From: Tollef Fog Heen <tfheen@err.no>
Date: Sat, 12 Aug 2017 14:27:48 +0000 (+0200)
Subject: The ACL file is not actually a template, so do this with puppet instead
X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=efcbedcb29c23a6d3357ca1ca195701fa3086a32;p=mirror%2Fdsa-puppet.git

The ACL file is not actually a template, so do this with puppet instead

Just use two files for now and logic in the puppet recipe.
---

diff --git a/modules/named/files/common/named.conf.acl b/modules/named/files/common/named.conf.acl
index 5efaab5d8..0b5a32c59 100644
--- a/modules/named/files/common/named.conf.acl
+++ b/modules/named/files/common/named.conf.acl
@@ -3,294 +3,285 @@
 // USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
 //
 
-<%- def country
-def country(c)
-    if scope.call_function('versioncmp', [@lsbmajdistrelease, '9']) <= 0
-        "geoip country " + c
-    else
-	"country_" + c
-    end
-end %->
-
 // Africa
 acl AF {
-	<%= country "AO" %>;
-	country_BF;
-	country_BI;
-	country_BJ;
-	country_BW;
-	country_CD;
-	country_CF;
-	country_CG;
-	country_CI;
-	country_CM;
-	country_CV;
-	country_DJ;
-	country_DZ;
-	country_EG;
-	country_EH;
-	country_ER;
-	country_ET;
-	country_GA;
-	country_GH;
-	country_GM;
-	country_GN;
-	country_GQ;
-	country_GW;
-	country_KE;
-	country_KM;
-	country_LR;
-	country_LS;
-	country_LY;
-	country_MA;
-	country_MG;
-	country_ML;
-	country_MR;
-	country_MU;
-	country_MW;
-	country_MZ;
-	country_NA;
-	country_NE;
-	country_NG;
-	country_RE;
-	country_RW;
-	country_SC;
-	country_SD;
-	country_SH;
-	country_SL;
-	country_SN;
-	country_SO;
-	country_ST;
-	country_SZ;
-	country_TD;
-	country_TG;
-	country_TN;
-	country_TZ;
-	country_UG;
-	country_YT;
-	country_ZA;
-	country_ZM;
-	country_ZW;
+	geoip country AO;
+	geoip country BF;
+	geoip country BI;
+	geoip country BJ;
+	geoip country BW;
+	geoip country CD;
+	geoip country CF;
+	geoip country CG;
+	geoip country CI;
+	geoip country CM;
+	geoip country CV;
+	geoip country DJ;
+	geoip country DZ;
+	geoip country EG;
+	geoip country EH;
+	geoip country ER;
+	geoip country ET;
+	geoip country GA;
+	geoip country GH;
+	geoip country GM;
+	geoip country GN;
+	geoip country GQ;
+	geoip country GW;
+	geoip country KE;
+	geoip country KM;
+	geoip country LR;
+	geoip country LS;
+	geoip country LY;
+	geoip country MA;
+	geoip country MG;
+	geoip country ML;
+	geoip country MR;
+	geoip country MU;
+	geoip country MW;
+	geoip country MZ;
+	geoip country NA;
+	geoip country NE;
+	geoip country NG;
+	geoip country RE;
+	geoip country RW;
+	geoip country SC;
+	geoip country SD;
+	geoip country SH;
+	geoip country SL;
+	geoip country SN;
+	geoip country SO;
+	geoip country ST;
+	geoip country SZ;
+	geoip country TD;
+	geoip country TG;
+	geoip country TN;
+	geoip country TZ;
+	geoip country UG;
+	geoip country YT;
+	geoip country ZA;
+	geoip country ZM;
+	geoip country ZW;
 };
 
