Add support for unmanaged zone file

alexises commented 8 years ago

Hi,

Your puppet module is realy usefull, unfortunently, it don't proper manage the creation of a recursive zone.

This pull request add another option zonePath on bind::zone class to proper manage static class

this is allow the definition of zone like :

    bind::zone { 'root':
            zone_type         => 'hint',
            dynamic           => false,
            domain            => ".",
            zonePath          => '/var/named/named.ca',
    }

inkblot commented 8 years ago

There is sufficient support already in the module to use static zone files. This is not a feature that I wish to build upon. In your example, try using source instead of zonePath.

alexises commented 8 years ago

I should add another comment to this issue. I try to use this configuration as sugested :

    bind::zone { 'root':
            zone_type         => 'hint',
            dynamic           => false,
            domain            => ".",
            source          => '/var/named/named.ca',
    }

unfortunently, with the current configuration, your module try to create a file named . into /var/named/root dir.

I get this error

Error: Failed to apply catalog: Cannot alias File[/var/named/root/.] to ["/var/named/root"] at /etc/puppet/environments/myenv/modules/bind/manifests/zone.pp:98; resource ["File", "/var/named/root"] already declared at /etc/puppet/environments/myenv/modules/bind/manifests/zone.pp:87
/usr/share/ruby/vendor_ruby/puppet/resource/catalog.rb:137:in `alias'
/usr/share/ruby/vendor_ruby/puppet/resource/catalog.rb:111:in `create_resource_aliases'
/usr/share/ruby/vendor_ruby/puppet/resource/catalog.rb:90:in `add_one_resource'
/usr/share/ruby/vendor_ruby/puppet/resource/catalog.rb:72:in `block in add_resource'
/usr/share/ruby/vendor_ruby/puppet/resource/catalog.rb:71:in `each'
/usr/share/ruby/vendor_ruby/puppet/resource/catalog.rb:71:in `add_resource'
/usr/share/ruby/vendor_ruby/puppet/resource/catalog.rb:520:in `block in to_catalog'
/usr/share/ruby/vendor_ruby/puppet/resource/catalog.rb:504:in `each'
/usr/share/ruby/vendor_ruby/puppet/resource/catalog.rb:504:in `to_catalog'
/usr/share/ruby/vendor_ruby/puppet/resource/catalog.rb:407:in `to_ral'
/usr/share/ruby/vendor_ruby/puppet/configurer.rb:76:in `convert_catalog'
/usr/share/ruby/vendor_ruby/puppet/configurer.rb:71:in `retrieve_catalog'
/usr/share/ruby/vendor_ruby/puppet/configurer.rb:104:in `prepare_and_retrieve_catalog'
/usr/share/ruby/vendor_ruby/puppet/configurer.rb:201:in `run_internal'
/usr/share/ruby/vendor_ruby/puppet/configurer.rb:132:in `block in run'
/usr/share/ruby/vendor_ruby/puppet/context.rb:64:in `override'
/usr/share/ruby/vendor_ruby/puppet.rb:244:in `override'
/usr/share/ruby/vendor_ruby/puppet/configurer.rb:131:in `run'
/usr/share/ruby/vendor_ruby/puppet/agent.rb:47:in `block (4 levels) in run'
/usr/share/ruby/vendor_ruby/puppet/agent/locker.rb:20:in `lock'
/usr/share/ruby/vendor_ruby/puppet/agent.rb:47:in `block (3 levels) in run'
/usr/share/ruby/vendor_ruby/puppet/agent.rb:117:in `with_client'
/usr/share/ruby/vendor_ruby/puppet/agent.rb:44:in `block (2 levels) in run'
/usr/share/ruby/vendor_ruby/puppet/agent.rb:82:in `run_in_fork'
/usr/share/ruby/vendor_ruby/puppet/agent.rb:43:in `block in run'
/usr/share/ruby/vendor_ruby/puppet/application.rb:179:in `call'
/usr/share/ruby/vendor_ruby/puppet/application.rb:179:in `controlled_run'
/usr/share/ruby/vendor_ruby/puppet/agent.rb:41:in `run'
/usr/share/ruby/vendor_ruby/puppet/application/agent.rb:356:in `onetime'
/usr/share/ruby/vendor_ruby/puppet/application/agent.rb:322:in `run_command'
/usr/share/ruby/vendor_ruby/puppet/application.rb:384:in `block (2 levels) in run'
/usr/share/ruby/vendor_ruby/puppet/application.rb:510:in `plugin_hook'
/usr/share/ruby/vendor_ruby/puppet/application.rb:384:in `block in run'
/usr/share/ruby/vendor_ruby/puppet/util.rb:488:in `exit_on_fail'
/usr/share/ruby/vendor_ruby/puppet/application.rb:384:in `run'
/usr/share/ruby/vendor_ruby/puppet/util/command_line.rb:146:in `run'
/usr/share/ruby/vendor_ruby/puppet/util/command_line.rb:92:in `execute'
/usr/bin/puppet:8:in `<main>'

inkblot commented 8 years ago

I think I understand what is happening. I will make a small change on a branch for you to try.

inkblot commented 8 years ago

I do have one other question. Why is it necessary to define a custom hint zone for the DNS root? I would like to know to ensure that the module supports your case.

alexises commented 8 years ago

I would like to manage hint and master/slave zone on a same DNS server. So I would like to centralize all the view configuration on a same place : my puppet config.

I'm not sure It's the proper response you attend, If you need more precision, please ask

inkblot commented 8 years ago

I have created a branch which I would like you to try. The branch is root-zone-naming

alexises commented 8 years ago

we are near to have the good solution, When I run the new release I can constate two issue :

When I use the source attribute, the locale file is compied to the new destination. In this case you should just set the entry to the path provided. It's ensure that if the zone is updated outside of pupper (like update of bind package) the file still to by at the last version without the need to run puppet agent.
The second issue is when you make an rndc reload for rood zone, the script try to do rndc reload '.' but the command attend a zone without the last dot, so the command simply fail. In this case the proper command to run is rndc reload '' the empty '' is required to specify the root zone.

inkblot commented 8 years ago

Is the file /var/named/named.ca supplied by your Linux distribution? If yes, what distribution are you using?

I have taken some care to keep such files and the default configurations that use them on Debian and Ubuntu, but I have less experience with the BIND package in RedHat and RedHat-related distributions and these defaults might be erased or damaged by the module. If that is the case, I would like to fix that.

alexises commented 8 years ago

this files is provided by rhel/centos and fedora

inkblot commented 8 years ago

I have made a branch which includes RedHat's default zones in a way that is very similar to the way they are handled on Debian. With this branch, it is not necessary to declare a root hint zone. Could you please try the redhat-default-zones branch and let me know if it works for you?

alexises commented 8 years ago

thanks, I'll on monday, I don't have my test environement here :)

thanks

alexises commented 8 years ago

I have add a note to your commit to solve a small issue, but this is work. Nevertheless this way just add the default zone in all view. IMAO you should not include it by default and let the user include it if it specift "root" or "." in the zone list of the view type

inkblot commented 8 years ago

I would like to move the discussion to #69 . Thanks!

inkblot / puppet-bind

Add support for unmanaged zone file #62