1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
|
# File 'modules/profile/manifests/openstack/base/pdns/auth/service.pp', line 1
class profile::openstack::base::pdns::auth::service(
Array[Stdlib::Fqdn] $hosts = lookup('profile::openstack::base::pdns::hosts'),
Stdlib::Fqdn $service_fqdn = lookup('profile::openstack::base::pdns::service_fqdn'),
$db_host = hiera('profile::openstack::base::pdns::db_host'),
$db_pass = hiera('profile::openstack::base::pdns::db_pass'),
$pdns_webserver = hiera('profile::openstack::base::pdns::pdns_webserver', false),
String $pdns_api_key = lookup('profile::openstack::base::pdns::pdns_api_key', {'default_value' => ''}),
$pdns_api_allow_from = hiera('profile::openstack::base::pdns::pdns_api_allow_from', ''),
) {
class { '::pdns_server':
dns_auth_ipaddress => $facts['ipaddress'],
dns_auth_ipaddress6 => $facts['ipaddress6'],
dns_auth_query_address => $facts['ipaddress'],
dns_auth_soa_name => $service_fqdn,
pdns_db_host => $db_host,
pdns_db_password => $db_pass,
dns_webserver => $pdns_webserver,
dns_api_key => $pdns_api_key,
dns_api_allow_from => $pdns_api_allow_from,
}
ferm::service { 'udp_dns_rec':
proto => 'udp',
port => '53',
}
ferm::service { 'tcp_dns_rec':
proto => 'tcp',
port => '53',
}
ferm::rule { 'skip_dns_conntrack-out':
desc => 'Skip DNS outgoing connection tracking',
table => 'raw',
chain => 'OUTPUT',
rule => 'proto udp sport 53 NOTRACK;',
}
ferm::rule { 'skip_dns_conntrack-in':
desc => 'Skip DNS incoming connection tracking',
table => 'raw',
chain => 'PREROUTING',
rule => 'proto udp dport 53 NOTRACK;',
}
::ferm::service { 'pdns-rest-api':
proto => 'tcp',
port => '8081',
srange => "(@resolve((${join($hosts,' ')})) @resolve((${join($hosts,' ')}), AAAA))",
}
}
|