From a66b985adb4a4fd81a93881c460bd1795c001266 Mon Sep 17 00:00:00 2001
From: Nate Riffe <inkblot@movealong.org>
Date: Fri, 27 Jun 2014 14:43:46 -0500
Subject: [PATCH] Fix up bind::updater and support rndc

I thought I fixed rndc a while ago... not quite. Do it now. Make bind::updater
actually work (incomplete last time)
---
 manifests/init.pp        | 27 ++++++++++++++-------------
 manifests/keydir.pp      |  2 +-
 manifests/params.pp      |  1 +
 manifests/updater.pp     |  8 ++++++--
 templates/named.conf.erb |  7 +++++++
 5 files changed, 29 insertions(+), 16 deletions(-)

diff --git a/manifests/init.pp b/manifests/init.pp
index 3adff80..bff7334 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -1,16 +1,17 @@
 # ex: syntax=puppet si ts=4 sw=4 et
 
 class bind (
-    $confdir    = $bind::params::confdir,
-    $cachedir   = $bind::params::cachedir,
+    $confdir    = $::bind::params::confdir,
+    $cachedir   = $::bind::params::cachedir,
     $forwarders = '',
     $dnssec     = true,
     $version    = '',
+    $rndc       = $::bind::params::bind_rndc,
 ) inherits bind::params {
 
     $auth_nxdomain = false
 
-    package { $bind::params::bind_package:
+    package { $::bind::params::bind_package:
         ensure => latest,
     }
 
@@ -29,12 +30,12 @@ class bind (
         }
     }
 
-    service { $bind::params::bind_service:
+    service { $::bind::params::bind_service:
         ensure     => running,
         enable     => true,
         hasrestart => true,
         hasstatus  => true,
-        require    => Package[$bind::params::bind_package],
+        require    => Package[$::bind::params::bind_package],
     }
 
     File {
@@ -49,23 +50,23 @@ class bind (
         mode    => 2755,
         purge   => true,
         recurse => true,
-        require => Package[$bind::params::bind_package],
+        require => Package[$::bind::params::bind_package],
     }
 
     file { "${confdir}/named.conf":
         content => template('bind/named.conf.erb'),
-        notify  => Service[$bind::params::bind_service],
-        require => Package[$bind::params::bind_package],
+        notify  => Service[$::bind::params::bind_service],
+        require => Package[$::bind::params::bind_package],
     }
 
     class { 'bind::keydir':
         keydir => "${confdir}/keys",
-        require => Package[$bind::params::bind_package],
+        require => Package[$::bind::params::bind_package],
     }
 
     file { "${confdir}/named.conf.local":
         replace => false,
-        require => Package[$bind::params::bind_package],
+        require => Package[$::bind::params::bind_package],
     }
 
     concat { [
@@ -74,10 +75,10 @@ class bind (
         "${confdir}/views.conf",
         ]:
         owner   => 'root',
-        group   => $bind::params::bind_group,
+        group   => $::bind::params::bind_group,
         mode    => '0644',
-        notify  => Service[$bind::params::bind_service],
-        require => Package[$bind::params::bind_package],
+        notify  => Service[$::bind::params::bind_service],
+        require => Package[$::bind::params::bind_package],
     }
 
     concat::fragment { "named-acls-header":
diff --git a/manifests/keydir.pp b/manifests/keydir.pp
index aa25edf..4aff68a 100644
--- a/manifests/keydir.pp
+++ b/manifests/keydir.pp
@@ -1,7 +1,7 @@
 # ex: syntax=puppet si ts=4 sw=4 et
 
 class bind::keydir (
-    $keydir = "${bind::params::confdir}/keys",
+    $keydir = "${::bind::params::confdir}/keys",
 ) {
     file { $keydir:
         ensure  => directory,
diff --git a/manifests/params.pp b/manifests/params.pp
index 6a056d3..131eb7b 100644
--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -10,6 +10,7 @@ class bind::params {
             $cachedir     = '/var/cache/bind'
             $bind_user    = 'bind'
             $bind_group   = 'bind'
+            $bind_rndc    = true
 
             $nsupdate_package = 'dnsutils'
 
diff --git a/manifests/updater.pp b/manifests/updater.pp
index 764e95e..7dd3265 100644
--- a/manifests/updater.pp
+++ b/manifests/updater.pp
@@ -1,14 +1,18 @@
 # ex: syntax=puppet si ts=4 sw=4 et
 
 class bind::updater (
-    $nsupdate_package,
-    $keydir = 
+    $nsupdate_package = $::bind::params::nsupdate_package,
+    $keydir           = "${::bind::params::confdir}/keys",
 ) inherits bind::params {
     package {'nsupdate':
         name => $nsupdate_package,
         ensure => present,
     }
 
+    file { $::bind::params::confdir:
+        ensure => directory,
+    }
+
     class { 'bind::keydir':
         keydir => $keydir,
     }
diff --git a/templates/named.conf.erb b/templates/named.conf.erb
index 1b4c923..10c0f3e 100644
--- a/templates/named.conf.erb
+++ b/templates/named.conf.erb
@@ -2,6 +2,13 @@
 include "<%= @confdir %>/acls.conf";
 include "<%= @confdir %>/keys.conf";
 include "<%= @confdir %>/views.conf";
+<%- if @rndc -%>
+
+include "<%= @confdir %>/rndc.key";
+controls {
+	inet 127.0.0.1 allow { localhost; } keys { rndc-key; };
+};
+<%- end -%>
 
 options {
 	directory "<%= @cachedir %>";