Puppet Class: named::chroot

Defined in:
manifests/chroot.pp

Summary

Configures named in a chroot jail for execution on a system.

Overview

It pulls all config files from rsync.

It is meant to be called from named directly.

Parameters:

  • nchroot (Stdlib::Absolutepath) (defaults to: $named::chroot_path)

    The Chroot jail for named. This should probably not be changed.

  • bind_dns_rsync (String) (defaults to: $named::bind_dns_rsync)

    The target under the /var/simp/environments/environment/rsync/os/maj_version/bind_dns from which to fetch all BIND DNS content.

  • rsync_source (String) (defaults to: "bind_dns_${named::bind_dns_rsync}_${environment}_${facts['os']['name']}_${facts['os']['release']['major']}/named")

    The source from which the module will pull its files on the rsync server

  • rsync_server (String) (defaults to: $named::rsync_server)

    The rsync server from which to pull the named configuration.

  • rsync_timeout (Variant[ Integer[0], Pattern[/\A\d+\z/] ]) (defaults to: $named::rsync_timeout)

    The timeout when connecting to the rsync server.

Author:



25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
 
# File 'manifests/chroot.pp', line 25

class named::chroot (
  Stdlib::Absolutepath $nchroot        = $named::chroot_path,
  String               $bind_dns_rsync = $named::bind_dns_rsync,
  String               $rsync_source   = "bind_dns_${named::bind_dns_rsync}_${environment}_${facts['os']['name']}_${facts['os']['release']['major']}/named",
  String               $rsync_server   = $named::rsync_server,
  Variant[
    Integer[0],
    Pattern[/\A\d+\z/]
  ]                    $rsync_timeout  = $named::rsync_timeout,
) {
  assert_private()

  include 'rsync'

  $_rsync_user = "bind_dns_${named::bind_dns_rsync}_rsync_${server_facts['environment']}_${facts['os']['name']}_${facts['os']['release']['major']}"

  simplib::validate_net_list($rsync_server)

  file { $nchroot:
    ensure => 'directory',
    owner  => 'root',
    group  => 'named',
    mode   => '0750'
  }

  file { "${nchroot}/etc":
    ensure  => 'directory',
    owner   => 'root',
    group   => 'root',
    mode    => '0755',
    seltype => 'etc_t'
  }

  file { "${nchroot}/var":
    ensure  => 'directory',
    owner   => 'root',
    group   => 'root',
    mode    => '0755',
    seltype => 'var_t'
  }

  file { "${nchroot}/etc/named.conf":
    ensure => 'file',
    owner  => 'root',
    group  => 'named',
    mode   => '0640',
    notify => Rsync['named']
  }

  file { "${nchroot}/var/named":
    ensure => 'directory',
    owner  => 'root',
    group  => 'named',
    mode   => '0750',
    notify => Rsync['named']
  }

  file { '/etc/named.conf':
    ensure => "${nchroot}/etc/named.conf"
  }

  rsync { 'named':
    user             => $_rsync_user,
    password         => simplib::passgen($_rsync_user),
    source           => "${rsync_source}/*",
    target           => $nchroot,
    server           => $rsync_server,
    timeout          => $rsync_timeout,
    preserve_devices => true,
    exclude          => [ 'localtime', 'var/run', 'proc' ],
    notify           => Class['named::service']
  }
}