Perform named-checkconf before reloading named.

This tries to minimize the risk of reloading broken config or invalid zone files, and kill our DNS infrastructure while doing so.
2012-11-29 14:13:28 +00:00 · 2012-11-29 14:13:28 +00:00 · 954955bd39
commit 954955bd39
parent 15a3dacdec
1 changed files with 17 additions and 8 deletions
--- a/dns/manifests/init.pp
+++ b/dns/manifests/init.pp
@ -107,6 +107,16 @@ class dns::server {
        }
    }

+    exec { "named-checkconf":
+        command => $chroot ? {
+            ""      => "/usr/sbin/named-checkconf -z",
+            default => "/usr/sbin/named-checkconf -z -t ${chroot}"
+        },
+        refreshonly => true,
+        subscribe   => File["named.conf"],
+        notify      => Service["named"],
+    }
+
    service { "named":
        name    => $::operatingsystem ? {
            "ubuntu" => "bind9",
@ -155,7 +165,7 @@ class dns::server {
        user        => "root",
        refreshonly => true,
        require     => File["/usr/local/sbin/generate-named-conf.sh"],
-        notify      => Service["named"],
+        notify      => Exec["named-checkconf"],
    }

    file { "${chroot}${confdir}/named.conf.options":
@ -170,7 +180,7 @@ class dns::server {
            "openbsd" => undef,
            default   => Package["bind"],
        },
-        notify  => Service["named"],
+        notify  => Exec["named-checkconf"]
    }

    file { "${chroot}${confdir}/named.conf.local":
@ -185,7 +195,7 @@ class dns::server {
            "openbsd" => undef,
            default   => Package["bind"],
        },
-        notify  => Service["named"],
+        notify  => Exec["named-checkconf"]
    }
 }

@ -225,7 +235,7 @@ class dns::server::ldap inherits dns::server {
        command   => "dnsdump.py --notest /var/named/master.in /var/named/master",
        require   => File["/usr/local/sbin/dnsdump.py"],
        unless    => "dnsdump.py --test /var/named/master.in /var/named/master",
-        notify    => Service["named"]
+        notify    => Exec["named-checkconf"],
    }
 }

@ -389,7 +399,7 @@ define dns::zone($role = "master", $master = "", $slaves = [], $forwarders = [],
                    "openbsd" => undef,
                    default   => Package["bind"],
                },
-                notify  => Service["named"],
+                notify  => Exec["named-checkconf"],
            }
            file { "${dns::server::chroot}${zonedir}/db.${zone}-dynamic":
                ensure  => present,
@ -405,7 +415,7 @@ define dns::zone($role = "master", $master = "", $slaves = [], $forwarders = [],
                    "openbsd" => undef,
                    default   => Package["bind"],
                },
-                notify  => Service["named"],
+                notify  => Exec["named-checkconf"],
            }
            file { "${dns::server::chroot}${zonedir}/db.${zone}-static":
                ensure  => present,
@ -421,7 +431,7 @@ define dns::zone($role = "master", $master = "", $slaves = [], $forwarders = [],
                    "openbsd" => undef,
                    default   => Package["bind"],
                },
-                notify  => Service["named"],
+                notify  => Exec["named-checkconf"],
            }
        }
    }
@ -468,5 +478,4 @@ class dns::nsupdate {
        minute  => "*/5",
        require => File["/usr/local/sbin/nsupdate.sh"],
    }
-
 }