchus f4f3c89e5e refactor: reduce nesting, update err codes 
- detect curl vs CF API errors separately
- error 25 changed to error 3 (curl/network)
- error 25 reservedfor CF API errors
- add CF error messages to all err 25s
- change error 98 (updates) to error 26
- remove error code for exit with warning
- add CF error messages on update failures
- drastically reduce if/else nesting
 2021-05-09 04:33:41 -06:00
Asif Bacchus a7064805c3 style: log params in default colour vs magenta 2021-05-09 03:58:35 -06:00
Asif Bacchus c1c7fd5149 style: correct spelling of Cloudflare 2021-05-09 00:42:53 -06:00
Asif Bacchus d9224b5791 refactor(LOGWATCH): match new script structure 
- update keyword filters
- update reporting detail levels
- better targeting of useful information at summary detail level
 2021-05-08 04:40:31 -06:00
Asif Bacchus 2805f560d7 docs: fix typos in comments, help, etc 2021-05-08 04:24:26 -06:00
Asif Bacchus e7935dbd99 refactor(SYSTEMD): update service file switches 2021-05-08 04:06:04 -06:00
4 changed files with 345 additions and 228 deletions
Show Stats Expand all files Collapse all files

4
cfddns.service
View File

@ -4,8 +4,8 @@ After=network.target
[Service]
Type=oneshot
ExecStart=/usr/local/bin/cfddns.sh -f /path/to/account.details -r server.domain.tld -l /var/log/cfddns.log
ExecStart=/usr/local/bin/cfddns.sh -6 -f /path/to/account.details -r server.domain.tld -l /var/log/cfddns.log
ExecStart=/usr/local/bin/cfddns.sh -c /path/to/account.details -r server.domain.tld -l /var/log/cfddns.log
ExecStart=/usr/local/bin/cfddns.sh -6 -c /path/to/account.details -r server.domain.tld -l /var/log/cfddns.log
[Install]
WantedBy=multi-user.target

473
cfddns.sh
View File

@ -1,7 +1,7 @@
#!/bin/sh
#
# update CloudFlare DNS records with current (dynamic) IP address
# update Cloudflare DNS records with current (dynamic) IP address
# Script by Asif Bacchus <asif@bacchus.cloud>
# Last modified: May 7, 2021
#
@ -47,36 +47,142 @@ badParam() {
exitError() {
case "$1" in
3)
errMsg="Unable to connect to Cloudflare servers. This is probably a temporary networking issue. Please try again later."
;;
10)
errMsg="Unable to auto-detect IP address. Try again later or supply the IP address to be used."
;;
20)
errMsg="CloudFlare authorized email address (cfEmail) is either null or undefined. Please check your CloudFlare credentials file."
errMsg="Cloudflare authorized email address (cfEmail) is either null or undefined. Please check your Cloudflare credentials file."
;;
21)
errMsg="CloudFlare authorized API key (cfKey) is either null or undefined. Please check your CloudFlare credentials file."
errMsg="Cloudflare authorized API key (cfKey) is either null or undefined. Please check your Cloudflare credentials file."
;;
22)
errMsg="CloudFlare zone id (cfZoneId) is either null or undefined. Please check your CloudFlare credentials file."
errMsg="Cloudflare zone id (cfZoneId) is either null or undefined. Please check your Cloudflare credentials file."
;;
25)
errMsg="Unable to query CloudFlare account. Please re-check your credentials and try again later."
errMsg="Cloudflare API error. Please review any 'CF-ERR:' lines in this log for details."
;;
98)
errMsg="One or more domain updates failed. Please review this log file for details."
26)
errMsg="${failedHostCount} host update(s) failed. Any 'CF-ERR:' lines noted in this log may help determine what went wrong."
