1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
|
# == Class: unbound
#
# The unbound class manages unbound, the reqursive caching dns resolver.
# It manages the package, service, configuration file, control keys and
# support files.
#
# The configuration file is concatenated from samples of server et. al.,
# stub-zone and forward-zone. The latter two are created independently
# from the server settings, by defines which can be used by other classes
# and modules.
#
# Control keys can be created with the unbound-control-setup program,
# and is enabled by default. These are neccessary to be able to control
# unbound (restart, reload etc) with the unbound-control program.
#
# The auto-trust-anchor-file 'root.key' can be created with the unbound-anchor
# program, and is enabled by default.
#
# The root-hints files named.cache can be managed, but have to be provided by
# the user. See the documentation in manifests/root_hints.pp for how to proceede.
# This functionality is not enabled by default.
#
# === Parameters
#
# [*settings*]
# Hash containing the settings as key value pairs.
#
# [*ssl*]
# Mange unbound-control certificates? True or false, true by default.
#
# [*anchor*]
# Manage root.key? True or false, true by default.
#
# [*root_hints*]
# Manage named.cache? True or false, false by default.
#
# === Examples
#
# class { 'unbound':
# root_hints => true,
# settings => {
# server => {
# verbosity => '1',
# interface => [
# '127.0.0.1',
# '::1',
# $::ipaddress,
# ],
# outgoing-interface => $::ipaddress,
# access-control => [
# '127.0.0.0/8 allow',
# '::1 allow',
# '10.0.0.0/8 allow',
# ],
# root-hints => '"/var/unbound/etc/named.cache"',
# private-address => [
# '10.0.0.0/8',
# '172.16.0.0/12',
# '192.168.0.0/16',
# ],
# private-domain => "\"$::domain\"",
# auto-trust-anchor-file => '"/var/unbound/etc/root.key"',
# },
# python => { },
# remote-control => {
# control-enable => 'yes',
# control-interface => [
# '127.0.0.1',
# '::1',
# ],
# },
# }
# }
#
# See manifests/stub.pp and manifests/forward.pp for examples on how to create
# sub zones and forward zones repectively.
#
class unbound (
$settings,
$anchor = true,
$root_hints = false,
$ssl = true,
) inherits unbound::params {
include concat::setup
include unbound::package
include unbound::service
validate_hash($settings)
validate_bool($anchor)
validate_bool($root_hints)
validate_bool($ssl)
if $anchor {
include unbound::anchor
}
if $root_hints {
include unbound::root_hints
}
if $ssl {
include unbound::ssl
}
$real_settings = $settings
concat { $unbound::params::config:
require => Class['unbound::package'],
}
concat::fragment { 'unbound server':
target => $unbound::params::config,
content => template('unbound/unbound.conf.erb'),
order => 1,
}
}
|
