Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Forked from zleslie's dns module, reworked for theforeman

  • Loading branch information...
commit 17794329beedfe1af4b3a7074a935cf0ddeaece4 0 parents
Greg Sutcliffe authored
1  .gitignore
@@ -0,0 +1 @@
+pkg/
4 Modulefile
@@ -0,0 +1,4 @@
+name 'theforeman-dns'
+version '1.0.1'
+dependency 'ripienaar-concat', '20100507'
+
15 README.md
@@ -0,0 +1,15 @@
+DNS
+===
+
+A puppet module to setup bind for The Foreman
+
+ToDo
+----
+OSes other than Debian
+
+Credits
+-------
+
+Based on zleslie-dns, with a lot of the guts ripped out. Thanks
+to zleslie for the original work
+
12 files/localhost.zone
@@ -0,0 +1,12 @@
+$TTL 86400
+$ORIGIN localhost.
+@ 1D IN SOA @ root (
+ 42 ; serial (d. adams)
+ 3H ; refresh
+ 15M ; retry
+ 1W ; expiry
+ 1D ) ; minimum
+
+ 1D IN NS @
+ 1D IN A 127.0.0.1
+
86 files/named.ca
@@ -0,0 +1,86 @@
+; This file holds the information on root name servers needed to
+; initialize cache of Internet domain name servers
+; (e.g. reference this file in the "cache . <file>"
+; configuration file of BIND domain name servers).
+;
+; This file is made available by InterNIC
+; under anonymous FTP as
+; file /domain/named.root
+; on server FTP.INTERNIC.NET
+; -OR- RS.INTERNIC.NET
+;
+; last update: Feb 04, 2008
+; related version of root zone: 2008020400
+;
+; formerly NS.INTERNIC.NET
+;
+. 3600000 IN NS A.ROOT-SERVERS.NET.
+A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4
+A.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:BA3E::2:30
+;
+; formerly NS1.ISI.EDU
+;
+. 3600000 NS B.ROOT-SERVERS.NET.
+B.ROOT-SERVERS.NET. 3600000 A 192.228.79.201
+;
+; formerly C.PSI.NET
+;
+. 3600000 NS C.ROOT-SERVERS.NET.
+C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12
+;
+; formerly TERP.UMD.EDU
+;
+. 3600000 NS D.ROOT-SERVERS.NET.
+D.ROOT-SERVERS.NET. 3600000 A 128.8.10.90
+;
+; formerly NS.NASA.GOV
+;
+. 3600000 NS E.ROOT-SERVERS.NET.
+E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10
+;
+; formerly NS.ISC.ORG
+;
+. 3600000 NS F.ROOT-SERVERS.NET.
+F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241
+F.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2f::f
+;
+; formerly NS.NIC.DDN.MIL
+;
+. 3600000 NS G.ROOT-SERVERS.NET.
+G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4
+;
+; formerly AOS.ARL.ARMY.MIL
+;
+. 3600000 NS H.ROOT-SERVERS.NET.
+H.ROOT-SERVERS.NET. 3600000 A 128.63.2.53
+H.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:1::803f:235
+;
+; formerly NIC.NORDU.NET
+;
+. 3600000 NS I.ROOT-SERVERS.NET.
+I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17
+;
+; operated by VeriSign, Inc.
+;
+. 3600000 NS J.ROOT-SERVERS.NET.
+J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30
+J.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:C27::2:30
+;
+; operated by RIPE NCC
+;
+. 3600000 NS K.ROOT-SERVERS.NET.
+K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129
+K.ROOT-SERVERS.NET. 3600000 AAAA 2001:7fd::1
+;
+; operated by ICANN
+;
+. 3600000 NS L.ROOT-SERVERS.NET.
+L.ROOT-SERVERS.NET. 3600000 A 199.7.83.42
+;
+; operated by WIDE
+;
+. 3600000 NS M.ROOT-SERVERS.NET.
+M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33
+M.ROOT-SERVERS.NET. 3600000 AAAA 2001:dc3::35
+; End of File
+
28 files/named.conf.default-zones
@@ -0,0 +1,28 @@
+zone "." {
+ type hint;
+ file "/etc/bind/db.root";
+};
+
+// be authoritative for the localhost forward and reverse zones, and for
+// broadcast zones as per RFC 1912
+
+zone "localhost" {
+ type master;
+ file "/etc/bind/db.local";
+};
+
+zone "127.in-addr.arpa" {
+ type master;
+ file "/etc/bind/db.127";
+};
+
+zone "0.in-addr.arpa" {
+ type master;
+ file "/etc/bind/db.0";
+};
+
+zone "255.in-addr.arpa" {
+ type master;
+ file "/etc/bind/db.255";
+};
+
11 files/named.local
@@ -0,0 +1,11 @@
+$TTL 86400
+@ IN SOA localhost. root.localhost. (
+ 1997022700 ; Serial
+ 28800 ; Refresh
+ 14400 ; Retry
+ 3600000 ; Expire
+ 86400 ) ; Minimum
+ IN NS localhost.
+
+1 IN PTR localhost.
+
6 lib/puppet/parser/functions/date.rb
@@ -0,0 +1,6 @@
+module Puppet::Parser::Functions
+ newfunction(:date, :type => :rvalue) do
+ Time.new.strftime('%s')
+ end
+end
+
5 lib/puppet/parser/functions/get_in_addr_arpa.rb
@@ -0,0 +1,5 @@
+module Puppet::Parser::Functions
+ newfunction(:get_in_addr_arpa, :type => :rvalue) do |args|
+ "#{args[0].split(".").reverse.join(".")}.in-addr.arpa"
+ end
+end
96 manifests/init.pp
@@ -0,0 +1,96 @@
+class dns {
+ include dns::params
+
+ $namedconf_path = $dns::params::namedconf_path
+ $dnsdir = $dns::params::dnsdir
+ $dns_server_package = $dns::params::dns_server_package
+ $rndckeypath = $dns::params::rndckeypath
+ $rndc_alg = $dns::params::rndc_alg
+ $rndc_secret = $dns::params::rndc_secret
+ $optionspath = $dns::params::optionspath
+ $publicviewpath = $dns::params::publicviewpath
+ $publicview = $dns::params::publicview
+ $vardir = $dns::params::vardir
+ $namedservicename = $dns::params::namedservicename
+ $zonefilepath = $dns::params::zonefilepath
+
+ package { "dns":
+ ensure => installed,
+ name => "${dns_server_package}";
+ }
+
+ file {
+ "$namedconf_path":
+ owner => root,
+ group => 0,
+ mode => 644,
+ require => Package["dns"],
+ content => template("dns/named.conf.erb");
+ "$dnsdir":
+ ensure => directory,
+ owner => root,
+ group => 0,
+ mode => 755;
+ "$vardir":
+ owner => $dns::params::user,
+ group => $dns::params::user,
+ recurse => true,
+ mode => 755,
+ ensure => directory;
+ "$optionspath":
+ owner => root,
+ group => 0,
+ mode => 0644,
+ content => template("dns/options.conf.erb");
+ "${vardir}/named.ca":
+ owner => $dns::params::user,
+ group => $dns::params::user,
+ mode => 644,
+ source => "puppet:///modules/dns/named.ca";
+ "${vardir}/named.local":
+ owner => $dns::params::user,
+ group => $dns::params::user,
+ mode => 644,
+ source => "puppet:///modules/dns/named.local";
+ "${vardir}/localhost.zone":
+ owner => $dns::params::user,
+ group => $dns::params::user,
+ mode => 644,
+ source => "puppet:///modules/dns/localhost.zone";
+ "$zonefilepath":
+ owner => $dns::params::user,
+ group => $dns::params::user,
+ mode => 755,
+ ensure => directory;
+ }
+
+ include concat::setup
+
+ concat::fragment {
+ "dns_zone_${zone}-header":
+ order => 05,
+ target => "$publicviewpath",
+ notify => Service["$namedservicename"],
+ content => template("dns/publicView.conf-header.erb");
+ }
+ concat { "${publicviewpath}": }
+
+ service {
+ "$namedservicename":
+ enable => "true",
+ ensure => "running",
+ hasstatus => "true",
+ hasrestart => "true",
+ require => Package["dns"];
+ }
+
+ file { "${vardir}/puppetstore": ensure => directory }
