-
Notifications
You must be signed in to change notification settings - Fork 71
/
zone.pp
116 lines (107 loc) · 4.31 KB
/
zone.pp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
# @summary Define new zone for the dns
#
# @param soaip
# The IP address for the SOA. If `reverse` is false, an A record will be
# created pointing to this IP address for `$soa`. This only makes sense if
# `$soa` is withing this zone and needs glue records.
#
# @param soaipv6
# The IPv6 address for the SOA. If `reverse` is false, an AAAA record will be
# created pointing to this IP address for `$soa`. This only makes sense if
# `$soa` is withing this zone and needs glue records.
#
# @param manage_file
# Whether the manage the file resource. When true $manage_file_name is implied.
#
# @param manage_file_name
# Whether to set the file parameter in the zone file.
#
# @param update_policy_rules
# This can be used to specifiy additional update policy rules in the
# following format
# { '<KEY_NAME' => {'matchtype' => '<VALUE>', 'tname' => '<VALUE>', 'rr' => 'VALUE' } }
# Example {'foreman_key' => {'matchtype' => 'zonesub', 'rr' => 'ANY'}}
# tname and rr are optional
#
define dns::zone (
Array[String] $target_views = [],
String $zonetype = 'master',
String $soa = $fqdn,
Boolean $reverse = false,
String $ttl = '10800',
Optional[Stdlib::IP::Address::V4] $soaip = undef,
Optional[Stdlib::IP::Address::V6] $soaipv6 = undef,
Integer $refresh = 86400,
Integer $update_retry = 3600,
Integer $expire = 604800,
Integer $negttl = 3600,
Integer $serial = 1,
Array $masters = [],
Array $allow_transfer = [],
Array $allow_query = [],
Array $also_notify = [],
String $zone = $title,
Optional[String] $contact = undef,
Stdlib::Absolutepath $zonefilepath = $dns::zonefilepath,
String $filename = "db.${title}",
Boolean $manage_file = true,
Boolean $manage_file_name = false,
Enum['first', 'only'] $forward = 'first',
Array $forwarders = [],
Optional[Enum['yes', 'no', 'explicit']] $dns_notify = undef,
Hash[String, Hash[String, Data]] $update_policy_rules = {}, # deprecated
Optional[Dns::UpdatePolicy] $update_policy = undef,
) {
$_contact = pick($contact, "root.${zone}.")
if $update_policy == undef {
if $update_policy_rules.length > 0 {
warning('update_policy_rules are deprecated in favour of update_policy')
}
$real_update_policy = $update_policy_rules + {
'rndc-key' => {'matchtype' => 'zonesub', 'rr' => 'ANY'}
}
} else {
$real_update_policy = $update_policy
}
$zonefilename = "${zonefilepath}/${filename}"
if $dns::enable_views {
if $target_views == [] {
warning('You seem to mix BIND views with global zones, which will probably fail')
$_target_views = ['_GLOBAL_']
} else {
$_target_views = $target_views
}
} else {
$_target_views = ['_GLOBAL_']
}
if $zonetype == 'slave' {
$_dns_notify = pick($dns_notify, 'no')
} else {
$_dns_notify = $dns_notify
}
$_target_views.each |$view| {
$target = $view ? {
'_GLOBAL_' => $dns::publicviewpath,
default => "${dns::viewconfigpath}/${view}.conf",
}
concat::fragment { "dns_zones+10_${view}_${title}.dns":
target => $target,
content => template('dns/named.zone.erb'),
order => "${view}-11-${zone}-1",
}
unless ($view == '_GLOBAL_' or defined(Dns::View[$view])) {
fail("Please define a dns::view '${view}' before using it as a dns::zone target")
}
}
if $manage_file {
file { $zonefilename:
ensure => file,
owner => $dns::user,
group => $dns::group,
mode => '0644',
content => template('dns/zone.header.erb'),
replace => false,
notify => Class['dns::service'],
}
}
}