diff --git a/dns/manifests/init.pp b/dns/manifests/init.pp index e082b9c..3b59f03 100644 --- a/dns/manifests/init.pp +++ b/dns/manifests/init.pp @@ -12,44 +12,63 @@ class dns::server { } case $operatingsystem { - "centos","fedora": { - $confdir = "/var/named/chroot/etc" + "fedora": { + $chroot = "" + $confdir = "/etc/named" + } + "centos": { + case $operatingsystemrelease { + /^5\..*/: { + $chroot = "/var/named/chroot" + $confdir = "/etc" + } + default: { + $chroot = "" + $confdir = "/etc/named" + } + } } "ubuntu": { + $chroot = "" $confdir = "/etc/bind" } default: { - $confdir = "/var/named/etc" + $chroot = "/var/named" + $confdir = "/etc" } } - file { "${confdir}/rndc.key": + case $operatingsystem { + "ubuntu": { + $group = "bind" + } + default: { + $group = "named" + } + } + + file { "${chroot}${confdir}/rndc.key": ensure => present, mode => 0640, owner => "root", - group => $operatingsystem ? { - "ubuntu" => "bind", - default => "named", - }, + group => $group, require => $operatingsystem ? { "openbsd" => undef, default => Package["bind"], }, } exec { "rndc-confgen": - command => "rndc-confgen -a -t ${confdir}", + command => "rndc-confgen -a -t ${chroot}", path => "/bin:/usr/bin:/sbin:/usr/sbin", - unless => "test -s ${confdir}/rndc.key", - require => File["${confdir}/rndc.key"], + unless => "test -s ${chroot}${confdir}/rndc.key", + require => File["${chroot}${confdir}/rndc.key"], } - case $operatingsystem { - "centos","fedora": { - file { "/etc/rndc.key": - ensure => "${confdir}/rndc.key", - owner => "root", - group => "root", - require => Exec["rndc-confgen"], - } + if "${chroot}" != "" { + file { "/etc/rndc.key": + ensure => "${chroot}${confdir}/rndc.key", + owner => "root", + group => $group, + require => Exec["rndc-confgen"], } } @@ -75,33 +94,33 @@ class dns::server { case $operatingsystem { "ubuntu": { $ipaddr = $dns_listener_ipaddr - file { "${confdir}/named.conf.local": + file { "${chroot}${confdir}/named.conf.local": ensure => present, - content => template("dns/named.conf.local.erb"), + content => template("dns/named.conf.local.erb"), mode => 0640, owner => "root", - group => "bind", + group => $group, require => Package["bind"], notify => Service["named"], } - file { "${confdir}/named.conf.options": + file { "${chroot}${confdir}/named.conf.options": ensure => present, - content => template("dns/named.conf.options.erb"), + content => template("dns/named.conf.options.erb"), mode => 0640, owner => "root", - group => "bind", + group => $group, require => Package["bind"], notify => Service["named"], } } default: { - file { "${confdir}/named.conf": + file { "${chroot}${confdir}/named.conf": ensure => present, source => [ "puppet:///files/dns/named.conf.${fqdn}", "puppet:///files/dns/named.conf", ], mode => 0640, owner => "root", - group => "named", + group => $group, require => $operatingsystem ? { openbsd => undef, default => Package["bind"], @@ -113,7 +132,7 @@ class dns::server { } -# Configure interface. +# Configure DNS zone. # # === Parameters # @@ -126,59 +145,93 @@ class dns::server { # $slaves: # IP addresess and FQDNs or hostnames of the DNS slaves for this zone. # -define dns::zone($role = "master", $master = {}, $slaves = {}) { +define dns::zone($role = "master", $master = [], $slaves = []) { $zone = $name - - case $operatingsystem { - "centos","fedora": { - $confdir = "/var/named/chroot/etc" + case $role { + "master": { + case $operatingsystem { + "openbsd": { + $zonedir = "/master" + } + "fedora","centos": { + $zonedir = "/var/named" + } + "ubuntu": { + $zonedir = "/etc/bind" + } + } } - "ubuntu": { - $confdir = "/etc/bind" + "slave": { + case $operatingsystem { + "openbsd": { + $zonedir = "/slave" + } + "fedora","centos": { + $zonedir = "/var/named/slaves" + } + "ubuntu": { + $zonedir = "/var/cache/bind" + } + } } default: { - $confdir = "/var/named/etc" + fail("Unknown DNS zone type '${role}'") } } - file { "${confdir}/zone.