Implemented chroot feature for RHEL/CentOS7
This commit is contained in:
committed by
Cedric DEFORTIS
parent
f2c32aaf37
commit
bcaafc05e1
@@ -2,6 +2,7 @@
|
||||
|
||||
class bind::defaults (
|
||||
$supported = undef,
|
||||
$chroot_supported = undef,
|
||||
$confdir = undef,
|
||||
$namedconf = undef,
|
||||
$cachedir = undef,
|
||||
@@ -10,7 +11,10 @@ class bind::defaults (
|
||||
$bind_user = undef,
|
||||
$bind_group = undef,
|
||||
$bind_package = undef,
|
||||
$bind_chroot_package = undef,
|
||||
$bind_service = undef,
|
||||
$bind_chroot_service = undef,
|
||||
$bind_chroot_dir = undef,
|
||||
$nsupdate_package = undef,
|
||||
$managed_keys_directory = undef,
|
||||
$default_zones_include = undef,
|
||||
|
||||
+47
-8
@@ -12,7 +12,28 @@ class bind (
|
||||
$include_local = false,
|
||||
$tkey_gssapi_credential = undef,
|
||||
$tkey_domain = undef,
|
||||
$chroot = false,
|
||||
$chroot_supported = $::bind::defaults::chroot_supported,
|
||||
$chroot_dir = $::bind::defaults::bind_chroot_dir,
|
||||
# NOTE: we need to be able to override this parameter when declaring class,
|
||||
# especially when not using hiera (i.e. when using Foreman as ENC):
|
||||
$default_zones_include = $::bind::defaults::default_zones_include,
|
||||
) inherits bind::defaults {
|
||||
if $chroot and !$chroot_supported {
|
||||
fail('Chroot for bind is not supported on your OS')
|
||||
}
|
||||
|
||||
if $chroot {
|
||||
if $::bind::defaults::bind_chroot_service {
|
||||
$real_bind_service = $::bind::defaults::bind_chroot_service
|
||||
}
|
||||
if $::bind::defaults::bind_chroot_package {
|
||||
$real_bind_package = $::bind::defaults::bind_chroot_package
|
||||
}
|
||||
} else {
|
||||
$real_bind_service = $::bind::defaults::bind_service
|
||||
$real_bind_package = $::bind::defaults::bind_package
|
||||
}
|
||||
|
||||
File {
|
||||
ensure => present,
|
||||
@@ -27,7 +48,7 @@ class bind (
|
||||
|
||||
package { 'bind':
|
||||
ensure => latest,
|
||||
name => $::bind::defaults::bind_package,
|
||||
name => $real_bind_package,
|
||||
}
|
||||
|
||||
if $dnssec {
|
||||
@@ -67,7 +88,7 @@ class bind (
|
||||
}
|
||||
|
||||
if $include_default_zones and $::bind::defaults::default_zones_source {
|
||||
file { $::bind::defaults::default_zones_include:
|
||||
file { $default_zones_include:
|
||||
source => $::bind::defaults::default_zones_source,
|
||||
}
|
||||
}
|
||||
@@ -105,11 +126,29 @@ class bind (
|
||||
content => "};\n";
|
||||
}
|
||||
|
||||
service { 'bind':
|
||||
ensure => running,
|
||||
name => $::bind::defaults::bind_service,
|
||||
enable => true,
|
||||
hasrestart => true,
|
||||
hasstatus => true,
|
||||
if $chroot and $::bind::defaults::bind_chroot_service {
|
||||
service { 'bind':
|
||||
ensure => running,
|
||||
name => $::bind::defaults::bind_chroot_service,
|
||||
enable => true,
|
||||
hasrestart => true,
|
||||
hasstatus => true,
|
||||
}
|
||||
# On RHEL Family, there is a dedicated service named-chroot and we need
|
||||
# to stop/disable 'named' service:
|
||||
service { 'bind-no-chroot':
|
||||
ensure => stopped,
|
||||
name => $::bind::defaults::bind_service,
|
||||
enable => false,
|
||||
}
|
||||
|
||||
} else {
|
||||
service { 'bind':
|
||||
ensure => running,
|
||||
name => $::bind::defaults::bind_service,
|
||||
enable => true,
|
||||
hasrestart => true,
|
||||
hasstatus => true,
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user