From 812c3f4d6162cf7af8f8cbedb6abb6d72bd537e9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Hugo=20H=C3=B6rnquist?= Date: Fri, 5 May 2023 01:46:46 +0200 Subject: "Working" product. --- manifests/init.pp | 72 ++++++++++++++++++++++++++-------------- manifests/key.pp | 1 + manifests/record.pp | 32 +++++++++++++----- manifests/zone.pp | 96 ++++++++++++++++++++++++++++------------------------- 4 files changed, 122 insertions(+), 79 deletions(-) (limited to 'manifests') diff --git a/manifests/init.pp b/manifests/init.pp index a7d2b05..ffb102d 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -23,38 +23,60 @@ # Name of the system service to manage # @param rndc_confgen # Path to rndc-confgen binary +# @param config_dir +# Directory for extra configuration files. Some systems places the +# default configuration file inside this directory. +# @param manage_dir +# Should the configuration dir be managed by this module. +# @param user +# System user which runs the server. +# Only used to set permissions for files, so MUST be set to what +# the system already expects. class dns ( String $config_file = '/etc/named.conf', - # String $config_dir = '/etc/named.d', + String $config_dir = '/etc/named.d', + Boolean $manage_dir = false, String $rndc_key_file = '/etc/rndc.key', String $directory = '/var/named', String $checkzone = '/usr/bin/named-checkzone', String $checkconf = '/usr/bin/named-checkconf', - Hash[String, Dns::Keyentry] $keys = [], - Hash[String, Dns::Zoneentry] $zones = [], + Hash[String, Dns::Keyentry] $keys = {}, + Hash[String, Dns::Zoneentry] $zones = {}, String $packagename = 'bind9', Boolean $manage_package = true, String $servicename = 'named', String $rndc = '/usr/bin/rndc', String $rndc_confgen = '/usr/bin/rndc-confgen', + String $user = 'bind', ) { $zone_directory = "${directory}/zones" $jnl_directory = "${directory}/journal" - file { $zone_directory: + if $dns::manage_package { + package { $dns::packagename: + ensure => installed, + } + # bind9-dnsutils + } + + file { $dns::directory: + ensure => directory, + owner => $dns::user, + mode => 'u+rwx', + } + + file { $dns::zone_directory: ensure => directory, recurse => true, purge => true, + owner => $dns::user, + mode => 'u+rwx', } - file { $jnl_directory: + file { $dns::jnl_directory: ensure => directory, - } - - if $manage_package { - package { $packagename: - ensure => installed, - } + owner => $dns::user, + mode => 'u+rwx', } service { $servicename: @@ -62,27 +84,27 @@ class dns ( enable => true, } - notify { - 'zones': message => "${zones}" ; - 'keys': message => "${keys}" ; - } + create_resources(dns::key, $keys) + create_resources(dns::zone, $zones) - # create_resources(dns::key, $keys) - # create_resources(dns::zone, $zones) - - # file { $config_dir: - # ensure => directory, - # recurse => true, - # } + if $manage_dir { + file { $config_dir: + ensure => directory, + recurse => true, + purge => true, + } + } exec { 'Setup rndc key': - cmd => [$rndc_confgen, '-a'], + command => [$rndc_confgen, '-a', '-u', $user], creates => $rndc_key_file, + } -> file { $rndc_key_file: + ensure => file, } concat { $config_file: ensure_newline => true, - warn => '; File managed by Puppet. Local changes WILL be overwritter', + warn => '# File managed by Puppet. Local changes WILL be overwritter', validate_cmd => "${checkconf} %", notify => Service[$servicename], } @@ -90,10 +112,12 @@ class dns ( concat::fragment { 'named.conf main configuration': target => $config_file, content => epp("${module_name}/named.conf.epp"), + order => '01', } concat::fragment { 'named.conf rndc configuration': target => $config_file, content => epp("${module_name}/named-rndc.conf.epp"), + order => '05', } } diff --git a/manifests/key.pp b/manifests/key.pp index 2a762ae..01856a3 100644 --- a/manifests/key.pp +++ b/manifests/key.pp @@ -14,6 +14,7 @@ define dns::key ( String $keyname = $name, ) { concat::fragment { "Dns::Key - ${keyname}": + target => $dns::config_file, content => epp("${module_name}/key.epp", { keyname => $keyname, algorithm => $algorithm, diff --git a/manifests/record.pp b/manifests/record.pp index 83476a0..2ecb52f 100644 --- a/manifests/record.pp +++ b/manifests/record.pp @@ -11,23 +11,29 @@ # Allow multiple records with the same name and class. # Most record types only allow one value, but some allow multiple. # Setting this to true allows for multiple. This value is -# automatically true for TXT & NS. +# automatically true for TXT, MX & NS. # @param zone # Name of the zone this record belongs to. # @param value # Record content. # Syntax depends on `type`. +# Some record types have extra processing. +# TXT splits data into chunks of 255 