tmakinen/puppet
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Refactored dns::server class.

Browse source
This commit is contained in:
Timo Mkinen 2012-03-22 11:41:20 +02:00
parent 34be570ebc
commit 4cb660dcaf
7 changed files with 155 additions and 121 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
dns/files/named.conf.local Normal file
View file

@ -0,0 +1,2 @@
acl trusted { localhost; localnets; };
acl nameservers { localhost; };

9
dns/files/named.conf.options Normal file
View file

@ -0,0 +1,9 @@
options {
listen-on { any; };
listen-on-v6 { none; };
allow-query { any; };
allow-recursion { trusted; };
allow-transfer { nameservers; };
};

143
dns/manifests/init.pp
View file

@ -15,32 +15,43 @@ class dns::server {
}
}
# first set per os paths
case $operatingsystem {
"fedora": {
$chroot = ""
$confdir = "/etc/named"
}
"centos": {
case $operatingsystemrelease {
/^5\..*/: {
$chroot = "/var/named/chroot"
$confdir = "/etc"
}
default: {
$chroot = ""
$confdir = "/etc/named"
}
}
}
"ubuntu": {
$chroot = ""
$confdir = "/etc/bind"
$config = "${confdir}/named.conf"
$rndckey = "${confdir}/rndc.key"
}
default: {
"openbsd": {
$chroot = "/var/named"
$confdir = "/etc"
}
}
# if some var is not set use default value
if !$confdir {
$confdir = "/etc"
}
if !$config {
$config = "/etc/named.conf"
}
if !$rndckey {
$rndckey = "/etc/rndc.key"
}
if !$chroot {
$chroot = ""
}
case $operatingsystem {
"ubuntu": {
@ -51,7 +62,7 @@ class dns::server {
}
}
file { "${chroot}${confdir}/rndc.key":
file { "${chroot}${rndckey}":
ensure => present,
mode => 0640,
owner => "root",
@ -67,12 +78,13 @@ class dns::server {
default => "rndc-confgen -r /dev/urandom -a -t ${chroot}",
},
path => "/bin:/usr/bin:/sbin:/usr/sbin",
unless => "test -s ${chroot}${confdir}/rndc.key",
require => File["${chroot}${confdir}/rndc.key"],
unless => "test -s ${chroot}${rndckey}",
require => File["${chroot}${rndckey}"],
}
if "${chroot}" != "" {
file { "/etc/rndc.key":
ensure => "${chroot}${confdir}/rndc.key",
ensure => link,
target => "${chroot}${rndckey}",
owner => "root",
group => $group,
require => Exec["rndc-confgen"],
@ -98,51 +110,66 @@ class dns::server {
require => Exec["rndc-confgen"],
}
case $operatingsystem {
"ubuntu": {
$ipaddr = $dns_listener_ipaddr
file { "${chroot}${confdir}/named.conf.local":
ensure => present,
content => template("dns/named.conf.local.erb"),
mode => 0640,
owner => "root",
group => $group,
require => Package["bind"],
notify => Service["named"],
}
file { "${chroot}${confdir}/named.conf.options":
ensure => present,
content => template("dns/named.conf.options.erb"),
mode => 0640,
owner => "root",
group => $group,
require => Package["bind"],
notify => Service["named"],
}
}
default: {
file { "named.conf":
path => $operatingsystem ? {
"centos" => $operatingsystemrelease ? {
/^5\..*/ => "${chroot}${confdir}/named.conf",
default => "/etc/named.conf",
},
"fedora" => "/etc/named.conf",
default => "${chroot}${confdir}/named.conf",
},
ensure => present,
source => [ "puppet:///files/dns/named.conf.${fqdn}",
"puppet:///files/dns/named.conf", ],
mode => 0640,
owner => "root",
group => $group,
require => $operatingsystem ? {
openbsd => undef,
default => Package["bind"],
},
notify => Service["named"],
}
}
file { "named.conf":
path => "${chroot}${config}",
ensure => present,
mode => 0640,
owner => "root",
group => $group,
require => $operatingsystem ? {
"openbsd" => undef,
default => Package["bind"],
},
notify => Exec["generate-named-conf"],
}
file { "/usr/local/sbin/generate-named-conf.sh":
ensure => present,
content => template("dns/generate-named-conf.sh.erb"),
mode => 0755,
owner => "root",
group => $operatingsystem ? {
"openbsd" => "wheel",
default => "root",
},
notify => Exec["generate-named-conf"],
}
exec { "generate-named-conf":
command => "/usr/local/sbin/generate-named-conf.sh > ${chroot}${config}",
path => "/bin:/usr/bin:/sbin:/usr/sbin",
user => "root",
refreshonly => true,
require => File["/usr/local/sbin/generate-named-conf.sh"],
notify => Service["named"],
}
file { "${chroot}${confdir}/named.conf.options":
ensure => present,
source => [ "puppet:///files/dns/named.conf.options.${fqdn}",
"puppet:///files/dns/named.conf.options",
"puppet:///modules/dns/named.conf.options", ],
mode => 0640,
owner => "root",
group => $group,
require => $operatingsystem ? {
"openbsd" => undef,
default => Package["bind"],
},
notify => Service["named"],
}
file { "${chroot}${confdir}/named.conf.local":
ensure => present,
source => [ "puppet:///files/dns/named.conf.local.${fqdn}",
"puppet:///files/dns/named.conf.local",
"puppet:///modules/dns/named.conf.local", ],
mode => 0640,
owner => "root",
group => $group,
require => $operatingsystem ? {
"openbsd" => undef,
default => Package["bind"],
},
notify => Service["named"],
}
}
@ -208,10 +235,10 @@ define dns::zone($role = "master", $master = [], $slaves = [], $source = "AUTO")
"openbsd" => undef,
default => Package["bind"],
},
notify => Service["named"],
notify => Exec["generate-named-conf"],
}
if $role == "master" {
if $role == "master" and $zone != "." {
if $source != "AUTO" {
file { "${dns::server::chroot}${zonedir}/db.${zonefile}":
ensure => present,
@ -223,7 +250,7 @@ define dns::zone($role = "master", $master = [], $slaves = [], $source = "AUTO")
"openbsd" => undef,
default => Package["bind"],
},
notify => Service["named"],
notify => Exec["generate-named-conf"],
}
} else {
file { "${dns::server::chroot}${zonedir}/db.${zonefile}":

