unkinben/puppet-bind
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Turn params into defaults and formalize it

Browse Source 
The `params` vs. `bind` class distinction has been blurry for a long time. I'm
formalizing it.

`params` is now `defaults` and its purpose is to gather platform-specific
variation into a single scope. These variables are related to situating a BIND
server on a particular platform and it should not ever be necessary or perhaps
even possible to change them as a matter of preference. Rather, correct values
are function of e.g. `$osfamily` or `$operatingsystem`.

The parameters of the `bind` class are limited to those that control the
server's feature set. These parameters *are* matters of preference and/or
purpose, rather than platform.

Also, I have taken some care to develop a convention for direct references to
qualified parameters where they are re-scoped into the local scope centrally at
the top first, and subsequent references are to the local value. This should
minimize future code churn and also aid readability.
This commit is contained in:
Nate Riffe 2015-12-26 10:06:24 -06:00
parent 07a7aca153
commit 3bfcc19a3e
10 changed files with 70 additions and 66 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
data/common.yaml
View File

@ -1,10 +1,11 @@
---
bind::params::supported: false
bind::defaults::supported: false
bind::defaults::random_device: '/dev/random'
bind::defaults::rndc: true
bind::forwarders: ''
bind::dnssec: true
bind::version: ''
bind::random_device: '/dev/random'
bind::include_local: false
bind::updater::keydir: '/etc/nsupdate-keys'

19
data/osfamily/Debian.yaml
View File

@ -1,13 +1,12 @@
---
bind::params::supported: true
bind::params::bind_user: 'bind'
bind::params::bind_group: 'bind'
bind::params::bind_package: 'bind9'
bind::params::bind_service: 'bind9'
bind::params::nsupdate_package: 'dnsutils'
bind::params::confdir: '/etc/bind'
bind::namedconf: '/etc/bind/named.conf'
bind::cachedir: '/var/cache/bind'
bind::rndc: true
bind::defaults::supported: true
bind::defaults::bind_user: 'bind'
bind::defaults::bind_group: 'bind'
bind::defaults::bind_package: 'bind9'
bind::defaults::bind_service: 'bind9'
bind::defaults::nsupdate_package: 'dnsutils'
bind::defaults::confdir: '/etc/bind'
bind::defaults::namedconf: '/etc/bind/named.conf'
bind::defaults::cachedir: '/var/cache/bind'
bind::updater::keydir: '/etc/bind/keys'

21
data/osfamily/RedHat.yaml
View File

@ -1,14 +1,13 @@
---
bind::params::supported: true
bind::params::bind_user: 'named'
bind::params::bind_group: 'named'
bind::params::bind_package: 'bind'
bind::params::bind_service: 'named'
bind::params::nsupdate_package: 'bind-utils'
bind::params::managed_keys_directory: '/var/named/dynamic'
bind::params::confdir: '/etc/named'
bind::namedconf: '/etc/named.conf'
bind::cachedir: '/var/named'
bind::rndc: true
bind::defaults::supported: true
bind::defaults::bind_user: 'named'
bind::defaults::bind_group: 'named'
bind::defaults::bind_package: 'bind'
bind::defaults::bind_service: 'named'
bind::defaults::nsupdate_package: 'bind-utils'
bind::defaults::managed_keys_directory: '/var/named/dynamic'
bind::defaults::confdir: '/etc/named'
bind::defaults::namedconf: '/etc/named.conf'
bind::defaults::cachedir: '/var/named'
bind::updater::keydir: '/etc/named/keys'

19
manifests/defaults.pp Normal file
View File

@ -0,0 +1,19 @@
# ex: syntax=puppet si ts=4 sw=4 et
class bind::defaults (
$supported = undef,
$confdir = undef,
$namedconf = undef,
$cachedir = undef,
$random_device = undef,
$bind_user = undef,
$bind_group = undef,
$bind_package = undef,
$bind_service = undef,
$nsupdate_package = undef,
$managed_keys_directory = undef,
) {
unless $supported {
fail('Platform is not supported')
}
}

15
manifests/init.pp
View File

@ -1,17 +1,14 @@
# ex: syntax=puppet si ts=4 sw=4 et
class bind (
$namedconf = undef,
$cachedir = undef,
$forwarders = undef,
$dnssec = undef,
$version = undef,
$forwarders = '',
$dnssec = true,
$version = '',
$rndc = undef,
$statistics_port = undef,
$random_device = undef,
$include_local = undef,
) inherits bind::params {
$auth_nxdomain = false
$auth_nxdomain = false,
$include_local = false,
) inherits bind::defaults {
File {
ensure => present,