;;
*)
printf "%s[%s] ERROR: An unspecified error occurred. Exiting.%s\n" "$err" "$(stamp)" "$norm" >>"$logFile"
writeLog error "An unspecified error occurred. (code: 99)"
printf "%s[%s] -- Cloudflare DDNS update-script: completed with error(s) --%s\n" "$err" "$(stamp)" "$norm" >>"$logFile"
exit 99
;;
esac
printf "%s[%s] ERROR: %s (code: %s)%s\n" "$err" "$(stamp)" "$errMsg" "$1" "$norm" >>"$logFile"
printf "%s[%s] -- CloudFlare DDNS update-script: execution completed with error(s) --%s\n" "$err" "$(stamp)" "$norm" >>"$logFile"
writeLog error "$errMsg" "$1"
printf "%s[%s] -- Cloudflare DDNS update-script: completed with error(s) --%s\n" "$err" "$(stamp)" "$norm" >>"$logFile"
exit "$1"
}
exitOK() {
printf "%s[%s] -- CloudFlare DDNS update-script: execution complete --%s\n" "$ok" "$(stamp)" "$norm" >>"$logFile"
printf "%s[%s] -- Cloudflare DDNS update-script: completed successfully --%s\n" "$ok" "$(stamp)" "$norm" >>"$logFile"
exit 0
}
listCFErrors() {
# extract error codes and messages in separate variables, replace newlines with underscores
codes="$(printf "%s" "$1" | jq -r '.errors | .[] | .code' | tr '\n' '_')"
messages="$(printf "%s" "$1" | jq -r '.errors | .[] | .message' | tr '\n' '_')"
# iterate codes and messages and assemble into coherent messages in log
while [ -n "$codes" ] && [ -n "$messages" ]; do
# get first code and message in respective sets
code="${codes%%_*}"
message="${messages%%_*}"
# update codes and messages sets by removing first item in each set
codes="${codes#*_}"
messages="${messages#*_}"
# output to log
writeLog cf "$message" "$code"
done
}
scriptExamples() {
newline
printf "Update Cloudflare DNS host A/AAAA records with current IP address.\n"
printf "%sUsage: %s --records host.domain.tld[,host2.domain.tld,...] [parameters]%s\n\n" "$bold" "$scriptName" "$norm"
textBlock "${magenta}--- usage examples ---${norm}"
newline
textBlockSwitches "${scriptName} -r myserver.mydomain.net"
textBlock "Update Cloudflare DNS records for myserver.mydomain.net with the auto-detected public IP4 address. Credentials will be expected in the default location and the log will be written in the default location also."
newline
textBlockSwitches "${scriptName} -r myserver.mydomain.net -6"
textBlock "Same as above, but update AAAA host records with the auto-detected public IP6 address."
newline
textBlockSwitches "${scriptName} -r myserver.mydomain.net,myserver2.mydomain.net -l /var/log/cfddns.log --nc"
textBlock "Update DNS entries for both listed hosts using auto-detected IP4 address. Write a non-coloured log to '/var/log/cfddns.log'."
newline
textBlockSwitches "${scriptName} -r myserver.mydomain.net,myserver2.mydomain.net -l /var/log/cfddns.log --ip6 --ip fd21:7a62:2737:9c3a::a151"
textBlock "Update DNS AAAA entries for listed hosts using the *specified* IP address. Write a colourful log to the location specified."
newline
textBlockSwitches "${scriptName} -r myserver.mydomain.net -c /root/cloudflare.creds -l /var/log/cfddns.log --ip 1.2.3.4"
textBlock "Update DNS A entry for listed hostname with the provided IP address. Read cloudflare credentials file from specified location, save log in specified location."
newline
textBlockSwitches "${scriptName} -r myserver.mydomain.net -c /root/cloudflare.creds -l /var/log/cfddns.log -6 -i fd21:7a62:2737:9c3a::a151"
textBlock "Exact same as above, but change the AAAA record. This is how you run the script once for IP4 and again for IP6."
exit 0
}
scriptHelp() {
newline
printf "Update Cloudflare DNS host A/AAAA records with current IP address.\n"
printf "%sUsage: %s --records host.domain.tld[,host2.domain.tld,...] [parameters]%s\n\n" "$bold" "$scriptName" "$norm"
textBlock "The only required parameter is '--records' which is a comma-delimited list of hostnames to update. However, there are several other options which may be useful to implement."
textBlock "Parameters are listed below and followed by a description of their effect. If a default value exists, it will be listed on the following line in (parentheses)."
newline
textBlock "${magenta}--- script related parameters ---${norm}"
newline
textBlockSwitches "-c | --cred | --creds | --credentials | -f (deprecated, backward-compatibility)"
textBlock "Path to file containing your Cloudflare *token* credentials. Please refer to the repo README for more information on format, etc."
textBlockDefaults "(${accountFile})"
newline
textBlockSwitches "-l | --log"
textBlock "Path where the log file should be written."
textBlockDefaults "(${logFile})"
newline
textBlockSwitches "--nc | --no-color | --no-colour"
textBlock "Switch value. Disables ANSI colours in the log. Useful if you review the logs using a reader that does not parse ANSI colour codes."
textBlockDefaults "(disabled: print logs in colour)"
newline
textBlockSwitches "--log-console"
textBlock "Switch value. Output log to console (stdout) instead of a log file. Can be combined with --nc if desired."
textBlockDefaults "(disabled: output to log file)"
newline
textBlockSwitches "--no-log"
textBlock "Switch value. Do not create a log (i.e. no console, no file). You will not have *any* output from the script if you choose this option, so you will not know if updates succeeded or failed."
textBlockDefaults "(disabled: output to log file)"
newline
textBlockSwitches "-h | --help | -?"
textBlock "Display this help screen."
