/
non_chroot.pp
68 lines (60 loc) · 2.02 KB
/
non_chroot.pp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
# This class configures named for execution on a system using selinux.
# It pulls all config files from rsync.
#
# It is meant to be called from named directly.
#
# @param bind_dns_rsync
# The target under #
# /var/simp/environments/{environment}/rsync/{os}/{maj_version}/bind_dns
# from which to fetch all BIND DNS content.
#
# @author https://github.com/simp/pupmod-simp-named/graphs/contributors
#
class named::non_chroot (
String $bind_dns_rsync = $::named::bind_dns_rsync,
String $rsync_source = "bind_dns_${::named::bind_dns_rsync}_${::environment}_${facts['os']['name']}_${facts['os']['release']['major']}/named",
String $rsync_server = $::named::rsync_server,
Stdlib::Compat::Integer $rsync_timeout = $::named::rsync_timeout
){
assert_private()
include '::rsync'
$_rsync_user = "bind_dns_${::named::bind_dns_rsync}_rsync_${::environment}_${facts['os']['name']}_${facts['os']['release']['major']}"
if ( str2bool($::selinux_enforced) != true ) {
fail( 'named::non_chroot must be used with selinux!')
}
simplib::validate_net_list($rsync_server)
file { '/etc/named.conf':
ensure => 'file',
owner => 'root',
group => 'named',
mode => '0640',
notify => Rsync['named_etc'],
require => Package['bind']
}
file { '/var/named':
ensure => 'directory',
owner => 'root',
group => 'named',
mode => '0750',
notify => Rsync['named'],
require => Package['bind']
}
rsync { 'named':
user => $_rsync_user,
password => simplib::passgen($_rsync_user),
source => "${rsync_source}/var/named",
target => '/var',
server => $rsync_server,
timeout => $rsync_timeout,
notify => Class['named::service']
}
rsync { 'named_etc':
user => $_rsync_user,
password => simplib::passgen($_rsync_user),
source => "${rsync_source}/etc/*",
target => '/etc',
server => $rsync_server,
timeout => $rsync_timeout,
notify => Class['named::service']
}
}