feat: add dns resolver/master classes

- define resolver and master dns server
- export A and PTR records from dns clients
- collect exported resources for master
- create hiera structure for acls, zones and views
This commit is contained in:
2023-11-11 23:00:55 +11:00
parent 1ff4611318
commit 76b54fc59d
13 changed files with 231 additions and 2 deletions
+27
View File
@@ -0,0 +1,27 @@
# frozen_string_literal: true
# arpa_fact.rb
require 'facter'
Facter.add(:arpa) do
setcode do
arpa_info = {}
Facter.value(:networking)['interfaces'].each do |interface_name, values|
next unless values.key?('ip')
ip_address = values['ip']
reversed_ip_parts = ip_address.split('.').reverse
addr = "#{reversed_ip_parts.join('.')}.in-addr.arpa"
trimmed_ip_parts = reversed_ip_parts[1..]
zone = "#{trimmed_ip_parts.join('.')}.in-addr.arpa"
arpa_info[interface_name] = {
'zone' => zone,
'addr' => addr
}
end
arpa_info
end
end
+3
View File
@@ -30,6 +30,9 @@ class profiles::base (
include profiles::accounts::sysadmin
include profiles::ntp::client
# configure dns records for client
profiles::dns::client {"${facts['networking']['fqdn']}-default":}
# include the python class
class { 'python':
manage_python_package => true,
+34
View File
@@ -0,0 +1,34 @@
# profiles::dns::client
define profiles::dns::client (
Integer $ttl = 600,
String $intf = $facts['networking']['primary'],
String $addr = $facts['networking']['ip'],
String $fqdn = $facts['networking']['fqdn'],
Boolean $forward = true,
Boolean $reverse = true,
){
if $forward {
@@resource_record { "${fqdn}_${intf}-a":
ensure => present,
record => $::facts['networking']['fqdn'],
type => 'A',
data => [$::facts['networking']['ip']],
ttl => $ttl,
zone => "${::facts['networking']['domain']}-master",
tag => 'master-a-record',
}
}
if $reverse {
@@resource_record { "${fqdn}_${addr}-ptr":
ensure => present,
record => $::facts['arpa'][$intf]['addr'],
type => 'PTR',
data => [$fqdn],
ttl => $ttl,
zone => "${::facts['arpa'][$intf]['zone']}-master",
tag => 'master-ptr-record',
}
}
}
+27
View File
@@ -0,0 +1,27 @@
# profiles::dns::master authoritative service
class profiles::dns::master (
Hash $acls = {},
Hash $zones = {},
Hash $views = {},
Hash[
String,
String
] $tags = {},
Boolean $dnssec = false,
){
class {'profiles::dns::server':
acls => $acls,
zones => $zones,
views => $views,
forwarders => [],
dnssec => $dnssec,
}
# collect records
$tags.each | String $key, String $tag_value | {
if $tag_value != undef {
Resource_record <<| tag == $tag_value |>>
}
}
}
+16
View File
@@ -0,0 +1,16 @@
# profiles::dns::resolver
class profiles::dns::resolver (
Hash $acls = {},
Hash $zones = {},
Hash $views = {},
Array $forwarders = ['8.8.8.8', '1.1.1.1'],
){
class {'profiles::dns::server':
acls => $acls,
zones => $zones,
views => $views,
forwarders => $forwarders,
}
}
+44
View File
@@ -0,0 +1,44 @@
# profiles::dns::server
class profiles::dns::server (
Hash $acls = {},
Hash $zones = {},
Hash $views = {},
Array $forwarders = ['8.8.8.8', '1.1.1.1'],
Boolean $dnssec = true,
){
# if forwarders are empty, set it to undef
if $forwarders == [] {
$use_forwarders = undef
}else{
$use_forwarders = $forwarders
}
# setup base bind server
class { 'bind':
forwarders => $use_forwarders,
dnssec => $dnssec,
version => 'Controlled by Puppet',
}
# if acls, import them
$acls.each | $name, $data | {
bind::acl { $name:
* => $data,
}
}
# if zones, import them
$zones.each | $name, $data | {
bind::zone { $name:
* => $data,
}
}
# if views, import them
$views.each | $name, $data | {
bind::view { $name:
* => $data,
}
}
}