change has_zone_file back to true for the stub zone type and add logic to prevent the file from being created by puppet

2015-03-19 13:49:59 -04:00 · 2015-03-19 13:49:59 -04:00 · 55922e8974
commit 55922e8974
parent 13723a72cf
1 changed files with 38 additions and 37 deletions
--- a/manifests/zone.pp
+++ b/manifests/zone.pp
@ -28,7 +28,7 @@ define bind::zone (
        'master' => true,
        'slave'  => true,
        'hint'   => true,
-        'stub'   => false,
+        'stub'   => true,
        default  => false,
    }
@ -38,44 +38,45 @@ define bind::zone (
        } else {
            $_source = 'puppet:///modules/bind/db.empty'
        }
-
+        unless $zone_type == 'stub' {
-        file { "${cachedir}/${name}":
+            file { "${cachedir}/${name}":
-            ensure  => directory,
+                ensure  => directory,
-            owner   => $bind::params::bind_user,
+                owner   => $bind::params::bind_user,
-            group   => $bind::params::bind_group,
+                group   => $bind::params::bind_group,
-            mode    => '0755',
+                mode    => '0755',
-            require => Package['bind'],
+                require => Package['bind'],
        }
        file { "${cachedir}/${name}/${_domain}":
            ensure  => present,
            owner   => $bind::params::bind_user,
            group   => $bind::params::bind_group,
            mode    => '0644',
            replace => false,
            source  => $_source,
            audit   => [ content ],
        }
        if $dnssec {
            exec { "dnssec-keygen-${name}":
                command => "/usr/local/bin/dnssec-init '${cachedir}' '${name}'\
                    '${_domain}' '${key_directory}'",
                cwd     => $cachedir,
                user    => $bind::params::bind_user,
                creates => "${cachedir}/${name}/${_domain}.signed",
                timeout => 0, # crypto is hard
                require => [
                    File['/usr/local/bin/dnssec-init'],
                    File["${cachedir}/${name}/${_domain}"]
                ],
            }
-            file { "${cachedir}/${name}/${_domain}.signed":
+            file { "${cachedir}/${name}/${_domain}":
-                owner => $bind::params::bind_user,
+                ensure  => present,
-                group => $bind::params::bind_group,
+                owner   => $bind::params::bind_user,
-                mode  => '0644',
+                group   => $bind::params::bind_group,
-                audit => [ content ],
+                mode    => '0644',
                replace => false,
                source  => $_source,
                audit   => [ content ],
            }
            if $dnssec {
                exec { "dnssec-keygen-${name}":
                    command => "/usr/local/bin/dnssec-init '${cachedir}' '${name}'\
                        '${_domain}' '${key_directory}'",
                    cwd     => $cachedir,
                    user    => $bind::params::bind_user,
                    creates => "${cachedir}/${name}/${_domain}.signed",
                    timeout => 0, # crypto is hard
                    require => [
                        File['/usr/local/bin/dnssec-init'],
                        File["${cachedir}/${name}/${_domain}"]
                    ],
                }
                file { "${cachedir}/${name}/${_domain}.signed":
                    owner => $bind::params::bind_user,
                    group => $bind::params::bind_group,
                    mode  => '0644',
                    audit => [ content ],
                }
            }
        }
    }