X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Fnamed%2Fmanifests%2Fgeodns.pp;h=b12ed7f9b61d526de866d373ae4e27eaca68469f;hb=29cbe59430d1e7d7d5575579b48513c56227e2f7;hp=d8155cdf3d5c8791f1f3410825eb61a28cc7f4f0;hpb=5a90b360b0ae7601805314f59768da3583d053f6;p=mirror%2Fdsa-puppet.git diff --git a/modules/named/manifests/geodns.pp b/modules/named/manifests/geodns.pp index d8155cdf3..b12ed7f9b 100644 --- a/modules/named/manifests/geodns.pp +++ b/modules/named/manifests/geodns.pp @@ -1,75 +1,63 @@ class named::geodns inherits named { - activate_munin_check { - "bind_views": script => bind; - } + munin::check { 'bind_views': + script => bind + } - file { - "/etc/bind/named.conf.options": - content => template("named/named.conf.options.erb"), - notify => Exec["bind9 reload"]; - "/etc/apt/sources.list.d/geoip.list": - content => template("debian-org/etc/apt/sources.list.d/geoip.list.erb"), - notify => Exec["apt-get update"], - ; - "/etc/bind/named.conf.local": - source => [ "puppet:///named/per-host/$fqdn/named.conf.local", - "puppet:///named/common/named.conf.local" ], - require => Package["bind9"], - notify => Exec["bind9 restart"], - owner => root, - group => root, - ; - "/etc/bind/named.conf.acl": - source => [ "puppet:///named/per-host/$fqdn/named.conf.acl", - "puppet:///named/common/named.conf.acl" ], - require => Package["bind9"], - notify => Exec["bind9 restart"], - owner => root, - group => root, - ; - "/etc/bind/geodns": - ensure => directory, - owner => root, - group => root, - mode => 755, - ; - "/etc/bind/geodns/zonefiles": - ensure => directory, - owner => geodnssync, - group => geodnssync, - mode => 755, - ; - "/etc/bind/geodns/named.conf.geo": - source => [ "puppet:///named/per-host/$fqdn/named.conf.geo", - "puppet:///named/common/named.conf.geo" ], - require => Package["bind9"], - notify => Exec["bind9 restart"], - owner => root, - group => root, - ; - "/etc/bind/geodns/trigger": - source => [ "puppet:///named/per-host/$fqdn/trigger", - "puppet:///named/common/trigger" ], - owner => root, - group => root, - mode => 555, - ; - "/etc/ssh/userkeys/geodnssync": - source => [ "puppet:///named/per-host/$fqdn/authorized_keys", - "puppet:///named/common/authorized_keys" ], - owner => root, - group => geodnssync, - mode => 440, - ; - "/etc/cron.d/dsa-boot-geodnssync": - source => [ "puppet:///named/per-host/$fqdn/cron-geo", - "puppet:///named/common/cron-geo" ], - owner => root, - group => root, - ; - } -} + package { 'geoip-database': + ensure => installed, + } + + file { '/etc/bind/': + ensure => directory, + group => bind, + mode => '2755', + require => Package['bind9'], + notify => Service['bind9'], + } + file { '/etc/bind/geodns': + ensure => directory, + mode => '0755', + } + file { '/etc/bind/named.conf.local': + source => 'puppet:///modules/named/common/named.conf.local', + notify => Service['bind9'], + } + if (versioncmp($::lsbmajdistrelease, '9') >= 0) { + file { '/etc/bind/named.conf.acl': + source => 'puppet:///modules/named/common/named.conf.acl', + notify => Service['bind9'], + } + } else { + file { '/etc/bind/named.conf.acl': + source => 'puppet:///modules/named/common/named.conf.acl.bind99', + notify => Service['bind9'], + } + } + file { '/etc/bind/geodns/zonefiles': + ensure => directory, + owner => geodnssync, + group => geodnssync, + mode => '2755', + } + file { '/etc/bind/geodns/named.conf.geo': + source => 'puppet:///modules/named/common/named.conf.geo', + notify => Service['bind9'], + } + file { '/etc/bind/geodns/trigger': + mode => '0555', + source => 'puppet:///modules/named/common/trigger', + } + file { '/etc/cron.d/dsa-boot-geodnssync': ensure => absent; } + concat::fragment { 'dsa-puppet-stuff--geodns-boot': + target => '/etc/cron.d/dsa-puppet-stuff', + content => @(EOF) + @reboot geodnssync sleep 1m && /etc/bind/geodns/trigger > /dev/null + | EOF + } -# vim:set et: -# vim:set sts=4 ts=4: -# vim:set shiftwidth=4: + ferm::rule { '01-dsa-bind': + domain => '(ip ip6)', + description => 'Allow nameserver access', + rule => '&TCP_UDP_SERVICE(53)' + } +}