Sync to upstream

ChangeLog → CHANGELOG.md

@@ -1,55 +1,79 @@
-2014-05-12 - 0.5.1
+#### 2023-09-07 - 0.5.6
+* Change zone dirmode from 750 to 770 because recent bind 9 requires write.
+
+#### 2021-06-30 - 0.5.5
+* Improve zone validation (#110, @osgpcq).
+* Support $replace on bind::server::file, useful for ddns base zones.
+* Fix bindkeys-file on RHEL8.
+
+#### 2019-01-21 - 0.5.4
+* Add zone file validation (#91, @forgodssake).
+* Fix hint and rfc1912 zones on Debian (#61, #83).
+* Add support for configuring forward mode (#73, @warrenpnz).
+* Fix server::conf and package ordering (#71, @skrivy).
+* Make sure zonedir gets created after bind::package (#55, @jamesbouressa).
+
+#### 2017-02-02 - 0.5.3
+* Fix undefined variable warning.
+
+#### 2016-02-02 - 0.5.2
+* Fix service name on RHEL7+ with chroot (#56, @arrjay).
+* Fix named.conf template bug related to views (#59, @imerali).
+* Add TSIG keys support (#54, @b4ldr).
+* Replace Modulefile with metadata.json.
+
+#### 2014-05-12 - 0.5.1
 * Add FreeBSD support (#26, @fessoga5).
 
-2014-03-14 - 0.5.0
+#### 2014-03-14 - 0.5.0
 * Manage zonedir from server::file, for parent directory (#23, Dougal Scott).
 * Add support for extra_options (#22, Joseph Swick).
 * Add support for $hostname, $server_id (#21, @b4ldr).
 * Disable root hint and rfc1912 zones when not recursive (#21, @b4ldr).
 
-2013-11-26 - 0.4.2
+#### 2013-11-26 - 0.4.2
 * Add support for managed-keys-directory (#19, Sean Edge).
 * Add support for full service restart instead of reload (#19, Sean Edge).
 
-2013-10-15 - 0.4.1
+#### 2013-10-15 - 0.4.1
 * Add support for views (thanks to Sean Edge).
 
-2013-07-17 - 0.4.0
+#### 2013-07-17 - 0.4.0
 * Merge changes by Sebastian Cole.
 * Move parameters into a new bind::params class.
 * Make the service and package classes possible to use separately.
 * Cosmetic cleanups.
 * Update README examples.
 
-2013-04-19 - 0.3.2
+#### 2013-04-19 - 0.3.2
 * Use @varname syntax in templates to silence puppet 3.2 warnings.
 
-2013-04-10 - 0.3.1
+#### 2013-04-10 - 0.3.1
 * Add support for $allow_transfer.
 * Add support for $ensure on server::file, enabling clean zone file removal.
 
-2013-03-08 - 0.3.0
+#### 2013-03-08 - 0.3.0
 * Change to 2 space indent.
 * Major update to the README and use markdown.
 * Minor cosmetic cleanups.
 * Change default for $chroot to false, SELinux is sufficient on RHEL5+.
 
-2012-12-18 - 0.2.5
+#### 2012-12-18 - 0.2.5
 * Change the SELinux type of the log directory back to the original.
 
-2012-09-19 - 0.2.4
+#### 2012-09-19 - 0.2.4
 * Update README to make the main example more useful.
 * Support $source_base for easy inclusion of multiple zone files as-is.
 
-2012-07-17 - 0.2.3
+#### 2012-07-17 - 0.2.3
 * Add support for "include" lines in named.conf.
 
-2012-06-22 - 0.2.2
+#### 2012-06-22 - 0.2.2
 * Add support for a few new configuration values in the main template.
 * Require package for files, for the usual parent directory to exist.
 * Minot updates to the README.
 
-2012-04-23 - 0.2.1
+#### 2012-04-23 - 0.2.1
 * Clean up the module to match current puppetlabs guidelines.
 * Force hash sorting in the template for puppet 2.7+ compatibility.
 

LICENSE

@@ -1,4 +1,4 @@
-Copyright (C) 2011-2013 Matthias Saou
+Copyright (C) 2011-2016 Matthias Saou
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.

