From abe628fb655a708581580999fb26875057dcb2ae Mon Sep 17 00:00:00 2001 From: Peter Palfrader Date: Tue, 10 Sep 2019 19:13:02 +0200 Subject: [PATCH] Try to make resolv.conf options actual class parameters --- hieradata/common.yaml | 7 ++-- hieradata/hosters/1und1-sec.yaml | 2 +- hieradata/hosters/accumu.yaml | 4 +-- hieradata/hosters/br.yaml | 2 +- hieradata/hosters/brainfood.yaml | 2 +- hieradata/hosters/bytemark.yaml | 2 +- hieradata/hosters/csail.yaml | 4 +-- hieradata/hosters/gatech.yaml | 2 +- hieradata/hosters/grnet.yaml | 4 +-- hieradata/hosters/leaseweb.yaml | 2 +- hieradata/hosters/man-da.yaml | 4 +-- hieradata/hosters/rapidswitch.yaml | 2 +- hieradata/hosters/sanger.yaml | 4 +-- hieradata/hosters/sil.yaml | 2 +- hieradata/hosters/ubc.yaml | 4 +-- hieradata/hosters/ugent.yaml | 2 +- hieradata/hosters/ynic.yaml | 2 +- hieradata/hosters/zivit.yaml | 2 +- .../lib/puppet/parser/functions/nodeinfo.rb | 2 +- modules/resolv/manifests/init.pp | 34 +++++++++++++------ modules/resolv/templates/resolv.conf.erb | 2 +- modules/unbound/manifests/init.pp | 2 +- 22 files changed, 53 insertions(+), 40 deletions(-) diff --git a/hieradata/common.yaml b/hieradata/common.yaml index 3bb245d2b..4a224b4de 100644 --- a/hieradata/common.yaml +++ b/hieradata/common.yaml @@ -2,14 +2,13 @@ lookup_options: # with merge: unique entries in other hiera sources add to the array - resolv_conf::searchpaths: + resolv::searchpaths: merge: unique apt::sources::debian::location: merge: unique -nameservers: [] -resolv_conf::searchpaths: ['debian.org'] -resolv_conf::resolvoptions: [] +resolv::resolv::nameservers: [] +resolv::searchpaths: ['debian.org'] allow_dns_query: [] role_config__mirrors: mirror_basedir_prefix: '/srv/mirrors/' diff --git a/hieradata/hosters/1und1-sec.yaml b/hieradata/hosters/1und1-sec.yaml index d50afc056..7f79bdae1 100644 --- a/hieradata/hosters/1und1-sec.yaml +++ b/hieradata/hosters/1und1-sec.yaml @@ -1,3 +1,3 @@ --- -resolv_conf::searchpaths: +resolv::searchpaths: - debprivate-oneandone.debian.org diff --git a/hieradata/hosters/accumu.yaml b/hieradata/hosters/accumu.yaml index 250a27d51..00e677bf6 100644 --- a/hieradata/hosters/accumu.yaml +++ b/hieradata/hosters/accumu.yaml @@ -1,11 +1,11 @@ --- -nameservers: +resolv::nameservers: - 130.239.18.251 - 2001:6b0:e:2018::251 - 130.239.18.252 - 2001:6b0:e:2018::252 - 130.239.1.90 - 130.239.4.100 -resolv_conf::searchpaths: +resolv::searchpaths: - priv.accumu.debian.org - debprivate-accumu.debian.org diff --git a/hieradata/hosters/br.yaml b/hieradata/hosters/br.yaml index 970c10bd3..0e757a728 100644 --- a/hieradata/hosters/br.yaml +++ b/hieradata/hosters/br.yaml @@ -1,5 +1,5 @@ --- -nameservers: +resolv::nameservers: - 200.236.31.1 - 200.17.202.3 firewall_blocks_dns: true diff --git a/hieradata/hosters/brainfood.yaml b/hieradata/hosters/brainfood.yaml index 76f8ad5a3..5b20028fe 100644 --- a/hieradata/hosters/brainfood.yaml +++ b/hieradata/hosters/brainfood.yaml @@ -1,3 +1,3 @@ --- -resolv_conf::searchpaths: +resolv::searchpaths: - debprivate-brainfood.debian.org diff --git a/hieradata/hosters/bytemark.yaml b/hieradata/hosters/bytemark.yaml index b56399caf..4b6165dcc 100644 --- a/hieradata/hosters/bytemark.yaml +++ b/hieradata/hosters/bytemark.yaml @@ -1,5 +1,5 @@ --- -nameservers: +resolv::nameservers: - 5.153.231.241 - 5.153.231.242 allow_dns_query: diff --git