puppet-dns/manifests/init.pp at 73c03a8f2c7258300fa893511e258c88aea9a790 · ikonia/puppet-dns · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
# Manage an ISC BIND nameserver
#
# @param namedconf_path
#   Path of the named config
# @param dnsdir
#   Directory holding the named configs
# @param dns_server_package
#   Name of the package to install
# @param rndckeypath
#   Path of the RNDC key
# @param optionspath
#   Path of the named options
# @param publicviewpath
#   Path of the config file holding all the zones
# @param vardir
#   Directory holding the variable or working files
# @param logdir
#   Directory holding the log files for named
# @param group_manage
#   Should this module manage the Unix system group under which BIND runs (see
#   dns::params)?  Defaults to true. Set to false if you want to manage the
#   system group yourself.
# @param manage_service
#   Should this module manage the dns service?
#   This only applies to the service management (running, stopped) and not to
#   whether the service should be installed or not.
#   IMPORTANT: this will not reload the service after a config change, you'll
#   have to do that manually or via a separate call to notify
# @param namedservicename
#   Name of the service
# @param zonefilepath
#   Directory containing zone files
# @param localzonepath
#   File holding local zones like RFC1912 or RFC1918 files.  The special value
#   'unmanaged' can be used if one plans to create custom RFC1912/RFC1918 zones
#   via dns, where the inclusion of package-shipped zone files is not desired.
# @param defaultzonepath
#   File holding some RFC1912 zone includes on systems like Debian.
#   The special value 'unmanaged' can be used if one plans to create custom
#   zones via dns, where the inclusion of package-shipped zone files is not
#   desired.
# @param forward
#   The forward option
# @param forwarders
#   The forwarders option
# @param rpz_zones
#   Array of zones that will be included in response-policy definition
# @param listen_on
#   The listen-on option
# @param listen_on_v6
#   The listen-on-v6 option
# @param recursion
#   The recursion option
# @param allow_recursion
#   The allow-recursion option
# @param allow_query
#   The allow-query option
# @param empty_zones_enable
#   The empty-zones-enable option
# @param dns_notify
#   The notify option in named.conf
# @param dnssec_enable
#   The dnssec-enable option. This option is deprecated and has no effect since
#   BIND 9.15. It's been removed in BIND 9.18.
# @param dnssec_validation
#   The dnssec-validation option
# @param namedconf_template
#   The template to be used for named.conf
# @param acls
#   Specify a hash of ACLs. Each key is the name of a network, and its value is
#   an array of subnet strings.
# @param optionsconf_template
#   The template to be used for options.conf
# @param sysconfig_file
#   Path to the sysconfig or default file used to set startup options for
#   named. Under Debian this is /etc/default/bind9, under RedHat this is
#   /etc/sysconfig/named. FreeBSD/DragonFly and ArchLinux do not feature such
#   files, thus the sysconfig parameters are not relevant for these operating
#   systems.
# @param sysconfig_template
#   The template used to model /etc/default/bind9 or /etc/sysconfig/named.
#   Default is "dns/sysconfig.${facts[osfamily]}.erb" for Debian and RedHat,
#   and undef for others.
# @param sysconfig_startup_options
#   Startup options for the `named` process, rendered as the `OPTIONS` string
#   in the sysconfig file (see above). Use this to set commandline flags and
#   options for `named`. For example, to use IPv4 only and disable IPv6 support
#   in named on Debian set this parameter to `-u bind -4`. The default value
#   depends on the underlying OS.
# @param sysconfig_resolvconf_integration
#   Should named integrate with resolvconf upon startup? Default is false, and
#   this only pertains to the Debian OS family.
# @param sysconfig_disable_zone_checking
#   Should zone checking be disabled upon named startup? Default is undef, and
#   this only pertains to the RedHat OS family.
# @param sysconfig_additional_settings
#   Additional settings to add to the sysconfig file. This is a simple hash of
#   key-value strings that will be rendered as `KEY="value"` in the sysconfig
#   file. Use this to add custom (environment) variables relevant for named.
#   Default is empty.
# @param controls
#   Specify a hash of controls. Each key is the name of a network, and its
#   value is a hash containing 'port' => integer, 'keys' => array and
#   'allowed_addresses' => array
# @param statistics_channels
#   Specify a hash of statistics-channels. Each key is the name of a network,
#   and its value is a hash containing 'port' => integer and
#   'allowed_addresses' => array
# @param service_ensure
#   The ensure attribute on the service
# @param service_enable
#   Whether to enable the service (start at boot)
# @param service_restart_command
#   Custom command to use when the service will be restarted (notified by
#   configuration changes). Will be passed directly to the restart parameter of
#   the contained service resource. This is useful when you want BIND to reload
#   its configuration instead of restarting the whole process, for example by
#   setting `service_restart_command` to `/usr/sbin/service bind9 reload` or
#   `/usr/sbin/rndc reload` or even `/usr/bin/systemctl try-reload-or-restart bind9`.
#   Default is 'undef' so the service resource default is used.
# @param config_check
#   Should this module run configuration checks before putting new configurations in
#   place?  