fix: enable dynamic/tsig updates

- add eyaml to hiera.yaml
- consolidate all paths into single tree
- change to new profiles::dns::client wrapper
- change to new profiles::dns::record wrapper
- change to use concat method to build zone file
This commit is contained in:
2023-11-13 22:17:59 +11:00
parent 4b0b2b1ed0
commit c996c9b7e3
11 changed files with 149 additions and 37 deletions
+15 -18
View File
@@ -1,34 +1,31 @@
# profiles::dns::client
define profiles::dns::client (
Integer $ttl = 600,
String $intf = $facts['networking']['primary'],
String $addr = $facts['networking']['ip'],
String $fqdn = $facts['networking']['fqdn'],
Boolean $forward = true,
Boolean $reverse = true,
Integer $order = 10,
){
$intf = $facts['networking']['primary']
$fqdn = $facts['networking']['fqdn']
$last_octet = regsubst($::facts['networking']['ip'], '^.*\.', '')
if $forward {
@@resource_record { "${fqdn}_${intf}-a":
ensure => present,
record => $::facts['networking']['fqdn'],
profiles::dns::record { "${fqdn}_${intf}_A":
value => $::facts['networking']['ip'],
type => 'A',
data => [$::facts['networking']['ip']],
ttl => $ttl,
zone => "${::facts['networking']['domain']}-master",
tag => 'master-a-record',
record => $::facts['networking']['hostname'],
zone => $::facts['networking']['domain'],
order => $order,
}
}
if $reverse {
@@resource_record { "${fqdn}_${addr}-ptr":
ensure => present,
record => $::facts['arpa'][$intf]['addr'],
profiles::dns::record { "${fqdn}_${intf}_PTR":
value => "${::facts['networking']['fqdn']}.",
type => 'PTR',
data => [$fqdn],
ttl => $ttl,
zone => "${::facts['arpa'][$intf]['zone']}-master",
tag => 'master-ptr-record',
record => $last_octet,
zone => $::facts['arpa'][$intf]['zone'],
order => $order,
}
}
}
+24 -4
View File
@@ -1,12 +1,17 @@
# profiles::dns::master authoritative service
class profiles::dns::master (
Array[String] $nameservers,
Stdlib::AbsolutePath $basedir,
Hash $acls = {},
Hash $zones = {},
Hash $views = {},
Hash $keys = {},
Hash[
String,
String
] $tags = {},
String $owner = 'root',
String $group = 'named',
Boolean $dnssec = false,
){
@@ -14,14 +19,29 @@ class profiles::dns::master (
acls => $acls,
zones => $zones,
views => $views,
keys => $keys,
forwarders => [],
dnssec => $dnssec,
}
# collect records
$tags.each | String $key, String $tag_value | {
if $tag_value != undef {
Resource_record <<| tag == $tag_value |>>
# ensure the target basedir exists
file { $basedir:
ensure => directory,
owner => $owner,
group => $group,
}
# create zones
$zones.each | String $name, Hash $data | {
if $data['zone_type'] == 'master' {
profiles::dns::zone { $name:
zone => $data['domain'],
basedir => $basedir,
nameservers => $nameservers,
owner => $owner,
group => $group,
before => Bind::Zone[$name]
}
}
}
}
+23
View File
@@ -0,0 +1,23 @@
# defines the base record that will be exported
define profiles::dns::record (
String $record,
Enum[
'PTR',
'A',
'CNAME',
'MX',
'NS',
'SRV',
'TXT'
] $type,
String $value,
String $zone,
Integer $order,
Stdlib::AbsolutePath $basedir = lookup('profiles::dns::master::basedir'),
) {
@@concat::fragment { "${zone}_${name}":
target => "${basedir}/${zone}.conf",
content => "${record} IN ${type} ${value}\n",
order => $order,
}
}
+2
View File
@@ -3,6 +3,7 @@ class profiles::dns::resolver (
Hash $acls = {},
Hash $zones = {},
Hash $views = {},
Hash $keys = {},
Array $forwarders = ['8.8.8.8', '1.1.1.1'],
){
@@ -10,6 +11,7 @@ class profiles::dns::resolver (
acls => $acls,
zones => $zones,
views => $views,
keys => $keys,
forwarders => $forwarders,
}
+8
View File
@@ -3,6 +3,7 @@ class profiles::dns::server (
Hash $acls = {},
Hash $zones = {},
Hash $views = {},
Hash $keys = {},
Array $forwarders = ['8.8.8.8', '1.1.1.1'],
Boolean $dnssec = true,
){
@@ -21,6 +22,13 @@ class profiles::dns::server (
version => 'Controlled by Puppet',
}
# if keys, import them
$keys.each | $name, $data | {
bind::key { $name:
* => $data,
}
}
# if acls, import them
$acls.each | $name, $data | {
bind::acl { $name:
+27
View File
@@ -0,0 +1,27 @@
# defines a zone
define profiles::dns::zone (
String $zone,
Array[String] $nameservers,
Stdlib::AbsolutePath $basedir,
String $owner,
String $group,
) {
# Define the concat resource for the zone file
concat { "${basedir}/${zone}.conf":
ensure => present,
owner => $owner,
group => $group,
mode => '0640',
}
# Add the header fragment (from the template)
concat::fragment { "${basedir}/${zone}_header":
target => "${basedir}/${zone}.conf",
content => template('profiles/dns/zone_header.erb'),
order => '01',
}
# Collect exported fragments for this zone
Concat::Fragment <<| target == "${basedir}/${zone}.conf" |>>
}
@@ -0,0 +1,16 @@
; Managed by Puppet, do not change manually
$ORIGIN <%= @zone %>.
$TTL 600
@ IN SOA <%= @nameservers[0] %>. hostmaster.<%= @zone %>. (
1 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
600 ) ; Negative Cache TTL
; Name servers
<% @nameservers.each do |ns| -%>
@ IN NS <%= ns %>.
<% end %>
; Dynamically generated host records