42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
|
# File 'manifests/dnstap.pp', line 42
class unbound::dnstap (
Boolean $enable = true, # version 1.11
Boolean $bidirectional = true, # version 1.11
Optional[Stdlib::Absolutepath] $socket_path = undef, # version 1.11
Optional[Unbound::Address] $ip = undef, # version 1.11
Boolean $tls = true, # version 1.11
Optional[Stdlib::Host] $tls_host = undef, # version 1.11
Optional[Stdlib::Absolutepath] $tls_cert_bundle = undef, # version 1.11
Optional[Stdlib::Absolutepath] $tls_cert_key_file = undef, # version 1.11
Optional[Stdlib::Absolutepath] $tls_cert_cert_file = undef, # version 1.11
Boolean $send_identity = false, # version 1.11
Boolean $send_version = false, # version 1.11
Optional[String[1]] $identity = undef, # version 1.11
Optional[String[1]] $version = undef, # version 1.11
Integer[0,1000] $sample_rate = 0, # version 1.21
Boolean $log_resolver_query_messages = false, # version 1.11
Boolean $log_resolver_response_messages = false, # version 1.11
Boolean $log_client_query_messages = false, # version 1.11
Boolean $log_client_response_messages = false, # version 1.11
Boolean $log_forwarder_query_messages = false, # version 1.11
Boolean $log_forwarder_response_messages = false, # version 1.11
) {
include unbound
if $enable and $socket_path == undef and $ip == undef {
fail('Either ip or socket_path is required when dnstap is enabled')
}
if $enable {
$ip_config = $ip.then |$v| {
@("CONFIG")
${unbound::print_config('dnstap-ip', $v, '1.11')}
${unbound::print_config('dnstap-tls', $tls, '1.11')}
${unbound::print_config('dnstap-tls-host', $tls_host, '1.11')}
${unbound::print_config('dnstap-tls-cert-bundle', $tls_cert_bundle, '1.11')}
${unbound::print_config('dnstap-tls-cert-key-file', $tls_cert_key_file, '1.11')}
${unbound::print_config('dnstap-tls-cert-cert-file', $tls_cert_cert_file, '1.11')}
| CONFIG
}
$config = @("CONFIG")
dnstap:
${unbound::print_config('dnstap-enable', $enable, '1.11')}
${unbound::print_config('dnstap-bidirectional', $bidirectional, '1.11')}
${unbound::print_config('dnstap-socket-path', $socket_path, '1.11')}
${$ip_config}
${unbound::print_config('dnstap-send-identity', $send_identity, '1.11')}
${unbound::print_config('dnstap-send-version', $send_version, '1.11')}
${unbound::print_config('dnstap-identity', $identity, '1.11')}
${unbound::print_config('dnstap-version', $version, '1.11')}
${unbound::print_config('dnstap-sample-rate', $sample_rate, '1.21')}
${unbound::print_config('dnstap-log-resolver-query-messages', $log_resolver_query_messages, '1.11')}
${unbound::print_config('dnstap-log-resolver-response-messages', $log_resolver_response_messages, '1.11')}
${unbound::print_config('dnstap-log-client-query-messages', $log_client_query_messages, '1.11')}
${unbound::print_config('dnstap-log-client-response-messages', $log_client_response_messages, '1.11')}
${unbound::print_config('dnstap-log-forwarder-query-messages', $log_forwarder_query_messages, '1.11')}
${unbound::print_config('dnstap-log-forwarder-response-messages', $log_forwarder_response_messages, '1.11')}
| CONFIG
concat::fragment { 'unbound-dnstap':
order => '20',
target => $unbound::config_file,
content => $config.split("\n").filter |$x| { !$x.empty }.join("\n"),
}
}
}
|