Stub addresses are generated as hostnames in config

[F00baer]

Hello,
I had the problem that IPv4 addresses were generated as "stub-host" entries in the config file instead of "stub-addr".
Maybe it is better to check for valid IP instead of domain_name in the stub template?

<% if scope.function_is_ip_address([addr]) -%>
stub-addr: <%= addr %>
<% else -%>
stub-host: <%= addr %>
<% end -%>

[zachfi]

Can I see the manifest you used to get into the situation you mentioned?

[F00baer]

On 2015-07-23 17:35, Zach Leslie wrote:

Can I see the manifest you used to get into the situation you mentioned?

—
Reply to this email directly or view it on GitHub
#102 (comment).

Sure,

I manage my stubs as hiera data, like this:

recursor::stubs:
domain1.com:
address:
- "121.120.1.64"
- "121.120.6.5"
- "121.120.6.6"
- "2001:123:4:6::88:5"
- "2001:123:4:6::88:6"
insecure: true
domain2.com:
address:
- "121.121.1.64"
- "121.130.6.11"
- "121.130.6.12"
- "2001:132:4:6::88:11"
- "2001:123:4:6::88:12"
insecure: true

The class is defined in a profile:

class { "unbound":
interface => $ips,
access => $access,
do_ip6 => $do_ip6,
do_ip4 => "yes",
hide_identity => false,
hide_version => false,
val_clean_additional => false,
control_enable => true,
num_threads => $processorcount,
msg_cache_slabs => $processorcount_2,
rrset_cache_slabs => $processorcount_2,
infra_cache_slabs => $processorcount_2,
key_cache_slabs => $processorcount_2,
outgoing_interface => $ipaddress,
prefetch => "yes",
so_rcvbuf => "4m",
num_queries_per_thread => "4096",
outgoing_range => 8192,
rrset_cache_size => "${rcache}m",
msg_cache_size => "${mcache}m",
edns_buffer_size => "4096",
outgoing_port_avoid => "0-1024",
outgoing_port_permit => "1025-65535",
val_permissive_mode => $permissive_mode,
module_config => $module_config,
interface_automatic => $interface_automatic,
chroot => $chroot,
custom_server_conf => [
"so-sndbuf: 4m",
"identity: $identity",
"version: $version",
"val-clean-additional: no",
],
}

$stubs=hiera_hash('recursor::stubs',{})
create_resources('unbound::stub',$stubs,{})

This resulted in just the V6 addresses beeing stub-addr, while the V4
addresses seemed to gotten matched as valid hostnames and were added as
stub-host.
I am using the latest version from git, puppetlabs-concat 1.2.3,
puppetlabs-stdlib 4.5.1, puppet 3.7.5.

Regards,
Markus

[zachfi]

Ah, sounds like we just need to improve our address validation.

[zachfi]

#104

I'll test shortly.

[zachfi]

After testing, my configs looks good and my servers are online. Are you in a position to test? I'm prepared to merge #104 to correct this.

[F00baer]

Hi,

On 2015-07-28 16:56, Zach Leslie wrote:

After testing, my configs looks good and my servers are online. Are you
in a position to test? I'm prepared to merge #104
#104 to correct this.

—
Reply to this email directly or view it on GitHub
#102 (comment).

The patch looks good, still there is a minor issue with the parser.
My puppet agent was not able to find the puppet_x path:

Error: Could not retrieve catalog from remote server: Error 400 on
SERVER: Could not autoload
puppet/parser/functions/validate_unbound_addr: cannot load such file --
puppet_x/unbound/validate_addrs on node uni-resolver-test-ns.puppet-test
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run

However, I found a similar workaround in another module and adapted it:

diff --git a/lib/puppet/parser/functions/validate_unbound_addr.rb
b/lib/puppet/parser/functions/validate_unbound_addr.rb
index d8c5d7b..4b1b4cf 100644
--- a/lib/puppet/parser/functions/validate_unbound_addr.rb
+++ b/lib/puppet/parser/functions/validate_unbound_addr.rb
@@ -1,4 +1,6 @@
-require 'puppet_x/unbound/validate_addrs'
+require File.expand_path(File.join(File.dirname(FILE), '..', '..',
'..',

•                              'puppet_x', 'unbound',
  

  'validate_addrs.rb'))
  +

  Puppet::Parser::Functions.newfunction(:validate_unbound_addr) do |args|
  if (args.size != 1) then

Using this, the IPs were generated quite fine as "stub-addr" and
hostnames as "stub-host" entries as they should.
Thanks!

-Markus

[zachfi]

That puppet_x code is missing on the master it looks like. So now that we rely on functions, and functions are executed on the master.

If you have an environment that contains this code, you can do puppet plugin download --environment $e -v on the master to ensure that the function and the rest of the lib code are available on the master side.

[F00baer]

On 2015-07-29 00:33, Zach Leslie wrote:

That puppet_x code is missing on the master it looks like. So now that
we rely on functions, and functions are executed on the master.

If you have an environment that contains this code, you can do |puppet
plugin download --environment $e -v| on the master to ensure that the
function and the rest of the lib code are available on the master side.

—
Reply to this email directly or view it on GitHub
#102 (comment).

Thanks for the hint, just downloaded the plugins using your command and
now the module works as it was.

-Markus

[zachfi]

#104 has been merged and 1.2.0 has been released for this effort. Thank you for the report.