Puppet Class: bind::config

Defined in:
manifests/config.pp

Summary

Manages BIND configuration

Overview

SPDX-License-Identifier: AGPL-3.0-or-later



7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
 
# File 'manifests/config.pp', line 7

class bind::config {
  assert_private()

  if $bind::options {
    $merged_options = $bind::default_options + $bind::options
  } else {
    $merged_options = $bind::default_options
  }

  file { extlib::path_join(['/etc', 'default', bind::service_name()]):
    ensure  => absent,
  }

  file { $bind::config_dir:
    ensure  => directory,
    owner   => root,
    group   => $bind::service_group,
    mode    => '2755',
    force   => true,
    purge   => true,
    recurse => true,
  }

  concat { $bind::service_config_file:
    validate_cmd => '/usr/sbin/named-checkconf %',
  }

  concat::fragment { 'named.conf base':
    target  => $bind::service_config_file,
    content => epp("${module_name}/etc/bind/named.conf.epp",
                        {'options' => $merged_options}),
    order   => '01',
  }

  file { extlib::path_join([$bind::config_dir, 'bind.keys']):
    ensure       => file,
    content      => epp("${module_name}/etc/bind/bind.keys.epp"),
    validate_cmd => '/usr/sbin/named-checkconf %',
  }

  exec { '/usr/sbin/rndc-confgen -a':
    creates => extlib::path_join([$bind::config_dir, 'rndc.key']),
  }

  file { extlib::path_join([$bind::config_dir, 'rndc.key']):
    ensure       => file,
    owner        => root,
    group        => $bind::service_group,
    mode         => '0640',
    validate_cmd => '/usr/sbin/named-checkconf %',
  }

  $default_zone_filenames_to_names = {
    'db.0' => '0.in-addr.arpa',
    'db.127' => '127.in-addr.arpa',
    'db.255' => '255.in-addr.arpa',
    'db.local' => 'localhost',
  }

  if $bind::default_zones {
    $default_zone_filenames_to_names.each |$filename, $name| {
      file { extlib::path_join([$bind::config_dir, $filename]):
        ensure       => file,
        content      => file("${module_name}/etc/bind/${filename}"),
        validate_cmd => "/usr/sbin/named-checkzone -k fail -m fail -M fail -n fail -r fail -S fail '${name}' %",
      }
    }
  }

  # BIND's working directory.
  file { $merged_options['directory']:
    ensure => directory,
    owner  => root,
    group  => $bind::service_group,
    mode   => '0775',
  }

  $bind::zones.each |$zone_name, $zone| {
    bind::zone { $zone_name:
      * => $zone,
    }
  }

  $bind::keys.each |$k, $v| {
    bind::key { $k:
      * => $v,
    }
  }
}