a/hieradata/hosters/csail.yaml b/hieradata/hosters/csail.yaml index a7f225ced..4b7e8d344 100644 --- a/hieradata/hosters/csail.yaml +++ b/hieradata/hosters/csail.yaml @@ -1,9 +1,9 @@ --- -nameservers: +resolv::nameservers: - 128.30.2.24 - 128.30.2.25 - 128.30.0.125 -resolv_conf::searchpaths: +resolv::searchpaths: - priv.csail.debian.org # currently only used by VMs with systemd-timesync local-timeservers: diff --git a/hieradata/hosters/gatech.yaml b/hieradata/hosters/gatech.yaml index 6f0ae31a6..8fec431bb 100644 --- a/hieradata/hosters/gatech.yaml +++ b/hieradata/hosters/gatech.yaml @@ -1,5 +1,5 @@ --- -nameservers: +resolv::nameservers: - 143.215.130.231 - 143.215.130.232 diff --git a/hieradata/hosters/grnet.yaml b/hieradata/hosters/grnet.yaml index d12caeb2e..4d5d9f51e 100644 --- a/hieradata/hosters/grnet.yaml +++ b/hieradata/hosters/grnet.yaml @@ -1,8 +1,8 @@ --- -nameservers: +resolv::nameservers: - 62.217.126.164 - 194.177.210.210 -resolv_conf::searchpaths: +resolv::searchpaths: - debprivate-grnet.debian.org # currently only used by VMs with systemd-timesync local-timeservers: diff --git a/hieradata/hosters/leaseweb.yaml b/hieradata/hosters/leaseweb.yaml index 4c52247af..32f8775b7 100644 --- a/hieradata/hosters/leaseweb.yaml +++ b/hieradata/hosters/leaseweb.yaml @@ -1,5 +1,5 @@ --- -nameservers: +resolv::nameservers: - 85.17.150.123 - 85.17.96.69 - 85.17.150.123 diff --git a/hieradata/hosters/man-da.yaml b/hieradata/hosters/man-da.yaml index 6200b3f3d..682709a47 100644 --- a/hieradata/hosters/man-da.yaml +++ b/hieradata/hosters/man-da.yaml @@ -1,11 +1,11 @@ --- -nameservers: +resolv::nameservers: - 82.195.75.109 - 82.195.75.103 allow_dns_query: - 82.195.75.64/26 - 172.29.180.0/24 -resolv_conf::searchpaths: +resolv::searchpaths: - manda.debian.org - priv.manda.debian.org # currently only used by VMs with systemd-timesync diff --git a/hieradata/hosters/rapidswitch.yaml b/hieradata/hosters/rapidswitch.yaml index 88e5b1d1a..384b39cd2 100644 --- a/hieradata/hosters/rapidswitch.yaml +++ b/hieradata/hosters/rapidswitch.yaml @@ -1,5 +1,5 @@ --- -nameservers: +resolv::nameservers: - 87.117.198.200 - 87.117.237.100 - 87.117.196.200 diff --git a/hieradata/hosters/sanger.yaml b/hieradata/hosters/sanger.yaml index fe56acb10..21b8d9001 100644 --- a/hieradata/hosters/sanger.yaml +++ b/hieradata/hosters/sanger.yaml @@ -1,8 +1,8 @@ --- -nameservers: +resolv::nameservers: - 193.62.202.28 - 193.62.202.29 -resolv_conf::searchpaths: +resolv::searchpaths: - debprivate-sanger.debian.org allow_dns_query: - 193.62.202.24/29 diff --git a/hieradata/hosters/sil.yaml b/hieradata/hosters/sil.yaml index cf6aec8c1..36ade36de 100644 --- a/hieradata/hosters/sil.yaml +++ b/hieradata/hosters/sil.yaml @@ -1,3 +1,3 @@ --- -resolv_conf::searchpaths: +resolv::searchpaths: - priv.sil.debian.org diff --git a/hieradata/hosters/ubc.yaml b/hieradata/hosters/ubc.yaml index 885436f76..0c5d3794c 100644 --- a/hieradata/hosters/ubc.yaml +++ b/hieradata/hosters/ubc.yaml @@ -1,5 +1,5 @@ --- -nameservers: +resolv::nameservers: # ubc-enc2bl02 - 209.87.16.2 - 2607:f8f0:614:1::1274:2 @@ -9,7 +9,7 @@ nameservers: # ubc-enc2bl10 - 209.87.16.10 - 2607:f8f0:614:1::1274:10 -resolv_conf::searchpaths: +resolv::searchpaths: - debprivate-ubc.debian.org - priv.ubc.debian.org allow_dns_query: diff --git a/hieradata/hosters/ugent.yaml b/hieradata/hosters/ugent.yaml index 0787a52b5..11317fcb6 