allnodeinfo = scope.lookupvar('site::allnodeinfo')
roles = scope.lookupvar('site::roles')
- %w{mailrelay nagiosmaster extranrpeclient muninmaster dbmaster static_mirror static_source static_master dns_geo postgres_backup_server syncproxy security_master ftp_master historical_master ports_master mirrormaster}.each do |role|
+ %w{mailrelay nagiosmaster extranrpeclient muninmaster dbmaster static_mirror static_source static_master dns_geo postgres_backup_server syncproxy security_master ftp_master historical_master ports_master mirrormaster dns_primary}.each do |role|
rolehost[role] = []
roles[role].each do |node|
next unless allnodeinfo.has_key?(node) and allnodeinfo[node].has_key?('ipHostNumber')
@def $HOST_RCODE0 = (83.136.34.0/27 2A02:850:8::/47);
@def $HOST_NETNOD = (192.71.80.0/24 192.36.144.222 192.36.144.218 194.146.105.24 194.146.105.25 2a01:3f0:0:27::24 2a01:3f0:0:28::25);
+@def $HOST_DNSPRIMARY_V4 = (<%= scope.function_filter_ipv4([rolehost['dns_primary']]).uniq.join(' ') %>);
+@def $HOST_DNSPRIMARY_V6 = (<%= scope.function_filter_ipv6([rolehost['dns_primary']]).uniq.join(' ') %>);
+@def $HOST_DNSPRIMARY = ($HOST_DNSPRIMARY_V4 $HOST_DNSPRIMARY_V6);
+
<%
def getfastlyranges()
begin
include named::authoritative
- $notify_address = join(getfromhash($site::allnodeinfo, 'denis.debian.org', 'ipHostNumber'), " ")
$notify_address_bind = join(getfromhash($site::allnodeinfo, 'denis.debian.org', 'ipHostNumber'), "; ")
@ferm::rule { '01-dsa-bind':
domain => '(ip ip6)',
description => 'Allow nameserver access',
- rule => "\&TCP_UDP_SERVICE_RANGE(53, ( $HOST_NAGIOS $notify_address ) )",
+ rule => '&TCP_UDP_SERVICE_RANGE(53, ( $HOST_NAGIOS $HOST_DNSPRIMARY ) )',
}
concat::fragment { 'dsa-named-conf-puppet-misc---openpgpkey-zone':
projects / mirror / dsa-puppet.git / commitdiff