manifests/init.pp


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125

# @summary sets up a DNS server
#
# @param config_file
#   Bind9 configuration file
# @param directory
#   Maps to bind9 directory. Base for all relative paths.
# @param checkzone
#   Absolute path to named-checkzone binary
# @param checkconf
#   Absolute path to named-checkconf binary
# @param packagename
#   Name of the bind9 system package
# @param manage_package
#   Should the bind9 system package be managed by this module.
# @param rndc
#   Absolute path to rndc binary
# @param keys
#   Dns::Key resources to create
# @param zones
#   Dns::Zones resources to create
# @param rndc_key_file
#   Location of rndc key. Note that this doesn't change where it ends up, but rather were we expect it to end up.
#   Key will be generated through `rndc-confgen -a`.
# @param servicename
#   Name of the system service to manage
# @param rndc_confgen
#   Path to rndc-confgen binary
# @param config_dir
#   Directory for extra configuration files. Some systems places the
#   default configuration file inside this directory.
# @param manage_dir
#   Should the configuration dir be managed by this module.
# @param user
#   System user which runs the server.
#   Only used to set permissions for files, so MUST be set to what
#   the system already expects.
class dns (
  String $config_file = '/etc/named.conf',
  String $config_dir = '/etc/named.d',
  Boolean $manage_dir = false,
  String $rndc_key_file = '/etc/rndc.key',
  String $directory = '/var/named',
  String $checkzone = '/usr/bin/named-checkzone',
  String $checkconf = '/usr/bin/named-checkconf',
  Hash[String, Dns::Keyentry] $keys = {},
  Hash[String, Dns::Zoneentry] $zones = {},
  String $packagename = 'bind9',
  Boolean $manage_package = true,
  String $servicename = 'named',
  String $rndc = '/usr/bin/rndc',
  String $rndc_confgen = '/usr/bin/rndc-confgen',
  String $user = 'bind',
) {
  $zone_directory = "${directory}/zones"
  $jnl_directory = "${directory}/journal"

  if $dns::manage_package {
    package { $dns::packagename:
      ensure => installed,
    }
    # bind9-dnsutils
  }

  file { $dns::directory:
    ensure => directory,
    owner  => $dns::user,
    mode   => 'u+rwx',
  }

  file { $dns::zone_directory:
    ensure  => directory,
    recurse => true,
    purge   => true,
    owner   => $dns::user,
    mode    => 'u+rwx',
  }

  file { $dns::jnl_directory:
    ensure => directory,
    owner  => $dns::user,
    mode   => 'u+rwx',
  }

  service { $servicename:
    ensure => running,
    enable => true,
  }

  create_resources(dns::key, $keys)
  create_resources(dns::zone, $zones)

  if $manage_dir {
    file { $config_dir:
      ensure  => directory,
      recurse => true,
      purge   => true,
    }
  }

  exec { 'Setup rndc key':
    command => [$rndc_confgen, '-a', '-u', $user],
    creates => $rndc_key_file,
  } -> file { $rndc_key_file:
    ensure => file,
  }

  concat { $config_file:
    ensure_newline => true,
    warn           => '# File managed by Puppet. Local changes WILL be overwritter',
    validate_cmd   => "${checkconf} %",
    notify         => Service[$servicename],
  }

  concat::fragment { 'named.conf main configuration':
    target  => $config_file,
    content => epp("${module_name}/named.conf.epp"),
    order   => '01',
  }

  concat::fragment { 'named.conf rndc configuration':
    target  => $config_file,
    content => epp("${module_name}/named-rndc.conf.epp"),
    order   => '05',
  }
}