newline
textBlockSwitches "--examples"
textBlock "Show some usage examples."
newline
textBlock "${magenta}--- DNS related parameters ---${norm}"
newline
textBlockSwitches "-r | --record | --records"
textBlock "Comma-delimited list of hostnames for which IP addresses should be updated in Cloudflare DNS. This parameter is REQUIRED. Note that this script will only *update* records, it will not create new ones. If you supply hostnames that are not already defined in DNS, the script will log a warning and will skip those hostnames."
newline
textBlockSwitches "-i | --ip | --ip-address | -a | --address"
textBlock "New IP address for DNS host records. If you omit this, the script will attempt to auto-detect your public IP address and use that."
newline
textBlockSwitches "-4 | --ip4 | --ipv4"
textBlock "Switch value. Update Host 'A' records (IP4) only. Note that this script can only update either A *or* AAAA records. If you need to update both, you'll have to run the script once in IP4 mode and again in IP6 mode. If you specify both this switch and the IP6 switch, the last one specified will take effect."
textBlockDefaults "(enabled: update A records)"
newline
textBlockSwitches "-6 | --ip6 | --ipv6"
textBlock "Switch value. Update Host 'AAAA' records (IP6) only. Note that this script can only update either A *or* AAAA records. If you need to update both, you'll have to run the script once in IP4 mode and again in IP6 mode. If you specify both this switch and the IP4 switch, the last one specified will take effect."
textBlockDefaults "(disabled: update A records)"
newline
textBlock "Please refer to the repo README for more detailed information regarding this script and how to automate and monitor it."
newline
exit 0
}
@ -84,102 +190,61 @@ stamp() {
(date +%F" "%T)
}
scriptHelp() {
newline
printf "Update CloudFlare DNS host A/AAAA records with current IP address.\n"
printf "%sUsage: %s --records host.domain.tld[,host2.domain.tld,...] [parameters]%s\n\n" "$bold" "$scriptName" "$norm"
textblock "The only required parameter is '--records' which is a comma-delimited list of hostnames to update. However, there are several other options which may be useful to implement."
textblock "Paramters are listed below and followed by a description of their effect. If a default value exists, it will be listed on the following line in (parentheses)."
newline
textblock "${magenta}--- script related parameters ---${norm}"
newline
textblockSwitches "-c | --cred | --creds | --credentials | -f (deprecated, backward-compatability)"
textblock "Path to file containing your CloudFlare *token* credentials. Please refer to the repo README for more information on format, etc."
textblockDefaults "(${accountFile})"
newline
textblockSwitches "-l | --log"
textblock "Path where the log file should be written."
textblockDefaults "(${logFile})"
newline
textblockSwitches "--nc | --no-color | --no-colour"
textblock "Switch value. Disables ANSI colours in the log. Useful if you review the logs using a reader that does not parse ANSI colour codes."
textblockDefaults "(disabled: print logs in colour)"
newline
textblockSwitches "--log-console"
textblock "Switch value. Output log to console (stdout) instead of a log file. Can be combined with --nc if desired."
textblockDefaults "(disabled: output to log file)"
newline
textblockSwitches "--no-log"
textblock "Switch value. Do not create a log (i.e. no console, no file). You will not have *any* output from the script if you choose this option, so you will not know if updates succeeded or failed."
textblockDefaults "(disabled: output to log file)"
newline
textblockSwitches "-h | --help | -?"
textblock "Display this help screen."
newline
textblockSwitches "--examples"
textblock "Show some usage examples."
newline
textblock "${magenta}--- DNS related parameters ---${norm}"
newline
textblockSwitches "-r | --record | --records"
textblock "Comma-delimited list of hostnames for which IP addresses should be updated in CloudFlare DNS. This parameter is REQUIRED. Note that this script will only *update* records, it will not create new ones. If you supply hostnames that are not already defined in DNS, the script will log a warning and will skip those hostnames."
newline
textblockSwitches "-i | --ip | --ip-address | -a | --address"
textblock "New IP address for DNS host records. If you omit this, the script will attempt to auto-detect your public IP address and use that."
newline
textblockSwitches "-4 | --ip4 | --ipv4"
textblock "Switch value. Update Host 'A' records (IP4) only. Note that this script can only update either A *or* AAAA records. If you need to update both, you'll have to run the script once in IP4 mode and again in IP6 mode. If you specify both this switch and the IP6 switch, the last one specified will take effect."
textblockDefaults "(enabled: update A records)"
newline
textblockSwitches "-6 | --ip6 | --ipv6"
textblock "Switch value. Update Host 'AAAA' records (IP6) only. Note that this script can only update either A *or* AAAA records. If you need to update both, you'll have to run the script once in IP4 mode and again in IP6 mode. If you specify both this switch and the IP4 switch, the last one specified will take effect."
textblockDefaults "(disabled: update A records)"
newline
textblock "Please refer to the repo README for more detailed information regarding this script and how to automate and monitor it."
newline
exit 0
newline() {
printf "\n"
}
scriptExamples() {
newline
printf "Update CloudFlare DNS host A/AAAA records with current IP address.\n"
printf "%sUsage: %s --records host.domain.tld[,host2.domain.tld,...] [parameters]%s\n\n" "$bold" "$scriptName" "$norm"
textblock "${magenta}--- usage examples ---${norm}"
newline
textblockSwitches "${scriptName} -r myserver.mydomain.net"
textblock "Update CloudFlare DNS records for myserver.mydomain.net with the auto-detected public IP4 address. Credentials will be expected in the default location and the log will be written in the default location also."
newline
textblockSwitches "${scriptName} -r myserver.mydomain.net -6"
textblock "Same as above, but update AAAA host records with the auto-detected public IP6 address."
newline
textblockSwitches "${scriptName} -r myserver.mydomain.net,otherserver.mydomain.net -l /var/log/cfddns.log --nc"
textblock "Update DNS entries for both listed hosts using auto-detected IP4 address. Write a non-coloured log to '/var/log/cfddns.log'."
newline
textblockSwitches "${scriptName} -r myserver.mydomain.net,otherserver.mydomain.net -l /var/log/cfddns.log --ip6 --ip fd21:7a62:2737:9c3a::a151"
textblock "Update DNS AAAA entries for listed hosts using the *specified* IP address. Write a colourful log to the location specified."
newline
textblockSwitches "${scriptName} -r myserver.mydomain.net -c /root/cloudflare.creds -l /var/log/cfddns.log --ip 1.2.3.4"
textblock "Update DNS A entry for listed hostname with the provided IP address. Read cloudflare credentials file from specified location, save log in specified location."
newline
textblockSwitches "${scriptName} -r myserver.mydomain.net -c /root/cloudflare.creds -l /var/log/cfddns.log -6 -i fd21:7a62:2737:9c3a::a151"
textblock "Exact same as above, but change the AAAA record. This is how you run the script once for IP4 and again for IP6."
exit 0
}
textblock() {
textBlock() {
printf "%s\n" "$1" | fold -w "$width" -s
}
textblockDefaults() {
textBlockDefaults() {
printf "%s%s%s\n" "$yellow" "$1" "$norm"
}
textblockSwitches() {
textBlockSwitches() {
printf "%s%s%s\n" "$cyan" "$1" "$norm"
}
newline() {
printf "\n"
writeLog() {
case "$1" in
cf)
printf "[%s] CF-ERR: %s (code: %s)\n" "$(stamp)" "$2" "$3" >>"$logFile"
;;
err)
printf "%s[%s] ERR: %s%s\n" "$err" "$(stamp)" "$2" "$norm" >>"$logFile"
;;
error)
printf "%s[%s] ERROR: %s (code: %s)%s\n" "$err" "$(stamp)" "$2" "$3" "$norm" >>"$logFile"
;;
process)
printf "%s[%s] %s... %s" "$cyan" "$(stamp)" "$2" "$norm" >>"$logFile"
;;
process-done)
printf "%s%s%s\n" "$cyan" "$2" "$norm" >>"$logFile"
;;
process-error)
printf "%sERROR%s\n" "$err" "$norm" >>"$logFile"
;;
process-warning)
printf "%s%s%s\n" "$warn" "$2" "$norm" >>"$logFile"
;;
stamped)
printf "[%s] %s\n" "$(stamp)" "$2" >>"$logFile"
;;
success)
printf "%s[%s] SUCCESS: %s%s\n" "$ok" "$(stamp)" "$2" "$norm" >>"$logFile"
;;
warn)
printf "%s[%s] WARN: %s%s\n" "$warn" "$(stamp)" "$2" "$norm" >>"$logFile"
;;
warning)
printf "%s[%s] WARNING: %s%s\n" "$warn" "$(stamp)" "$2" "$norm" >>"$logFile"
;;
*)
printf "%s\n" "$2" >>"$logFile"
;;
esac
}
### default variable values
@ -196,7 +261,7 @@ ip6=0
ip4DetectionSvc="http://ipv4.icanhazip.com"
ip6DetectionSvc="http://ipv6.icanhazip.com"
invalidDomainCount=0
failedDomainCount=0
failedHostCount=0
### process startup parameters
if [ -z "$1" ]; then
@ -234,7 +299,7 @@ while [ $# -gt 0 ]; do
colourizeLogFile=0
;;
-c | --cred* | -f)
# path to CloudFlare credentials file
# path to Cloudflare credentials file
if [ -n "$2" ]; then
if [ -f "$2" ] && [ -s "$2" ]; then
accountFile="${2%/}"
@ -295,7 +360,7 @@ fi
[ -z "$dnsRecords" ] && badParam errMsg "You must specify at least one DNS record to update. Exiting."
# verify credentials file exists and is not empty (default check)
if [ ! -f "$accountFile" ] || [ ! -s "$accountFile" ]; then
badParam errMsg "Cannot find CloudFlare credentials file (${accountFile}). Exiting."
badParam errMsg "Cannot find Cloudflare credentials file (${accountFile}). Exiting."
fi
# turn off log file colourization if parameter is set
if [ "$colourizeLogFile" -eq 0 ]; then
@ -311,50 +376,52 @@ fi
### initial log entries
{
printf "%s[%s] -- CloudFlare DDNS update-script: execution starting --%s\n" "$ok" "$(stamp)" "$norm"
printf "%sParameters:\n" "$magenta"
printf "%s[%s] -- Cloudflare DDNS update-script: starting --%s\n" "$ok" "$(stamp)" "$norm"
printf "Parameters:\n"
printf "script path: %s\n" "$scriptPath/$scriptName"
printf "credentials file: %s\n" "$accountFile"
if [ "$ip4" -eq 1 ]; then
printf "mode: IP4\n"
elif [ "$ip6" -eq 1 ]; then
printf "mode: IP6\n"
fi
# detect and report IP address
if [ -z "$ipAddress" ]; then
# detect public ip address
if [ "$ip4" -eq 1 ]; then
if ! ipAddress="$(curl -s $ip4DetectionSvc)"; then
printf "ddns ip address:%s ERROR%s\n" "$err" "$norm"
exitError 10
fi
fi
if [ "$ip6" -eq 1 ]; then
if ! ipAddress="$(curl -s $ip6DetectionSvc)"; then
printf "ddns ip address:%s ERROR%s\n" "$err" "$norm"
exitError 10
fi
fi
printf "ddns ip address (detected): %s\n" "$ipAddress"
else
printf "ddns ip address (supplied): %s\n" "$ipAddress"
fi
# iterate DNS records to update
dnsRecordsToUpdate="$(printf '%s' "${dnsRecords}" | sed "s/${dnsSeparator}*$//")$dnsSeparator"
while [ -n "$dnsRecordsToUpdate" ] && [ "$dnsRecordsToUpdate" != "$dnsSeparator" ]; do
record="${dnsRecordsToUpdate%%${dnsSeparator}*}"
dnsRecordsToUpdate="${dnsRecordsToUpdate#*${dnsSeparator}}"
if [ -z "$record" ]; then continue; fi
printf "updating record: %s\n" "$record"
done
printf "(end of parameter list)\n"
} >>"$logFile"
if [ "$ip4" -eq 1 ]; then
printf "mode: IP4\n" >>"$logFile"
elif [ "$ip6" -eq 1 ]; then
printf "mode: IP6\n" >>"$logFile"
fi
# detect and report IP address
if [ -z "$ipAddress" ]; then
# detect public ip address
if [ "$ip4" -eq 1 ]; then
if ! ipAddress="$(curl -s $ip4DetectionSvc)"; then
printf "ddns ip address: %serror%s\n" "$err" "$norm" >>"$logFile"
exitError 10
fi
fi
if [ "$ip6" -eq 1 ]; then
if ! ipAddress="$(curl -s $ip6DetectionSvc)"; then
printf "ddns ip address: %serror%s\n" "$err" "$norm" >>"$logFile"
exitError 10
fi
fi
printf "ddns ip address (detected): %s\n" "$ipAddress" >>"$logFile"
else
printf "ddns ip address (supplied): %s\n" "$ipAddress" >>"$logFile"
fi
# iterate DNS records to update
dnsRecordsToUpdate="$dnsRecords$dnsSeparator"
while [ "$dnsRecordsToUpdate" != "${dnsRecordsToUpdate#*${dnsSeparator}}" ] && { [ -n "${dnsRecordsToUpdate%%${dnsSeparator}*}" ] || [ -n "${dnsRecordsToUpdate#*${dnsSeparator}}" ]; }; do
record="${dnsRecordsToUpdate%%${dnsSeparator}*}"
dnsRecordsToUpdate="${dnsRecordsToUpdate#*${dnsSeparator}}"
printf "updating record: %s\n" "$record" >>"$logFile"
done
printf "(end of parameter list)%s\n" "$norm" >>"$logFile"
### read CloudFlare credentials
printf "[%s] Reading CloudFlare credentials... " "$(stamp)" >>"$logFile"
### read Cloudflare credentials
writeLog process "Reading Cloudflare credentials"
case "$accountFile" in
/*)
# absolute path, use as-is
@ -367,78 +434,105 @@ case "$accountFile" in
. "./$accountFile"
;;
esac
if [ -z "$cfEmail" ]; then
printf "%sERROR%s\n" "$err" "$norm" >>"$logFile"
exitError 20
elif [ -z "$cfKey" ]; then
printf "%sERROR%s\n" "$err" "$norm" >>"$logFile"
if [ -z "$cfKey" ]; then
writeLog process-error
exitError 21
elif [ -z "$cfZoneId" ]; then
printf "%sERROR%s\n" "$err" "$norm" >>"$logFile"
fi
if [ -z "$cfZoneId" ]; then
writeLog process-error
exitError 22
fi
printf "DONE%s\n" "$norm" >>"$logFile"
writeLog process-done "DONE"