${zone}": - ensure => present, + file { "${dns::server::chroot}${dns::server::confdir}/zone.${zone}": + ensure => present, content => template("dns/zone.$role.erb"), mode => 0640, owner => "root", - group => "bind", - require => Package["bind"], + group => $dns::server::group, + require => $operatingsystem ? { + "openbsd" => undef, + default => Package["bind"], + }, notify => Service["named"], } - file { "${confdir}/db.${zone}": - ensure => present, - content => template("dns/db.erb"), - mode => 0640, - owner => "root", - group => "bind", - require => Package["bind"], - notify => Service["named"], - } - file { "${confdir}/db.${zone}-dynamic": - ensure => present, - source => [ "puppet:///files/dns/db.${zone}-dynamic.${homename}", - "puppet:///modules/dns/empty", ], - mode => 0640, - owner => "root", - group => "bind", - require => Package["bind"], - notify => Service["named"], - } - file { "${confdir}/db.${zone}-static": - ensure => present, - source => [ "puppet:///files/dns/db.${zone}-static.${homename}", - "puppet:///modules/dns/empty", ], - mode => 0640, - owner => "root", - group => "bind", - require => Package["bind"], - notify => Service["named"], + + if $role == "master" { + file { "${dns::server::chroot}${zonedir}/db.${zone}": + ensure => present, + content => template("dns/db.erb"), + mode => 0640, + owner => "root", + group => $dns::server::group, + require => $operatingsystem ? { + "openbsd" => undef, + default => Package["bind"], + }, + notify => Service["named"], + } + file { "${dns::server::chroot}${zonedir}/db.${zone}-dynamic": + ensure => present, + source => [ "puppet:///files/dns/db.${zone}-dynamic.${homename}", + "puppet:///modules/dns/empty", ], + mode => 0640, + owner => "root", + group => $dns::server::group, + require => $operatingsystem ? { + "openbsd" => undef, + default => Package["bind"], + }, + notify => Service["named"], + } + file { "${dns::server::chroot}${zonedir}/db.${zone}-static": + ensure => present, + source => [ "puppet:///files/dns/db.${zone}-static.${homename}", + "puppet:///modules/dns/empty", ], + mode => 0640, + owner => "root", + group => $dns::server::group, + require => $operatingsystem ? { + "openbsd" => undef, + default => Package["bind"], + }, + notify => Service["named"], + } } } diff --git a/dns/templates/db.erb b/dns/templates/db.erb index 2290e87..a9e5b1d 100644 --- a/dns/templates/db.erb +++ b/dns/templates/db.erb @@ -23,5 +23,5 @@ $ORIGIN <%= zone %>. <% end -%> <% end -%> -$INCLUDE /etc/bind/db.<%= zone %>-dynamic -$INCLUDE /etc/bind/db.<%= zone %>-static +$INCLUDE <%= zonedir %>/db.<%= zone %>-dynamic +$INCLUDE <%= zonedir %>/db.<%= zone %>-static diff --git a/dns/templates/zone.master.erb b/dns/templates/zone.master.erb index 88a8c6c..e2d608e 100644 --- a/dns/templates/zone.master.erb +++ b/dns/templates/zone.master.erb @@ -1,6 +1,6 @@ zone "<%= zone %>" { type master; - file "/etc/bind/db.<%= zone %>"; + file "<%= zonedir %>/db.<%= zone %>"; <% if not slaves.empty? -%> allow-transfer { <% slaves.each do |slave| -%> diff --git a/dns/templates/zone.slave.erb b/dns/templates/zone.slave.erb index 8e93a0d..99ea6b7 100644 --- a/dns/templates/zone.slave.erb +++ b/dns/templates/zone.slave.erb @@ -1,9 +1,9 @@ zone "<%= zone %>" { type slave; - file "/var/cache/bind/db.<%= zone %>"; + file "<%= zonedir %>/db.<%= zone %>"; masters { <% master.each do |m| -%> - <%= m['ipaddr'] %>; + <%= m %>; <% end -%> }; };