lookup_options:
# with merge: unique entries in other hiera sources add to the array
- resolv_conf::searchpaths:
+ resolv::searchpaths:
merge: unique
apt::sources::debian::location:
merge: unique
-nameservers: []
-resolv_conf::searchpaths: ['debian.org']
-resolv_conf::resolvoptions: []
+resolv::resolv::nameservers: []
+resolv::searchpaths: ['debian.org']
allow_dns_query: []
role_config__mirrors:
mirror_basedir_prefix: '/srv/mirrors/'
---
-resolv_conf::searchpaths:
+resolv::searchpaths:
- debprivate-oneandone.debian.org
---
-nameservers:
+resolv::nameservers:
- 130.239.18.251
- 2001:6b0:e:2018::251
- 130.239.18.252
- 2001:6b0:e:2018::252
- 130.239.1.90
- 130.239.4.100
-resolv_conf::searchpaths:
+resolv::searchpaths:
- priv.accumu.debian.org
- debprivate-accumu.debian.org
---
-nameservers:
+resolv::nameservers:
- 200.236.31.1
- 200.17.202.3
firewall_blocks_dns: true
---
-resolv_conf::searchpaths:
+resolv::searchpaths:
- debprivate-brainfood.debian.org
---
-nameservers:
+resolv::nameservers:
- 5.153.231.241
- 5.153.231.242
allow_dns_query:
---
-nameservers:
+resolv::nameservers:
- 128.30.2.24
- 128.30.2.25
- 128.30.0.125
-resolv_conf::searchpaths:
+resolv::searchpaths:
- priv.csail.debian.org
# currently only used by VMs with systemd-timesync
local-timeservers:
---
-nameservers:
+resolv::nameservers:
- 143.215.130.231
- 143.215.130.232
---
-nameservers:
+resolv::nameservers:
- 62.217.126.164
- 194.177.210.210
-resolv_conf::searchpaths:
+resolv::searchpaths:
- debprivate-grnet.debian.org
# currently only used by VMs with systemd-timesync
local-timeservers:
---
-nameservers:
+resolv::nameservers:
- 85.17.150.123
- 85.17.96.69
- 85.17.150.123
---
-nameservers:
+resolv::nameservers:
- 82.195.75.109
- 82.195.75.103
allow_dns_query:
- 82.195.75.64/26
- 172.29.180.0/24
-resolv_conf::searchpaths:
+resolv::searchpaths:
- manda.debian.org
- priv.manda.debian.org
# currently only used by VMs with systemd-timesync
---
-nameservers:
+resolv::nameservers:
- 87.117.198.200
- 87.117.237.100
- 87.117.196.200
---
-nameservers:
+resolv::nameservers:
- 193.62.202.28
- 193.62.202.29
-resolv_conf::searchpaths:
+resolv::searchpaths:
- debprivate-sanger.debian.org
allow_dns_query:
- 193.62.202.24/29
---
-resolv_conf::searchpaths:
+resolv::searchpaths:
- priv.sil.debian.org
---
-nameservers:
+resolv::nameservers:
# ubc-enc2bl02
- 209.87.16.2
- 2607:f8f0:614:1::1274:2
# ubc-enc2bl10
- 209.87.16.10
- 2607:f8f0:614:1::1274:10
-resolv_conf::searchpaths:
+resolv::searchpaths:
- debprivate-ubc.debian.org
- priv.ubc.debian.org
allow_dns_query:
---
-nameservers:
+resolv::nameservers:
- 157.193.40.42
---
-nameservers:
+resolv::nameservers:
- 144.32.169.74
- 144.32.169.75
- 144.32.169.76
---
-nameservers:
+resolv::nameservers:
- 80.245.147.141
- 80.245.147.142
- 80.245.147.143
nodeinfo['misc']['v6_ldap'] = nodeinfo['ldap']['ipHostNumber'].select { |x| IPAddr.new(x).ipv6? }
end
- ns = call_function('hiera',['nameservers'])
+ ns = call_function('hiera',['resolv::nameservers'])
allow_dns_q = call_function('hiera',['allow_dns_query'])
if ns.empty?
# no nameservers known for this hoster
-class resolv {
+class resolv(
+ Array[Stdlib::IP::Address] $nameservers = [],
+ Array[String] $searchpaths = [],
+ Array[String] $resolvoptions = [],
+) {
- $nameservers = $facts['unbound'] ? {
- true => ['127.0.0.1'],
- default => lookup('nameservers'),
- }
+ $ns = $facts['unbound'] ? {
+ true => ['127.0.0.1'],
+ default => $nameservers,
+ }
- $searchpaths = lookup('resolv_conf::searchpaths')
- $resolvoptions = lookup('resolv_conf::resolvoptions')
+ file { '/etc/resolv.conf':
+ content => template('resolv/resolv.conf.erb');
+ }
- file { '/etc/resolv.conf':
- content => template('resolv/resolv.conf.erb');
- }
+ file { '/etc/dhcp/dhclient-enter-hooks.d/puppet-no-resolvconf':
+ content => @("EOF"),
+ make_resolv_conf() {
+ :
+ }
+ | EOF
+ mode => '555',
+ ensure => ($dhclient and $unbound) ? {
+ true => 'present',
+ false => 'absent',
+ }
+ }
}
<%
-nameservers = @nameservers
+nameservers = @ns
if nameservers.empty?
scope.function_warning(["Something has gone wrong writing resolv.conf. No nameservers to use - using google's!"])
$client_ranges = hiera('allow_dns_query')
$firewall_blocks_dns = hiera('firewall_blocks_dns', false)
$empty_client_range = empty($client_ranges)
- $ns = hiera('nameservers')
+ $ns = hiera('resolv::nameservers')
package { 'unbound':
ensure => installed