From 40531e21eb8496424ee2d90344924ed103e3762e Mon Sep 17 00:00:00 2001
From: Nate Riffe <inkblot@movealong.org>
Date: Thu, 7 Jul 2016 21:15:41 -0500
Subject: [PATCH] Implement a helper script for zone reloads

It turns out the `rndc` command that was intended to reload a managed zone
wasn't working (see PR #91 for reference) if more than one view included the
zone. The helper script is really just a wrapper around the `rndc` command
itself, it translates its final parameter into a domain/class/view tuple and
pass the leading parameters and the tuple to `rndc`.
---
 data/common.yaml            |  1 -
 manifests/init.pp           | 27 +++++++++++++++++----------
 manifests/view.pp           |  5 +++++
 manifests/zone.pp           |  6 +++++-
 templates/rndc-helper.erb   | 19 +++++++++++++++++++
 templates/view-mappings.erb |  3 +++
 6 files changed, 49 insertions(+), 12 deletions(-)
 create mode 100644 templates/rndc-helper.erb
 create mode 100644 templates/view-mappings.erb

diff --git a/data/common.yaml b/data/common.yaml
index 14f23a3..858f028 100644
--- a/data/common.yaml
+++ b/data/common.yaml
@@ -1,7 +1,6 @@
 ---
 bind::defaults::supported: false
 bind::defaults::random_device: '/dev/random'
-bind::defaults::rndc: true
 
 bind::forwarders: ''
 bind::dnssec: true
diff --git a/manifests/init.pp b/manifests/init.pp
index 601ef93..bb2a91c 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -5,7 +5,6 @@ class bind (
     $dnssec                = true,
     $filter_ipv6           = false,
     $version               = '',
-    $rndc                  = undef,
     $statistics_port       = undef,
     $auth_nxdomain         = false,
     $include_default_zones = true,
@@ -43,15 +42,21 @@ class bind (
         }
     }
 
-    if $rndc {
-        # rndc only supports HMAC-MD5
-        bind::key { 'rndc-key':
-            algorithm   => 'hmac-md5',
-            secret_bits => '512',
-            keydir      => $confdir,
-            keyfile     => 'rndc.key',
-            include     => false,
-        }
+    # rndc only supports HMAC-MD5
+    bind::key { 'rndc-key':
+        algorithm   => 'hmac-md5',
+        secret_bits => '512',
+        keydir      => $confdir,
+        keyfile     => 'rndc.key',
+        include     => false,
+    }
+
+    file { '/usr/local/bin/rndc-helper':
+        ensure  => present,
+        owner   => 'root',
+        group   => 'root',
+        mode    => '0755',
+        content => template('bind/rndc-helper.erb'),
     }
 
     file { "${confdir}/zones":
@@ -77,6 +82,8 @@ class bind (
         "${confdir}/acls.conf",
         "${confdir}/keys.conf",
         "${confdir}/views.conf",
+        "${confdir}/view-mappings.txt",
+        "${confdir}/domain-mappings.txt",
         ]:
         owner   => 'root',
         group   => $bind_group,
diff --git a/manifests/view.pp b/manifests/view.pp
index 8f9a785..3efea20 100644
--- a/manifests/view.pp
+++ b/manifests/view.pp
@@ -25,4 +25,9 @@ define bind::view (
         target  => "${::bind::confdir}/views.conf",
         content => template('bind/view.erb'),
     }
+
+    concat::fragment { "bind-view-mappings-${name}":
+        target  => "${::bind::confdir}/view-mappings.txt",
+        content => template('bind/view-mappings.erb'),
+    }
 }
diff --git a/manifests/zone.pp b/manifests/zone.pp
index 27d68ac..07a4fca 100644
--- a/manifests/zone.pp
+++ b/manifests/zone.pp
@@ -115,7 +115,7 @@ define bind::zone (
 
         if $zone_file_mode == 'managed' {
             exec { "rndc reload ${_domain}":
-                command     => "/usr/sbin/rndc reload ${_domain}",
+                command     => "/usr/local/bin/rndc-helper reload ${name}",
                 user        => $bind_user,
                 refreshonly => true,
                 require     => Service['bind'],
@@ -161,4 +161,8 @@ define bind::zone (
         require => Package['bind'],
     }
 
+    concat::fragment { "bind-zone-mapping-${name}":
+        target  => "${::bind::confdir}/domain-mappings.txt",
+        content => "${name}:${_domain}\n",
+    }
 }
diff --git a/templates/rndc-helper.erb b/templates/rndc-helper.erb
new file mode 100644
index 0000000..094f360
--- /dev/null
+++ b/templates/rndc-helper.erb
@@ -0,0 +1,19 @@
+#!/bin/bash
+
+CONFDIR=<%= @confdir %>
+
+function param_lookup() {
+  local zone_name="${1}"
+  local domain="$(grep "^${zone_name}:" ${CONFDIR}/domain-mappings.txt | cut -f2 -d:)"
+  grep "^${zone_name}:" ${CONFDIR}/view-mappings.txt | cut -f2 -d: | sed -e "s/\(.*\)/${domain} IN \1/"
+}
+
+zone_name="${!#}"
+
+param_lookup "${zone_name}" | while read Z; do
+  if [ $# == 1 ]; then
+    echo $Z
+  else
+    sudo rndc "${@:1:$(($# - 1))}" $Z
+  fi
+done
diff --git a/templates/view-mappings.erb b/templates/view-mappings.erb
new file mode 100644
index 0000000..00b58c5
--- /dev/null
+++ b/templates/view-mappings.erb
@@ -0,0 +1,3 @@
+<%- @zones.each do |zone| -%>
+<%= zone %>:<%= @name %>
+<%- end -%>