Use native puppet-dns interface to inject additional options
... instead of directly manipulating the file using concat::fragment. Depends-on: https://review.opendev.org/899447 Change-Id: Id50e6df7df7af307ea6845d08b442adbb0e0cb3c
This commit is contained in:
parent
d11f87554d
commit
64f5f18124
|
@ -73,26 +73,23 @@ class designate::backend::bind9 (
|
|||
include designate::params
|
||||
|
||||
if $configure_bind {
|
||||
if $rndc_controls {
|
||||
class { 'dns':
|
||||
controls => $rndc_controls,
|
||||
}
|
||||
} else {
|
||||
include dns
|
||||
}
|
||||
concat::fragment { 'dns allow-new-zones':
|
||||
target => $::dns::optionspath,
|
||||
content => 'allow-new-zones yes;',
|
||||
order => '20',
|
||||
}
|
||||
|
||||
$dns_additional_options = {
|
||||
'allow-new-zones' => 'yes',
|
||||
# Recommended by Designate docs as a mitigation for potential cache
|
||||
# poisoning attacks:
|
||||
# https://docs.openstack.org/designate/latest/admin/production-guidelines.html#bind9-mitigation
|
||||
concat::fragment { 'dns minimal-responses':
|
||||
target => $::dns::optionspath,
|
||||
content => 'minimal-responses yes;',
|
||||
order => '21',
|
||||
'minimal-responses' => 'yes',
|
||||
}
|
||||
|
||||
if $rndc_controls {
|
||||
class { 'dns':
|
||||
controls => $rndc_controls,
|
||||
additional_options => $dns_additional_options,
|
||||
}
|
||||
} else {
|
||||
class { 'dns':
|
||||
additional_options => $dns_additional_options,
|
||||
}
|
||||
}
|
||||
|
||||
# /var/named is root:named on RedHat and /var/cache/bind is root:bind on
|
||||
|
|
|
@ -11,9 +11,11 @@ describe 'designate::backend::bind9' do
|
|||
{}
|
||||
end
|
||||
it 'configures named and pool' do
|
||||
is_expected.to contain_concat_fragment('dns allow-new-zones').with(
|
||||
:target => platform_params[:dns_optionspath],
|
||||
:content => 'allow-new-zones yes;'
|
||||
is_expected.to contain_class('dns').with(
|
||||
:additional_options => {
|
||||
'allow-new-zones' => 'yes',
|
||||
'minimal-responses' => 'yes'
|
||||
},
|
||||
)
|
||||
is_expected.to contain_file('/etc/designate/pools.yaml').with(
|
||||
:ensure => 'present',
|
||||
|
@ -36,7 +38,7 @@ describe 'designate::backend::bind9' do
|
|||
{ :configure_bind => false }
|
||||
end
|
||||
it 'does not configure named' do
|
||||
is_expected.not_to contain_concat_fragment('dns allow-new-zones')
|
||||
is_expected.to_not contain_class('dns')
|
||||
end
|
||||
end
|
||||
|
||||
|
|
Loading…
Reference in New Issue