Files
puppet-prod/site/profiles/manifests/dns/master.pp
T
unkinben ae256b7c0b
ci/woodpecker/pr/erb-validate Pipeline was successful
ci/woodpecker/pr/ruby-validate Pipeline was successful
ci/woodpecker/pr/puppet-lint Pipeline was successful
ci/woodpecker/pr/yamllint Pipeline was successful
ci/woodpecker/pr/bolt-validate Pipeline was successful
ci/woodpecker/pr/epp-validate Pipeline was successful
ci/woodpecker/pr/puppet-validate Pipeline was successful
ci/woodpecker/pr/ruby-check Pipeline was successful
fix: replace puppetdbquery with native PQL queries
Replace deprecated dalen-puppetdbquery module with native puppetdb_query
function using PQL syntax to resolve URI.escape compatibility issues.
This is required to migrated to Puppet 8 (and kubernetes).

Changes:
- Remove dalen-puppetdbquery dependency from Puppetfile
- Replace query_nodes() calls with puppetdb_query() using PQL syntax
- Update 27 function calls across 18 Puppet manifests
- Maintain equivalent functionality with improved compatibility
2026-03-21 22:16:06 +11:00

101 lines
3.1 KiB
Puppet

# profiles::dns::master authoritative service
class profiles::dns::master (
Stdlib::AbsolutePath $basedir,
Hash $acls = {},
Hash $zones = {},
Hash $views = {},
Hash $keys = {},
Hash[
String,
String
] $tags = {},
String $owner = 'root',
String $group = 'named',
Boolean $dnssec = false,
Variant[String, Undef] $ns_role = undef,
Enum['all', 'region', 'country'] $use_ns = 'all',
){
# if ns_role is set, find all hosts matching that enc_role, otherwise use the current host
$nameservers_array = $ns_role ? {
undef => [$facts['networking']['fqdn']],
default => $use_ns ? {
'all' => sort(puppetdb_query(
"facts[certname] { name = 'enc_role' and value = '${ns_role}' }"
).map |$fact| { $fact['certname'] }),
'region' => sort(puppetdb_query(
"facts[certname] {
name = 'enc_role' and value = '${ns_role}' and
certname in facts[certname] { name = 'region' and value = '${facts['region']}' }
}"
).map |$fact| { $fact['certname'] }),
'country' => sort(puppetdb_query(
"facts[certname] {
name = 'enc_role' and value = '${ns_role}' and
certname in facts[certname] { name = 'country' and value = '${facts['country']}' }
}"
).map |$fact| { $fact['certname'] }),
}
}
# create a hash of hostname => ip, which will be used to create glue records
$glue_records_map = $ns_role ? {
undef => {
$facts['networking']['fqdn'] => $facts['networking']['ip']
},
default => $nameservers_array.reduce({}) |$acc, $fqdn| {
$result = puppetdb_query(
"facts[certname,value] { name = 'networking' and certname = '${fqdn}' }"
).map |$fact| { $fact['value']['ip'] }
$ip = $result[0]
$acc + { "${fqdn}." => $ip }
}
}
# if nameservers is empty, use the current host, otherwise use nameservers_array as nameservers
$nameservers = empty($nameservers_array) ? {
true => [$facts['networking']['fqdn']],
false => $nameservers_array,
default => [$facts['networking']['fqdn']],
}
class {'profiles::dns::server':
acls => $acls,
zones => $zones,
views => $views,
keys => $keys,
forwarders => [],
dnssec => $dnssec,
}
# ensure the target basedir exists
file { $basedir:
ensure => directory,
owner => $owner,
group => $group,
}
# create zones
$zones.each | String $name, Hash $data | {
# only add glue records when the domain isnt reverse dns, or main.unkin.net
# - since the hosts will already be in main.unkin.net
if $data['zone_type'] == 'master' {
$glue_records = $data['domain'] ? {
/in-addr\.arpa$/ => undef,
'main.unkin.net' => undef,
default => $glue_records_map,
}
profiles::dns::zone { $name:
zone => $data['domain'],
basedir => $basedir,
nameservers => $nameservers,
owner => $owner,
group => $group,
before => Bind::Zone[$name],
glue_records => $glue_records,
}
}
}
}