8
manifests/key.pp
View File

@ -5,13 +5,13 @@ define bind::key (
$secret_bits = 256,
$algorithm = 'hmac-sha256',
$owner = 'root',
$group = $bind::params::bind_group,
$group = $::bind::defaults::bind_group,
$keydir = $::bind::keydir::keydir,
$keyfile = undef,
$include = true,
) {
include bind::params
$confdir = $::bind::params::confdir
# Pull some platform defaults into the local scope
$confdir = $::bind::defaults::confdir
# Generate a key of size $secret_bits if no $secret
$secret_actual = $secret ? {
@ -45,7 +45,7 @@ define bind::key (
concat::fragment { "bind-key-${name}":
order => '10',
target => "${bind::params::confdir}/keys.conf",
target => "${confdir}/keys.conf",
content => "include \"${keydir}/${key_file_name}\";\n",
}
}

16
manifests/params.pp
View File

@ -1,16 +0,0 @@
# ex: syntax=puppet si ts=4 sw=4 et
class bind::params (
$supported,
$bind_user,
$bind_group,
$bind_package,
$bind_service,
$nsupdate_package,
$managed_keys_directory = undef,
$confdir,
) {
unless $supported {
fail('Platform is not supported')
}
}

2
manifests/updater.pp
View File

@ -2,7 +2,7 @@
class bind::updater (
$keydir = undef,
) inherits bind::params {
) inherits bind::defaults {
if $nsupdate_package {
package { 'nsupdate':

27
manifests/zone.pp
View File

@ -21,8 +21,13 @@ define bind::zone (
) {
# where there is a zone, there is a server
include bind
$cachedir = $::bind::cachedir
$random_device = $::bind::random_device
# Pull some platform defaults into the local scope
$cachedir = $::bind::defaults::cachedir
$random_device = $::bind::defaults::random_device
$bind_user = $::bind::defaults::bind_user
$bind_group = $::bind::defaults::bind_group
$_domain = pick($domain, $name)
unless !($masters != '' and ! member(['slave', 'stub'], $zone_type)) {
@ -75,8 +80,8 @@ define bind::zone (
if member(['init', 'managed', 'allowed'], $zone_file_mode) {
file { "${cachedir}/${name}":
ensure => directory,
owner => $::bind::params::bind_user,
group => $::bind::params::bind_group,
owner => $bind_user,
group => $bind_group,
mode => '0755',
require => Package['bind'],
}
@ -84,8 +89,8 @@ define bind::zone (
if member(['init', 'managed'], $zone_file_mode) {
file { "${cachedir}/${name}/${_domain}":
ensure => present,
owner => $::bind::params::bind_user,
group => $::bind::params::bind_group,
owner => $bind_user,
group => $bind_group,
mode => '0644',
replace => ($zone_file_mode == 'managed'),
source => pick($source, 'puppet:///modules/bind/db.empty'),
@ -96,7 +101,7 @@ define bind::zone (
if $zone_file_mode == 'managed' {
exec { "rndc reload ${_domain}":
command => "/usr/sbin/rndc reload ${_domain}",
user => $::bind::params::bind_user,
user => $bind_user,
refreshonly => true,
require => Service['bind'],
subscribe => File["${cachedir}/${name}/${_domain}"],
@ -113,7 +118,7 @@ define bind::zone (
command => "/usr/local/bin/dnssec-init '${cachedir}' '${name}'\
'${_domain}' '${key_directory}' '${random_device}' '${nsec3_salt}'",
cwd => $cachedir,
user => $::bind::params::bind_user,
user => $bind_user,
creates => "${cachedir}/${name}/${_domain}.signed",
timeout => 0, # crypto is hard
require => [
@ -123,8 +128,8 @@ define bind::zone (
}
file { "${cachedir}/${name}/${_domain}.signed":
owner => $::bind::params::bind_user,
group => $::bind::params::bind_group,
owner => $bind_user,
group => $bind_group,
mode => '0644',
audit => [ content ],
}
@ -133,7 +138,7 @@ define bind::zone (
file { "${::bind::confdir}/zones/${name}.conf":
ensure => present,
owner => 'root',
group => $::bind::params::bind_group,
group => $bind_group,
mode => '0644',
content => template('bind/zone.conf.erb'),
notify => Service['bind'],

4
spec/fixtures/hiera/common.yaml vendored
View File

@ -1,3 +1,3 @@
---
bind::params::confdir: '_CONFDIR_'
bind::namedconf: '_NAMEDCONF_'
bind::defaults::confdir: '_CONFDIR_'
bind::defaults::namedconf: '_NAMEDCONF_'