1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
|
# @summary sets up a DNS server
#
# @param config_file
# Bind9 configuration file
# @param directory
# Maps to bind9 directory. Base for all relative paths.
# @param checkzone
# Absolute path to named-checkzone binary
# @param checkconf
# Absolute path to named-checkconf binary
# @param packagename
# Name of the bind9 system package
# @param manage_package
# Should the bind9 system package be managed by this module.
# @param rndc
# Absolute path to rndc binary
# @param keys
# Dns::Key resources to create
# @param zones
# Dns::Zones resources to create
# @param rndc_key_file
# Location of rndc key. Note that this doesn't change where it ends up, but rather were we expect it to end up.
# Key will be generated through `rndc-confgen -a`.
# @param servicename
# Name of the system service to manage
# @param rndc_confgen
# Path to rndc-confgen binary
# @param config_dir
# Directory for extra configuration files. Some systems places the
# default configuration file inside this directory.
# @param manage_dir
# Should the configuration dir be managed by this module.
# @param user
# System user which runs the server.
# Only used to set permissions for files, so MUST be set to what
# the system already expects.
# @param zoneconf_dir
# Directory in which zone declarations (as part of named's
# configuraion) should be placed.
# @param keyconf_dir
# Directory in which key declarations (as part of named's
# configuraion) should be placed.
# @param purge_zoneconf
# Should the zoneconf_dir be purged. If this is true then zones are
# decomissioned by simply removing their (Dns::Zone) resource declaration.
# Otherwise a proper ensure => absent must be used.
# @param purge_zonefiles
# Should the zonefiles stored in ${directory}/zones be
# automatically purged. Also see Dns::Zone.
# @param purge_keyconf
# Should $keyconf_dir be automatically purged.
# Leaving this as true means that decomissioning keys is as simple
# asremoving the Dns::Key declaration, otherwise an explicit
# ensure => absent must be sent.
class dns (
String $config_file = '/etc/named.conf',
String $config_dir = '/etc/named.d',
Boolean $manage_dir = false,
String $zoneconf_dir = "${config_dir}/zones",
String $keyconf_dir = "${config_dir}/keys",
Boolean $purge_zoneconf = true,
Boolean $purge_zonefiles = true,
Boolean $purge_keyconf = true,
String $rndc_key_file = '/etc/rndc.key',
String $directory = '/var/named',
String $checkzone = '/usr/bin/named-checkzone',
String $checkconf = '/usr/bin/named-checkconf',
Hash[String, Dns::Keyentry] $keys = {},
Hash[Dns::Zonename, Dns::Zoneentry] $zones = {},
String $packagename = 'bind9',
Boolean $manage_package = true,
String $servicename = 'named',
String $rndc = '/usr/bin/rndc',
String $rndc_confgen = '/usr/bin/rndc-confgen',
String $user = 'bind',
) {
$zone_directory = "${directory}/zones"
$jnl_directory = "${directory}/journal"
if $dns::manage_package {
package { $dns::packagename:
ensure => installed,
}
# bind9-dnsutils
}
file { $dns::directory:
ensure => directory,
owner => $dns::user,
mode => 'u+rwx',
}
file {
default:
ensure => directory,
owner => $dns::user,
mode => 'u+rwx',
recurse => true,
;
$zoneconf_dir:
purge => $purge_zoneconf,
;
$keyconf_dir:
purge => $purge_keyconf,
;
$zone_directory:
purge => $purge_zonefiles,
}
file { [
"${zoneconf_dir}/empty.conf",
"${keyconf_dir}/empty.conf",
]:
source => "puppet:///modules/${module_name}/empty.conf",
}
file { $dns::jnl_directory:
ensure => directory,
owner => $dns::user,
mode => 'u+rwx',
}
service { $servicename:
ensure => running,
enable => true,
}
create_resources(dns::key, $keys)
create_resources(dns::zone, $zones)
if $manage_dir {
file { $config_dir:
ensure => directory,
recurse => true,
purge => true,
}
}
exec { 'Setup rndc key':
command => [$rndc_confgen, '-a', '-u', $user],
creates => $rndc_key_file,
} -> file { $rndc_key_file:
ensure => file,
}
file { $config_file:
validate_cmd => "${checkconf} %",
notify => Service[$servicename],
require => File[$rndc_key_file],
content => epp("${module_name}/named.conf.epp"),
}
}
|
