Merge pull request #100 from inkblot/rndc-helper

Implement a helper script for zone reloads
This commit is contained in:
Nate Riffe
2016-07-09 09:09:44 -05:00
committed by GitHub
6 changed files with 50 additions and 13 deletions
-1
View File
@@ -1,7 +1,6 @@
--- ---
bind::defaults::supported: false bind::defaults::supported: false
bind::defaults::random_device: '/dev/random' bind::defaults::random_device: '/dev/random'
bind::defaults::rndc: true
bind::forwarders: '' bind::forwarders: ''
bind::dnssec: true bind::dnssec: true
+17 -10
View File
@@ -5,7 +5,6 @@ class bind (
$dnssec = true, $dnssec = true,
$filter_ipv6 = false, $filter_ipv6 = false,
$version = '', $version = '',
$rndc = undef,
$statistics_port = undef, $statistics_port = undef,
$auth_nxdomain = false, $auth_nxdomain = false,
$include_default_zones = true, $include_default_zones = true,
@@ -43,15 +42,21 @@ class bind (
} }
} }
if $rndc { # rndc only supports HMAC-MD5
# rndc only supports HMAC-MD5 bind::key { 'rndc-key':
bind::key { 'rndc-key': algorithm => 'hmac-md5',
algorithm => 'hmac-md5', secret_bits => '512',
secret_bits => '512', keydir => $confdir,
keydir => $confdir, keyfile => 'rndc.key',
keyfile => 'rndc.key', include => false,
include => false, }
}
file { '/usr/local/bin/rndc-helper':
ensure => present,
owner => 'root',
group => 'root',
mode => '0755',
content => template('bind/rndc-helper.erb'),
} }
file { "${confdir}/zones": file { "${confdir}/zones":
@@ -77,6 +82,8 @@ class bind (
"${confdir}/acls.conf", "${confdir}/acls.conf",
"${confdir}/keys.conf", "${confdir}/keys.conf",
"${confdir}/views.conf", "${confdir}/views.conf",
"${confdir}/view-mappings.txt",
"${confdir}/domain-mappings.txt",
]: ]:
owner => 'root', owner => 'root',
group => $bind_group, group => $bind_group,
+5
View File
@@ -25,4 +25,9 @@ define bind::view (
target => "${::bind::confdir}/views.conf", target => "${::bind::confdir}/views.conf",
content => template('bind/view.erb'), content => template('bind/view.erb'),
} }
concat::fragment { "bind-view-mappings-${name}":
target => "${::bind::confdir}/view-mappings.txt",
content => template('bind/view-mappings.erb'),
}
} }
+6 -2
View File
@@ -114,8 +114,8 @@ define bind::zone (
} }
if $zone_file_mode == 'managed' { if $zone_file_mode == 'managed' {
exec { "rndc reload ${_domain}": exec { "rndc reload ${name}":
command => "/usr/sbin/rndc reload ${_domain}", command => "/usr/local/bin/rndc-helper reload ${name}",
user => $bind_user, user => $bind_user,
refreshonly => true, refreshonly => true,
require => Service['bind'], require => Service['bind'],
@@ -161,4 +161,8 @@ define bind::zone (
require => Package['bind'], require => Package['bind'],
} }
concat::fragment { "bind-zone-mapping-${name}":
target => "${::bind::confdir}/domain-mappings.txt",
content => "${name}:${_domain}\n",
}
} }
+19
View File
@@ -0,0 +1,19 @@
#!/bin/bash
CONFDIR=<%= @confdir %>
function param_lookup() {
local zone_name="${1}"
local domain="$(grep "^${zone_name}:" ${CONFDIR}/domain-mappings.txt | cut -f2 -d:)"
grep "^${zone_name}:" ${CONFDIR}/view-mappings.txt | cut -f2 -d: | sed -e "s/\(.*\)/${domain} IN \1/"
}
zone_name="${!#}"
param_lookup "${zone_name}" | while read Z; do
if [ $# == 1 ]; then
echo $Z
else
/usr/sbin/rndc "${@:1:$(($# - 1))}" $Z
fi
done
+3
View File
@@ -0,0 +1,3 @@
<%- @zones.each do |zone| -%>
<%= zone %>:<%= @name %>
<%- end -%>