Files
puppet-prod/site/profiles/manifests/dns/base.pp
T
unkinben 476c8115c5 fix: replace puppetdbquery with native PQL queries (#457)
Replace deprecated dalen-puppetdbquery module with native puppetdb_query
function using PQL syntax to resolve URI.escape compatibility issues.
This is required to migrated to Puppet 8 (and kubernetes).

Changes:
- Remove dalen-puppetdbquery dependency from Puppetfile
- Replace query_nodes() calls with puppetdb_query() using PQL syntax
- Update 27 function calls across 18 Puppet manifests
- Maintain equivalent functionality with improved compatibility

Reviewed-on: #457
2026-03-21 22:35:42 +11:00

87 lines
2.6 KiB
Puppet

# profiles::dns::base
class profiles::dns::base (
Array $search = [],
Array $nameservers = ['198.18.13.12', '198.18.13.13'],
Optional[Enum[
'all',
'region',
'country'
]] $use_ns = undef,
String $primary_interface = $facts['networking']['primary'],
Optional[String] $ns_role = undef,
){
# install bind_utils
include bind::updater
# if ns_role is set, find all hosts matching that enc_role
$nameserver_array = $ns_role ? {
undef => $nameservers,
default => $use_ns ? {
'all' => puppetdb_query(
"facts[certname,value] {
name = 'networking' and
certname in nodes[certname] { facts.enc_role = '${ns_role}' }
}"
).map |$fact| { $fact['value']['ip'] },
'region' => puppetdb_query(
"facts[certname,value] {
name = 'networking' and
certname in nodes[certname] {
facts.enc_role = '${ns_role}' and facts.region = '${facts['region']}'
}
}"
).map |$fact| { $fact['value']['ip'] },
'country' => puppetdb_query(
"facts[certname,value] {
name = 'networking' and
certname in nodes[certname] {
facts.enc_role = '${ns_role}' and facts.country = '${facts['country']}'
}
}"
).map |$fact| { $fact['value']['ip'] },
}
}
# if nameservers not returned from puppetdb, use default
$use_nameservers = empty($nameserver_array) ? {
true => $nameservers,
false => $nameserver_array,
}
# if search is undef, fallback to domainname from facts
if $search == [] {
$search_array = [$::facts['networking']['domain']]
}else{
$search_array = $search
}
# include resolvconf class
class { 'profiles::dns::resolvconf':
nameservers => sort($use_nameservers),
search_domains => sort($search_array),
}
# export dns records for client
$facts['networking']['interfaces'].each | $interface, $data | {
# exclude those without ipv4 address, lo, docker0 and anycast addresses
if $data['ip'] and $interface != 'lo' and $interface != 'docker0' and $interface !~ /^anycast[0-9]$/ and $interface !~ /^cilium_/ {
# use defaults for the primary_interface
if $interface == $primary_interface {
profiles::dns::client {"${facts['networking']['fqdn']}-${interface}":
interface => $interface,
}
# update secondary interfaces
}else{
profiles::dns::client {"${facts['networking']['fqdn']}-${interface}":
interface => $interface,
hostname => "${facts['networking']['hostname']}-${interface}",
}
}
}
}
}