### check if records to be updated exist and if they need updating, update as required
### connect to Cloudflare and do what needs to be done!
dnsRecordsToUpdate="$dnsRecords$dnsSeparator"
if [ "$ip4" -eq 1 ]; then
recordType="A"
elif [ "$ip6" -eq 1 ]; then
recordType="AAAA"
fi
while [ "$dnsRecordsToUpdate" != "${dnsRecordsToUpdate#*${dnsSeparator}}" ] && { [ -n "${dnsRecordsToUpdate%%${dnsSeparator}*}" ] || [ -n "${dnsRecordsToUpdate#*${dnsSeparator}}" ]; }; do
# iterate hosts to update
while [ -n "$dnsRecordsToUpdate" ] && [ "$dnsRecordsToUpdate" != "$dnsSeparator" ]; do
record="${dnsRecordsToUpdate%%${dnsSeparator}*}"
dnsRecordsToUpdate="${dnsRecordsToUpdate#*${dnsSeparator}}"
printf "[%s] Processing %s... " "$(stamp)" "$record" >>"$logFile"
# check for existing record, else exit with error (this script does NOT create new records, only updates them!)
if ! cfResult="$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones/${cfZoneId}/dns_records?name=${record}&type=${recordType}" \
if [ -z "$record" ]; then continue; fi
writeLog process "Processing ${record}"
# exit if curl/network error
if ! cfLookup="$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones/${cfZoneId}/dns_records?name=${record}&type=${recordType}" \
-H "Authorization: Bearer ${cfKey}" \
-H "Content-Type: application/json")"; then
printf "%sERROR%s\n" "$err" "$norm" >>"$logFile"
writeLog process-error
exitError 3
fi
# exit if API error
# exit here since API errors on GET request probably indicates authentication error which would affect all remaining operations
# no reason to continue processing other hosts and pile-up errors which might look like a DoS attempt
cfSuccess="$(printf "%s" "$cfLookup" | jq -r '.success')"
if [ "$cfSuccess" = "false" ]; then
writeLog process-error
listCFErrors "$cfLookup"
exitError 25
fi
resultCount="$(printf "%s" "$cfResult" | jq '.result_info.count')"
resultCount="$(printf "%s" "$cfLookup" | jq '.result_info.count')"
# skip to next host if cannot find existing host record (this script *updates* only, does not create!)
if [ "$resultCount" = "0" ]; then
printf "%sNOT FOUND%s\n" "$warn" "$norm" >>"$logFile"
printf "%s[%s] WARNING: Cannot find existing record to update for DNS entry: %s%s\n" "$warn" "$(stamp)" "$record" "$norm" >>"$logFile"
# warn if record of host not found
writeLog process-warning "NOT FOUND"
writeLog warn "Cannot find existing record to update for DNS entry: ${record}"
invalidDomainCount=$((invalidDomainCount + 1))
continue
fi
objectId=$(printf "%s" "$cfLookup" | jq -r '.result | .[] | .id')
currentIpAddr=$(printf "%s" "$cfLookup" | jq -r '.result | .[] | .content')
writeLog process-done "FOUND: IP = ${currentIpAddr}"
# skip to next hostname if record already up-to-date
if [ "$currentIpAddr" = "$ipAddress" ]; then
writeLog stamped "IP address for ${record} is already up-to-date"
continue
fi
# update record
writeLog process "Updating IP address for ${record}"
updateJSON="$(jq -n --arg key0 content --arg value0 "${ipAddress}" '{($key0):$value0}')"
# exit if curl/network error
if ! cfResult="$(curl -s -X PATCH "https://api.cloudflare.com/client/v4/zones/${cfZoneId}/dns_records/${objectId}" \
-H "Authorization: Bearer ${cfKey}" \
-H "Content-Type: application/json" \
--data "${updateJSON}")"; then
writeLog process-error
exitError 3
fi
# note update success or failure
cfSuccess="$(printf "%s" "$cfResult" | jq '.success')"
if [ "$cfSuccess" = "true" ]; then
writeLog process-done "DONE"
writeLog success "IP address for ${record} updated."
