Last active
August 29, 2015 14:04
-
-
Save b4ldr/9f23f38743daf9af317a to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
I have an NSD module which is used to configure master and slave servers. | |
Currently the slave servers use a custom type to export there tsig keys | |
and the master server consumes these in its config. this works because | |
i can include the tsig config with an include statement (see code). | |
however i also need to add notify statements for each server. | |
the zone config looks a bit like this | |
server: | |
stuff | |
.... | |
zone: | |
name: home.lan | |
zonefile: home.lan.forward | |
# notify: 10.0.0.222@53 sec_key | |
# provide-xfr: 10.0.0.222 sec_key | |
i want to dynamically add the notify and provided-xfr statements based on exported resources. however i cannot us a named acl or an include file in the zone stanza. This file is currently generated using a template, but i wonder if i can use something like concat to write the majority of the file and then have a provider use the exported resources to add the notify and provided-xfr statements |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Puppet::Type.type(:tsig).provide(:nsd) do | |
desc 'Manage tsig keys for nsd' | |
commands :nsd => '/usr/sbin/nsd' | |
defaultfor :kernel => 'Linux' | |
def create | |
keys_path = File.join('/etc/nsd3/keys/', @resource[:name]) | |
File.open(keys_path, "w") { |f| | |
f.write "key:\n" | |
f.write "\tname: #{@resource[:name]}\n" | |
f.write "\talgorithm: #{@resource[:algorithm]}\n" | |
f.write "\tsecret: #{@resource[:secret]}\n" | |
} | |
File.open('/etc/nsd3/keys.conf', 'a+') { |f| | |
include_string = "include: #{keys_path}\n" | |
f.write(include_string) unless f.grep(include_string).size > 0 | |
} | |
end | |
def destroy | |
keys_path = File.join('/etc/nsd3/keys/', @resource[:name]) | |
File.open('/etc/nsd3/keys.conf', 'w+') { |f| | |
include_string = "include: #{keys_path}\n" | |
f.each_line do |line| | |
if line == include_string | |
f.seek(-line.length, IO::SEEK_CUR) | |
f.write(' ' * (line.length - 1)) | |
f.write("\n") | |
end | |
end | |
} | |
File.unlink(keys_path) | |
end | |
def exists? | |
keys_path = File.join('/etc/nsd3/keys/', @resource[:name]) | |
File.exists?(keys_path) | |
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Puppet::Type.newtype(:tsig) do | |
@doc = 'Create new tsig key this is used just so we can export the data' | |
ensurable | |
autorequire(:file) do | |
['/etc/nsd3/keys', '/etc/nsd3/keys.conf'] | |
end | |
newparam(:name, :namevar => true) do | |
desc 'the name of the tsig key' | |
validate do |value| | |
raise(ArgumentError, "iinvalid tsig key #{value}") unless value =~ /[\w\-\.]+/ | |
end | |
end | |
newparam(:algorithm) do | |
desc 'The password hash of the user. Use tsig_password() for creating such a hash.' | |
#newvalue(:hmac-md5, :hmac-sha1, :hmac-sha224, :hmac-sha256, :hamc-sha384, :hmac-sha512) | |
newvalues(/[\w\-]+/) | |
end | |
newparam(:secret) do | |
desc "Max concurrent connections for the user. 0 means no (or global) limit." | |
newvalues(/[\w=\/]+/) | |
end | |
end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment