# ex: syntax=puppet si ts=4 sw=4 et define bind::zone ( $zone_type, $domain = '', $masters = '', $allow_updates = '', $allow_transfers = '', $dnssec = false, $key_directory = '', $ns_notify = true, $also_notify = '', $allow_notify = '', $forwarders = '', $forward = '', ) { $cachedir = $bind::cachedir if $domain == '' { $_domain = $name } else { $_domain = $domain } $has_zone_file = $zone_type ? { 'master' => true, 'slave' => true, 'hint' => true, 'stub' => true, default => false, } if $has_zone_file { file { "${cachedir}/${name}": ensure => directory, owner => $bind::params::bind_user, group => $bind::params::bind_group, mode => '0755', require => Package[$bind::params::bind_package], } file { "${cachedir}/${name}/${_domain}": ensure => present, owner => $bind::params::bind_user, group => $bind::params::bind_group, mode => '0644', replace => false, source => 'puppet:///modules/bind/db.empty', audit => [ content ], } if $dnssec { exec { "dnssec-keygen-${name}": command => "/usr/local/bin/dnssec-init '${cachedir}' '${name}' '${_domain}' '${key_directory}'", cwd => $cachedir, user => $bind::params::bind_user, creates => "${cachedir}/${name}/${_domain}.signed", timeout => 0, # crypto is hard require => [ File['/usr/local/bin/dnssec-init'], File["${cachedir}/${name}/${_domain}"] ], } file { "${cachedir}/${name}/${_domain}.signed": owner => $bind::params::bind_user, group => $bind::params::bind_group, mode => '0644', audit => [ content ], } } } file { "${bind::confdir}/zones/${name}.conf": ensure => present, owner => 'root', group => $bind::params::bind_group, mode => '0644', content => template('bind/zone.conf.erb'), notify => Service[$bind::params::bind_service], require => Package[$bind::params::bind_package], } }