Puppet Class: profile::openstack::base::pdns::auth::service

Defined in:
modules/profile/manifests/openstack/base/pdns/auth/service.pp

Overview

Parameters:

  • hosts (Array[Stdlib::Fqdn]) (defaults to: lookup('profile::openstack::base::pdns::hosts'))
  • service_fqdn (Stdlib::Fqdn) (defaults to: lookup('profile::openstack::base::pdns::service_fqdn'))
  • db_host (Any) (defaults to: hiera('profile::openstack::base::pdns::db_host'))
  • db_pass (Any) (defaults to: hiera('profile::openstack::base::pdns::db_pass'))
  • pdns_webserver (Any) (defaults to: hiera('profile::openstack::base::pdns::pdns_webserver', false))
  • pdns_api_key (String) (defaults to: lookup('profile::openstack::base::pdns::pdns_api_key', {'default_value' => ''}))
  • pdns_api_allow_from (Any) (defaults to: hiera('profile::openstack::base::pdns::pdns_api_allow_from', ''))


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
# File 'modules/profile/manifests/openstack/base/pdns/auth/service.pp', line 1

class profile::openstack::base::pdns::auth::service(
    Array[Stdlib::Fqdn] $hosts = lookup('profile::openstack::base::pdns::hosts'),
    Stdlib::Fqdn $service_fqdn = lookup('profile::openstack::base::pdns::service_fqdn'),
    $db_host = hiera('profile::openstack::base::pdns::db_host'),
    $db_pass = hiera('profile::openstack::base::pdns::db_pass'),
    $pdns_webserver = hiera('profile::openstack::base::pdns::pdns_webserver', false),
    String $pdns_api_key = lookup('profile::openstack::base::pdns::pdns_api_key', {'default_value' => ''}),
    $pdns_api_allow_from = hiera('profile::openstack::base::pdns::pdns_api_allow_from', ''),
    ) {

    class { '::pdns_server':
        dns_auth_ipaddress     => $facts['ipaddress'],
        dns_auth_ipaddress6    => $facts['ipaddress6'],
        dns_auth_query_address => $facts['ipaddress'],
        dns_auth_soa_name      => $service_fqdn,
        pdns_db_host           => $db_host,
        pdns_db_password       => $db_pass,
        dns_webserver          => $pdns_webserver,
        dns_api_key            => $pdns_api_key,
        dns_api_allow_from     => $pdns_api_allow_from,
    }

    ferm::service { 'udp_dns_rec':
        proto => 'udp',
        port  => '53',
    }

    ferm::service { 'tcp_dns_rec':
        proto => 'tcp',
        port  => '53',
    }

    ferm::rule { 'skip_dns_conntrack-out':
        desc  => 'Skip DNS outgoing connection tracking',
        table => 'raw',
        chain => 'OUTPUT',
        rule  => 'proto udp sport 53 NOTRACK;',
    }

    ferm::rule { 'skip_dns_conntrack-in':
        desc  => 'Skip DNS incoming connection tracking',
        table => 'raw',
        chain => 'PREROUTING',
        rule  => 'proto udp dport 53 NOTRACK;',
    }

    ::ferm::service { 'pdns-rest-api':
        proto  => 'tcp',
        port   => '8081',
        srange => "(@resolve((${join($hosts,' ')})) @resolve((${join($hosts,' ')}), AAAA))",
    }
}