3bfcc19a3e
The `params` vs. `bind` class distinction has been blurry for a long time. I'm formalizing it. `params` is now `defaults` and its purpose is to gather platform-specific variation into a single scope. These variables are related to situating a BIND server on a particular platform and it should not ever be necessary or perhaps even possible to change them as a matter of preference. Rather, correct values are function of e.g. `$osfamily` or `$operatingsystem`. The parameters of the `bind` class are limited to those that control the server's feature set. These parameters *are* matters of preference and/or purpose, rather than platform. Also, I have taken some care to develop a convention for direct references to qualified parameters where they are re-scoped into the local scope centrally at the top first, and subsequent references are to the local value. This should minimize future code churn and also aid readability.
105 lines
2.5 KiB
Puppet
105 lines
2.5 KiB
Puppet
# ex: syntax=puppet si ts=4 sw=4 et
|
|
|
|
class bind (
|
|
$forwarders = '',
|
|
$dnssec = true,
|
|
$version = '',
|
|
$rndc = undef,
|
|
$statistics_port = undef,
|
|
$auth_nxdomain = false,
|
|
$include_local = false,
|
|
) inherits bind::defaults {
|
|
|
|
File {
|
|
ensure => present,
|
|
owner => 'root',
|
|
group => $bind_group,
|
|
mode => '0644',
|
|
require => Package['bind'],
|
|
notify => Service['bind'],
|
|
}
|
|
|
|
package{'bind-tools':
|
|
ensure => latest,
|
|
name => $nsupdate_package,
|
|
before => Package['bind'],
|
|
}
|
|
|
|
package { 'bind':
|
|
ensure => latest,
|
|
name => $bind_package,
|
|
}
|
|
|
|
if $dnssec {
|
|
file { '/usr/local/bin/dnssec-init':
|
|
ensure => present,
|
|
owner => 'root',
|
|
group => 'root',
|
|
mode => '0755',
|
|
source => 'puppet:///modules/bind/dnssec-init',
|
|
}
|
|
}
|
|
|
|
if $rndc {
|
|
# rndc only supports HMAC-MD5
|
|
bind::key { 'rndc-key':
|
|
algorithm => 'hmac-md5',
|
|
secret_bits => '512',
|
|
keydir => $confdir,
|
|
keyfile => 'rndc.key',
|
|
include => false,
|
|
}
|
|
}
|
|
|
|
file { "${confdir}/zones":
|
|
ensure => directory,
|
|
mode => '2755',
|
|
}
|
|
|
|
file { $namedconf:
|
|
content => template('bind/named.conf.erb'),
|
|
}
|
|
|
|
class { 'bind::keydir':
|
|
keydir => "${confdir}/keys",
|
|
}
|
|
|
|
concat { [
|
|
"${confdir}/acls.conf",
|
|
"${confdir}/keys.conf",
|
|
"${confdir}/views.conf",
|
|
]:
|
|
owner => 'root',
|
|
group => $bind_group,
|
|
mode => '0644',
|
|
require => Package['bind'],
|
|
notify => Service['bind'],
|
|
}
|
|
|
|
concat::fragment { 'named-acls-header':
|
|
order => '00',
|
|
target => "${confdir}/acls.conf",
|
|
content => "# This file is managed by puppet - changes will be lost\n",
|
|
}
|
|
|
|
concat::fragment { 'named-keys-header':
|
|
order => '00',
|
|
target => "${confdir}/keys.conf",
|
|
content => "# This file is managed by puppet - changes will be lost\n",
|
|
}
|
|
|
|
concat::fragment { 'named-views-header':
|
|
order => '00',
|
|
target => "${confdir}/views.conf",
|
|
content => "# This file is managed by puppet - changes will be lost\n",
|
|
}
|
|
|
|
service { 'bind':
|
|
ensure => running,
|
|
name => $bind_service,
|
|
enable => true,
|
|
hasrestart => true,
|
|
hasstatus => true,
|
|
}
|
|
}
|