 // Asia
 acl AS {
-	country_AE;
-	country_AF;
-	country_AM;
-	country_AP; // global region Asia/Pacific
-	country_AZ;
-	country_BD;
-	country_BH;
-	country_BN;
-	country_BT;
-	country_CC;
-	country_CN;
-	country_CX;
-	country_CY;
-	country_GE;
-	country_HK;
-	country_ID;
-	country_IL;
-	country_IN;
-	country_IO;
-	country_IQ;
-	country_IR;
-	country_JO;
-	country_JP;
-	country_KG;
-	country_KH;
-	country_KP;
-	country_KR;
-	country_KW;
-	country_KZ;
-	country_LA;
-	country_LB;
-	country_LK;
-	country_MM;
-	country_MN;
-	country_MO;
-	country_MV;
-	country_MY;
-	country_NP;
-	country_OM;
-	country_PH;
-	country_PK;
-	country_PS;
-	country_QA;
-	country_SA;
-	country_SG;
-	country_SY;
-	country_TH;
-	country_TJ;
-	country_TL;
-	country_TM;
-	country_TW;
-	country_UZ;
-	country_VN;
-	country_YE;
+	geoip country AE;
+	geoip country AF;
+	geoip country AM;
+	geoip country AP; // global region Asia/Pacific
+	geoip country AZ;
+	geoip country BD;
+	geoip country BH;
+	geoip country BN;
+	geoip country BT;
+	geoip country CC;
+	geoip country CN;
+	geoip country CX;
+	geoip country CY;
+	geoip country GE;
+	geoip country HK;
+	geoip country ID;
+	geoip country IL;
+	geoip country IN;
+	geoip country IO;
+	geoip country IQ;
+	geoip country IR;
+	geoip country JO;
+	geoip country JP;
+	geoip country KG;
+	geoip country KH;
+	geoip country KP;
+	geoip country KR;
+	geoip country KW;
+	geoip country KZ;
+	geoip country LA;
+	geoip country LB;
+	geoip country LK;
+	geoip country MM;
+	geoip country MN;
+	geoip country MO;
+	geoip country MV;
+	geoip country MY;
+	geoip country NP;
+	geoip country OM;
+	geoip country PH;
+	geoip country PK;
+	geoip country PS;
+	geoip country QA;
+	geoip country SA;
+	geoip country SG;
+	geoip country SY;
+	geoip country TH;
+	geoip country TJ;
+	geoip country TL;
+	geoip country TM;
+	geoip country TW;
+	geoip country UZ;
+	geoip country VN;
+	geoip country YE;
 };
 
 // Europe
 acl EU {
-	country_AD;
-	country_AL;
-	country_AT;
-	country_AX;
-	country_BA;
-	country_BE;
-	country_BG;
-	country_BY;
-	country_CH;
-	country_CZ;
-	country_DE;
-	country_DK;
-	country_EE;
-	country_ES;
-	country_EU; // global region Europe
-	country_FI;
-	country_FO;
-	country_FR;
-	country_GB;
-	country_GG;
-	country_GI;
-	country_GR;
-	country_HR;
-	country_HU;
-	country_IE;
-	country_IM;
-	country_IS;
-	country_IT;
-	country_JE;
-	country_LI;
-	country_LT;
-	country_LU;
-	country_LV;
-	country_MC;
-	country_MD;
-	country_ME;
-	country_MK;
-	country_MT;
-	country_NL;
-	country_NO;
-	country_PL;
-	country_PT;
-	country_RO;
-	country_RS;
-	country_RU;
-	country_SE;
-	country_SI;
-	country_SJ;
-	country_SK;
-	country_SM;
-	country_TR;
-	country_UA;
-	country_VA;
+	geoip country AD;
+	geoip country AL;
+	geoip country AT;
+	geoip country AX;
+	geoip country BA;
+	geoip country BE;
+	geoip country BG;
+	geoip country BY;
+	geoip country CH;
+	geoip country CZ;
+	geoip country DE;
+	geoip country DK;
+	geoip country EE;
+	geoip country ES;
+	geoip country EU; // global region Europe
+	geoip country FI;
+	geoip country FO;
+	geoip country FR;
+	geoip country GB;
+	geoip country GG;
+	geoip country GI;
+	geoip country GR;
+	geoip country HR;
+	geoip country HU;
+	geoip country IE;
+	geoip country IM;
+	geoip country IS;
+	geoip country IT;
+	geoip country JE;
+	geoip country LI;
+	geoip country LT;
+	geoip country LU;
+	geoip country LV;
+	geoip country MC;
+	geoip country MD;
+	geoip country ME;
+	geoip country MK;
+	geoip country MT;
+	geoip country NL;
+	geoip country NO;
+	geoip country PL;
+	geoip country PT;
+	geoip country RO;
+	geoip country RS;
+	geoip country RU;
+	geoip country SE;
+	geoip country SI;
+	geoip country SJ;
+	geoip country SK;
+	geoip country SM;
+	geoip country TR;
+	geoip country UA;
+	geoip country VA;
 };
 
 // North America
 acl NA {
-	country_AG;
-	country_AI;
-	country_AN;
-	country_AW;
-	country_BB;
-	country_BL;
-	country_BM;
-	country_BS;
-	country_BZ;
-	country_CA;
-	country_CR;
-	country_CU;
-	country_DM;
-	country_DO;
-	country_GD;
-	country_GL;
-	country_GP;
-	country_GT;
-	country_HN;
-	country_HT;
-	country_JM;
-	country_KN;
-	country_KY;
-	country_LC;
-	country_MF;
-	country_MQ;
-	country_MS;
-	country_MX;
-	country_NI;
-	country_PA;
-	country_PM;
-	country_PR;
-	country_SV;
-	country_TC;
-	country_TT;
-	country_US;
-	country_UY;
-	country_VC;
-	country_VG;
-	country_VI;
+	geoip country AG;
+	geoip country AI;
+	geoip country AN;
+	geoip country AW;
+	geoip country BB;
+	geoip country BL;
+	geoip country BM;
+	geoip country BS;
+	geoip country BZ;
+	geoip country CA;
+	geoip country CR;
+	geoip country CU;
+	geoip country DM;
+	geoip country DO;
+	geoip country GD;
+	geoip country GL;
+	geoip country GP;
+	geoip country GT;
+	geoip country HN;
+	geoip country HT;
+	geoip country JM;
+	geoip country KN;
+	geoip country KY;
+	geoip country LC;
+	geoip country MF;
+	geoip country MQ;
+	geoip country MS;
+	geoip country MX;
+	geoip country NI;
+	geoip country PA;
+	geoip country PM;
+	geoip country PR;
+	geoip country SV;
+	geoip country TC;
+	geoip country TT;
+	geoip country US;
+	geoip country UY;
+	geoip country VC;
+	geoip country VG;
+	geoip country VI;
 };
 
 // South America
 acl SA {
-	country_AR;
-	country_BO;
-	country_BR;
-	country_CL;
-	country_CO;
-	country_EC;
-	country_FK;
-	country_GF;
-	country_GY;
-	country_PE;
-	country_PY;
-	country_SR;
-	country_VE;
+	geoip country AR;
+	geoip country BO;
+	geoip country BR;
+	geoip country CL;
+	geoip country CO;
+	geoip country EC;
+	geoip country FK;
+	geoip country GF;
+	geoip country GY;
+	geoip country PE;
+	geoip country PY;
+	geoip country SR;
+	geoip country VE;
 };
 
 // Oceania
 acl OC {
-	country_AS;
-	country_AU;
-	country_CK;
-	country_FJ;
-	country_FM;
-	country_GU;
-	country_KI;
-	country_MH;
-	country_MP;
-	country_NC;
-	country_NF;
-	country_NR;
-	country_NU;
-	country_NZ;
-	country_PF;
-	country_PG;
-	country_PN;
-	country_PW;
-	country_SB;
-	country_TK;
-	country_TO;
-	country_TV;
-	country_UM;
-	country_VU;
-	country_WF;
-	country_WS;
+	geoip country AS;
+	geoip country AU;
+	geoip country CK;
+	geoip country FJ;
+	geoip country FM;
+	geoip country GU;
+	geoip country KI;
+	geoip country MH;
+	geoip country MP;
+	geoip country NC;
+	geoip country NF;
+	geoip country NR;
+	geoip country NU;
+	geoip country NZ;
+	geoip country PF;
+	geoip country PG;
+	geoip country PN;
+	geoip country PW;
+	geoip country SB;
+	geoip country TK;
+	geoip country TO;
+	geoip country TV;
+	geoip country UM;
+	geoip country VU;
+	geoip country WF;
+	geoip country WS;
 };
 