characters (TODO shouldn't +# this be bytes) and the surrounds each chunk with quotation marks. define dns::record ( String $zone, Dns::Rr $type, String $value, - Dns::Class $class = 'IN', - String $dns_name = $name, + Dns::Class $cls = 'IN', + String $key = $name, Optional[Dns::Ttl] $ttl = undef, Boolean $duplicate = false, ) { + $zone_ = dns::ensure_ending_period($zone) + $allow_duplicate = case $type { 'TXT', + 'MX', 'NS': { true } @@ -36,13 +42,21 @@ define dns::record ( } } - $frag_name = if $allow_duplicate { - "Dns::Record - ${zone} - ${class} ${type} ${dns_name} ${value}" - } else { - "Dns::Record - ${zone} - ${class} ${type} ${dns_name}" + $value_ = case $type { + 'TXT': { + $value.slice(255).map |$x| { "\"${x.join()}\"" }.join(' ') + } + default: { + $value + } } - concat::fragment { $frag_name: - target => "${dns::zone_directory}/${zone}.db", + dns_record2 { $name: + type => $type, + value => $value_, + cls => $cls, + zone => $zone, + ttl => $ttl, + key => $key, } } diff --git a/manifests/zone.pp b/manifests/zone.pp index 954ff48..33c2b0d 100644 --- a/manifests/zone.pp +++ b/manifests/zone.pp @@ -30,21 +30,25 @@ # reloaded afterwards. # # Defaults to true if an update_policy is set. +# @param soa_ttl +# TTL of SOA record. define dns::zone ( - String $mname, - String $rname, + Boolean $manage_soa = true, + String $rname = undef, + String $mname = $ns[0], Dns::Ttl $refresh = '24h', Dns::Ttl $retry = '2h', Dns::Ttl $expire = '1000h', Dns::Ttl $negative_ttl = '2d', Dns::Ttl $ttl = '24h', + Optional[Dns::Ttl] $soa_ttl = undef, String $zone = $name, Array[Dns::RecordEntry] $records = [], - Array[String] $ns = [], + Array[String] $ns = [$mname], String $type = 'master', @@ -53,30 +57,9 @@ define dns::zone ( ) { $zone_ = dns::ensure_ending_period($zone) - concat { "${dns::zone_directory}/${zone}.db": - validate_cmd => "${dns::checkzone} '${zone}' %", - ensure_newline => true, - require => if $dynamic { Exec["Dns::zone freeze ${zone}"] } else { undef }, - } - $zone_serial = $facts.get("dns_zone_serial.'${zone_}'", 0) - concat::fragment { "Dns::Record - ${zone} - SOA": - target => "${dns::zone_directory}/${zone}.db", - order => '01', - content => epp("${module_name}/zone.epp", { - zone => $zone_, - mname => dns::ensure_ending_period($mname), - rname => dns::convert_to_rname($rname), - serial => $zone_serial + 1, - refresh => $refresh, - expire => $expire, - negative_ttl => $negative_ttl, - default_ttl => $ttl, - }), - } - - concat::fragment { "Dns::Zone - ${zone}": + concat::fragment { "Dns::Zone - ${zone_}": target => $dns::config_file, content => epp("${module_name}/zoneconf.epp", { zone => $zone_, @@ -85,38 +68,59 @@ define dns::zone ( }), } - $ns.each |$ns| { - dns::record { "Dns::Zore - record - ${zone} NS ${ns}": - type => 'NS', - zone => $zone, - } - } + # $ns.each |$ns| { + # dns::record { "Dns::Zone - record - ${zone} NS ${ns}": + # key => '@', + # type => 'NS', + # zone => $zone_, + # value => $ns, + # } + # } - $fixed_records = $records.each |$record| { - { "Dns::Zone - record - ${zone} - ${record['class']} ${record['type']} ${record['key']} ${record['value']}" - => $record + { dns_name => $record['key'] } } - } + # $fixed_records = $records.map |$record| { + # ["Dns::Zone - record - ${zone_} - ${record['class']} ${record['type']} ${record['key']} ${record['value']}", + # $record + { key => $record['key'] } - ['key']] + # }.convert_to(Hash) + + # create_resources(dns::record, $fixed_records, { + # zone => $zone_, + # }) - create_resources(dns::record, $fixed_records, { - zone => $zone, - }) + $params = { + 'rname' => $rname, + 'mname' => $mname, + 'refresh' => $refresh, + 'expire' => $expire, + 'negative_ttl' => $negative_ttl, + 'soa_ttl' => $soa_ttl, + 'retry' => $retry, + } if $dynamic { - exec { "Dns::zone freeze ${zone}": - command => [$dns::rndc, 'freeze', $zone], + dns_zone2 { $zone: + require => Exec["Dns::zone freeze ${zone_}"], + * => $params, + } + + exec { "Dns::zone freeze ${zone_}": + command => [$dns::rndc, 'freeze', $zone_], refreshonly => true, } - exec { "Dns::zone thaw ${zone}": - command => [$dns::rndc, 'thaw', $zone], + exec { "Dns::zone thaw ${zone_}": + command => [$dns::rndc, 'thaw', $zone_], refreshonly => true, - subscribe => Concat["${dns::zone_directory}/${zone}.db"], + subscribe => Dns_zone2[$zone_], } } else { - exec { "Dns::zone reload ${zone}": - command => [$dns::rndc, 'reload', $zone], + dns_zone2 { $zone: + * => $params, + } + + exec { "Dns::zone reload ${zone_}": + command => [$dns::rndc, 'reload', $zone_], refreshonly => true, - subscribe => Concat["${dns::zone_directory}/${zone}.db"], + subscribe => Dns_zone2[$zone_], } } } -- cgit v1.2.3