move over dns_primary/seconday

author Stephen Gran <steve@lobefin.net>

Thu, 2 Jan 2014 22:40:04 +0000 (22:40 +0000)

committer Stephen Gran <steve@lobefin.net>

Thu, 2 Jan 2014 22:40:04 +0000 (22:40 +0000)
author Stephen Gran <steve@lobefin.net>
Thu, 2 Jan 2014 22:40:04 +0000 (22:40 +0000)
committer Stephen Gran <steve@lobefin.net>
Thu, 2 Jan 2014 22:40:04 +0000 (22:40 +0000)
diff --git a/hieradata/common.yaml b/hieradata/common.yaml

index f55e4830d7c1aada9d185dab0bd3332002f3ba5a..c9d346fc20cbae004a1380411d69ecbec1667a9e 100644 (file)
--- a/hieradata/common.yaml
+++ b/hieradata/common.yaml
@@ -14,6 +14,13 @@ roles:
      - nono.debian.org
    dbmaster:
      - draghi.debian.org
+  dns_primary:
+    - denis.debian.org
+  dns_secondary:
+    - ravel.debian.org
+    - senfl.debian.org
+    - diamond.debian.org
+    - orff.debian.org
    extranrpeclient:
      - denis.debian.org
      - orff.debian.org
diff --git a/modules/debian-org/misc/local.yaml b/modules/debian-org/misc/local.yaml

index be6e920caa8989bf9ba794b38ab2ddd10c9bc4e2..15ade4fa48410f179bea36b2d49a6989b7c7d816 100644 (file)
--- a/modules/debian-org/misc/local.yaml
+++ b/modules/debian-org/misc/local.yaml
@@ -308,10 +308,3 @@ host_settings:
    buildd_master:
      - grieg.debian.org
      - wuiet.debian.org
-  dns_primary:
-    - denis.debian.org
-  dns_secondary:
-    - ravel.debian.org
-    - senfl.debian.org
-    - diamond.debian.org
-    - orff.debian.org
diff --git a/modules/named/manifests/init.pp b/modules/named/manifests/init.pp

index 2868a070ff4d59edb6a4fd8339517ea611d22b00..cf3b76f266482ae77814496f09718a4397105be7 100644 (file)
--- a/modules/named/manifests/init.pp
+++ b/modules/named/manifests/init.pp
@@ -21,7 +21,7 @@ class named {
                 rule        => 'proto udp dport 53 mod string from 32 to 64 algo bm hex-string \'|0000ff0001|\' jump DROP'
         }
  
-       if getfromhash($site::nodeinfo, 'dns_primary') {
+       if has_role('dns_primary') {
                 @ferm::rule { '01-dsa-bind-4':
                         domain      => '(ip)',
                         description => 'Allow nameserver access',
diff --git a/modules/named/templates/named.conf.options.erb b/modules/named/templates/named.conf.options.erb

index 9ec33e8b1c24385b892118d1a4b0455aa568a64c..72ef825845894f64e0e0d80380891829000d3f7e 100644 (file)
--- a/modules/named/templates/named.conf.options.erb
+++ b/modules/named/templates/named.conf.options.erb
@@ -42,7 +42,7 @@ options {
         dnssec-validation yes;
  <% end -%>
  
-<% if classes.include?('named::authoritative') and not scope.lookupvar('site::nodeinfo')['dns_primary'] -%>
+<% if scope.function_has_role(['dns_secondary']) -%>
         rate-limit {
                 responses-per-second 25;
                 window 5;
author	Stephen Gran <steve@lobefin.net>
	Thu, 2 Jan 2014 22:40:04 +0000 (22:40 +0000)
committer	Stephen Gran <steve@lobefin.net>
	Thu, 2 Jan 2014 22:40:04 +0000 (22:40 +0000)
hieradata/common.yaml		patch \| blob \| history
modules/debian-org/misc/local.yaml		patch \| blob \| history
modules/named/manifests/init.pp		patch \| blob \| history
modules/named/templates/named.conf.options.erb		patch \| blob \| history