 // Antarctica
 acl AN {
-	country_AQ;
-	country_BV;
-	country_GS;
-	country_HM;
-	country_TF;
+	geoip country AQ;
+	geoip country BV;
+	geoip country GS;
+	geoip country HM;
+	geoip country TF;
 };
 
 acl undef {
-	country_A1;
-	country_A2;
+	geoip country A1;
+	geoip country A2;
 	8.8.8.8/32; // Google DNS Server fails with GeoIP
 	8.8.4.4/32; // Google DNS Server fails with GeoIP
 	208.67.222.222/32; // OpenDNS fails with GeoIP
diff --git a/modules/named/files/common/named.conf.acl.bind99 b/modules/named/files/common/named.conf.acl.bind99
new file mode 100644
index 000000000..5726379df
--- /dev/null
+++ b/modules/named/files/common/named.conf.acl.bind99
@@ -0,0 +1,289 @@
+//
+// THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+// USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+//
+
+// Africa
+acl AF {
+	country_AO;
+	country_BF;
+	country_BI;
+	country_BJ;
+	country_BW;
+	country_CD;
+	country_CF;
+	country_CG;
+	country_CI;
+	country_CM;
+	country_CV;
+	country_DJ;
+	country_DZ;
+	country_EG;
+	country_EH;
+	country_ER;
+	country_ET;
+	country_GA;
+	country_GH;
+	country_GM;
+	country_GN;
+	country_GQ;
+	country_GW;
+	country_KE;
+	country_KM;
+	country_LR;
+	country_LS;
+	country_LY;
+	country_MA;
+	country_MG;
+	country_ML;
+	country_MR;
+	country_MU;
+	country_MW;
+	country_MZ;
+	country_NA;
+	country_NE;
+	country_NG;
+	country_RE;
+	country_RW;
+	country_SC;
+	country_SD;
+	country_SH;
+	country_SL;
+	country_SN;
+	country_SO;
+	country_ST;
+	country_SZ;
+	country_TD;
+	country_TG;
+	country_TN;
+	country_TZ;
+	country_UG;
+	country_YT;
+	country_ZA;
+	country_ZM;
+	country_ZW;
+};
+
+// Asia
+acl AS {
+	country_AE;
+	country_AF;
+	country_AM;
+	country_AP; // global region Asia/Pacific
+	country_AZ;
+	country_BD;
+	country_BH;
+	country_BN;
+	country_BT;
+	country_CC;
+	country_CN;
+	country_CX;
+	country_CY;
+	country_GE;
+	country_HK;
+	country_ID;
+	country_IL;
+	country_IN;
+	country_IO;
+	country_IQ;
+	country_IR;
+	country_JO;
+	country_JP;
+	country_KG;
+	country_KH;
+	country_KP;
+	country_KR;
+	country_KW;
+	country_KZ;
+	country_LA;
+	country_LB;
+	country_LK;
+	country_MM;
+	country_MN;
+	country_MO;
+	country_MV;
+	country_MY;
+	country_NP;
+	country_OM;
+	country_PH;
+	country_PK;
+	country_PS;
+	country_QA;
+	country_SA;
+	country_SG;
+	country_SY;
+	country_TH;
+	country_TJ;
+	country_TL;
+	country_TM;
+	country_TW;
+	country_UZ;
+	country_VN;
+	country_YE;
+};
+
+// Europe
+acl EU {
+	country_AD;
+	country_AL;
+	country_AT;
+	country_AX;
+	country_BA;
+	country_BE;
+	country_BG;
+	country_BY;
+	country_CH;
+	country_CZ;
+	country_DE;
+	country_DK;
+	country_EE;
+	country_ES;
+	country_EU; // global region Europe
+	country_FI;
+	country_FO;
+	country_FR;
+	country_GB;
+	country_GG;
+	country_GI;
+	country_GR;
+	country_HR;
+	country_HU;
+	country_IE;
