Skip to content

Instantly share code, notes, and snippets.

@b4ldr
Last active August 29, 2015 14:04
Show Gist options
  • Save b4ldr/9f23f38743daf9af317a to your computer and use it in GitHub Desktop.
Save b4ldr/9f23f38743daf9af317a to your computer and use it in GitHub Desktop.
I have an NSD module which is used to configure master and slave servers.
Currently the slave servers use a custom type to export there tsig keys
and the master server consumes these in its config. this works because
i can include the tsig config with an include statement (see code).
however i also need to add notify statements for each server.
the zone config looks a bit like this
server:
stuff
....
zone:
name: home.lan
zonefile: home.lan.forward
# notify: 10.0.0.222@53 sec_key
# provide-xfr: 10.0.0.222 sec_key
i want to dynamically add the notify and provided-xfr statements based on exported resources. however i cannot us a named acl or an include file in the zone stanza. This file is currently generated using a template, but i wonder if i can use something like concat to write the majority of the file and then have a provider use the exported resources to add the notify and provided-xfr statements
Puppet::Type.type(:tsig).provide(:nsd) do
desc 'Manage tsig keys for nsd'
commands :nsd => '/usr/sbin/nsd'
defaultfor :kernel => 'Linux'
def create
keys_path = File.join('/etc/nsd3/keys/', @resource[:name])
File.open(keys_path, "w") { |f|
f.write "key:\n"
f.write "\tname: #{@resource[:name]}\n"
f.write "\talgorithm: #{@resource[:algorithm]}\n"
f.write "\tsecret: #{@resource[:secret]}\n"
}
File.open('/etc/nsd3/keys.conf', 'a+') { |f|
include_string = "include: #{keys_path}\n"
f.write(include_string) unless f.grep(include_string).size > 0
}
end
def destroy
keys_path = File.join('/etc/nsd3/keys/', @resource[:name])
File.open('/etc/nsd3/keys.conf', 'w+') { |f|
include_string = "include: #{keys_path}\n"
f.each_line do |line|
if line == include_string
f.seek(-line.length, IO::SEEK_CUR)
f.write(' ' * (line.length - 1))
f.write("\n")
end
end
}
File.unlink(keys_path)
end
def exists?
keys_path = File.join('/etc/nsd3/keys/', @resource[:name])
File.exists?(keys_path)
end
Puppet::Type.newtype(:tsig) do
@doc = 'Create new tsig key this is used just so we can export the data'
ensurable
autorequire(:file) do
['/etc/nsd3/keys', '/etc/nsd3/keys.conf']
end
newparam(:name, :namevar => true) do
desc 'the name of the tsig key'
validate do |value|
raise(ArgumentError, "iinvalid tsig key #{value}") unless value =~ /[\w\-\.]+/
end
end
newparam(:algorithm) do
desc 'The password hash of the user. Use tsig_password() for creating such a hash.'
#newvalue(:hmac-md5, :hmac-sha1, :hmac-sha224, :hmac-sha256, :hamc-sha384, :hmac-sha512)
newvalues(/[\w\-]+/)
end
newparam(:secret) do
desc "Max concurrent connections for the user. 0 means no (or global) limit."
newvalues(/[\w=\/]+/)
end
end
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment