unkinben/puppet-bind
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #65 from inkblot/defaults-not-params

Browse Source 
Turn `params` into `defaults` and formalize it
This commit is contained in:
Nate Riffe 2015-12-26 10:22:38 -06:00
commit 4f04a1f066
10 changed files with 70 additions and 66 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
data/common.yaml
View File

@ -1,10 +1,11 @@
--- ---
bind::params::supported: false bind::defaults::supported: false
bind::defaults::random_device: '/dev/random'
bind::defaults::rndc: true
bind::forwarders: '' bind::forwarders: ''
bind::dnssec: true bind::dnssec: true
bind::version: '' bind::version: ''
bind::random_device: '/dev/random'
bind::include_local: false bind::include_local: false
bind::updater::keydir: '/etc/nsupdate-keys' bind::updater::keydir: '/etc/nsupdate-keys'

19
data/osfamily/Debian.yaml
View File

@ -1,13 +1,12 @@
--- ---
bind::params::supported: true bind::defaults::supported: true
bind::params::bind_user: 'bind' bind::defaults::bind_user: 'bind'
bind::params::bind_group: 'bind' bind::defaults::bind_group: 'bind'
bind::params::bind_package: 'bind9' bind::defaults::bind_package: 'bind9'
bind::params::bind_service: 'bind9' bind::defaults::bind_service: 'bind9'
bind::params::nsupdate_package: 'dnsutils' bind::defaults::nsupdate_package: 'dnsutils'
bind::params::confdir: '/etc/bind' bind::defaults::confdir: '/etc/bind'
bind::namedconf: '/etc/bind/named.conf' bind::defaults::namedconf: '/etc/bind/named.conf'
bind::cachedir: '/var/cache/bind' bind::defaults::cachedir: '/var/cache/bind'
bind::rndc: true
bind::updater::keydir: '/etc/bind/keys' bind::updater::keydir: '/etc/bind/keys'

21
data/osfamily/RedHat.yaml
View File

@ -1,14 +1,13 @@
--- ---
bind::params::supported: true bind::defaults::supported: true
bind::params::bind_user: 'named' bind::defaults::bind_user: 'named'
bind::params::bind_group: 'named' bind::defaults::bind_group: 'named'
bind::params::bind_package: 'bind' bind::defaults::bind_package: 'bind'
bind::params::bind_service: 'named' bind::defaults::bind_service: 'named'
bind::params::nsupdate_package: 'bind-utils' bind::defaults::nsupdate_package: 'bind-utils'
bind::params::managed_keys_directory: '/var/named/dynamic' bind::defaults::managed_keys_directory: '/var/named/dynamic'
bind::params::confdir: '/etc/named' bind::defaults::confdir: '/etc/named'
bind::namedconf: '/etc/named.conf' bind::defaults::namedconf: '/etc/named.conf'
bind::cachedir: '/var/named' bind::defaults::cachedir: '/var/named'
bind::rndc: true
bind::updater::keydir: '/etc/named/keys' bind::updater::keydir: '/etc/named/keys'

19
manifests/defaults.pp Normal file
View File

@ -0,0 +1,19 @@
# ex: syntax=puppet si ts=4 sw=4 et
class bind::defaults (
$supported = undef,
$confdir = undef,
$namedconf = undef,
$cachedir = undef,
$random_device = undef,
$bind_user = undef,
$bind_group = undef,
$bind_package = undef,
$bind_service = undef,
$nsupdate_package = undef,
$managed_keys_directory = undef,
) {
unless $supported {
fail('Platform is not supported')
}
}

15
manifests/init.pp
View File

@ -1,17 +1,14 @@
# ex: syntax=puppet si ts=4 sw=4 et # ex: syntax=puppet si ts=4 sw=4 et
class bind ( class bind (
$namedconf = undef, $forwarders = '',
$cachedir = undef, $dnssec = true,
$forwarders = undef, $version = '',
$dnssec = undef,
$version = undef,
$rndc = undef, $rndc = undef,
$statistics_port = undef, $statistics_port = undef,
$random_device = undef, $auth_nxdomain = false,
$include_local = undef, $include_local = false,
) inherits bind::params { ) inherits bind::defaults {
$auth_nxdomain = false
File { File {
ensure => present, ensure => present,

8
manifests/key.pp
View File

@ -5,13 +5,13 @@ define bind::key (
$secret_bits = 256, $secret_bits = 256,
$algorithm = 'hmac-sha256', $algorithm = 'hmac-sha256',
$owner = 'root', $owner = 'root',
$group = $bind::params::bind_group, $group = $::bind::defaults::bind_group,
$keydir = $::bind::keydir::keydir, $keydir = $::bind::keydir::keydir,
$keyfile = undef, $keyfile = undef,
$include = true, $include = true,
) { ) {
include bind::params # Pull some platform defaults into the local scope
$confdir = $::bind::params::confdir $confdir = $::bind::defaults::confdir
# Generate a key of size $secret_bits if no $secret # Generate a key of size $secret_bits if no $secret
$secret_actual = $secret ? { $secret_actual = $secret ? {
@ -45,7 +45,7 @@ define bind::key (
concat::fragment { "bind-key-${name}": concat::fragment { "bind-key-${name}":
order => '10', order => '10',
target => "${bind::params::confdir}/keys.conf", target => "${confdir}/keys.conf",
content => "include \"${keydir}/${key_file_name}\";\n", content => "include \"${keydir}/${key_file_name}\";\n",
} }
} }

16
manifests/params.pp
View File

@ -1,16 +0,0 @@
# ex: syntax=puppet si ts=4 sw=4 et
class bind::params (
$supported,
$bind_user,
$bind_group,
$bind_package,
$bind_service,
$nsupdate_package,
$managed_keys_directory = undef,
$confdir,
) {
unless $supported {
fail('Platform is not supported')
}
}

2
manifests/updater.pp
View File

@ -2,7 +2,7 @@
class bind::updater ( class bind::updater (
$keydir = undef, $keydir = undef,
) inherits bind::params { ) inherits bind::defaults {
if $nsupdate_package { if $nsupdate_package {
package { 'nsupdate': package { 'nsupdate':

27
manifests/zone.pp
View File

@ -21,8 +21,13 @@ define bind::zone (
) { ) {
# where there is a zone, there is a server # where there is a zone, there is a server
include bind include bind
$cachedir = $::bind::cachedir
$random_device = $::bind::random_device # Pull some platform defaults into the local scope
$cachedir = $::bind::defaults::cachedir
$random_device = $::bind::defaults::random_device
$bind_user = $::bind::defaults::bind_user
$bind_group = $::bind::defaults::bind_group
$_domain = pick($domain, $name) $_domain = pick($domain, $name)
unless !($masters != '' and ! member(['slave', 'stub'], $zone_type)) { unless !($masters != '' and ! member(['slave', 'stub'], $zone_type)) {
@ -75,8 +80,8 @@ define bind::zone (
if member(['init', 'managed', 'allowed'], $zone_file_mode) { if member(['init', 'managed', 'allowed'], $zone_file_mode) {
file { "${cachedir}/${name}": file { "${cachedir}/${name}":
ensure => directory, ensure => directory,
owner => $::bind::params::bind_user, owner => $bind_user,
group => $::bind::params::bind_group, group => $bind_group,
mode => '0755', mode => '0755',
require => Package['bind'], require => Package['bind'],
} }
@ -84,8 +89,8 @@ define bind::zone (
if member(['init', 'managed'], $zone_file_mode) { if member(['init', 'managed'], $zone_file_mode) {
file { "${cachedir}/${name}/${_domain}": file { "${cachedir}/${name}/${_domain}":
ensure => present, ensure => present,
owner => $::bind::params::bind_user, owner => $bind_user,
group => $::bind::params::bind_group, group => $bind_group,
mode => '0644', mode => '0644',
replace => ($zone_file_mode == 'managed'), replace => ($zone_file_mode == 'managed'),
source => pick($source, 'puppet:///modules/bind/db.empty'), source => pick($source, 'puppet:///modules/bind/db.empty'),
@ -96,7 +101,7 @@ define bind::zone (
if $zone_file_mode == 'managed' { if $zone_file_mode == 'managed' {
exec { "rndc reload ${_domain}": exec { "rndc reload ${_domain}":
command => "/usr/sbin/rndc reload ${_domain}", command => "/usr/sbin/rndc reload ${_domain}",
user => $::bind::params::bind_user, user => $bind_user,
refreshonly => true, refreshonly => true,
require => Service['bind'], require => Service['bind'],
subscribe => File["${cachedir}/${name}/${_domain}"], subscribe => File["${cachedir}/${name}/${_domain}"],
@ -113,7 +118,7 @@ define bind::zone (
command => "/usr/local/bin/dnssec-init '${cachedir}' '${name}'\ command => "/usr/local/bin/dnssec-init '${cachedir}' '${name}'\
'${_domain}' '${key_directory}' '${random_device}' '${nsec3_salt}'", '${_domain}' '${key_directory}' '${random_device}' '${nsec3_salt}'",
cwd => $cachedir, cwd => $cachedir,
user => $::bind::params::bind_user, user => $bind_user,
creates => "${cachedir}/${name}/${_domain}.signed", creates => "${cachedir}/${name}/${_domain}.signed",
timeout => 0, # crypto is hard timeout => 0, # crypto is hard
require => [ require => [
@ -123,8 +128,8 @@ define bind::zone (
} }
file { "${cachedir}/${name}/${_domain}.signed": file { "${cachedir}/${name}/${_domain}.signed":
owner => $::bind::params::bind_user, owner => $bind_user,
group => $::bind::params::bind_group, group => $bind_group,
mode => '0644', mode => '0644',
audit => [ content ], audit => [ content ],
} }
@ -133,7 +138,7 @@ define bind::zone (
file { "${::bind::confdir}/zones/${name}.conf": file { "${::bind::confdir}/zones/${name}.conf":
ensure => present, ensure => present,
owner => 'root', owner => 'root',
group => $::bind::params::bind_group, group => $bind_group,
mode => '0644', mode => '0644',
content => template('bind/zone.conf.erb'), content => template('bind/zone.conf.erb'),
notify => Service['bind'], notify => Service['bind'],

4
spec/fixtures/hiera/common.yaml vendored
View File

@ -1,3 +1,3 @@
--- ---
bind::params::confdir: '_CONFDIR_' bind::defaults::confdir: '_CONFDIR_'
bind::namedconf: '_NAMEDCONF_' bind::defaults::namedconf: '_NAMEDCONF_'