+	country_IM;
+	country_IS;
+	country_IT;
+	country_JE;
+	country_LI;
+	country_LT;
+	country_LU;
+	country_LV;
+	country_MC;
+	country_MD;
+	country_ME;
+	country_MK;
+	country_MT;
+	country_NL;
+	country_NO;
+	country_PL;
+	country_PT;
+	country_RO;
+	country_RS;
+	country_RU;
+	country_SE;
+	country_SI;
+	country_SJ;
+	country_SK;
+	country_SM;
+	country_TR;
+	country_UA;
+	country_VA;
+};
+
+// North America
+acl NA {
+	country_AG;
+	country_AI;
+	country_AN;
+	country_AW;
+	country_BB;
+	country_BL;
+	country_BM;
+	country_BS;
+	country_BZ;
+	country_CA;
+	country_CR;
+	country_CU;
+	country_DM;
+	country_DO;
+	country_GD;
+	country_GL;
+	country_GP;
+	country_GT;
+	country_HN;
+	country_HT;
+	country_JM;
+	country_KN;
+	country_KY;
+	country_LC;
+	country_MF;
+	country_MQ;
+	country_MS;
+	country_MX;
+	country_NI;
+	country_PA;
+	country_PM;
+	country_PR;
+	country_SV;
+	country_TC;
+	country_TT;
+	country_US;
+	country_UY;
+	country_VC;
+	country_VG;
+	country_VI;
+};
+
+// South America
+acl SA {
+	country_AR;
+	country_BO;
+	country_BR;
+	country_CL;
+	country_CO;
+	country_EC;
+	country_FK;
+	country_GF;
+	country_GY;
+	country_PE;
+	country_PY;
+	country_SR;
+	country_VE;
+};
+
+// Oceania
+acl OC {
+	country_AS;
+	country_AU;
+	country_CK;
+	country_FJ;
+	country_FM;
+	country_GU;
+	country_KI;
+	country_MH;
+	country_MP;
+	country_NC;
+	country_NF;
+	country_NR;
+	country_NU;
+	country_NZ;
+	country_PF;
+	country_PG;
+	country_PN;
+	country_PW;
+	country_SB;
+	country_TK;
+	country_TO;
+	country_TV;
+	country_UM;
+	country_VU;
+	country_WF;
+	country_WS;
+};
+
+// Antarctica
+acl AN {
+	country_AQ;
+	country_BV;
+	country_GS;
+	country_HM;
+	country_TF;
+};
+
+acl undef {
+	country_A1;
+	country_A2;
+	8.8.8.8/32; // Google DNS Server fails with GeoIP
+	8.8.4.4/32; // Google DNS Server fails with GeoIP
+	208.67.222.222/32; // OpenDNS fails with GeoIP
+	208.67.220.220/32; // OpenDNS fails with GeoIP
+};
diff --git a/modules/named/manifests/geodns.pp b/modules/named/manifests/geodns.pp
index a0c6d1202..2466193cf 100644
--- a/modules/named/manifests/geodns.pp
+++ b/modules/named/manifests/geodns.pp
@@ -33,9 +33,16 @@ class named::geodns inherits named {
 		source => 'puppet:///modules/named/common/named.conf.local',
 		notify  => Service['bind9'],
 	}
-	file { '/etc/bind/named.conf.acl':
-		source => 'puppet:///modules/named/common/named.conf.acl',
-		notify  => Service['bind9'],
+        if (versioncmp($::lsbmajdistrelease, '9') >= 0) {
+		file { '/etc/bind/named.conf.acl':
+			source => 'puppet:///modules/named/common/named.conf.acl',
+			notify  => Service['bind9'],
+		}
+	} else {
+		file { '/etc/bind/named.conf.acl':
+			source => 'puppet:///modules/named/common/named.conf.acl.bind99',
+			notify  => Service['bind9'],
+		}
 	}
 	file { '/etc/bind/geodns/zonefiles':
 		ensure => directory,