upload-unbound-config

#!/bin/sh -e

# path of the file on each target server
CONFFILE='/etc/unbound/censura-new.conf'
# list of target servers
SERVERS='root@ns1.example.net root@ns3.example.net root@ns5.example.net root@ns6.example.net'
# do not waste too much time trying to connect to unresponsive remote servers
RSYNC_OPTIONS='--timeout=30 -rt'

# the local file
CONF='lists/unbound.conf'

# override the list of target servers
if [ "$1" ]; then
  SERVERS="$1"
fi

##############################################################################
copy_config() {
  local file="$1"
  local server rc

  rc=0
  for server in $SERVERS; do
    dprintf "Copying to $server...\n"
    if rsync $RSYNC_OPTIONS $file $server:$CONFFILE; then
      dprintf "Succesfully copied to $server.\n"
      # this script dynamically updates the running configuration
      if ssh $server unbound-update-censorship; then
        dprintf "Configuration successfully reloaded on $server.\n\n"
      else
        printf "ERROR: the configuration has not been correctly reloaded on $server!\n\n" >&2
	rc=1
      fi
    else
      printf "ERROR: the configuration has not been correctly copied to $server!\n\n" >&2
      rc=1
    fi
  done

  return $rc
}

if [ -t 0 ]; then VERBOSE=1; fi

dprintf() {
  [ "$VERBOSE" ] || return 0
  printf "$*"
}

##############################################################################
# debugging
if [ "$PWD" = "/home/md/projects/kit-censura" ]; then
  rsync() { echo "DEBUG: rsync $*"; }
  ssh() { echo "DEBUG: ssh $*"; }
fi

##############################################################################
if cmp -s $CONF $CONF.new; then
  # the new config file is unchanged, we are done
  dprintf "$CONF is unchanged, exiting.\n"
  exit 0
fi

dprintf "$CONF has changed.\n"

# copy unbound.conf to the servers
# rename the file only if everything was successful
if copy_config $CONF.new; then
  cp -a $CONF.new $CONF
else
  rm -f $CONF.new
fi

exit 0