+
+ exec { "create-rndc.key":
+ command => "/usr/sbin/rndc-confgen -r /dev/urandom -a",
+ cwd => "/tmp",
+ creates => "/etc/bind/rndc.key",
+ }
+
+}
+
17 manifests/params.pp
@@ -0,0 +1,17 @@
+class dns::params {
+ $dnsdir = "/etc/bind"
+ $namedconf_path = "${dnsdir}/named.conf"
+ $vardir = "/var/cache/bind"
+ $optionspath = "${dnsdir}/named.conf.options"
+ $dns_server_package = "bind9"
+ $namedservicename = "bind9"
+ $user = 'bind'
+
+ #pertaining to rndc
+ $rndckeypath = "${dnsdir}/rndc.key"
+
+ #pertaining to views
+ $publicviewpath = "${dnsdir}/zones.conf"
+ $publicview = "zones"
+ $zonefilepath = "${vardir}/zones"
+}
10 manifests/rndckey.pp
@@ -0,0 +1,10 @@
+define dns::rndckey ($alg = "hmac-md5",$secret = "APIEQEbbut1VcDEC/p8PRg==") {
+ $keyname = $name
+ file {
+ "${dns::params::rndckeypath}":
+ owner => root,
+ group => bind,
+ mode => 0640,
+ content => template("dns/rndc.key.erb");
+ }
+}
39 manifests/zone.pp
@@ -0,0 +1,39 @@
+define dns::zone ($zonetype="master",$soa,$reverse="false",$ttl="10800",$soaip){
+ $contact = "root@${name}"
+ $serial = 1
+ include dns
+ include dns::params
+
+ $zone = $name
+ $filename = "db.${zone}"
+ $dnsdir = $dns::params::dnsdir
+ $zonefilename = "${dns::params::zonefilepath}/${filename}"
+ $publicviewpath = $dns::params::publicviewpath
+ $zonefilepath = $dns::params::zonefilepath
+ $vardir = $dns::params::vardir
+ $namedservicename = $dns::params::namedservicename
+
+ include concat::setup
+
+ concat { "${vardir}/puppetstore/${filename}": }
+
+ concat::fragment {
+ "dns_zone_${zone}": # this sets the named zones config
+ target => "$publicviewpath",
+ notify => Service["$namedservicename"],
+ content => template("dns/named.zone.erb");
+ "dns_zonefile_${zone}": # build zonefile header
+ order => "05",
+ target => "${vardir}/puppetstore/${filename}",
+ notify => Service["$namedservicename"],
+ content => template("dns/zone.header.erb");
+ }
+
+ exec { "create-zone_${zone}":
+ command => "/bin/cp puppetstore/${filename} zones/${filename}",
+ cwd => "${vardir}",
+ creates => "${vardir}/zones/${filename}",
+ }
+
+}
+
17 templates/named.conf.erb
@@ -0,0 +1,17 @@
+// named.conf
+
+include "<%= rndckeypath %>";
+
+controls {
+ inet 127.0.0.1 port 953 allow {127.0.0.1; }
+ keys { "rndc-key"; };
+};
+
+options {
+ include "<%= optionspath %>";
+};
+
+// Public view read by Server Admin
+
+include "<%= publicviewpath %>";
+
7 templates/named.zone.erb
@@ -0,0 +1,7 @@
+ zone "<%= zone %>" {
+ type <%= zonetype %>;
+ file "<%= zonefilename %>";
+ update-policy {
+ grant rndc-key zonesub ANY;
+ };
+ };
2  templates/options.conf.erb
@@ -0,0 +1,2 @@
+directory "<%= vardir %>";
+
17 templates/publicView.conf-header.erb
@@ -0,0 +1,17 @@
+zone "." IN {
+ type hint;
+ file "named.ca";
+};
+
+zone "localhost" IN {
+ type master;
+ file "localhost.zone";
+ allow-update { none; };
+};
+
+zone "0.0.127.in-addr.arpa" IN {
+ type master;
+ file "named.local";
+ allow-update { none; };
+};
+
5 templates/rndc.key.erb
@@ -0,0 +1,5 @@
+key "<%=keyname%>" {
+ algorithm <%= alg %>;
+ secret "<%= secret %>";
+};
+
14 templates/zone.header.erb
@@ -0,0 +1,14 @@
+$TTL <%= ttl %>
+<%= zone %>. IN SOA <%= soa %>. <%= contact %> (
+ <%= serial %> ;Serial
+ 86400 ;Refresh
+ 3600 ;Retry
+ 604800 ;Expire
+ 3600 ;Negative caching TTL
+ )
+
+$ORIGIN <%= zone %>.
+
+<%= zone %>. IN NS <%= soa %>.
+<%= soa %>. IN A <%= soaip %>
+
Please sign in to comment.
Something went wrong with that request. Please try again.