unkinben/puppet-bind
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add modelines and reformat pp files

Browse Source
This commit is contained in:
Nate Riffe 2014-06-15 10:08:55 -05:00
parent a21da43817
commit c4bc2a1c4a
6 changed files with 231 additions and 216 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
manifests/acl.pp
View File

@ -1,11 +1,13 @@
# ex: syntax=puppet si ts=4 sw=4 et
define bind::acl ( define bind::acl (
$addresses, $addresses,
) { ) {
concat::fragment { "bind-acl-${name}": concat::fragment { "bind-acl-${name}":
order => '10', order => '10',
target => "${bind::params::confdir}/acls.conf", target => "${bind::params::confdir}/acls.conf",
content => template('bind/acl.erb'), content => template('bind/acl.erb'),
} }
} }

168
manifests/init.pp
View File

@ -1,100 +1,102 @@
# ex: syntax=puppet si ts=4 sw=4 et
class bind ( class bind (
$confdir = $bind::params::confdir, $confdir = $bind::params::confdir,
$cachedir = $bind::params::cachedir, $cachedir = $bind::params::cachedir,
$forwarders = '', $forwarders = '',
$dnssec = true, $dnssec = true,
$version = '', $version = '',
) inherits bind::params { ) inherits bind::params {
$auth_nxdomain = false $auth_nxdomain = false
package { $bind::params::bind_package: package { $bind::params::bind_package:
ensure => latest, ensure => latest,
} }
if $dnssec { if $dnssec {
file { '/usr/local/bin/dnssec-init': file { '/usr/local/bin/dnssec-init':
ensure => present, ensure => present,
owner => 'root', owner => 'root',
group => 'root', group => 'root',
mode => '0755', mode => '0755',
source => 'puppet:///modules/bind/dnssec-init', source => 'puppet:///modules/bind/dnssec-init',
} }
} }
service { $bind::params::bind_service: service { $bind::params::bind_service:
ensure => running, ensure => running,
enable => true, enable => true,
hasrestart => true, hasrestart => true,
hasstatus => true, hasstatus => true,
require => Package[$bind::params::bind_package], require => Package[$bind::params::bind_package],
} }
File { File {
ensure => present, ensure => present,
owner => 'root', owner => 'root',
group => $::bind::params::bind_group, group => $::bind::params::bind_group,
mode => 0644, mode => 0644,
} }
file { [ $confdir, "${confdir}/zones" ]: file { [ $confdir, "${confdir}/zones" ]:
ensure => directory, ensure => directory,
mode => 2755, mode => 2755,
purge => true, purge => true,
recurse => true, recurse => true,
require => Package[$bind::params::bind_package], require => Package[$bind::params::bind_package],
} }
file { "${confdir}/named.conf": file { "${confdir}/named.conf":
content => template('bind/named.conf.erb'), content => template('bind/named.conf.erb'),
notify => Service[$bind::params::bind_service], notify => Service[$bind::params::bind_service],
require => Package[$bind::params::bind_package], require => Package[$bind::params::bind_package],
} }
file { "${confdir}/keys": file { "${confdir}/keys":
ensure => directory, ensure => directory,
mode => 0755, mode => 0755,
require => Package[$bind::params::bind_package], require => Package[$bind::params::bind_package],
} }
file { "${confdir}/named.conf.local": file { "${confdir}/named.conf.local":
replace => false, replace => false,
require => Package[$bind::params::bind_package], require => Package[$bind::params::bind_package],
} }
concat { [ concat { [
"${confdir}/acls.conf", "${confdir}/acls.conf",
"${confdir}/keys.conf", "${confdir}/keys.conf",
"${confdir}/views.conf", "${confdir}/views.conf",
]: ]:
owner => 'root', owner => 'root',
group => $bind::params::bind_group, group => $bind::params::bind_group,
mode => '0644', mode => '0644',
notify => Service[$bind::params::bind_service], notify => Service[$bind::params::bind_service],
require => Package[$bind::params::bind_package], require => Package[$bind::params::bind_package],
} }
concat::fragment { "named-acls-header": concat::fragment { "named-acls-header":
order => '00', order => '00',
target => "${confdir}/acls.conf", target => "${confdir}/acls.conf",
content => "# This file is managed by puppet - changes will be lost\n", content => "# This file is managed by puppet - changes will be lost\n",
} }
concat::fragment { "named-keys-header": concat::fragment { "named-keys-header":
order => '00', order => '00',
target => "${confdir}/keys.conf", target => "${confdir}/keys.conf",
content => "# This file is managed by puppet - changes will be lost\n", content => "# This file is managed by puppet - changes will be lost\n",
} }
concat::fragment { "named-keys-rndc": concat::fragment { "named-keys-rndc":
order => '99', order => '99',
target => "${confdir}/keys.conf", target => "${confdir}/keys.conf",
content => "#include \"${confdir}/rndc.key\"\n", content => "#include \"${confdir}/rndc.key\"\n",
} }
concat::fragment { "named-views-header": concat::fragment { "named-views-header":
order => '00', order => '00',
target => "${confdir}/views.conf", target => "${confdir}/views.conf",
content => "# This file is managed by puppet - changes will be lost\n", content => "# This file is managed by puppet - changes will be lost\n",
} }
} }

