ae256b7c0b
ci/woodpecker/pr/erb-validate Pipeline was successful
ci/woodpecker/pr/ruby-validate Pipeline was successful
ci/woodpecker/pr/puppet-lint Pipeline was successful
ci/woodpecker/pr/yamllint Pipeline was successful
ci/woodpecker/pr/bolt-validate Pipeline was successful
ci/woodpecker/pr/epp-validate Pipeline was successful
ci/woodpecker/pr/puppet-validate Pipeline was successful
ci/woodpecker/pr/ruby-check Pipeline was successful
Replace deprecated dalen-puppetdbquery module with native puppetdb_query function using PQL syntax to resolve URI.escape compatibility issues. This is required to migrated to Puppet 8 (and kubernetes). Changes: - Remove dalen-puppetdbquery dependency from Puppetfile - Replace query_nodes() calls with puppetdb_query() using PQL syntax - Update 27 function calls across 18 Puppet manifests - Maintain equivalent functionality with improved compatibility
101 lines
3.1 KiB
Puppet
101 lines
3.1 KiB
Puppet
# profiles::dns::master authoritative service
|
|
class profiles::dns::master (
|
|
Stdlib::AbsolutePath $basedir,
|
|
Hash $acls = {},
|
|
Hash $zones = {},
|
|
Hash $views = {},
|
|
Hash $keys = {},
|
|
Hash[
|
|
String,
|
|
String
|
|
] $tags = {},
|
|
String $owner = 'root',
|
|
String $group = 'named',
|
|
Boolean $dnssec = false,
|
|
Variant[String, Undef] $ns_role = undef,
|
|
Enum['all', 'region', 'country'] $use_ns = 'all',
|
|
){
|
|
|
|
# if ns_role is set, find all hosts matching that enc_role, otherwise use the current host
|
|
$nameservers_array = $ns_role ? {
|
|
undef => [$facts['networking']['fqdn']],
|
|
default => $use_ns ? {
|
|
'all' => sort(puppetdb_query(
|
|
"facts[certname] { name = 'enc_role' and value = '${ns_role}' }"
|
|
).map |$fact| { $fact['certname'] }),
|
|
'region' => sort(puppetdb_query(
|
|
"facts[certname] {
|
|
name = 'enc_role' and value = '${ns_role}' and
|
|
certname in facts[certname] { name = 'region' and value = '${facts['region']}' }
|
|
}"
|
|
).map |$fact| { $fact['certname'] }),
|
|
'country' => sort(puppetdb_query(
|
|
"facts[certname] {
|
|
name = 'enc_role' and value = '${ns_role}' and
|
|
certname in facts[certname] { name = 'country' and value = '${facts['country']}' }
|
|
}"
|
|
).map |$fact| { $fact['certname'] }),
|
|
}
|
|
}
|
|
|
|
# create a hash of hostname => ip, which will be used to create glue records
|
|
$glue_records_map = $ns_role ? {
|
|
undef => {
|
|
$facts['networking']['fqdn'] => $facts['networking']['ip']
|
|
},
|
|
default => $nameservers_array.reduce({}) |$acc, $fqdn| {
|
|
$result = puppetdb_query(
|
|
"facts[certname,value] { name = 'networking' and certname = '${fqdn}' }"
|
|
).map |$fact| { $fact['value']['ip'] }
|
|
$ip = $result[0]
|
|
$acc + { "${fqdn}." => $ip }
|
|
}
|
|
}
|
|
|
|
# if nameservers is empty, use the current host, otherwise use nameservers_array as nameservers
|
|
$nameservers = empty($nameservers_array) ? {
|
|
true => [$facts['networking']['fqdn']],
|
|
false => $nameservers_array,
|
|
default => [$facts['networking']['fqdn']],
|
|
}
|
|
|
|
class {'profiles::dns::server':
|
|
acls => $acls,
|
|
zones => $zones,
|
|
views => $views,
|
|
keys => $keys,
|
|
forwarders => [],
|
|
dnssec => $dnssec,
|
|
}
|
|
|
|
# ensure the target basedir exists
|
|
file { $basedir:
|
|
ensure => directory,
|
|
owner => $owner,
|
|
group => $group,
|
|
}
|
|
|
|
# create zones
|
|
$zones.each | String $name, Hash $data | {
|
|
|
|
# only add glue records when the domain isnt reverse dns, or main.unkin.net
|
|
# - since the hosts will already be in main.unkin.net
|
|
if $data['zone_type'] == 'master' {
|
|
$glue_records = $data['domain'] ? {
|
|
/in-addr\.arpa$/ => undef,
|
|
'main.unkin.net' => undef,
|
|
default => $glue_records_map,
|
|
}
|
|
profiles::dns::zone { $name:
|
|
zone => $data['domain'],
|
|
basedir => $basedir,
|
|
nameservers => $nameservers,
|
|
owner => $owner,
|
|
group => $group,
|
|
before => Bind::Zone[$name],
|
|
glue_records => $glue_records,
|
|
}
|
|
}
|
|
}
|
|
}
|