From 18066df35f30b2cdb36d12ad84e9f1a5f911c7d4 Mon Sep 17 00:00:00 2001
From: Stephen Gran <steve@lobefin.net>
Date: Thu, 2 Jan 2014 22:40:04 +0000
Subject: [PATCH] move over dns_primary/seconday

Signed-off-by: Stephen Gran <steve@lobefin.net>
---
 hieradata/common.yaml                          | 7 +++++++
 modules/debian-org/misc/local.yaml             | 7 -------
 modules/named/manifests/init.pp                | 2 +-
 modules/named/templates/named.conf.options.erb | 2 +-
 4 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/hieradata/common.yaml b/hieradata/common.yaml
index f55e4830..c9d346fc 100644
--- a/hieradata/common.yaml
+++ b/hieradata/common.yaml
@@ -14,6 +14,13 @@ roles:
     - nono.debian.org
   dbmaster:
     - draghi.debian.org
+  dns_primary:
+    - denis.debian.org
+  dns_secondary:
+    - ravel.debian.org
+    - senfl.debian.org
+    - diamond.debian.org
+    - orff.debian.org
   extranrpeclient:
     - denis.debian.org
     - orff.debian.org
diff --git a/modules/debian-org/misc/local.yaml b/modules/debian-org/misc/local.yaml
index be6e920c..15ade4fa 100644
--- a/modules/debian-org/misc/local.yaml
+++ b/modules/debian-org/misc/local.yaml
@@ -308,10 +308,3 @@ host_settings:
   buildd_master:
     - grieg.debian.org
     - wuiet.debian.org
-  dns_primary:
-    - denis.debian.org
-  dns_secondary:
-    - ravel.debian.org
-    - senfl.debian.org
-    - diamond.debian.org
-    - orff.debian.org
diff --git a/modules/named/manifests/init.pp b/modules/named/manifests/init.pp
index 2868a070..cf3b76f2 100644
--- a/modules/named/manifests/init.pp
+++ b/modules/named/manifests/init.pp
@@ -21,7 +21,7 @@ class named {
 		rule        => 'proto udp dport 53 mod string from 32 to 64 algo bm hex-string \'|0000ff0001|\' jump DROP'
 	}
 
-	if getfromhash($site::nodeinfo, 'dns_primary') {
+	if has_role('dns_primary') {
 		@ferm::rule { '01-dsa-bind-4':
 			domain      => '(ip)',
 			description => 'Allow nameserver access',
diff --git a/modules/named/templates/named.conf.options.erb b/modules/named/templates/named.conf.options.erb
index 9ec33e8b..72ef8258 100644
--- a/modules/named/templates/named.conf.options.erb
+++ b/modules/named/templates/named.conf.options.erb
@@ -42,7 +42,7 @@ options {
 	dnssec-validation yes;
 <% end -%>
 
-<% if classes.include?('named::authoritative') and not scope.lookupvar('site::nodeinfo')['dns_primary'] -%>
+<% if scope.function_has_role(['dns_secondary']) -%>
 	rate-limit {
 		responses-per-second 25;
 		window 5;
-- 
2.39.2