100644 --- a/hieradata/hosters/ugent.yaml +++ b/hieradata/hosters/ugent.yaml @@ -1,3 +1,3 @@ --- -nameservers: +resolv::nameservers: - 157.193.40.42 diff --git a/hieradata/hosters/ynic.yaml b/hieradata/hosters/ynic.yaml index 79864bcf8..5c63d6bb8 100644 --- a/hieradata/hosters/ynic.yaml +++ b/hieradata/hosters/ynic.yaml @@ -1,5 +1,5 @@ --- -nameservers: +resolv::nameservers: - 144.32.169.74 - 144.32.169.75 - 144.32.169.76 diff --git a/hieradata/hosters/zivit.yaml b/hieradata/hosters/zivit.yaml index dbbc60102..a41118200 100644 --- a/hieradata/hosters/zivit.yaml +++ b/hieradata/hosters/zivit.yaml @@ -1,5 +1,5 @@ --- -nameservers: +resolv::nameservers: - 80.245.147.141 - 80.245.147.142 - 80.245.147.143 diff --git a/modules/puppetmaster/lib/puppet/parser/functions/nodeinfo.rb b/modules/puppetmaster/lib/puppet/parser/functions/nodeinfo.rb index 31ba38581..384c7d9aa 100644 --- a/modules/puppetmaster/lib/puppet/parser/functions/nodeinfo.rb +++ b/modules/puppetmaster/lib/puppet/parser/functions/nodeinfo.rb @@ -52,7 +52,7 @@ module Puppet::Parser::Functions nodeinfo['misc']['v6_ldap'] = nodeinfo['ldap']['ipHostNumber'].select { |x| IPAddr.new(x).ipv6? } end - ns = call_function('hiera',['nameservers']) + ns = call_function('hiera',['resolv::nameservers']) allow_dns_q = call_function('hiera',['allow_dns_query']) if ns.empty? # no nameservers known for this hoster diff --git a/modules/resolv/manifests/init.pp b/modules/resolv/manifests/init.pp index c2a741d2d..9de974aed 100644 --- a/modules/resolv/manifests/init.pp +++ b/modules/resolv/manifests/init.pp @@ -1,14 +1,28 @@ -class resolv { +class resolv( + Array[Stdlib::IP::Address] $nameservers = [], + Array[String] $searchpaths = [], + Array[String] $resolvoptions = [], +) { - $nameservers = $facts['unbound'] ? { - true => ['127.0.0.1'], - default => lookup('nameservers'), - } + $ns = $facts['unbound'] ? { + true => ['127.0.0.1'], + default => $nameservers, + } - $searchpaths = lookup('resolv_conf::searchpaths') - $resolvoptions = lookup('resolv_conf::resolvoptions') + file { '/etc/resolv.conf': + content => template('resolv/resolv.conf.erb'); + } - file { '/etc/resolv.conf': - content => template('resolv/resolv.conf.erb'); - } + file { '/etc/dhcp/dhclient-enter-hooks.d/puppet-no-resolvconf': + content => @("EOF"), + make_resolv_conf() { + : + } + | EOF + mode => '555', + ensure => ($dhclient and $unbound) ? { + true => 'present', + false => 'absent', + } + } } diff --git a/modules/resolv/templates/resolv.conf.erb b/modules/resolv/templates/resolv.conf.erb index 6e02dbb8e..9d4e8f86b 100644 --- a/modules/resolv/templates/resolv.conf.erb +++ b/modules/resolv/templates/resolv.conf.erb @@ -5,7 +5,7 @@ <% -nameservers = @nameservers +nameservers = @ns if nameservers.empty? scope.function_warning(["Something has gone wrong writing resolv.conf. No nameservers to use - using google's!"]) diff --git a/modules/unbound/manifests/init.pp b/modules/unbound/manifests/init.pp index ec37dfa8f..72f9a37ca 100644 --- a/modules/unbound/manifests/init.pp +++ b/modules/unbound/manifests/init.pp @@ -13,7 +13,7 @@ class unbound { $client_ranges = hiera('allow_dns_query') $firewall_blocks_dns = hiera('firewall_blocks_dns', false) $empty_client_range = empty($client_ranges) - $ns = hiera('nameservers') + $ns = hiera('resolv::nameservers') package { 'unbound': ensure => installed -- 2.20.1