Merge pull request 'feat: find resolvers by role' (#67) from neoloc/resolvconf into develop

Reviewed-on: unkinben/puppet-prod#67
2023-11-17 21:48:30 +09:30 · 2023-11-17 21:48:30 +09:30 · 38961848bb
commit 38961848bb
parent 7cc1a1ddc0 6b9d9e6aa7
7 changed files with 58 additions and 6 deletions
--- a/1
+++ b/1
@ -27,6 +27,7 @@ mod 'puppet-selinux', '4.1.0'
 # other
 mod 'ghoneycutt-puppet', '3.3.0'
 mod 'saz-sudo', '8.0.0'
+mod 'dalen-puppetdbquery', '3.0.1'

 mod 'bind',
  :git => 'https://git.unkin.net/unkinben/puppet-bind.git',
--- a/hieradata/common.yaml
+++ b/hieradata/common.yaml
@ -7,6 +7,7 @@ profiles::base::puppet_servers:
  - 'prodinf01n01.main.unkin.net'

 profiles::dns::master::basedir: '/var/named/sources'
+profiles::dns::base::ns_role: 'roles::infra::dns::resolver'

 profiles::packages::base:
  - bash-completion
--- a/site/profiles/manifests/base.pp
+++ b/site/profiles/manifests/base.pp
@ -29,11 +29,9 @@ class profiles::base (
  include profiles::base::hosts
  include profiles::accounts::sysadmin
  include profiles::ntp::client
+  include profiles::dns::base
  include profiles::cloudinit::init

-  # configure dns records for client
-  profiles::dns::client {"${facts['networking']['fqdn']}-default":}
-
  # include the python class
  class { 'python':
    manage_python_package => true,
--- a/site/profiles/manifests/dns/base.pp
+++ b/site/profiles/manifests/dns/base.pp
@ -0,0 +1,31 @@
+# profiles::dns::base
+class profiles::dns::base (
+  String $ns_role = undef,
+  Array  $search  = [],
+  Array  $nameservers = ['8.8.8.8', '1.1.1.1'],
+){
+
+  # if ns_role is set, find all hosts matching that enc_role
+  if $ns_role == undef {
+    $nameserver_array = $nameservers
+  }else{
+    $nameserver_array = query_nodes("enc_role='${ns_role}'", 'networking.ip')
+  }
+
+  # if search is undef, fallback to domainname from facts
+  if $search == [] {
+    $search_array = [$::facts['networking']['domain']]
+  }else{
+    $search_array = $search
+  }
+
+  # include resolvconf class
+  class { 'profiles::dns::resolvconf':
+    nameservers    => $nameserver_array,
+    search_domains => $search_array,
+  }
+
+  # export dns records for client
+  profiles::dns::client {"${facts['networking']['fqdn']}-default":}
+
+}
--- a/site/profiles/manifests/dns/client.pp
+++ b/site/profiles/manifests/dns/client.pp
@ -1,8 +1,8 @@
 # profiles::dns::client
 define profiles::dns::client (
-  Boolean   $forward = true,
-  Boolean   $reverse = true,
-  Integer   $order   = 10,
+  Boolean   $forward    = true,
+  Boolean   $reverse    = true,
+  Integer   $order      = 10,
 ){

  $intf = $facts['networking']['primary']
--- a/site/profiles/manifests/dns/resolvconf.pp
+++ b/site/profiles/manifests/dns/resolvconf.pp
@ -0,0 +1,14 @@
+# profiles::dns::resolvconf
+class profiles::dns::resolvconf (
+  Array[String] $nameservers,
+  Array[String] $search_domains,
+) {
+
+  file { '/etc/resolv.conf':
+    ensure  => file,
+    owner   => 'root',
+    group   => 'root',
+    mode    => '0644',
+    content => template('profiles/dns/resolvconf.erb'),
+  }
+}
--- a/site/profiles/templates/dns/resolvconf.erb
+++ b/site/profiles/templates/dns/resolvconf.erb
@ -0,0 +1,7 @@
+# Managed by Puppet
+<% @nameservers.each do |ns| -%>
+nameserver <%= ns %>
+<% end -%>
+<% unless @search_domains.empty? -%>
+search <%= @search_domains.join(' ') %>
+<% end -%>