Merge branch 'develop'

2 files changed, 79 insertions, 0 deletions

diff --git a/puppet/modules/unbound b/puppet/modules/unbound
deleted file mode 160000
-Subproject a26b91dfea3189e6777629fa00d54f51dc41f4d
diff --git a/puppet/modules/unbound/README b/puppet/modules/unbound/README
new file mode 100644
index 00000000..529f37f0
--- /dev/null
+++ b/puppet/modules/unbound/README
@@ -0,0 +1,79 @@
+== Class: unbound
+
+The unbound class manages unbound, the reqursive caching DNS resolver.
+It manages the package, service, configuration file, control keys and
+support files.
+
+Supported operating systems are OpenBSD, Debian and Ubuntu.  Tested on OpenBSD
+5.2 with Puppet 2.7.14 and Debian Sid with Puppet 2.7.18-2.
+
+The configuration file is concatenated from samples of server et. al.,
+stub-zone and forward-zone.  The latter two are created independently
+from the server settings, by defines which can be used by other classes
+and modules.
+
+Control keys can be created with the unbound-control-setup program,
+and is enabled by default.  These are neccessary to be able to control
+unbound (restart, reload etc) with the unbound-control program.
+
+The auto-trust-anchor-file 'root.key' can be created with the unbound-anchor
+program, and is enabled by default.
+
+The root-hints files named.cache can be managed, but have to be provided by
+the user.  See the documentation in manifests/root_hints.pp for how to proceede.
+This functionality is not enabled by default.
+
+=== Parameters
+
+[*settings*]
+Hash containing the settings as key value pairs.
+
+[*ssl*]
+Mange unbound-control certificates?  True or false, true by default.
+
+[*anchor*]
+Manage root.key? True or false, true by default.
+
+[*root_hints*]
+Manage named.cache?  True or false, false by default.
+
+=== Examples
+
+class { 'unbound':
+  root_hints => true,
+  settings => {
+    server => {
+      verbosity => '1',
+      interface => [
+        '127.0.0.1',
+        '::1',
+        $::ipaddress,
+      ],
+      outgoing-interface => $::ipaddress,
+      access-control => [
+        '127.0.0.0/8 allow',
+        '::1 allow',
+        '10.0.0.0/8 allow',
+      ],
+      root-hints => '"/var/unbound/etc/named.cache"',
+      private-address => [
+        '10.0.0.0/8',
+        '172.16.0.0/12',
+        '192.168.0.0/16',
+      ],
+      private-domain => "\"$::domain\"",
+      auto-trust-anchor-file => '"/var/unbound/etc/root.key"',
+    },
+    python => { },
+    remote-control => {
+      control-enable => 'yes',
+      control-interface => [
+        '127.0.0.1',
+        '::1',
+      ],
+    },
+  }
+}
+
+See manifests/stub.pp and manifests/forward.pp for examples on how to create
+sub zones and forward zones repectively.