else
objectId=$(printf "%s" "$cfResult" | jq -r '.result | .[] | .id')
currentIpAddr=$(printf "%s" "$cfResult" | jq -r '.result | .[] | .content')
printf "FOUND: IP = %s\n" "$currentIpAddr" >>"$logFile"
# check if record needs updating
if [ "$currentIpAddr" = "$ipAddress" ]; then
printf "%s[%s] IP address for %s is already up-to-date%s\n" "$ok" "$(stamp)" "$record" "$norm" >>"$logFile"
else
# update record
printf "%s[%s] Updating IP address for %s... " "$cyan" "$(stamp)" "$record" >>"$logFile"
updateJSON="$(jq -n --arg key0 content --arg value0 "${ipAddress}" '{($key0):$value0}')"
if ! cfResult="$(curl -s -X PATCH "https://api.cloudflare.com/client/v4/zones/${cfZoneId}/dns_records/${objectId}" \
-H "Authorization: Bearer ${cfKey}" \
-H "Content-Type: application/json" \
--data "${updateJSON}")"; then
printf "%sERROR%s\n" "$err" "$norm" >>"$logFile"
exitError 25
fi
updateSuccess="$(printf "%s" "$cfResult" | jq '.success')"
if [ "$updateSuccess" = "true" ]; then
printf "DONE%s\n" "$norm" >>"$logFile"
printf "%s[%s] SUCCESS: IP address for %s updated%s\n" "$ok" "$(stamp)" "$record" "$norm" >>"$logFile"
else
printf "%sFAILED%s\n" "$err" "$norm" >>"$logFile"
printf "%s[%s] ERROR: Unable to update IP address for %s%s\n" "$err" "$(stamp)" "$record" "$norm" >>"$logFile"
failedDomainCount=$((failedDomainCount + 1))
fi
fi
writeLog process-error
listCFErrors "$cfResult"
writeLog err "Unable to update IP address for ${record}"
# do not exit with error, API error here is probably an update issue specific to this host
# increment counter and note it after all processing finished
failedHostCount=$((failedHostCount + 1))
fi
done
# exit
if [ "$invalidDomainCount" -ne 0 ]; then
printf "%s[%s] -- WARNING: %s invalid domain(s) were supplied for updating --%s\n" "$warn" "$(stamp)" "$invalidDomainCount" "$norm" >>"$logFile"
writeLog warning "${invalidDomainCount} invalid host(s) supplied for updating."
fi
if [ "$failedDomainCount" -ne 0 ]; then
exitError 98
if [ "$failedHostCount" -ne 0 ]; then
exitError 26
else
exitOK
fi
@ -447,11 +541,10 @@ fi
# 0: normal exit, no errors
# 1: invalid or unknown parameter
# 2: cannot find or access required external program(s)
# 3: curl error (probably connection)
# 10: cannot auto-detect IP address
# 20: accountFile has a null or missing cfEmail variable
# 21: accountFile has a null or missing cfKey variable
# 22: accountFile has a null or missing cfZoneId variable
# 25: unable to query CloudFlare account
# 97: script completed with warnings
# 98: one or more updates failed
# 25: Cloudflare API error
# 26: one or more updates failed
# 99: unspecified error occurred

1
cloudflare.credentials
View File

@ -2,6 +2,5 @@
# CloudFlare token for my.domain.tld
#
cfEmail=email@server.tld
cfKey=_dLuyyRNaKN8SLG4-csmNYYfC39nnCmPVA7aYUJj
cfZoneId=83d564234134513245311b23412331dd

95
etc/logwatch/scripts/services/cfddns
View File

@ -4,7 +4,7 @@
# $Id$
#############################################################################
# Log: CloudFlare updater script (cfddns)
# Revision 1.0 2018/09/26
# Revision 2.1 2021/05/08
# Written by Asif Bacchus
#############################################################################
@ -17,9 +17,11 @@ my $detailLevel = $ENV{'LOGWATCH_DETAIL_LEVEL'} || 0;
### Declare variables
my $summaryErr;
my $summaryStatusUpToDate;
my $summaryStatusNeedsUpdating;
my $summarySuccess;
my $summaryFailedUpdate;
my $summaryInvalidHost;
my $summaryUpdated;
my $summaryUpToDate;
my $summaryWarning;
my %reportHash = ();
my $key;
@ -29,32 +31,44 @@ my $key;
if ($detailLevel == 0) {
### process logfile and summarize message types
while (defined(my $ThisLine = <STDIN>)) {
if ($ThisLine =~ /\-- \[ERROR\] /) {
if ($ThisLine =~ /ERR: Unable to update IP address/) {
$summaryFailedUpdate++;
}
elsif ($ThisLine =~ /ERROR: /) {
