309 lines
9.1 KiB
Puppet
309 lines
9.1 KiB
Puppet
# Install DNS server.
|
|
#
|
|
class dns::server {
|
|
|
|
if $operatingsystem != "OpenBSD" {
|
|
package { "bind":
|
|
name => $operatingsystem ? {
|
|
"ubuntu" => "bind9",
|
|
default => "bind-chroot",
|
|
}
|
|
}
|
|
}
|
|
|
|
case $operatingsystem {
|
|
"fedora": {
|
|
$chroot = ""
|
|
$confdir = "/etc/named"
|
|
}
|
|
"centos": {
|
|
case $operatingsystemrelease {
|
|
/^5\..*/: {
|
|
$chroot = "/var/named/chroot"
|
|
$confdir = "/etc"
|
|
}
|
|
default: {
|
|
$chroot = ""
|
|
$confdir = "/etc/named"
|
|
}
|
|
}
|
|
}
|
|
"ubuntu": {
|
|
$chroot = ""
|
|
$confdir = "/etc/bind"
|
|
}
|
|
default: {
|
|
$chroot = "/var/named"
|
|
$confdir = "/etc"
|
|
}
|
|
}
|
|
|
|
case $operatingsystem {
|
|
"ubuntu": {
|
|
$group = "bind"
|
|
}
|
|
default: {
|
|
$group = "named"
|
|
}
|
|
}
|
|
|
|
file { "${chroot}${confdir}/rndc.key":
|
|
ensure => present,
|
|
mode => 0640,
|
|
owner => "root",
|
|
group => $group,
|
|
require => $operatingsystem ? {
|
|
"openbsd" => undef,
|
|
default => Package["bind"],
|
|
},
|
|
}
|
|
exec { "rndc-confgen":
|
|
command => $chroot ? {
|
|
"" => "rndc-confgen -r /dev/urandom -a",
|
|
default => "rndc-confgen -r /dev/urandom -a -t ${chroot}",
|
|
},
|
|
path => "/bin:/usr/bin:/sbin:/usr/sbin",
|
|
unless => "test -s ${chroot}${confdir}/rndc.key",
|
|
require => File["${chroot}${confdir}/rndc.key"],
|
|
}
|
|
if "${chroot}" != "" {
|
|
file { "/etc/rndc.key":
|
|
ensure => "${chroot}${confdir}/rndc.key",
|
|
owner => "root",
|
|
group => $group,
|
|
require => Exec["rndc-confgen"],
|
|
}
|
|
}
|
|
|
|
service { "named":
|
|
name => $operatingsystem ? {
|
|
"ubuntu" => "bind9",
|
|
default => "named",
|
|
},
|
|
ensure => running,
|
|
enable => true,
|
|
status => "/usr/sbin/rndc status",
|
|
stop => $operatingsystem ? {
|
|
"openbsd" => "pkill -u named",
|
|
default => undef,
|
|
},
|
|
start => $operatingsystem ? {
|
|
"openbsd" => "/usr/sbin/named",
|
|
default => undef,
|
|
},
|
|
require => Exec["rndc-confgen"],
|
|
}
|
|
|
|
case $operatingsystem {
|
|
"ubuntu": {
|
|
$ipaddr = $dns_listener_ipaddr
|
|
file { "${chroot}${confdir}/named.conf.local":
|
|
ensure => present,
|
|
content => template("dns/named.conf.local.erb"),
|
|
mode => 0640,
|
|
owner => "root",
|
|
group => $group,
|
|
require => Package["bind"],
|
|
notify => Service["named"],
|
|
}
|
|
file { "${chroot}${confdir}/named.conf.options":
|
|
ensure => present,
|
|
content => template("dns/named.conf.options.erb"),
|
|
mode => 0640,
|
|
owner => "root",
|
|
group => $group,
|
|
require => Package["bind"],
|
|
notify => Service["named"],
|
|
}
|
|
}
|
|
default: {
|
|
file { "named.conf":
|
|
path => $operatingsystem ? {
|
|
"centos" => $operatingsystemrelease ? {
|
|
/^5\..*/ => "${chroot}${confdir}/named.conf",
|
|
default => "/etc/named.conf",
|
|
},
|
|
"fedora" => "/etc/named.conf",
|
|
default => "${chroot}${confdir}/named.conf",
|
|
},
|
|
ensure => present,
|
|
source => [ "puppet:///files/dns/named.conf.${fqdn}",
|
|
"puppet:///files/dns/named.conf", ],
|
|
mode => 0640,
|
|
owner => "root",
|
|
group => $group,
|
|
require => $operatingsystem ? {
|
|
openbsd => undef,
|
|
default => Package["bind"],
|
|
},
|
|
notify => Service["named"],
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
|
|
# Configure DNS zone.
|
|
#
|
|
# === Parameters
|
|
#
|
|
# $name:
|
|
# Zone name.
|
|
# $role:
|
|
# The role {master, slave} of this host.
|
|
# $master:
|
|
# IP address and FQDN or hostname of the DNS master for this zone.
|
|
# $slaves:
|
|
# IP addresess and host names of the DNS slaves for this zone.
|
|
# $source:
|
|
# Source file to use for zone. Defaults to auto.
|
|
#
|
|
define dns::zone($role = "master", $master = [], $slaves = [], source = "AUTO") {
|
|
|
|
$zone = $name
|
|
case $role {
|
|
"master": {
|
|
case $operatingsystem {
|
|
"openbsd": {
|
|
$zonedir = "/master"
|
|
}
|
|
"fedora","centos": {
|
|
$zonedir = "/var/named"
|
|
}
|
|
"ubuntu": {
|
|
$zonedir = "/etc/bind"
|
|
}
|
|
}
|
|
}
|
|
"slave": {
|
|
case $operatingsystem {
|
|
"openbsd": {
|
|
$zonedir = "/slave"
|
|
}
|
|
"fedora","centos": {
|
|
$zonedir = "/var/named/slaves"
|
|
}
|
|
"ubuntu": {
|
|
$zonedir = "/var/cache/bind"
|
|
}
|
|
}
|
|
}
|
|
default: {
|
|
fail("Unknown DNS zone type '${role}'")
|
|
}
|
|
}
|
|
|
|
$zonefile = regsubst($zone, '\/', '-')
|
|
file { "${dns::server::chroot}${dns::server::confdir}/zone.${zonefile}":
|
|
ensure => present,
|
|
content => template("dns/zone.$role.erb"),
|
|
mode => 0640,
|
|
owner => "root",
|
|
group => $dns::server::group,
|
|
require => $operatingsystem ? {
|
|
"openbsd" => undef,
|
|
default => Package["bind"],
|
|
},
|
|
notify => Service["named"],
|
|
}
|
|
|
|
if $role == "master" {
|
|
if $source != "AUTO" {
|
|
file { "${dns::server::chroot}${zonedir}/db.${zonefile}":
|
|
ensure => present,
|
|
source => $source,
|
|
mode => 0640,
|
|
owner => "root",
|
|
group => $dns::server::group,
|
|
require => $operatingsystem ? {
|
|
"openbsd" => undef,
|
|
default => Package["bind"],
|
|
},
|
|
notify => Service["named"],
|
|
}
|
|
} else {
|
|
file { "${dns::server::chroot}${zonedir}/db.${zonefile}":
|
|
ensure => present,
|
|
content => template("dns/db.erb"),
|
|
mode => 0640,
|
|
owner => "root",
|
|
group => $dns::server::group,
|
|
require => $operatingsystem ? {
|
|
"openbsd" => undef,
|
|
default => Package["bind"],
|
|
},
|
|
notify => Service["named"],
|
|
}
|
|
file { "${dns::server::chroot}${zonedir}/db.${zonefile}-dynamic":
|
|
ensure => present,
|
|
source => [ "puppet:///files/dns/db.${zonefile}-dynamic.${homename}",
|
|
"puppet:///modules/dns/empty", ],
|
|
mode => 0640,
|
|
owner => "root",
|
|
group => $dns::server::group,
|
|
require => $operatingsystem ? {
|
|
"openbsd" => undef,
|
|
default => Package["bind"],
|
|
},
|
|
notify => Service["named"],
|
|
}
|
|
file { "${dns::server::chroot}${zonedir}/db.${zonefile}-static":
|
|
ensure => present,
|
|
source => [ "puppet:///files/dns/db.${zonefile}-static.${homename}",
|
|
"puppet:///modules/dns/empty", ],
|
|
mode => 0640,
|
|
owner => "root",
|
|
group => $dns::server::group,
|
|
require => $operatingsystem ? {
|
|
"openbsd" => undef,
|
|
default => Package["bind"],
|
|
},
|
|
notify => Service["named"],
|
|
}
|
|
}
|
|
}
|
|
|
|
}
|
|
|
|
|
|
# Install dynamic DNS update script
|
|
#
|
|
# === Global variables
|
|
#
|
|
# $dns_nsupdate_name:
|
|
# FQDN to update into DNS.
|
|
#
|
|
# $dns_nsupdate_key:
|
|
# DNS key to use when updating entry. Usually in format:
|
|
# <keyname> <secret>
|
|
# for example:
|
|
# gw1.example.com. sZ6GgTZLBX83LXCoo
|
|
#
|
|
# $dns_nsupdate_server:
|
|
# DNS server address where to update entry.
|
|
#
|
|
# $dns_nsupdate_zone:
|
|
# Zone name to update. Defaults to domain part of
|
|
# $dns_nsupdate_name variable.
|
|
#
|
|
class dns::nsupdate {
|
|
|
|
file { "/usr/local/sbin/nsupdate.sh":
|
|
ensure => present,
|
|
content => template("dns/nsupdate.sh.erb"),
|
|
mode => 0700,
|
|
owner => root,
|
|
group => $operatingsystem ? {
|
|
openbsd => wheel,
|
|
default => root,
|
|
},
|
|
}
|
|
|
|
cron { "nsupdate":
|
|
ensure => present,
|
|
command => "/usr/local/sbin/nsupdate.sh",
|
|
minute => "*/5",
|
|
require => File["/usr/local/sbin/nsupdate.sh"],
|
|
}
|
|
|
|
}
|