unkin/puppet-prod
2
0
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request 'feat: find resolvers by role' (#67) from neoloc/resolvconf into develop

Browse Source 
Reviewed-on: unkinben/puppet-prod#67
This commit is contained in:
Ben Vincent 2023-11-17 21:48:30 +09:30
commit 38961848bb
7 changed files with 58 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
Puppetfile
View File

@ -27,6 +27,7 @@ mod 'puppet-selinux', '4.1.0'
# other # other
mod 'ghoneycutt-puppet', '3.3.0' mod 'ghoneycutt-puppet', '3.3.0'
mod 'saz-sudo', '8.0.0' mod 'saz-sudo', '8.0.0'
mod 'dalen-puppetdbquery', '3.0.1'
mod 'bind', mod 'bind',
:git => 'https://git.unkin.net/unkinben/puppet-bind.git', :git => 'https://git.unkin.net/unkinben/puppet-bind.git',

1
hieradata/common.yaml
View File

@ -7,6 +7,7 @@ profiles::base::puppet_servers:
- 'prodinf01n01.main.unkin.net' - 'prodinf01n01.main.unkin.net'
profiles::dns::master::basedir: '/var/named/sources' profiles::dns::master::basedir: '/var/named/sources'
profiles::dns::base::ns_role: 'roles::infra::dns::resolver'
profiles::packages::base: profiles::packages::base:
- bash-completion - bash-completion

4
site/profiles/manifests/base.pp
View File

@ -29,11 +29,9 @@ class profiles::base (
include profiles::base::hosts include profiles::base::hosts
include profiles::accounts::sysadmin include profiles::accounts::sysadmin
include profiles::ntp::client include profiles::ntp::client
include profiles::dns::base
include profiles::cloudinit::init include profiles::cloudinit::init
# configure dns records for client
profiles::dns::client {"${facts['networking']['fqdn']}-default":}
# include the python class # include the python class
class { 'python': class { 'python':
manage_python_package => true, manage_python_package => true,

31
site/profiles/manifests/dns/base.pp Normal file
View File

@ -0,0 +1,31 @@
# profiles::dns::base
class profiles::dns::base (
String $ns_role = undef,
Array $search = [],
Array $nameservers = ['8.8.8.8', '1.1.1.1'],
){
# if ns_role is set, find all hosts matching that enc_role
if $ns_role == undef {
$nameserver_array = $nameservers
}else{
$nameserver_array = query_nodes("enc_role='${ns_role}'", 'networking.ip')
}
# if search is undef, fallback to domainname from facts
if $search == [] {
$search_array = [$::facts['networking']['domain']]
}else{
$search_array = $search
}
# include resolvconf class
class { 'profiles::dns::resolvconf':
nameservers => $nameserver_array,
search_domains => $search_array,
}
# export dns records for client
profiles::dns::client {"${facts['networking']['fqdn']}-default":}
}

6
site/profiles/manifests/dns/client.pp
View File

@ -1,8 +1,8 @@
# profiles::dns::client # profiles::dns::client
define profiles::dns::client ( define profiles::dns::client (
Boolean $forward = true, Boolean $forward = true,
Boolean $reverse = true, Boolean $reverse = true,
Integer $order = 10, Integer $order = 10,
){ ){
$intf = $facts['networking']['primary'] $intf = $facts['networking']['primary']

14
site/profiles/manifests/dns/resolvconf.pp Normal file
View File

@ -0,0 +1,14 @@
# profiles::dns::resolvconf
class profiles::dns::resolvconf (
Array[String] $nameservers,
Array[String] $search_domains,
) {
file { '/etc/resolv.conf':
ensure => file,
owner => 'root',
group => 'root',
mode => '0644',
content => template('profiles/dns/resolvconf.erb'),
}
}

7
site/profiles/templates/dns/resolvconf.erb Normal file
View File

@ -0,0 +1,7 @@
# Managed by Puppet
<% @nameservers.each do |ns| -%>
nameserver <%= ns %>
<% end -%>
<% unless @search_domains.empty? -%>
search <%= @search_domains.join(' ') %>
<% end -%>