improvement to have a better split between data and code

with this patch, you have only to call the class bind, alls subclasses will be called and the data is sourced via hiera keys all appeded with 's' (see below) few examples: bind::configs: 'named.conf.servers': content: | server 192.168.1.1 { keys { dns-axfr; }; }; bind::acls: primaries: address_match_list: - 192.168.1.1 comment: powerdns bind::keys: dns-axfr: algorithm: hmac-sha512 base64_secret: 'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa==' bind::zone::secondarys: example.net: masters: - 192.168.1.1 I'm hope this will make this module a bit more convinent and handy Best greetings from Berlin /holm
smoeding · Dec 9, 2024 · 26d3aa8 · 26d3aa8
1 parent 3f5b80a
commit 26d3aa8
Show file tree

Hide file tree

Showing 2 changed files with 303 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -42,6 +42,14 @@ class { 'bind':
   allow_recursion   => [ 'localhost', ],
 }
 ```
+Or with hiera
+```puppet
+bind::listen_on: 127.0.0.1
+bind::listen_on_v6: none
+bind::allow_query: localhost
+bind::allow_query_cache: localhost
+bind::allow_recursion: localhost
+```
 
 ## Usage
 
@@ -60,6 +68,22 @@ bind::acl { 'lan':
   address_match_list => [ '192.168.10.0/24' ],
 }
 ```
+Or with hiera
+```puppet
+bind::allow_query:
+  - localhost
+  - lan
+bind::allow_query_cache:
+  - localhost
+  - lan
+bind::allow_recursion:
+  - localhost
+  - lan
+
+bind::acls:
+  lan:
+    address_match_list: 192.168.10.0/24
+```
 
 ### Caching name server with forwarders
 
@@ -73,6 +97,21 @@ class { 'bind':
   forwarders        => [ '10.0.0.53', '10.1.1.53', ],
 }
 ```
+Or with hiera
+```puppet
+bind::allow_query:
+  - localhost
+  - 10/8
+bind::allow_query_cache:
+  - localhost
+  - 10/8
+bind::allow_recursion:
+  - localhost
+  - 10/8
+bind::forwarders:
+  - 10.0.0.53
+  - 10.1.1.53
+```
 
 ### Manage a primary zone
 
@@ -83,6 +122,12 @@ bind::zone::primary { 'example.com':
   source => 'puppet:///modules/profile/dns/example.com.zone',
 }
 ```
+Or with hiera
+```puppet
+bind::zone::primarys:
+  example.com:
+    source: 'puppet:///modules/profile/dns/example.com.zone'
+```
 
 The zone file will be managed on the server as `/var/lib/bind/primary/com/example/db.example.com`. This tree structure is better than a flat directory structure if many zones will be managed by the server.
 
@@ -101,6 +146,18 @@ bind::zone::primary { 'example.com':
   content       => epp("profile/dynamic-zone-template.epp", $params),
 }
 ```
+Or with hiera
+```puppet
+bind::keys:
+  nsupdate:
+    secret: TopSecret
+    keyfile: /etc/bind/nsupdate.key
+
+bind::zone::primarys:
+  example.com:
+    update_policy: grant nsupdate zonesub any
+    content: 'epp("profile/dynamic-zone-template.epp", $params)'
+```
 
 If the zone file `/var/lib/bind/primary/com/example/db.example.com` does not exist on the name server, a new file will be created using the specified template. After that the file content can not be managed by Puppet as `named` will periodically need to update the zone file when processing dynamic updates. The `source` or `content` parameters are ignored in this case.
 
@@ -122,6 +179,20 @@ bind::zone::primary { 'example.net':
   source         => 'puppet:///modules/profile/dns/example.net.zone',
 }
 ```
+Or with hiera
+```puppet
+bind::dnssec_policys:
+  standard:
+    csk_lifetime: unlimited
+    csk_algorithm: ecdsap256sha256
+
+bind::zone::primarys:
+  example.net:
+    dnssec_policy: standard
+    inline_signing: true
+    source: 'puppet:///modules/profile/dns/example.net.zone'
+}
+```
 
 DNSSEC policies are available with Bind 9.16 and later.
 
