summaryrefslogtreecommitdiff
path: root/manifests/zone.pp
blob: 2ab14a809910b6baf25af75d2bf2c6095dfafd9d (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178

# @summary Sets up one DNS zone
#
# @example
#   dns::zone { 'example.com':
#     rname => 'ns1.example.com',
#     mname => 'domainmaster.example.com',
#     ns    => [ 'ns1', 'ns2', ]
#   }
#
# @param zone
#   Domain this zone controls.
# @param mname
#   Primary master
# @param rname
#   mail to zone admin
# @param retry
#   Retry value for zone
# @param expire
#   Expire value for zone
# @param negative_ttl
#   Negative ttl for zone
# @param ttl
#   Default ttl for zone
# @param refresh
#   Refresh value for SOA
# @param records
#   Hash of records to create. Instanciates Dns::Record resources.
# @param ns
#   List of nameservers for this zone. Creates Dns::Record resources
#   with NS entries.
# @param type
#   Zonetype. master, slave, ...
# @param update_policy
#   A bind9 update policy, as a string.
# @param dynamic
#   However if this zone should be treated as a dynamic zone. If
#   enabled rndc freezes and thaws the zone around static updates.
#   Otherwise the zone file will be directly changed, and simply
#   reloaded afterwards.
#
#   Defaults to true if an update_policy is set.
# @param soa_ttl
#   TTL of SOA record.
#
# @param owner
#   Owner of zonefile.
# @param group
#   Group of zonefile.
# @param backup
#   Should a backup be created. See file resources documentation.
# @param selinux_ignore_defaults
#   See file resources documentation.
# @param selrange
#   See file resources documentation.
# @param selrole
#   See file resources documentation.
# @param seltype
#   See file resources documentation.
# @param seluser
#   See file resources documentation.
# @param show_diff
#   Should a diff be shown.
#
# @param ensure
#   Should this zone be present
define dns::zone (
  String $rname = undef,
  String $mname = $ns[0],
  Dns::Ttl $refresh = '24h',
  Dns::Ttl $retry = '2h',
  Dns::Ttl $expire = '1000h',
  Dns::Ttl $negative_ttl = '2d',
  Dns::Ttl $ttl = '24h',
  Optional[Dns::Ttl] $soa_ttl = undef,

  Dns::Zonename $zone = $name,

  Array[Dns::RecordEntry] $records = [],

  Array[String] $ns = [$mname],

  String $type = 'master',

  Optional[String] $update_policy = undef,
  Boolean $dynamic = $update_policy != undef,

  Optional[Variant[String, Integer]] $owner = undef,
  Optional[Variant[String, Integer]] $group = undef,
  Variant[Boolean, String] $backup = false,
  Optional[Boolean] $selinux_ignore_defaults = undef,
  Optional[String] $selrange = undef,
  Optional[String] $selrole = undef,
  Optional[String] $seltype = undef,
  Optional[String] $seluser = undef,
  Boolean $show_diff = true,

  Enum['present', 'absent'] $ensure = 'present',
) {
  if $ensure == 'present' {
    dns_zone2 { $zone:
      ensure                  => 'present',
      rname                   => $rname,
      mname                   => $mname,
      refresh                 => $refresh,
      expire                  => $expire,
      negative_ttl            => $negative_ttl,
      soa_ttl                 => $soa_ttl,
      retry                   => $retry,
      owner                   => $owner,
      group                   => $group,
      backup                  => $backup,
      selinux_ignore_defaults => $selinux_ignore_defaults,
      selrange                => $selrange,
      selrole                 => $selrole,
      seltype                 => $seltype,
      seluser                 => $seluser,
      show_diff               => $show_diff,
      named_checkzone         => $dns::checkzone,
      named_checkconf         => $dns::checkconf,
      rndc                    => $dns::rndc,
      directory               => $dns::zone_directory,
    }

    if $dynamic {
      exec { "Dns::zone freeze ${zone}":
        command     => [$dns::rndc, 'freeze', $zone],
        refreshonly => true,
        notify      => Dns_zone2[$zone],
      }

      exec { "Dns::zone thaw ${zone}":
        command     => [$dns::rndc, 'thaw', $zone],
        refreshonly => true,
        subscribe   => Dns_zone2[$zone],
      }
    } else {
      exec { "Dns::zone reload ${zone}":
        command     => [$dns::rndc, 'reload', $zone],
        refreshonly => true,
        subscribe   => Dns_zone2[$zone],
      }
    }

    $ns.each |$entry| {
      dns::record { "${zone} NS ${entry}":
        zone  => $zone,
        key   => '@',
        type  => 'NS',
        value => $entry,
      }
    }

    $records.each |$record| {
      $name = "${zone} ${record['type']} ${record['key']} ${record['value']}"
      dns::record { $name:
        zone  => $zone,
        type  => $record['type'],
        value => $record['value'],
        cls   => $record['dns_class'],
        ttl   => $record['ttl'],
      }
    }
  } else {
    dns_zone2 { $zone:
      ensure => 'absent',
    }
  }

  file { "${dns::zoneconf_dir}/${zone}conf":
    ensure  => $ensure,
    content => epp("${module_name}/zoneconf.epp", {
        zone          => $zone,
        type          => $type,
        update_policy => $update_policy,
    }),
    require => Dns_zone2[$zone],
  }
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-20 18:44:30 +0200