41
manifests/key.pp
View File

@ -1,21 +1,26 @@
# ex: syntax=puppet si ts=4 sw=4 et
define bind::key ( define bind::key (
$algorithm = 'hmac-sha256', $algorithm = 'hmac-sha256',
$secret, $secret,
$owner = 'root', $owner = 'root',
$group = $bind::params::bind_group, $group = $bind::params::bind_group,
path = "${::bind::confdir}/keys"
) { ) {
file { "${bind::confdir}/keys/${name}": file { "${path}/${name}":
ensure => present, ensure => present,
owner => $owner, owner => $owner,
group => $group, group => $group,
mode => '0640', mode => '0640',
content => template('bind/key.conf.erb'), content => template('bind/key.conf.erb'),
notify => Service[$bind::params::bind_service], notify => Service[$bind::params::bind_service],
require => Package[$bind::params::bind_package], require => Package[$bind::params::bind_package],
} }
concat::fragment { "bind-key-${name}": if (defined(Class['bind'])) {
order => '10', concat::fragment { "bind-key-${name}":
target => "${bind::confdir}/keys.conf", order => '10',
content => "include \"${bind::confdir}/keys/${name}\";\n", target => "${bind::confdir}/keys.conf",
} content => "include \"${bind::confdir}/keys/${name}\";\n",
}
}
} }

58
manifests/params.pp
View File

@ -1,33 +1,35 @@
# ex: syntax=puppet si ts=4 sw=4 et
class bind::params { class bind::params {
case $::osfamily { case $::osfamily {
'Debian': { 'Debian': {
$bind_package = 'bind9' $bind_package = 'bind9'
$bind_service = 'bind9' $bind_service = 'bind9'
$confdir = '/etc/bind' $confdir = '/etc/bind'
$cachedir = '/var/cache/bind' $cachedir = '/var/cache/bind'
$bind_user = 'bind' $bind_user = 'bind'
$bind_group = 'bind' $bind_group = 'bind'
file { [ file { [
"${confdir}/bind.keys", "${confdir}/bind.keys",
"${confdir}/db.empty", "${confdir}/db.empty",
"${confdir}/db.local", "${confdir}/db.local",
"${confdir}/db.root", "${confdir}/db.root",
"${confdir}/db.0", "${confdir}/db.0",
"${confdir}/db.127", "${confdir}/db.127",
"${confdir}/db.255", "${confdir}/db.255",
"${confdir}/named.conf.default-zones", "${confdir}/named.conf.default-zones",
"${confdir}/rndc.key", "${confdir}/rndc.key",
"${confdir}/zones.rfc1918", "${confdir}/zones.rfc1918",
]: ]:
ensure => present, ensure => present,
require => Package[$bind_package], require => Package[$bind_package],
} }
} }
default: { default: {
fail("Operating system is not supported ${::osfamily}") fail("Operating system is not supported ${::osfamily}")
} }
} }
} }

26
manifests/view.pp
View File

@ -1,14 +1,16 @@
define bind::view ( # ex: syntax=puppet si ts=4 sw=4 et
$match_clients = 'any',
$match_destinations = '',
$zones = [],
$recursion = true,
) {
$confdir = $bind::params::confdir
concat::fragment { "bind-view-${name}": define bind::view (
order => '10', $match_clients = 'any',
target => "${bind::params::confdir}/views.conf", $match_destinations = '',
content => template('bind/view.erb'), $zones = [],
} $recursion = true,
) {
$confdir = $bind::params::confdir
concat::fragment { "bind-view-${name}":
order => '10',
target => "${bind::params::confdir}/views.conf",
content => template('bind/view.erb'),
}
} }

138
manifests/zone.pp
View File

@ -1,79 +1,81 @@
# ex: syntax=puppet si ts=4 sw=4 et
define bind::zone ( define bind::zone (
$zone_type, $zone_type,
$domain = '', $domain = '',
$masters = '', $masters = '',
$allow_updates = '', $allow_updates = '',
$allow_transfers = '', $allow_transfers = '',
$dnssec = false, $dnssec = false,
$key_directory = '', $key_directory = '',
$ns_notify = true, $ns_notify = true,
$also_notify = '', $also_notify = '',
$allow_notify = '', $allow_notify = '',
$forwarders = '', $forwarders = '',
$forward = '', $forward = '',
) { ) {
$cachedir = $bind::cachedir $cachedir = $bind::cachedir
if $domain == '' { if $domain == '' {
$_domain = $name $_domain = $name
} else { } else {
$_domain = $domain $_domain = $domain
} }
$has_zone_file = $zone_type ? { $has_zone_file = $zone_type ? {
'master' => true, 'master' => true,
'slave' => true, 'slave' => true,
'hint' => true, 'hint' => true,
'stub' => true, 'stub' => true,
default => false, default => false,
} }
if $has_zone_file { if $has_zone_file {
file { "${cachedir}/${name}": file { "${cachedir}/${name}":
ensure => directory, ensure => directory,
owner => $bind::params::bind_user, owner => $bind::params::bind_user,
group => $bind::params::bind_group, group => $bind::params::bind_group,
mode => '0755', mode => '0755',
require => Package[$bind::params::bind_package], require => Package[$bind::params::bind_package],
} }
file { "${cachedir}/${name}/${_domain}": file { "${cachedir}/${name}/${_domain}":
ensure => present, ensure => present,
owner => $bind::params::bind_user, owner => $bind::params::bind_user,
group => $bind::params::bind_group, group => $bind::params::bind_group,
mode => '0644', mode => '0644',
replace => false, replace => false,
source => 'puppet:///modules/bind/db.empty', source => 'puppet:///modules/bind/db.empty',
audit => [ content ], audit => [ content ],
} }
if $dnssec { if $dnssec {
exec { "dnssec-keygen-${name}": exec { "dnssec-keygen-${name}":
command => "/usr/local/bin/dnssec-init '${cachedir}' '${name}' '${_domain}' '${key_directory}'", command => "/usr/local/bin/dnssec-init '${cachedir}' '${name}' '${_domain}' '${key_directory}'",
cwd => $cachedir, cwd => $cachedir,
user => $bind::params::bind_user, user => $bind::params::bind_user,
creates => "${cachedir}/${name}/${_domain}.signed", creates => "${cachedir}/${name}/${_domain}.signed",
timeout => 0, # crypto is hard timeout => 0, # crypto is hard
require => [ File['/usr/local/bin/dnssec-init'], File["${cachedir}/${name}/${_domain}"] ], require => [ File['/usr/local/bin/dnssec-init'], File["${cachedir}/${name}/${_domain}"] ],
} }
file { "${cachedir}/${name}/${_domain}.signed": file { "${cachedir}/${name}/${_domain}.signed":
owner => $bind::params::bind_user, owner => $bind::params::bind_user,
group => $bind::params::bind_group, group => $bind::params::bind_group,
mode => '0644', mode => '0644',
audit => [ content ], audit => [ content ],
} }
} }
} }
file { "${bind::confdir}/zones/${name}.conf": file { "${bind::confdir}/zones/${name}.conf":
ensure => present, ensure => present,
owner => 'root', owner => 'root',
group => $bind::params::bind_group, group => $bind::params::bind_group,
mode => '0644', mode => '0644',
content => template('bind/zone.conf.erb'), content => template('bind/zone.conf.erb'),
notify => Service[$bind::params::bind_service], notify => Service[$bind::params::bind_service],
require => Package[$bind::params::bind_package], require => Package[$bind::params::bind_package],
} }
} }