fix: enable dynamic/tsig updates

- add eyaml to hiera.yaml
- consolidate all paths into single tree
- change to new profiles::dns::client wrapper
- change to new profiles::dns::record wrapper
- change to use concat method to build zone file
This commit is contained in:
2023-11-13 22:17:59 +11:00
parent 4b0b2b1ed0
commit c996c9b7e3
11 changed files with 149 additions and 37 deletions
+2
View File
@@ -6,6 +6,8 @@ profiles::ntp::client::peers:
profiles::base::puppet_servers:
- 'prodinf01n01.main.unkin.net'
profiles::dns::master::basedir: '/var/named/sources'
profiles::packages::base:
- bash-completion
- ccze
+3
View File
@@ -0,0 +1,3 @@
---
profiles::dns::master::secret: ENC[PKCS7,MIIBygYJKoZIhvcNAQcDoIIBuzCCAbcCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAJSp35spGbW0doI4arooNlpVW8JFlftPttnCE/P9bsmlCiA2DIfqu+ug3ZpHc7ELjA+PLJ7/IwZmpm+pfKpeSfZhw3zxFSpGUAi1q94VUnqLx6AbTgWJKT2ral6ZM/PGQSYaZB22rSvMWN7S7ow57yka3umW1KzUVDvqonJkFV2rrcfMrQU+xUm1BqHYd/zHcX6U5q4zAX3GG66jHYJzhMtzjUCeGaDZoMdw7T0nLGA5JFfVbXml3P/EH3lNMWtKT4LVEuJEier+GQA3y4mAwnKTiOml0DWH5Imbrx5beqEnsnN1AETTM21oq8Iv8kJEQMnxo0xxWj74MLG3/c1oB1zCBjAYJKoZIhvcNAQcBMB0GCWCGSAFlAwQBKgQQMoKOR5PV7MNG9dCAu2sDF4BgCaGIhzEdQIcKBcst+u7vq2pw5vGBeTdz0J+waFyL9IrBmNu9akfIanKauYEU1cPa9KwT5tW2AG4yGpOebW/W+zjlUvupvctWG81zMTrq6So/zSl5dcHU0gX9R8zBb0vF]
+18 -8
View File
@@ -1,28 +1,38 @@
---
profiles::dns::master::nameservers:
- prodinf01n23.main.unkin.net
- prodinf01n24.main.unkin.net
profiles::dns::master::acls:
acl-main.unkin.net:
addresses:
- 198.18.17.0/24
profiles::dns::master::zones:
main.unkin.net-master:
main.unkin.net:
domain: 'main.unkin.net'
zone_type: 'master'
dynamic: false
17.18.198.in-addr.arpa-master:
ns_notify: true
source: '/var/named/sources/main.unkin.net.conf'
17.18.198.in-addr.arpa:
domain: '17.18.198.in-addr.arpa'
zone_type: 'master'
dynamic: false
ns_notify: true
source: '/var/named/sources/17.18.198.in-addr.arpa.conf'
profiles::dns::master::views:
authoritive:
master-zones:
recursion: false
zones:
- main.unkin.net-master
- 17.18.198.in-addr.arpa-master
- main.unkin.net
- 17.18.198.in-addr.arpa
match_clients:
- acl-main.unkin.net
profiles::dns::master::tags:
ptr: 'master-ptr-records'
a: 'master-a-records'
profiles::dns::master::keys:
rndskey:
secret_bits: 512
algorithm: hmac-sha256
secret: "%{lookup('profiles::dns::master::secret')}"