Defaults to true. Set to false if you don't want configuration checks when
#   config files are changed.
# @param additional_options
#   Additional options
# @param additional_directives
#   Additional directives. These are free form strings that allow for full
#   customization. Use with caution.
# @param enable_views
#   Flag to indicate bind views support. Will remove global zone configuration
#   like localzonepath inclusion.
# @param zones
#   A hash of zones to be created. See dns::zone for options.
# @param keys
#   A hash of keys to be created. See dns::key for options.
# @param logging_categories
#   A hash of logging categories to be created. See dns::logging::category for options.
# @param logging_channels
#   A hash of logging channels to be created. See dns::logging::channel for options.
# @param disable_empty_zones
#   A list of empty zones that shouldn't be created by bind
#   See: https://kb.isc.org/docs/aa-00800
#
# @see dns::zone
# @see dns::key
# @see dns::logging::category
# @see dns::logging::channel
class dns (
  Stdlib::Absolutepath $namedconf_path                              = $dns::params::namedconf_path,
  Stdlib::Absolutepath $dnsdir                                      = $dns::params::dnsdir,
  String $dns_server_package                                        = $dns::params::dns_server_package,
  Stdlib::Absolutepath $rndckeypath                                 = $dns::params::rndckeypath,
  Stdlib::Absolutepath $optionspath                                 = $dns::params::optionspath,
  Stdlib::Absolutepath $publicviewpath                              = $dns::params::publicviewpath,
  Stdlib::Absolutepath $vardir                                      = $dns::params::vardir,
  Stdlib::Absolutepath $logdir                                      = '/var/log/named',
  Boolean $group_manage                                             = true,
  Boolean $manage_service                                           = true,
  String $namedservicename                                          = $dns::params::namedservicename,
  Stdlib::Absolutepath $zonefilepath                                = $dns::params::zonefilepath,
  Variant[Enum['unmanaged'], Stdlib::Absolutepath] $localzonepath   = $dns::params::localzonepath,
  Variant[Enum['unmanaged'], Stdlib::Absolutepath] $defaultzonepath = $dns::params::defaultzonepath,
  Optional[Enum['only', 'first']] $forward                          = undef,
  Array[Dns::Forwarder] $forwarders                                 = [],
  Array $rpz_zones                                                  = undef,
  Optional[String] $listen_on                                       = undef,
  Variant[String, Boolean] $listen_on_v6                            = 'any',
  Enum['yes', 'no'] $recursion                                      = 'yes',
  Array[String] $allow_recursion                                    = ['localnets', 'localhost'],
  Array[String] $allow_query                                        = ['any'],
  Enum['yes', 'no'] $empty_zones_enable                             = 'yes',
  Optional[Enum['yes', 'no', 'explicit']] $dns_notify               = undef,
  Optional[Enum['yes', 'no']] $dnssec_enable                        = $dns::params::dnssec_enable,
  Enum['yes', 'no', 'auto'] $dnssec_validation                      = 'auto',
  String $namedconf_template                                        = 'dns/named.conf.erb',
  Hash[String, Array[String]] $acls                                 = {},
  String $optionsconf_template                                      = 'dns/options.conf.epp',
  Optional[Stdlib::Absolutepath] $sysconfig_file                    = $dns::params::sysconfig_file,
  Optional[String] $sysconfig_template                              = $dns::params::sysconfig_template,
  Optional[String] $sysconfig_startup_options                       = $dns::params::sysconfig_startup_options,
  Optional[Boolean] $sysconfig_resolvconf_integration               = $dns::params::sysconfig_resolvconf_integration,
  Optional[Boolean] $sysconfig_disable_zone_checking                = $dns::params::sysconfig_disable_zone_checking,
  Hash[String[1], String] $sysconfig_additional_settings            = {},
  Hash[String, Hash[String, Data]] $controls                        = $dns::params::controls,
  Hash[String, Hash[String, Data]] $statistics_channels             = {},
  Variant[Enum['running', 'stopped'], Boolean] $service_ensure      = 'running',
  Boolean $service_enable                                           = true,
  Optional[String[1]] $service_restart_command                      = undef,
  Boolean $config_check                                             = true,
  Hash[String, Data] $additional_options                            = {},
  Array[String] $additional_directives                              = [],
  Boolean $enable_views                                             = false,
  Hash[String, Hash] $zones                                         = {},
  Hash[String, Hash] $keys                                          = {},
  Hash[String, Hash] $logging_categories                            = {},
  Hash[String, Hash] $logging_channels                              = {},
  Array[Stdlib::Fqdn] $disable_empty_zones                          = [],
) inherits dns::params {
  include dns::install
  include dns::config
  contain dns::service

  Class['dns::install'] ~> Class['dns::config'] ~> Class['dns::service']

  create_resources('dns::key', $keys)
  create_resources('dns::zone', $zones)
  create_resources('dns::logging::category', $logging_categories)
  create_resources('dns::logging::channel', $logging_channels)
}