README.md

@@ -1,5 +1,15 @@
 # puppet-bind
 
+## Disclaimer
+
+This module has been created when Puppet classes did not support parameters.
+It shows. Tests and Debian/Ubuntu support are external contributions and are
+not as actively maintained as they should be.
+
+The primary focus of this module has always been Enterprise Linux (RHEL, CentOS
+and other clones), and it works fine on releases as far back as RHEL5, although
+the latest RHEL release is always recommended.
+
 ## Overview
 
 Install and enable a BIND DNS server, manage its main configuration and install

manifests/init.pp

@@ -18,37 +18,48 @@
 class bind (
   $chroot            = false,
   $service_reload    = true,
+  $servicename       = $::bind::params::servicename,
   $packagenameprefix = $::bind::params::packagenameprefix,
+  $binduser          = $::bind::params::binduser,
+  $bindgroup         = $::bind::params::bindgroup,
 ) inherits ::bind::params {
 
-  # Main package and service
-  $packagenamesuffix = $chroot ? {
-    true  => '-chroot',
-    false => '',
+  # Chroot differences
+  if $chroot == true {
+    $packagenamesuffix = '-chroot'
+    # Different service name with chroot on RHEL7+)
+    if $::osfamily == 'RedHat' and
+        versioncmp($::operatingsystemrelease, '7') >= 0 {
+      $servicenamesuffix = '-chroot'
+    } else {
+      $servicenamesuffix = ''
+    }
+    $bindlogdir = '/var/named/chroot/var/log/named'
+  } else {
+    $packagenamesuffix = ''
+    $servicenamesuffix = ''
+    $bindlogdir = '/var/log/named'
   }
-  class { 'bind::package':
+
+  # Main package and service
+  class { '::bind::package':
     packagenameprefix => $packagenameprefix,
     packagenamesuffix => $packagenamesuffix,
   }
-  class { 'bind::service':
-    servicename    => $servicename,
+  class { '::bind::service':
+    servicename    => "${servicename}${servicenamesuffix}",
     service_reload => $service_reload,
   }
 
   # We want a nice log file which the package doesn't provide a location for
-  $bindlogdir = $chroot ? {
-    true  => '/var/named/chroot/var/log/named',
-    false => '/var/log/named',
-  }
   file { $bindlogdir:
-    require => Class['bind::package'],
-    ensure  => directory,
-    owner   => $::bind::params::binduser,
-    group   => $::bind::params::bindgroup,
+    ensure  => 'directory',
+    owner   => $binduser,
+    group   => $bindgroup,
     mode    => '0770',
     seltype => 'var_log_t',
-    before  => Class['bind::service'],
+    require => Class['::bind::package'],
+    before  => Class['::bind::service'],
   }
 
 }
-

manifests/package.pp

@@ -5,7 +5,6 @@
   $packagenamesuffix = '',
 ) inherits ::bind::params {
 
-  package { "${packagenameprefix}${packagenamesuffix}": ensure => installed }
+  package { "${packagenameprefix}${packagenamesuffix}": ensure => 'installed' }
 
 }
-

manifests/params.pp

@@ -8,24 +8,44 @@
       $servicename       = 'named'
       $binduser          = 'root'
       $bindgroup         = 'named'
+      $file_hint         = 'named.ca'
+      $file_rfc1912      = '/etc/named.rfc1912.zones'
+      if versioncmp($::operatingsystemrelease, '8') >= 0 {
+        $file_bindkeys   = '/etc/named.root.key'
+      } else {
+        $file_bindkeys   = '/etc/named.iscdlv.key'
+      }
     }
     'Debian': {
       $packagenameprefix = 'bind9'
       $servicename       = 'bind9'
       $binduser          = 'bind'
       $bindgroup         = 'bind'
+      $file_rfc1912      = '/etc/bind/named.conf.default-zones'
+      if $::operatingsystem == 'Ubuntu' {
+        $file_hint = false
+      } else {
+        $file_hint = '/etc/bind/db.root'
+      }
+      $file_bindkeys     = '/etc/named.iscdlv.key'
     }
     'Freebsd': {
       $packagenameprefix = 'bind910'
       $servicename       = 'named'
       $binduser          = 'bind'
       $bindgroup         = 'bind'
+      $file_hint         = 'named.ca'
+      $file_rfc1912      = '/etc/named.rfc1912.zones'
+      $file_bindkeys     = '/etc/named.iscdlv.key'
     }
     default: {
       $packagenameprefix = 'bind'
       $servicename       = 'named'
       $binduser          = 'root'
       $bindgroup         = 'named'
+      $file_hint         = 'named.ca'
+      $file_rfc1912      = '/etc/named.rfc1912.zones'
+      $file_bindkeys     = '/etc/named.iscdlv.key'
     }
   }
 