$summaryErr++;
}
elsif ($ThisLine =~ /up-to-date./) {
$summaryStatusUpToDate++;
elsif ($ThisLine =~ /WARN: Cannot find existing record/) {
$summaryInvalidHost++;
}
elsif ($ThisLine =~ /needs updating.../) {
$summaryStatusNeedsUpdating++;
elsif ($ThisLine =~ /WARNING: /){
$summaryWarning++;
}
elsif ($ThisLine =~ /\-- \[SUCCESS\] /) {
$summarySuccess++;
elsif ($ThisLine =~ /SUCCESS: /) {
$summaryUpdated++;
}
elsif ($ThisLine =~ /already up-to-date/) {
$summaryUpToDate++;
}
}
### fill hash table with headings and summary counts
if ($summaryStatusNeedsUpdating > 0) {
$reportHash{"Entries needing updates"} = $summaryStatusNeedsUpdating;
if ($summaryUpdated > 0) {
$reportHash{"Entries successfully updated"} = $summaryUpdated;
}
if ($summarySuccess > 0) {
$reportHash{"Entries successfully updated"} = $summarySuccess;
if ($summaryUpToDate > 0) {
$reportHash{"Entries already up-to-date"} = $summaryUpToDate;
}
if ($summaryStatusUpToDate > 0) {
$reportHash{"Entries already up-to-date"} = $summaryStatusUpToDate;
if ($summaryFailedUpdate > 0) {
$reportHash{"Hosts failed to update"} = $summaryFailedUpdate;
}
if ($summaryInvalidHost > 0) {
$reportHash{"Undefined hosts"} = $summaryInvalidHost;
}
if ($summaryWarning > 0) {
$reportHash{"Total warnings"} = $summaryWarning;
}
if ($summaryErr > 0) {
$reportHash{"Errors encountered"} = $summaryErr;
$reportHash{"Total errors"} = $summaryErr;
}
### print hash table
@ -66,48 +80,59 @@ if ($detailLevel == 0) {
### a summary count
elsif ($detailLevel >= 1 && $detailLevel <= 4) {
while (defined(my $ThisLine = <STDIN>)) {
if ($ThisLine =~ /\-- \[ERROR\] /) {
if ($ThisLine =~ /ERR: /) {
print $ThisLine;
}
elsif ($ThisLine =~ /\-- \[STATUS\] /) {
elsif ($ThisLine =~ /WARN: /) {
print $ThisLine;
}
elsif ($ThisLine =~ /\-- \[SUCCESS\] /) {
elsif ($ThisLine =~ /SUCCESS: /) {
print $ThisLine;
}
elsif ($ThisLine =~ /already up-to-date/) {
print $ThisLine;
}
}
}
### Level 5 is similiar to levels 1-4 except it also reports informational
### messages such as the current working IP address and hostnames being
### checked. This is useful when verifying the cfddns.sh script's operation.
### Level 5 includes warning and error tally count messages and Cloudflare
### debugging messages
elsif ($detailLevel == 5) {
while (defined(my $ThisLine = <STDIN>)) {
if ($ThisLine =~ /\-- \[ERROR\] /) {
if ($ThisLine =~ /ERR: /) {
print $ThisLine;
}
elsif ($ThisLine =~ /\-- \[STATUS\] /) {
elsif ($ThisLine =~ /ERROR: /) {
print $ThisLine;
}
elsif ($ThisLine =~ /\-- \[SUCCESS\] /) {
elsif ($ThisLine =~ /CF-ERR: /) {
print $ThisLine;
}
elsif ($ThisLine =~ /\-- \[INFO\] /) {
elsif ($ThisLine =~ /WARN: /) {
print $ThisLine;
}
elsif ($ThisLine =~ /WARNING: /) {
print $ThisLine;
}
elsif ($ThisLine =~ /SUCCESS: /) {
print $ThisLine;
}
elsif ($ThisLine =~ /already up-to-date/) {
print $ThisLine;
}
}
}
### Any level above 5 will echo the entire log including the debugging notes
### within the script meant for troubleshooting. Using this level of detail
### should only be done if you cannot view the actual log file directly for
### whatever reason. The actual log file is colour-coded for easier debugging.
### Any level 6 or above will echo the entire log. The log itself is purposefully terse
### so while this level of detail is likely rarely needed, it is still not an overwhelming
### level of detail.
### Generally, however, using this level of detail should only be done if you cannot view
### the actual log file directly for whatever reason. The actual log file is colour-coded
### for easier debugging.
elsif ($detailLevel > 5) {
while (defined(my $ThisLine = <STDIN>)) {
print $ThisLine;
}
}
### Exit gracefully
exit (0);
@ -116,4 +141,4 @@ exit (0);
# mode: perl
# perl-indent-level: 3
# indent-tabs-mode: nil
# End:
# End: