diff --git a/data/common.yaml b/data/common.yaml index d80d128c..14f23a39 100644 --- a/data/common.yaml +++ b/data/common.yaml @@ -1,10 +1,11 @@ --- -bind::params::supported: false +bind::defaults::supported: false +bind::defaults::random_device: '/dev/random' +bind::defaults::rndc: true bind::forwarders: '' bind::dnssec: true bind::version: '' -bind::random_device: '/dev/random' bind::include_local: false bind::updater::keydir: '/etc/nsupdate-keys' diff --git a/data/osfamily/Debian.yaml b/data/osfamily/Debian.yaml index 79f6ff1d..4660f6bf 100644 --- a/data/osfamily/Debian.yaml +++ b/data/osfamily/Debian.yaml @@ -1,13 +1,12 @@ --- -bind::params::supported: true -bind::params::bind_user: 'bind' -bind::params::bind_group: 'bind' -bind::params::bind_package: 'bind9' -bind::params::bind_service: 'bind9' -bind::params::nsupdate_package: 'dnsutils' -bind::params::confdir: '/etc/bind' -bind::namedconf: '/etc/bind/named.conf' -bind::cachedir: '/var/cache/bind' -bind::rndc: true +bind::defaults::supported: true +bind::defaults::bind_user: 'bind' +bind::defaults::bind_group: 'bind' +bind::defaults::bind_package: 'bind9' +bind::defaults::bind_service: 'bind9' +bind::defaults::nsupdate_package: 'dnsutils' +bind::defaults::confdir: '/etc/bind' +bind::defaults::namedconf: '/etc/bind/named.conf' +bind::defaults::cachedir: '/var/cache/bind' bind::updater::keydir: '/etc/bind/keys' diff --git a/data/osfamily/RedHat.yaml b/data/osfamily/RedHat.yaml index db94be8c..8c878636 100644 --- a/data/osfamily/RedHat.yaml +++ b/data/osfamily/RedHat.yaml @@ -1,14 +1,13 @@ --- -bind::params::supported: true -bind::params::bind_user: 'named' -bind::params::bind_group: 'named' -bind::params::bind_package: 'bind' -bind::params::bind_service: 'named' -bind::params::nsupdate_package: 'bind-utils' -bind::params::managed_keys_directory: '/var/named/dynamic' -bind::params::confdir: '/etc/named' -bind::namedconf: '/etc/named.conf' -bind::cachedir: '/var/named' -bind::rndc: true +bind::defaults::supported: true +bind::defaults::bind_user: 'named' +bind::defaults::bind_group: 'named' +bind::defaults::bind_package: 'bind' +bind::defaults::bind_service: 'named' +bind::defaults::nsupdate_package: 'bind-utils' +bind::defaults::managed_keys_directory: '/var/named/dynamic' +bind::defaults::confdir: '/etc/named' +bind::defaults::namedconf: '/etc/named.conf' +bind::defaults::cachedir: '/var/named' bind::updater::keydir: '/etc/named/keys' diff --git a/manifests/defaults.pp b/manifests/defaults.pp new file mode 100644 index 00000000..18c6976e --- /dev/null +++ b/manifests/defaults.pp @@ -0,0 +1,19 @@ +# ex: syntax=puppet si ts=4 sw=4 et + +class bind::defaults ( + $supported = undef, + $confdir = undef, + $namedconf = undef, + $cachedir = undef, + $random_device = undef, + $bind_user = undef, + $bind_group = undef, + $bind_package = undef, + $bind_service = undef, + $nsupdate_package = undef, + $managed_keys_directory = undef, +) { + unless $supported { + fail('Platform is not supported') + } +} diff --git a/manifests/init.pp b/manifests/init.pp index 8d236e4c..65c7c52c 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -1,17 +1,14 @@ # ex: syntax=puppet si ts=4 sw=4 et class bind ( - $namedconf = undef, - $cachedir = undef, - $forwarders = undef, - $dnssec = undef, - $version = undef, + $forwarders = '', + $dnssec = true, + $version = '', $rndc = undef, $statistics_port = undef, - $random_device = undef, - $include_local = undef, -) inherits bind::params { - $auth_nxdomain = false + $auth_nxdomain = false, + $include_local = false, +) inherits bind::defaults { File { ensure => present, diff --git a/manifests/key.pp b/manifests/key.pp index f7bc4ab3..a354eb44 100644 --- a/manifests/key.pp +++ b/manifests/key.pp @@ -5,13 +5,13 @@ $secret_bits = 256, $algorithm = 'hmac-sha256', $owner = 'root', - $group = $bind::params::bind_group, + $group = $::bind::defaults::bind_group, $keydir = $::bind::keydir::keydir, $keyfile = undef, $include = true, ) { - include bind::params - $confdir = $::bind::params::confdir + # Pull some platform defaults into the local scope + $confdir = $::bind::defaults::confdir # Generate a key of size $secret_bits if no $secret $secret_actual = $secret ? { @@ -45,7 +45,7 @@ concat::fragment { "bind-key-${name}": order => '10', - target => "${bind::params::confdir}/keys.conf", + target => "${confdir}/keys.conf", content => "include \"${keydir}/${key_file_name}\";\n", } } diff --git a/manifests/params.pp b/manifests/params.pp deleted file mode 100644 index f3c74a41..00000000 --- a/manifests/params.pp +++ /dev/null @@ -1,16 +0,0 @@ -# ex: syntax=puppet si ts=4 sw=4 et - -class bind::params ( - $supported, - $bind_user, - $bind_group, - $bind_package, - $bind_service, - $nsupdate_package, - $managed_keys_directory = undef, - $confdir, -) { - unless $supported { - fail('Platform is not supported') - } -} diff --git a/manifests/updater.pp b/manifests/updater.pp index a15c59b0..a40e389f 100644 --- a/manifests/updater.pp +++ b/manifests/updater.pp @@ -2,7 +2,7 @@ class bind::updater ( $keydir = undef, -) inherits bind::params { +) inherits bind::defaults { if $nsupdate_package { package { 'nsupdate': diff --git a/manifests/zone.pp b/manifests/zone.pp index 2b3000bd..c76c082a 100644 --- a/manifests/zone.pp +++ b/manifests/zone.pp @@ -21,8 +21,13 @@ ) { # where there is a zone, there is a server include bind - $cachedir = $::bind::cachedir - $random_device = $::bind::random_device + + # Pull some platform defaults into the local scope + $cachedir = $::bind::defaults::cachedir + $random_device = $::bind::defaults::random_device + $bind_user = $::bind::defaults::bind_user + $bind_group = $::bind::defaults::bind_group + $_domain = pick($domain, $name) unless !($masters != '' and ! member(['slave', 'stub'], $zone_type)) { @@ -75,8 +80,8 @@ if member(['init', 'managed', 'allowed'], $zone_file_mode) { file { "${cachedir}/${name}": ensure => directory, - owner => $::bind::params::bind_user, - group => $::bind::params::bind_group, + owner => $bind_user, + group => $bind_group, mode => '0755', require => Package['bind'], } @@ -84,8 +89,8 @@ if member(['init', 'managed'], $zone_file_mode) { file { "${cachedir}/${name}/${_domain}": ensure => present, - owner => $::bind::params::bind_user, - group => $::bind::params::bind_group, + owner => $bind_user, + group => $bind_group, mode => '0644', replace => ($zone_file_mode == 'managed'), source => pick($source, 'puppet:///modules/bind/db.empty'), @@ -96,7 +101,7 @@ if $zone_file_mode == 'managed' { exec { "rndc reload ${_domain}": command => "/usr/sbin/rndc reload ${_domain}", - user => $::bind::params::bind_user, + user => $bind_user, refreshonly => true, require => Service['bind'], subscribe => File["${cachedir}/${name}/${_domain}"], @@ -113,7 +118,7 @@ command => "/usr/local/bin/dnssec-init '${cachedir}' '${name}'\ '${_domain}' '${key_directory}' '${random_device}' '${nsec3_salt}'", cwd => $cachedir, - user => $::bind::params::bind_user, + user => $bind_user, creates => "${cachedir}/${name}/${_domain}.signed", timeout => 0, # crypto is hard require => [ @@ -123,8 +128,8 @@ } file { "${cachedir}/${name}/${_domain}.signed": - owner => $::bind::params::bind_user, - group => $::bind::params::bind_group, + owner => $bind_user, + group => $bind_group, mode => '0644', audit => [ content ], } @@ -133,7 +138,7 @@ file { "${::bind::confdir}/zones/${name}.conf": ensure => present, owner => 'root', - group => $::bind::params::bind_group, + group => $bind_group, mode => '0644', content => template('bind/zone.conf.erb'), notify => Service['bind'], diff --git a/spec/fixtures/hiera/common.yaml b/spec/fixtures/hiera/common.yaml index 44a9e846..cd55b7f5 100644 --- a/spec/fixtures/hiera/common.yaml +++ b/spec/fixtures/hiera/common.yaml @@ -1,3 +1,3 @@ --- -bind::params::confdir: '_CONFDIR_' -bind::namedconf: '_NAMEDCONF_' +bind::defaults::confdir: '_CONFDIR_' +bind::defaults::namedconf: '_NAMEDCONF_'