tmakinen/puppet
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Refactored dns::server class.

Browse source
This commit is contained in:
Timo Mkinen 2012-03-22 11:41:20 +02:00
parent 34be570ebc
commit 4cb660dcaf
7 changed files with 155 additions and 121 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
dns/files/named.conf.local Normal file
View file

@ -0,0 +1,2 @@
acl trusted { localhost; localnets; };
acl nameservers { localhost; };

9
dns/files/named.conf.options Normal file
View file

@ -0,0 +1,9 @@
options {
listen-on { any; };
listen-on-v6 { none; };
allow-query { any; };
allow-recursion { trusted; };
allow-transfer { nameservers; };
};

143
dns/manifests/init.pp
View file

@ -15,32 +15,43 @@ class dns::server {
} }
} }
# first set per os paths
case $operatingsystem { case $operatingsystem {
"fedora": { "fedora": {
$chroot = ""
$confdir = "/etc/named" $confdir = "/etc/named"
} }
"centos": { "centos": {
case $operatingsystemrelease { case $operatingsystemrelease {
/^5\..*/: { /^5\..*/: {
$chroot = "/var/named/chroot" $chroot = "/var/named/chroot"
$confdir = "/etc"
} }
default: { default: {
$chroot = ""
$confdir = "/etc/named" $confdir = "/etc/named"
} }
} }
} }
"ubuntu": { "ubuntu": {
$chroot = ""
$confdir = "/etc/bind" $confdir = "/etc/bind"
$config = "${confdir}/named.conf"
$rndckey = "${confdir}/rndc.key"
} }
default: { "openbsd": {
$chroot = "/var/named" $chroot = "/var/named"
$confdir = "/etc"
} }
} }
# if some var is not set use default value
if !$confdir {
$confdir = "/etc"
}
if !$config {
$config = "/etc/named.conf"
}
if !$rndckey {
$rndckey = "/etc/rndc.key"
}
if !$chroot {
$chroot = ""
}
case $operatingsystem { case $operatingsystem {
"ubuntu": { "ubuntu": {
@ -51,7 +62,7 @@ class dns::server {
} }
} }
file { "${chroot}${confdir}/rndc.key": file { "${chroot}${rndckey}":
ensure => present, ensure => present,
mode => 0640, mode => 0640,
owner => "root", owner => "root",
@ -67,12 +78,13 @@ class dns::server {
default => "rndc-confgen -r /dev/urandom -a -t ${chroot}", default => "rndc-confgen -r /dev/urandom -a -t ${chroot}",
}, },
path => "/bin:/usr/bin:/sbin:/usr/sbin", path => "/bin:/usr/bin:/sbin:/usr/sbin",
unless => "test -s ${chroot}${confdir}/rndc.key", unless => "test -s ${chroot}${rndckey}",
require => File["${chroot}${confdir}/rndc.key"], require => File["${chroot}${rndckey}"],
} }
if "${chroot}" != "" { if "${chroot}" != "" {
file { "/etc/rndc.key": file { "/etc/rndc.key":
ensure => "${chroot}${confdir}/rndc.key", ensure => link,
target => "${chroot}${rndckey}",
owner => "root", owner => "root",
group => $group, group => $group,
require => Exec["rndc-confgen"], require => Exec["rndc-confgen"],
@ -98,51 +110,66 @@ class dns::server {
require => Exec["rndc-confgen"], require => Exec["rndc-confgen"],
} }
case $operatingsystem { file { "named.conf":
"ubuntu": { path => "${chroot}${config}",
$ipaddr = $dns_listener_ipaddr ensure => present,
file { "${chroot}${confdir}/named.conf.local": mode => 0640,
ensure => present, owner => "root",
content => template("dns/named.conf.local.erb"), group => $group,
mode => 0640, require => $operatingsystem ? {
owner => "root", "openbsd" => undef,
group => $group, default => Package["bind"],
require => Package["bind"], },
notify => Service["named"], notify => Exec["generate-named-conf"],
} }
file { "${chroot}${confdir}/named.conf.options": file { "/usr/local/sbin/generate-named-conf.sh":
ensure => present, ensure => present,
content => template("dns/named.conf.options.erb"), content => template("dns/generate-named-conf.sh.erb"),
mode => 0640, mode => 0755,
owner => "root", owner => "root",
group => $group, group => $operatingsystem ? {
require => Package["bind"], "openbsd" => "wheel",
notify => Service["named"], default => "root",
} },
} notify => Exec["generate-named-conf"],
default: { }
file { "named.conf": exec { "generate-named-conf":
path => $operatingsystem ? { command => "/usr/local/sbin/generate-named-conf.sh > ${chroot}${config}",
"centos" => $operatingsystemrelease ? { path => "/bin:/usr/bin:/sbin:/usr/sbin",
/^5\..*/ => "${chroot}${confdir}/named.conf", user => "root",
default => "/etc/named.conf", refreshonly => true,
}, require => File["/usr/local/sbin/generate-named-conf.sh"],
"fedora" => "/etc/named.conf", notify => Service["named"],
default => "${chroot}${confdir}/named.conf", }
},
ensure => present, file { "${chroot}${confdir}/named.conf.options":
source => [ "puppet:///files/dns/named.conf.${fqdn}", ensure => present,
"puppet:///files/dns/named.conf", ], source => [ "puppet:///files/dns/named.conf.options.${fqdn}",
mode => 0640, "puppet:///files/dns/named.conf.options",
owner => "root", "puppet:///modules/dns/named.conf.options", ],
group => $group, mode => 0640,
require => $operatingsystem ? { owner => "root",
openbsd => undef, group => $group,
default => Package["bind"], require => $operatingsystem ? {
}, "openbsd" => undef,
notify => Service["named"], default => Package["bind"],
} },
} notify => Service["named"],
}
file { "${chroot}${confdir}/named.conf.local":
ensure => present,
source => [ "puppet:///files/dns/named.conf.local.${fqdn}",
"puppet:///files/dns/named.conf.local",
"puppet:///modules/dns/named.conf.local", ],
mode => 0640,
owner => "root",
group => $group,
require => $operatingsystem ? {
"openbsd" => undef,
default => Package["bind"],
},
notify => Service["named"],
} }
} }
@ -208,10 +235,10 @@ define dns::zone($role = "master", $master = [], $slaves = [], $source = "AUTO")
"openbsd" => undef, "openbsd" => undef,
default => Package["bind"], default => Package["bind"],
}, },
notify => Service["named"], notify => Exec["generate-named-conf"],
} }
if $role == "master" { if $role == "master" and $zone != "." {
if $source != "AUTO" { if $source != "AUTO" {
file { "${dns::server::chroot}${zonedir}/db.${zonefile}": file { "${dns::server::chroot}${zonedir}/db.${zonefile}":
ensure => present, ensure => present,
@ -223,7 +250,7 @@ define dns::zone($role = "master", $master = [], $slaves = [], $source = "AUTO")
"openbsd" => undef, "openbsd" => undef,
default => Package["bind"], default => Package["bind"],
}, },
notify => Service["named"], notify => Exec["generate-named-conf"],
} }
} else { } else {
file { "${dns::server::chroot}${zonedir}/db.${zonefile}": file { "${dns::server::chroot}${zonedir}/db.${zonefile}":

58
dns/templates/generate-named-conf.sh.erb Normal file
View file

@ -0,0 +1,58 @@
#!/bin/sh
chroot="<%= chroot %>"
confdir="<%= confdir %>"
operatingsystem="<%= operatingsystem %>"
cat <<EOF
include "${confdir}/named.conf.local";
include "${confdir}/named.conf.options";
view default {
match-clients { any; };
EOF
for name in ${chroot}${confdir}/zone.* ; do
echo " include \"${confdir}/`basename ${name}`\";"
done
case $operatingsystem in
OpenBSD)
cat <<EOF
zone "." {
type hint;
file "/etc/root.hint";
};
zone "localhost" {
type master;
file "/standard/localhost";
};
zone "127.in-addr.arpa" {
type master;
file "/standard/loopback";
};
zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" {
type master;
file "/standard/loopback6.arpa";
};
EOF
;;
Ubuntu)
echo " include \"${confdir}/named.conf.default-zones\";"
;;
*)
cat <<EOF
zone "." {
type hint;
file "/var/named/named.ca";
};
EOF
cat ${chroot}/etc/named.rfc1912.zones | \
sed -e 's%file "%file "/var/named/%' -e 's/^/ /'
;;
esac
echo "};"
echo ""

32
dns/templates/named.conf.local.erb
View file

@ -1,32 +0,0 @@
//
// Do any local configuration here
//
acl "xfer" {
none; // Allow no transfers. If we have other
// name servers, place them here.
};
acl "trusted" {
// Place our internal and DMZ subnets in here so that
// intranet and DMZ clients may send DNS queries. This
// also prevents outside hosts from using our name server
// as a resolver for other domains.
<% dns_client_networks.each do |network| -%>
<%= network %>;
<% end -%>
localhost;
};
<% dns_zones.each do |zone| -%>
<% if zone.match(/\//) %>
include "/etc/bind/zone.<%= zone.sub(/\//, '-') %>";
<% else %>
include "/etc/bind/zone.<%= zone %>";
<% end -%>
<% end -%>
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";

30
dns/templates/named.conf.options.erb
View file

@ -1,30 +0,0 @@
options {
listen-on { any; };
listen-on-v6 { none; };
allow-transfer { xfer; };
allow-recursion {
trusted;
};
# recursion yes;
directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you might need to uncomment the query-source
// directive below. Previous versions of BIND always asked
// questions using port 53, but BIND 8.1 and later use an unprivileged
// port by default.
// query-source address * port 53;
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
// forwarders {
// 0.0.0.0;
// };
auth-nxdomain no; # conform to RFC1035
version ""; // remove this to allow version queries
};

2
dns/templates/zone.master.erb
View file

@ -11,7 +11,7 @@ zone "<%= zone %>" {
<%= v['ip'] %>; <%= v['ip'] %>;
<% end -%> <% end -%>
<% else -%> <% else -%>
none; nameservers;
<% end -%> <% end -%>
}; };
allow-update { allow-update {