58
dns/templates/generate-named-conf.sh.erb Normal file
View file

@ -0,0 +1,58 @@
#!/bin/sh
chroot="<%= chroot %>"
confdir="<%= confdir %>"
operatingsystem="<%= operatingsystem %>"
cat <<EOF
include "${confdir}/named.conf.local";
include "${confdir}/named.conf.options";
view default {
match-clients { any; };
EOF
for name in ${chroot}${confdir}/zone.* ; do
echo " include \"${confdir}/`basename ${name}`\";"
done
case $operatingsystem in
OpenBSD)
cat <<EOF
zone "." {
type hint;
file "/etc/root.hint";
};
zone "localhost" {
type master;
file "/standard/localhost";
};
zone "127.in-addr.arpa" {
type master;
file "/standard/loopback";
};
zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" {
type master;
file "/standard/loopback6.arpa";
};
EOF
;;
Ubuntu)
echo " include \"${confdir}/named.conf.default-zones\";"
;;
*)
cat <<EOF
zone "." {
type hint;
file "/var/named/named.ca";
};
EOF
cat ${chroot}/etc/named.rfc1912.zones | \
sed -e 's%file "%file "/var/named/%' -e 's/^/ /'
;;
esac
echo "};"
echo ""

32
dns/templates/named.conf.local.erb
View file

@ -1,32 +0,0 @@
//
// Do any local configuration here
//
acl "xfer" {
none; // Allow no transfers. If we have other
// name servers, place them here.
};
acl "trusted" {
// Place our internal and DMZ subnets in here so that
// intranet and DMZ clients may send DNS queries. This
// also prevents outside hosts from using our name server
// as a resolver for other domains.
<% dns_client_networks.each do |network| -%>
<%= network %>;
<% end -%>
localhost;
};
<% dns_zones.each do |zone| -%>
<% if zone.match(/\//) %>
include "/etc/bind/zone.<%= zone.sub(/\//, '-') %>";
<% else %>
include "/etc/bind/zone.<%= zone %>";
<% end -%>
<% end -%>
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";

30
dns/templates/named.conf.options.erb
View file

@ -1,30 +0,0 @@
options {
listen-on { any; };
listen-on-v6 { none; };
allow-transfer { xfer; };
allow-recursion {
trusted;
};
# recursion yes;
directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you might need to uncomment the query-source
// directive below. Previous versions of BIND always asked
// questions using port 53, but BIND 8.1 and later use an unprivileged
// port by default.
// query-source address * port 53;
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
// forwarders {
// 0.0.0.0;
// };
auth-nxdomain no; # conform to RFC1035
version ""; // remove this to allow version queries
};

2
dns/templates/zone.master.erb
View file

@ -11,7 +11,7 @@ zone "<%= zone %>" {
<%= v['ip'] %>;
<% end -%>
<% else -%>
none;
nameservers;
<% end -%>
};
allow-update {