openstack/puppet-openstack-integration
Code Issues Proposed changes

Use native puppet-dns feature to inject some options

Browse Source 
... instead of directly injecting options using concat::fragment.

Change-Id: I53c6c677995a39f9cb888256c5f3451c7d92d447
This commit is contained in:
Takashi Kajinami 2023-10-27 12:34:39 +09:00
parent 7d7ac2e319
commit 0c6f536bf3
2 changed files with 11 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
manifests/bind.pp
View File

@ -24,9 +24,14 @@ class openstack_integration::bind {
allow_recursion => [], allow_recursion => [],
listen_on_v6 => false, listen_on_v6 => false,
additional_options => { additional_options => {
'listen-on' => "port 5322 { ${listen_on}; }", 'listen-on' => "port 5322 { ${listen_on}; }",
'listen-on-v6' => "port 5322 { ${listen_on_v6}; }", 'listen-on-v6' => "port 5322 { ${listen_on_v6}; }",
'auth-nxdomain' => 'no', 'auth-nxdomain' => 'no',
'allow-new-zones' => 'yes',
# Recommended by Designate docs as a mitigation for potential cache
# poisoning attacks:
# https://docs.openstack.org/designate/latest/admin/production-guidelines.html#bind9-mitigation
'minimal-responses' => 'yes',
}, },
controls => { controls => {
$bind_host => { $bind_host => {

4
manifests/designate.pp
View File

@ -112,6 +112,8 @@ class openstack_integration::designate {
mdns_hosts => [$::openstack_integration::config::host], mdns_hosts => [$::openstack_integration::config::host],
rndc_config_file => '/etc/rndc.conf', rndc_config_file => '/etc/rndc.conf',
rndc_key_file => $::dns::params::rndckeypath, rndc_key_file => $::dns::params::rndckeypath,
manage_pool => true manage_pool => true,
# Configure bind using openstack_integration::bind
configure_bind => false,
} }
} }