From 108cf6c59c96238bc76eb2150632e21c2c6d3e26 Mon Sep 17 00:00:00 2001 From: Peter Palfrader Date: Fri, 7 Jun 2013 18:58:30 +0000 Subject: [PATCH] Support adding dns snippets on orff from other hosts --- manifests/site.pp | 3 +++ modules/dnsextras/manifests/entries.pp | 13 +++++++++++++ modules/dnsextras/manifests/entry.pp | 12 ++++++++++++ modules/exim/manifests/init.pp | 7 ++++++- modules/exim/manifests/mx.pp | 6 ++++++ 5 files changed, 40 insertions(+), 1 deletion(-) create mode 100644 modules/dnsextras/manifests/entries.pp create mode 100644 modules/dnsextras/manifests/entry.pp diff --git a/manifests/site.pp b/manifests/site.pp index 8e4a77ac..ace4f63b 100644 --- a/manifests/site.pp +++ b/manifests/site.pp @@ -91,6 +91,9 @@ node default { } elsif $::hostname in [geo1,geo2,geo3] { include named::geodns } + if $::hostname in [orff] { + include dnsextras::entries + } if $::hostname in [diabelli,nono,spohr] { include dacs diff --git a/modules/dnsextras/manifests/entries.pp b/modules/dnsextras/manifests/entries.pp new file mode 100644 index 00000000..0dbf7ded --- /dev/null +++ b/modules/dnsextras/manifests/entries.pp @@ -0,0 +1,13 @@ +class dnsextras::entries { + file { '/srv/dns.debian.org/puppet-extra': + ensure => 'directory', + } + + concat { '/srv/dns.debian.org/puppet-extra/include-debian.org': + #require => Package['exim4-daemon-heavy'] + # notify => Service["nagios"], + } + + + Concat::Fragment <<| tag == "dnsextra" |>> +} diff --git a/modules/dnsextras/manifests/entry.pp b/modules/dnsextras/manifests/entry.pp new file mode 100644 index 00000000..9c2b6b9f --- /dev/null +++ b/modules/dnsextras/manifests/entry.pp @@ -0,0 +1,12 @@ +define dnsextras::entry ( + $zone, + $label, + $rrtype, + $rrdata, +) { + @@concat::fragment { "dns-extra-${zone}-${::fqdn}-${name}": + target => "/srv/dns.debian.org/puppet-extra/include-${zone}", + content => "; ${::fqdn} ${name}\n${label}. IN ${rrtype} ${rrdata}\n", + tag => 'dnsextra', + } +} diff --git a/modules/exim/manifests/init.pp b/modules/exim/manifests/init.pp index 096100da..1fb18d6f 100644 --- a/modules/exim/manifests/init.pp +++ b/modules/exim/manifests/init.pp @@ -133,7 +133,7 @@ class exim { case getfromhash($site::nodeinfo, 'mail_port') { /^(\d+)$/: { $mail_port = $1 } - default: { $mail_port = 'smtp' } + default: { $mail_port = '25' } } @ferm::rule { 'dsa-exim': @@ -146,6 +146,11 @@ class exim { domain => 'ip6', rule => "&SERVICE_RANGE(tcp, $mail_port, \$SMTP_V6_SOURCES)" } + dnsextras::entry{ "tlsa-mailport": + zone => 'debian.org', + label => "_${mail_port}._tcp.${::fqdn}", + rrtype => 'TXT', + rrdata => 'testing' } # Do we actually want this? I'm only doing it because it's harmless # and makes the logs quiet. There are better ways of making logs quiet, diff --git a/modules/exim/manifests/mx.pp b/modules/exim/manifests/mx.pp index 80ed36f7..3c40623d 100644 --- a/modules/exim/manifests/mx.pp +++ b/modules/exim/manifests/mx.pp @@ -13,6 +13,7 @@ class exim::mx inherits exim { notify => Service['exim4'], } + # MXs used as smarthosts @ferm::rule { 'dsa-exim-submission': description => 'Allow SMTP', rule => '&SERVICE_RANGE(tcp, submission, $SMTP_SOURCES)' @@ -22,6 +23,11 @@ class exim::mx inherits exim { domain => 'ip6', rule => '&SERVICE_RANGE(tcp, submission, $SMTP_V6_SOURCES)', } + dnsextras::entry{ "tlsa-submission": + zone => 'debian.org', + label => "_587._tcp.${::fqdn}", + rrtype => 'TXT', + rrdata => 'testing' } package { 'nagios-plugins-standard': ensure => installed, -- 2.39.2