.puppet-lint.rc

@@ -1,4 +1,3 @@
 --fail-on-warnings
 --no-140chars-check
 --no-class_inherits_from_params_class-check
---no-parameter_documentation-check

.sync.yml

@@ -1,7 +1,4 @@
 ---
-.puppet-lint.rc:
-  extra_disabled_lint_checks:
-    - parameter_documentation
 .travis.yml:
   beaker_sets:
     - centos6-64

CHANGELOG.md

@@ -1,5 +1,19 @@
 # Changelog
 
+## [8.1.0](https://github.com/theforeman/puppet-dns/tree/8.1.0) (2020-10-27)
+
+[Full Changelog](https://github.com/theforeman/puppet-dns/compare/8.0.0...8.1.0)
+
+**Implemented enhancements:**
+
+- Add the ability to define logging [\#172](https://github.com/theforeman/puppet-dns/pull/172) ([coreone](https://github.com/coreone))
+
+**Fixed bugs:**
+
+- Enforce parameter\_documentation lint plugin [\#176](https://github.com/theforeman/puppet-dns/pull/176) ([ekohl](https://github.com/ekohl))
+- Update zone documentation [\#174](https://github.com/theforeman/puppet-dns/pull/174) ([marcdeop](https://github.com/marcdeop))
+- Fix custom key ordering [\#173](https://github.com/theforeman/puppet-dns/pull/173) ([coreone](https://github.com/coreone))
+
 ## [8.0.0](https://github.com/theforeman/puppet-dns/tree/8.0.0) (2020-05-13)
 
 [Full Changelog](https://github.com/theforeman/puppet-dns/compare/7.0.0...8.0.0)

HISTORY.md

@@ -1,3 +1,117 @@
+## [8.1.0](https://github.com/theforeman/puppet-dns/tree/8.1.0) (2020-10-27)
+
+[Full Changelog](https://github.com/theforeman/puppet-dns/compare/8.0.0...8.1.0)
+
+**Implemented enhancements:**
+
+- Add the ability to define logging [\#172](https://github.com/theforeman/puppet-dns/pull/172) ([coreone](https://github.com/coreone))
+
+**Fixed bugs:**
+
+- Enforce parameter\_documentation lint plugin [\#176](https://github.com/theforeman/puppet-dns/pull/176) ([ekohl](https://github.com/ekohl))
+- Update zone documentation [\#174](https://github.com/theforeman/puppet-dns/pull/174) ([marcdeop](https://github.com/marcdeop))
+- Fix custom key ordering [\#173](https://github.com/theforeman/puppet-dns/pull/173) ([coreone](https://github.com/coreone))
+
+## [8.0.0](https://github.com/theforeman/puppet-dns/tree/8.0.0) (2020-05-13)
+
+[Full Changelog](https://github.com/theforeman/puppet-dns/compare/7.0.0...8.0.0)
+
+**Breaking changes:**
+
+- Use modern facts [\#169](https://github.com/theforeman/puppet-dns/issues/169)
+- Make bind view clauses optional [\#163](https://github.com/theforeman/puppet-dns/pull/163) ([dlucredativ](https://github.com/dlucredativ))
+- Make zone update\_policy\_rules more generic [\#157](https://github.com/theforeman/puppet-dns/pull/157) ([damluk](https://github.com/damluk))
+
+**Implemented enhancements:**
+
+- Fixes [\#29210](https://projects.theforeman.org/issues/29210) - support el8 [\#160](https://github.com/theforeman/puppet-dns/pull/160) ([wbclark](https://github.com/wbclark))
+- Introduce several dnssec related zone options [\#158](https://github.com/theforeman/puppet-dns/pull/158) ([damluk](https://github.com/damluk))
+
+## [7.0.0](https://github.com/theforeman/puppet-dns/tree/7.0.0) (2020-02-11)
+
+[Full Changelog](https://github.com/theforeman/puppet-dns/compare/6.2.0...7.0.0)
+
+**Breaking changes:**
+
+- Refactor soaip in dns::zone [\#151](https://github.com/theforeman/puppet-dns/pull/151) ([ekohl](https://github.com/ekohl))
+
+**Implemented enhancements:**
+
+- Add Debian 10 [\#153](https://github.com/theforeman/puppet-dns/pull/153) ([mmoll](https://github.com/mmoll))
+- Add manage\_service parameter [\#149](https://github.com/theforeman/puppet-dns/pull/149) ([flyingstar16](https://github.com/flyingstar16))
+
+## [6.2.0](https://github.com/theforeman/puppet-dns/tree/6.2.0) (2019-07-19)
+
+[Full Changelog](https://github.com/theforeman/puppet-dns/compare/6.1.0...6.2.0)
+
+**Implemented enhancements:**
+
+- Validate named.conf and zones.conf using named-checkconf [\#144](https://github.com/theforeman/puppet-dns/pull/144) ([antaflos](https://github.com/antaflos))
+- Allow setting service restart command [\#143](https://github.com/theforeman/puppet-dns/pull/143) ([antaflos](https://github.com/antaflos))
+- Don't set forbidden zone options for zone type 'forward' [\#142](https://github.com/theforeman/puppet-dns/pull/142) ([antaflos](https://github.com/antaflos))
+
+## [6.1.0](https://github.com/theforeman/puppet-dns/tree/6.1.0) (2019-06-12)
+
+[Full Changelog](https://github.com/theforeman/puppet-dns/compare/6.0.0...6.1.0)
+
+**Implemented enhancements:**
+
+- Add support for managing sysconfig settings [\#145](https://github.com/theforeman/puppet-dns/pull/145) ([antaflos](https://github.com/antaflos))
+- Make managing BIND system group optional [\#139](https://github.com/theforeman/puppet-dns/pull/139) ([antaflos](https://github.com/antaflos))
+
+**Merged pull requests:**
+
+- Allow puppetlabs/concat and puppetlabs/stdlib 6.x [\#146](https://github.com/theforeman/puppet-dns/pull/146) ([alexjfisher](https://github.com/alexjfisher))
+
+## [6.0.0](https://github.com/theforeman/puppet-dns/tree/6.0.0) (2019-04-15)
+
+[Full Changelog](https://github.com/theforeman/puppet-dns/compare/5.4.0...6.0.0)
+
+**Breaking changes:**
+
+- drop Puppet 4 [\#137](https://github.com/theforeman/puppet-dns/pull/137) ([mmoll](https://github.com/mmoll))
+- drop EOL OSes [\#136](https://github.com/theforeman/puppet-dns/pull/136) ([mmoll](https://github.com/mmoll))
+
+## [5.4.0](https://github.com/theforeman/puppet-dns/tree/5.4.0) (2019-01-10)
+
+[Full Changelog](https://github.com/theforeman/puppet-dns/compare/5.3.1...5.4.0)
+
+**Implemented enhancements:**
+
+- Convert documentation to puppet-strings [\#133](https://github.com/theforeman/puppet-dns/pull/133) ([ekohl](https://github.com/ekohl))
+- Add keys parameter and create\_resources accordingly [\#130](https://github.com/theforeman/puppet-dns/pull/130) ([marcdeop](https://github.com/marcdeop))
+- Add Puppet 6 support [\#129](https://github.com/theforeman/puppet-dns/pull/129) ([ekohl](https://github.com/ekohl))
+
+## [5.3.1](https://github.com/theforeman/puppet-dns/tree/5.3.1) (2018-10-04)
+
+[Full Changelog](https://github.com/theforeman/puppet-dns/compare/5.3.0...5.3.1)
+
+**Merged pull requests:**
+
+- Allow puppetlabs/stdlib 5.x [\#126](https://github.com/theforeman/puppet-dns/pull/126) ([ekohl](https://github.com/ekohl))
+- allow puppetlabs-concat 5.x [\#122](https://github.com/theforeman/puppet-dns/pull/122) ([mmoll](https://github.com/mmoll))
+
+## [5.3.0](https://github.com/theforeman/puppet-dns/tree/5.3.0) (2018-07-16)
+
+[Full Changelog](https://github.com/theforeman/puppet-dns/compare/5.2.0...5.3.0)
+
+**Implemented enhancements:**
+
+- Support Ubuntu/bionic, drop Fedora 25 [\#115](https://github.com/theforeman/puppet-dns/pull/115) ([mmoll](https://github.com/mmoll))
+
+## [5.2.0](https://github.com/theforeman/puppet-dns/tree/5.2.0) (2018-05-22)
+
+[Full Changelog](https://github.com/theforeman/puppet-dns/compare/5.1.0...5.2.0)
+
+**Implemented enhancements:**
+
+- Adds control keys and specifying update policy [\#108](https://github.com/theforeman/puppet-dns/pull/108) ([zyronix](https://github.com/zyronix))
+
+**Closed issues:**
+
+- Fails with puppetlabs/concat 4.1.1 [\#107](https://github.com/theforeman/puppet-dns/issues/107)
+- Add support for adding keys for nsupdate [\#94](https://github.com/theforeman/puppet-dns/issues/94)
+
 ## 5.1.0
 
 * Stop shipping development code in releases

README.md

@@ -32,6 +32,47 @@ dns::key {'dns-key':}
 Slaves can also be configured by setting `allow_transfer` in the master's zone
 and setting `zonetype => 'slave'` in the slave's zone.
 
+Logging can be added with the `dns::logging_categories` and `dns::logging_channels` defined types.  The following Hiera example shows all the available options:
+
+```yaml
+dns::logging_categories:
+  unmatched:
+    channels:
+      - 'test_file'
+      - 'test_stderr'
+      - 'test_syslog'
+      - 'test_null'
+dns::logging_channels:
+  test_file:
+    file_path: '/var/log/named/test.log'
+    file_versions: 3
+    file_size: '5m'
+    log_type: 'file'
+    print_category: 'yes'
+    print_severity: 'yes'
+    print_time: 'yes'
+    severity: 'dynamic'
+  test_null:
+    log_type: 'null'
+    print_category: 'yes'
+    print_severity: 'yes'
+    print_time: 'yes'
+    severity: 'dynamic'
+  test_stderr:
+    log_type: 'stderr'
+    print_category: 'yes'
+    print_severity: 'yes'
+    print_time: 'yes'
+    severity: 'dynamic'
+  test_syslog:
+    log_type: 'syslog'
+    print_category: 'yes'
+    print_severity: 'yes'
+    print_time: 'yes'
+    severity: 'dynamic'
+    syslog_facility: 'auth'
+```
+
 # Credits
 
 Based on zleslie-dns, with a lot of the guts ripped out. Thanks
@@ -47,15 +88,15 @@ See the CONTRIBUTING.md file for much more information.
 
 # More info
 
-See https://theforeman.org or at #theforeman irc channel on freenode
+See [https://theforeman.org](https://theforeman.org) or at #theforeman irc channel on freenode
 
 Copyright (c) 2010-2016 Foreman developers and Zach Leslie
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
 
-https://www.apache.org/licenses/LICENSE-2.0
+[https://www.apache.org/licenses/LICENSE-2.0](https://www.apache.org/licenses/LICENSE-2.0)
 
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,

manifests/config.pp

@@ -1,10 +1,6 @@
 # Configure dns
 # @api private
 class dns::config {
-  if $dns::group_manage {
-    group { $dns::params::group: }
-  }
-
   concat { $dns::publicviewpath:
     owner        => root,
     group        => $dns::params::group,
@@ -28,7 +24,7 @@
   }
 
   concat { $dns::namedconf_path:
-    owner        => root,
+    owner        => 'root',
     group        => $dns::params::group,
     mode         => '0640',
     require      => Concat[$dns::optionspath],
@@ -38,7 +34,7 @@
   # This file cannot be checked by named-checkconf because its content is only
   # valid inside an "options { };" directive.
   concat { $dns::optionspath:
-    owner => root,
+    owner => 'root',
     group => $dns::params::group,
     mode  => '0640',
   }

manifests/init.pp

@@ -14,6 +14,8 @@
 #   Path of the config file holding all the zones
 # @param vardir
 #   Directory holding the variable or working files
+# @param logdir
+#   Directory holding the log files for named
 # @param group_manage
 #   Should this module manage the Unix system group under which BIND runs (see
 #   dns::params)?  Defaults to true. Set to false if you want to manage the
@@ -119,9 +121,15 @@
 #   A hash of zones to be created. See dns::zone for options.
 # @param keys
 #   A hash of keys to be created. See dns::key for options.
+# @param logging_categories
+#   A hash of logging categories to be created. See dns::logging::category for options.
+# @param logging_channels
+#   A hash of logging channels to be created. See dns::logging::channel for options.
 #
 # @see dns::zone
 # @see dns::key
+# @see dns::logging::category
+# @see dns::logging::channel
 class dns (
   Stdlib::Absolutepath $namedconf_path                              = $dns::params::namedconf_path,
   Stdlib::Absolutepath $dnsdir                                      = $dns::params::dnsdir,
@@ -130,6 +138,7 @@
   Stdlib::Absolutepath $optionspath                                 = $dns::params::optionspath,
   Stdlib::Absolutepath $publicviewpath                              = $dns::params::publicviewpath,
   Stdlib::Absolutepath $vardir                                      = $dns::params::vardir,
+  Stdlib::Absolutepath $logdir                                      = $dns::params::logdir,
   Boolean $group_manage                                             = $dns::params::group_manage,
   Boolean $manage_service                                           = $dns::params::manage_service,
   String $namedservicename                                          = $dns::params::namedservicename,
@@ -164,6 +173,8 @@
   Boolean $enable_views                                             = $dns::params::enable_views,
   Hash[String, Hash] $zones                                         = $dns::params::zones,
   Hash[String, Hash] $keys                                          = $dns::params::keys,
+  Hash[String, Hash] $logging_categories                            = $dns::params::logging_categories,
+  Hash[String, Hash] $logging_channels                              = $dns::params::logging_channels,
 ) inherits dns::params {
 
   include dns::install
@@ -174,4 +185,6 @@
 
   create_resources('dns::key', $keys)
   create_resources('dns::zone', $zones)
+  create_resources('dns::logging::category', $logging_categories)
+  create_resources('dns::logging::channel', $logging_channels)
 }

manifests/install.pp

@@ -3,5 +3,14 @@
 class dns::install {
   if ! empty($dns::dns_server_package) {
     ensure_packages([$dns::dns_server_package])
+    $pkg_req = Package[$dns::dns_server_package]
+  } else {
+    $pkg_req = undef
+  }
+
+  if $dns::group_manage {
+    group { $dns::group:
+      require => $pkg_req,
+    }
   }
 }

manifests/key.pp

@@ -33,12 +33,14 @@
       group   => $dns::group,
       mode    => '0640',
       content => template('dns/key.erb'),
+      before  => Class['dns::config'],
       notify  => Class['dns::service'],
     }
   } else {
     exec { "create-${filename}":
       command => "${dns::rndcconfgen} -r /dev/urandom -a -c ${keyfilename} -b ${keysize} -k ${name}",
       creates => $keyfilename,
+      before  => Class['dns::config'],
       notify  => Class['dns::service'],
     }-> file { $keyfilename:
       owner => 'root',

manifests/logging.pp

@@ -0,0 +1,22 @@
+# Enable logging for named
+# @api private
+class dns::logging {
+  file { $dns::logdir:
+    ensure => directory,
+    owner  => $dns::params::user,
+    group  => $dns::params::group,
+    mode   => '0755',
+  }
+
+  concat::fragment { 'named.conf+50-logging-header.dns':
+    target  => $dns::namedconf_path,
+    content => "logging {\n",
+    order   => 50,
+  }
+
+  concat::fragment { 'named.conf+60-logging-footer.dns':
+    target  => $dns::namedconf_path,
+    content => "};\n",
+    order   => 60,
+  }
+}

manifests/logging/category.pp

@@ -0,0 +1,21 @@
+# Define new category for logging
+#
+# @param channels
+#   The array of channels to attach to the category
+#
+# @param order
+#   The order of the category in the configuration file
+define dns::logging::category (
+  Array $channels,
+  Integer[51, 59] $order = 55,
+) {
+  include dns::logging
+
+  $category_name = $title
+
+  concat::fragment { "named.conf-logging-category-${title}.dns":
+    target  => $dns::namedconf_path,
+    content => template('dns/log.category.conf.erb'),
+    order   => $order,
+  }
+}