Stub addresses are generated as hostnames in config about puppet-unbound HOT 9 CLOSED

Can I see the manifest you used to get into the situation you mentioned?

from puppet-unbound.

On 2015-07-23 17:35, Zach Leslie wrote:

Can I see the manifest you used to get into the situation you mentioned?

—
Reply to this email directly or view it on GitHub
#102 (comment).

Sure,

I manage my stubs as hiera data, like this:

recursor::stubs:
domain1.com:
address:
- "121.120.1.64"
- "121.120.6.5"
- "121.120.6.6"
- "2001:123:4:6::88:5"
- "2001:123:4:6::88:6"
insecure: true
domain2.com:
address:
- "121.121.1.64"
- "121.130.6.11"
- "121.130.6.12"
- "2001:132:4:6::88:11"
- "2001:123:4:6::88:12"
insecure: true

The class is defined in a profile:

class { "unbound":
interface => $ips,
access => $access,
do_ip6 => $do_ip6,
do_ip4 => "yes",
hide_identity => false,
hide_version => false,
val_clean_additional => false,
control_enable => true,
num_threads => $processorcount,
msg_cache_slabs => $processorcount_2,
rrset_cache_slabs => $processorcount_2,
infra_cache_slabs => $processorcount_2,
key_cache_slabs => $processorcount_2,
outgoing_interface => $ipaddress,
prefetch => "yes",
so_rcvbuf => "4m",
num_queries_per_thread => "4096",
outgoing_range => 8192,
rrset_cache_size => "${rcache}m",
msg_cache_size => "${mcache}m",
edns_buffer_size => "4096",
outgoing_port_avoid => "0-1024",
outgoing_port_permit => "1025-65535",
val_permissive_mode => $permissive_mode,
module_config => $module_config,
interface_automatic => $interface_automatic,
chroot => $chroot,
custom_server_conf => [
"so-sndbuf: 4m",
"identity: $identity",
"version: $version",
"val-clean-additional: no",
],
}

$stubs=hiera_hash('recursor::stubs',{})
create_resources('unbound::stub',$stubs,{})

This resulted in just the V6 addresses beeing stub-addr, while the V4
addresses seemed to gotten matched as valid hostnames and were added as
stub-host.
I am using the latest version from git, puppetlabs-concat 1.2.3,
puppetlabs-stdlib 4.5.1, puppet 3.7.5.

Regards,
Markus

from puppet-unbound.

Ah, sounds like we just need to improve our address validation.

from puppet-unbound.

#104

I'll test shortly.

from puppet-unbound.

After testing, my configs looks good and my servers are online. Are you in a position to test? I'm prepared to merge #104 to correct this.

from puppet-unbound.

Hi,

On 2015-07-28 16:56, Zach Leslie wrote:

After testing, my configs looks good and my servers are online. Are you
in a position to test? I'm prepared to merge #104
#104 to correct this.

—
Reply to this email directly or view it on GitHub
#102 (comment).

The patch looks good, still there is a minor issue with the parser.
My puppet agent was not able to find the puppet_x path:

Error: Could not retrieve catalog from remote server: Error 400 on
SERVER: Could not autoload
puppet/parser/functions/validate_unbound_addr: cannot load such file --
puppet_x/unbound/validate_addrs on node uni-resolver-test-ns.puppet-test
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run

However, I found a similar workaround in another module and adapted it:

diff --git a/lib/puppet/parser/functions/validate_unbound_addr.rb
b/lib/puppet/parser/functions/validate_unbound_addr.rb
index d8c5d7b..4b1b4cf 100644
--- a/lib/puppet/parser/functions/validate_unbound_addr.rb
+++ b/lib/puppet/parser/functions/validate_unbound_addr.rb
@@ -1,4 +1,6 @@
-require 'puppet_x/unbound/validate_addrs'
+require File.expand_path(File.join(File.dirname(FILE), '..', '..',
'..',

•                              'puppet_x', 'unbound',
  

  'validate_addrs.rb'))
  +

  Puppet::Parser::Functions.newfunction(:validate_unbound_addr) do |args|
  if (args.size != 1) then

Using this, the IPs were generated quite fine as "stub-addr" and
hostnames as "stub-host" entries as they should.
Thanks!

-Markus

from puppet-unbound.

That puppet_x code is missing on the master it looks like. So now that we rely on functions, and functions are executed on the master.

If you have an environment that contains this code, you can do puppet plugin download --environment $e -v on the master to ensure that the function and the rest of the lib code are available on the master side.

from puppet-unbound.

On 2015-07-29 00:33, Zach Leslie wrote:

That puppet_x code is missing on the master it looks like. So now that
we rely on functions, and functions are executed on the master.

If you have an environment that contains this code, you can do |puppet
plugin download --environment $e -v| on the master to ensure that the
function and the rest of the lib code are available on the master side.

—
Reply to this email directly or view it on GitHub
#102 (comment).

Thanks for the hint, just downloaded the plugins using your command and
now the module works as it was.

-Markus

from puppet-unbound.

#104 has been merged and 1.2.0 has been released for this effort. Thank you for the report.

from puppet-unbound.