@@ -138,6 +209,16 @@ bind::view { 'internal':
   order           => '10',
 }
 ```
+Or with hiera
+```puppet
+bind::views:
+  internal:
+    match_clients: localnets
+    allow_query: localnets
+    allow_recursion: localnets
+    recursion: true
+    order: 10
+```
 
 The view `external` is for all other hosts and should only be used for your primary or secondary zones.
 
@@ -151,6 +232,17 @@ bind::view { 'external':
   order                    => '20',
 }
 ```
+Or with hiera
+```puppet
+bind::views:
+  external:
+    match_clients: any
+    allow_query: any
+    recursion: false
+    localhost_forward_enable: false
+    localhost_reverse_enable: false
+    order: 20
+```
 
 The defined types `bind::zone::primary` and `bind::zone::secondary` can be used to add zones to this view.
 

diff --git a/manifests/init.pp b/manifests/init.pp
@@ -321,6 +321,73 @@
 #   once a day the DNSSEC trust anchors in use will be transmitted to the zon
 #   owners. This is enabled by default.
 #
+# @param bind:acls
+#   Hash of `bind::acls` resources.
+#   source the hash of bind::acls and trigger the class bind::acl 
+#
+# @param bind:amls
+#   Hash of `bind::amls` resources.
+#   source the hash of bind::amls and trigger the class bind::aml 
+#
+# @param dnssec_policys
+#   Hash of `bind::dnssec_policys` resources.
+#   source the hash of bind::dnssec_policys and trigger the class bind::dnssec_policy
+#
+# @param keys
+#   Hash of `bind::keys` resources.
+#   source the hash of bind::keys and trigger the class bind::key
+#
+# @param views
+#   Hash of `bind::views` resources.
+#   source the hash of bind::views and trigger the class bind::view
+#
+# @param statistics_channels
+#   Hash of `bind::statistics_channels` resources.
+#   source the hash of bind::statistics_channels and trigger the class bind::statistics_channel
+#
+# @param controls_inets
+#   Hash of `bind::controls::inets` resources.
+#   source the hash of bind::controls::inets and trigger the class bind::controls::inet
+#
+# @param controls_unixs
+#   Hash of `bind::controls::unixs` resources.
+#   source the hash of bind::controls::unixs and trigger the class bind::controls::unix
+#
+# @param logging_categorys
+#   Hash of `bind::logging::categorys` resources.
+#   source the hash of bind::logging::categorys and trigger the class bind::logging::category
+#
+# @param logging_channel_files
+#   Hash of `bind::logging::channel_files` resources.
+#   source the hash of bind::logging::channel_files and trigger the class bind::logging::channel_file
+#
+# @param logging_channel_syslogs
+#   Hash of `bind::logging::channel_syslogs` resources.
+#   source the hash of bind::logging::channel_syslogs and trigger the class bind::logging::channel_syslog
+#
+# @param zone_forwards
+#   Hash of `bind::zone::forwards` resources.
+#   source the hash of bind::zone::forwards and trigger the class bind::zone::forward
+#
+# @param zone_hints
+#   Hash of `bind::zone::hints` resources.
+#   source the hash of bind::zone::hints and trigger the class bind::zone::hint
+#
+# @param zone_in_views
+#   Hash of `bind::zone::in_views` resources.
+#   source the hash of bind::zone::in_views and trigger the class bind::zone::in_view
+#
+# @param zone_mirrors
+#   Hash of `bind::zone::mirrors` resources.
+#   source the hash of bind::zone::mirrors and trigger the class bind::zone::mirror
+#
+# @param zone_primarys
+#   Hash of `bind::zone::primarys` resources.
+#   source the hash of bind::zone::primarys and trigger the class bind::zone::primary
+#
+# @param zone_secondarys
+#   Hash of `bind::zone::secondarys` resources.
+#   source the hash of bind::zone::secondarys and trigger the class bind::zone::secondary
 #
 class bind (
   Stdlib::Absolutepath      $confdir,
@@ -385,6 +452,24 @@
   Optional[String]          $report_version           = undef,
   Optional[Boolean]         $querylog_enable          = undef,
   Optional[Boolean]         $trust_anchor_telemetry   = undef,
+  Optional[Hash]            $acls                     = {},
+  Optional[Hash]            $amls                     = {},
+  Optional[Hash]            $configs                  = {},
+  Optional[Hash]            $dnssec_policys           = {},
+  Optional[Hash]            $keys                     = {},
+  Optional[Hash]            $statistics_channels      = {},
+  Optional[Hash]            $views                    = {},
+  Optional[Hash]            $controls_inets           = lookup(bind::controls::inets,         undef, undef, {}),
+  Optional[Hash]            $controls_unixs           = lookup(bind::controls::unixs,         undef, undef, {}),
+  Optional[Hash]            $logging_categorys        = lookup(bind::logging::categorys,      undef, undef, {}),
+  Optional[Hash]            $logging_channel_files    = lookup(bind::logging::channel_files,  undef, undef, {}),
+  Optional[Hash]            $logging_channel_syslogs  = lookup(bind::logging::syslogs,        undef, undef, {}),
+  Optional[Hash]            $zone_forwards            = lookup(bind::zone::forwards,          undef, undef, {}),
+  Optional[Hash]            $zone_hints               = lookup(bind::zone::hints,             undef, undef, {}),
+  Optional[Hash]            $zone_in_views            = lookup(bind::zone::in_views,          undef, undef, {}),
+  Optional[Hash]            $zone_mirrors             = lookup(bind::zone::in_views,          undef, undef, {}),
+  Optional[Hash]            $zone_primarys            = lookup(bind::zone::primarys,          undef, undef, {}),
+  Optional[Hash]            $zone_secondarys          = lookup(bind::zone::secondarys,        undef, undef, {}),
 ) {
   $header_message = '// This file is managed by Puppet. DO NOT EDIT.'
 
