87 lines
2.6 KiB
Puppet
87 lines
2.6 KiB
Puppet
# profiles::dns::master authoritative service
|
|
class profiles::dns::master (
|
|
Stdlib::AbsolutePath $basedir,
|
|
Hash $acls = {},
|
|
Hash $zones = {},
|
|
Hash $views = {},
|
|
Hash $keys = {},
|
|
Hash[
|
|
String,
|
|
String
|
|
] $tags = {},
|
|
String $owner = 'root',
|
|
String $group = 'named',
|
|
Boolean $dnssec = false,
|
|
Variant[String, Undef] $ns_role = undef,
|
|
Enum['all', 'region', 'country'] $use_ns = 'all',
|
|
){
|
|
|
|
# if ns_role is set, find all hosts matching that enc_role, otherwise use the current host
|
|
$nameservers_array = $ns_role ? {
|
|
undef => [$facts['networking']['fqdn']],
|
|
default => $use_ns ? {
|
|
'all' => sort(query_nodes("enc_role='${ns_role}'", 'networking.fqdn')),
|
|
'region' => sort(query_nodes("enc_role='${ns_role}' and region=${facts['region']}", 'networking.fqdn')),
|
|
'country' => sort(query_nodes("enc_role='${ns_role}' and country=${facts['country']}", 'networking.fqdn')),
|
|
}
|
|
}
|
|
|
|
# create a hash of hostname => ip, which will be used to create glue records
|
|
$glue_records_map = $ns_role ? {
|
|
undef => {
|
|
$facts['networking']['fqdn'] => $facts['networking']['ip']
|
|
},
|
|
default => $nameservers_array.reduce({}) |$acc, $fqdn| {
|
|
$result = query_nodes("networking.fqdn='${fqdn}'", 'networking.ip')
|
|
$ip = $result[0]
|
|
$acc + { "${fqdn}." => $ip }
|
|
}
|
|
}
|
|
|
|
# if nameservers is empty, use the current host, otherwise use nameservers_array as nameservers
|
|
$nameservers = empty($nameservers_array) ? {
|
|
true => [$facts['networking']['fqdn']],
|
|
false => $nameservers_array,
|
|
default => [$facts['networking']['fqdn']],
|
|
}
|
|
|
|
class {'profiles::dns::server':
|
|
acls => $acls,
|
|
zones => $zones,
|
|
views => $views,
|
|
keys => $keys,
|
|
forwarders => [],
|
|
dnssec => $dnssec,
|
|
}
|
|
|
|
# ensure the target basedir exists
|
|
file { $basedir:
|
|
ensure => directory,
|
|
owner => $owner,
|
|
group => $group,
|
|
}
|
|
|
|
# create zones
|
|
$zones.each | String $name, Hash $data | {
|
|
|
|
# only add glue records when the domain isnt reverse dns, or main.unkin.net
|
|
# - since the hosts will already be in main.unkin.net
|
|
if $data['zone_type'] == 'master' {
|
|
$glue_records = $data['domain'] ? {
|
|
/in-addr\.arpa$/ => undef,
|
|
'main.unkin.net' => undef,
|
|
default => $glue_records_map,
|
|
}
|
|
profiles::dns::zone { $name:
|
|
zone => $data['domain'],
|
|
basedir => $basedir,
|
|
nameservers => $nameservers,
|
|
owner => $owner,
|
|
group => $group,
|
|
before => Bind::Zone[$name],
|
|
glue_records => $glue_records,
|
|
}
|
|
}
|
|
}
|
|
}
|