manifests/server.pp

@@ -4,11 +4,12 @@
 #
 class bind::server (
   $chroot            = false,
-  $packagenameprefix = $bind::params::packagenameprefix
-) inherits bind::params {
-  class { 'bind':
+  $packagenameprefix = $::bind::params::packagenameprefix,
+) inherits ::bind::params {
+
+  class { '::bind':
     chroot            => $chroot,
     packagenameprefix => $packagenameprefix,
   }
-}
 
+}

manifests/server/conf.pp

@@ -24,6 +24,8 @@
 #  $hostname:
 #   Hostname returned for hostname.bind TXT in CHAOS. Set to 'none' to disable.
 #   Default: undef, bind internal default
+#  $forward:
+#   Specific forwarding mode forward ( first | only );. Default: undef, empty
 #  $server_id:
 #   ID returned for id.server TXT in CHAOS. Default: undef, empty
 #  $version:
@@ -46,7 +48,8 @@
 #  $check_names:
 #   Array of check-names strings. Example: [ 'master ignore' ]. Default: empty
 #  $extra_options:
-#   Hash for any additional options that must go in the 'options' declaration. Default: empty
+#   Hash for any additional options that must go in the 'options' declaration.
+#   Default: empty
 #  $dnssec_enable:
 #   Enable DNSSEC support. Default: 'yes'
 #  $dnssec_validation:
@@ -56,6 +59,9 @@
 #  $zones:
 #   Hash of managed zones and their configuration. The key is the zone name
 #   and the value is an array of config lines. Default: empty
+#  $keys:
+#   Hash of managed tsig keys and their configuration. The key is the tsig keys name
+#   and the value is an array of config lines. Default: empty
 #  $includes:
 #   Array of absolute paths to named.conf include files. Default: empty
 #
@@ -78,6 +84,12 @@
 #        'masters { mymasters; }',
 #      ],
 #    }
+#    keys                 => { 
+#      'example.org-tsig' => [
+#        'algorithm hmac-md5',
+#        'secret "aaabbbcccddd"',
+#      ],
+#    }
 #  }
 #
 define bind::server::conf (
@@ -92,6 +104,7 @@
   $directory              = '/var/named',
   $managed_keys_directory = undef,
   $hostname               = undef,
+  $forward                = undef,
   $server_id              = undef,
   $version                = undef,
   $dump_file              = '/var/named/data/cache_dump.db',
@@ -108,43 +121,32 @@
   $dnssec_validation      = 'yes',
   $dnssec_lookaside       = 'auto',
   $zones                  = {},
+  $keys                   = {},
   $includes               = [],
   $views                  = {},
 ) {
 
-  file { '/var/named': 
-    ensure => directory, 
-  }
-
-  file { '/var/named/named.ca': 
-    ensure  => file, 
-    content => template('bind/named.ca.erb'), 
-    owner   => 'root', 
-    group   => 'bind', 
-    mode    => 'u=rw,go=r', 
-  }
-
-  file { '/etc/bind/named.rfc1912.zones': 
-    ensure  => file, 
-    content => template('bind/named.rfc1912.zones.erb'), 
-    owner   => 'root', 
-    group   => 'bind', 
-    mode    => 'ug=rw,o=r', 
-  }
+  # OS Defaults
+  include '::bind::params'
+  $file_hint = $::bind::params::file_hint
+  $file_rfc1912 = $::bind::params::file_rfc1912
+  $file_bindkeys = $::bind::params::file_bindkeys
 
   service { 'apparmor':
     ensure => 'running',
     enable => 'true',
   }
 
-  file { '/etc/apparmor.d/usr.sbin.named': 
+  file { '/etc/apparmor.d/usr.sbin.named':
     notify  => Service['apparmor'],
-    content => template('bind/usr.sbin.named.erb'), 
+    content => template('bind/usr.sbin.named.erb'),
   }
 
+  # Everything is inside a single template
+
   file { $title:
-    notify  => Class['bind::service'],
+    notify  => Class['::bind::service'],
     content => template('bind/named.conf.erb'),
+    require => Class['::bind::package'],
   }
 }
-