@@ -844,6 +929,13 @@
     before  => Service['bind'],
   }
 
+  $configs.each |$key, $value| {
+    bind::config { $key:
+      * => $value,
+    }
+    notify         => Service['bind'],
+  }
+
   #
   # Misc zone files
   #
@@ -938,4 +1030,123 @@
     name    => $service_name,
     restart => "${rndc_program} reconfig",
   }
+
+  $acls.each |$key, $value| {
+    bind::acl { $key:
+      * => $value,
+    }
+    notify         => Service['bind'],
+  }
+
+  $amls.each |$key, $value| {
+    bind::aml { $key:
+      * => $value,
+    }
+    notify         => Service['bind'],
+  }
+
+  $dnssec_policys.each |$key, $value| {
+    bind::dnssec_policy { $key:
+      * => $value,
+    }
+    notify         => Service['bind'],
+  }
+
+  $keys.each |$key, $value| {
+    bind::key { $key:
+      * => $value,
+    }
+    notify         => Service['bind'],
+  }
+
+  $statistics_channels.each |$key, $value| {
+    bind::statistics_channel { $key:
+      * => $value,
+    }
+    notify         => Service['bind'],
+  }
+
+  $views.each |$key, $value| {
+    bind::view { $key:
+      * => $value,
+    }
+    notify         => Service['bind'],
+  }
+
+  $controls_inets.each |$key, $value| {
+    bind::controls::inet { $key:
+      * => $value,
+    }
+    notify         => Service['bind'],
+  }
+
+  $controls_unixs.each |$key, $value| {
+    bind::controls::unix { $key:
+      * => $value,
+    }
+    notify         => Service['bind'],
+  }
+
+  $logging_categorys.each |$key, $value| {
+    bind::logging::category { $key:
+      * => $value,
+    }
+    notify         => Service['bind'],
+  }
+
+  $logging_channel_files.each |$key, $value| {
+    bind::logging::channel_file { $key:
+      * => $value,
+    }
+    notify         => Service['bind'],
+  }
+
+  $logging_channel_syslogs.each |$key, $value| {
+    bind::logging::channel_syslog { $key:
+      * => $value,
+    }
+    notify         => Service['bind'],
+  }
+
+  $zone_forwards.each |$key, $value| {
+    bind::zone::forward { $key:
+      * => $value,
+    }
+    notify         => Service['bind'],
+  }
+
+  $zone_hints.each |$key, $value| {
+    bind::zone::hint { $key:
+      * => $value,
+    }
+    notify         => Service['bind'],
+  }
+
+  $zone_in_views.each |$key, $value| {
+    bind::zone::in_view { $key:
+      * => $value,
+    }
+    notify         => Service['bind'],
+  }
+
+  $zone_mirrors.each |$key, $value| {
+    bind::zone::mirror { $key:
+      * => $value,
+    }
+    notify         => Service['bind'],
+  }
+
+  $zone_primarys.each |$key, $value| {
+    bind::zone::primary { $key:
+      * => $value,
+    }
+    notify         => Service['bind'],
+  }
+
+  $zone_secondarys.each |$key, $value| {
+    bind::zone::secondary { $key:
+      * => $value,
+    }
+    notify         => Service['bind'],
+  }
 }