Comments (9)
zachfi
commented on June 29, 2024
Can I see the manifest you used to get into the situation you mentioned?
from puppet-unbound.
F00baer
commented on June 29, 2024
On 2015-07-23 17:35, Zach Leslie wrote:
Can I see the manifest you used to get into the situation you mentioned?
—
Reply to this email directly or view it on GitHub
#102 (comment).
Sure,
I manage my stubs as hiera data, like this:
recursor::stubs:
domain1.com:
address:
- "121.120.1.64"
- "121.120.6.5"
- "121.120.6.6"
- "2001:123:4:6::88:5"
- "2001:123:4:6::88:6"
insecure: true
domain2.com:
address:
- "121.121.1.64"
- "121.130.6.11"
- "121.130.6.12"
- "2001:132:4:6::88:11"
- "2001:123:4:6::88:12"
insecure: true
The class is defined in a profile:
class { "unbound":
interface => $ips,
access => $access,
do_ip6 => $do_ip6,
do_ip4 => "yes",
hide_identity => false,
hide_version => false,
val_clean_additional => false,
control_enable => true,
num_threads => $processorcount,
msg_cache_slabs => $processorcount_2,
rrset_cache_slabs => $processorcount_2,
infra_cache_slabs => $processorcount_2,
key_cache_slabs => $processorcount_2,
outgoing_interface => $ipaddress,
prefetch => "yes",
so_rcvbuf => "4m",
num_queries_per_thread => "4096",
outgoing_range => 8192,
rrset_cache_size => "${rcache}m",
msg_cache_size => "${mcache}m",
edns_buffer_size => "4096",
outgoing_port_avoid => "0-1024",
outgoing_port_permit => "1025-65535",
val_permissive_mode => $permissive_mode,
module_config => $module_config,
interface_automatic => $interface_automatic,
chroot => $chroot,
custom_server_conf => [
"so-sndbuf: 4m",
"identity: $identity",
"version: $version",
"val-clean-additional: no",
],
}
$stubs=hiera_hash('recursor::stubs',{})
create_resources('unbound::stub',$stubs,{})
This resulted in just the V6 addresses beeing stub-addr, while the V4
addresses seemed to gotten matched as valid hostnames and were added as
stub-host.
I am using the latest version from git, puppetlabs-concat 1.2.3,
puppetlabs-stdlib 4.5.1, puppet 3.7.5.
Regards,
Markus
from puppet-unbound.
zachfi
commented on June 29, 2024
Ah, sounds like we just need to improve our address validation.
from puppet-unbound.
zachfi
commented on June 29, 2024
I'll test shortly.
from puppet-unbound.
zachfi
commented on June 29, 2024
After testing, my configs looks good and my servers are online. Are you in a position to test? I'm prepared to merge #104 to correct this.
from puppet-unbound.
F00baer
commented on June 29, 2024
Hi,
On 2015-07-28 16:56, Zach Leslie wrote:
After testing, my configs looks good and my servers are online. Are you
in a position to test? I'm prepared to merge #104
#104 to correct this.—
Reply to this email directly or view it on GitHub
#102 (comment).
The patch looks good, still there is a minor issue with the parser.
My puppet agent was not able to find the puppet_x path:
Error: Could not retrieve catalog from remote server: Error 400 on
SERVER: Could not autoload
puppet/parser/functions/validate_unbound_addr: cannot load such file --
puppet_x/unbound/validate_addrs on node uni-resolver-test-ns.puppet-test
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run
However, I found a similar workaround in another module and adapted it:
diff --git a/lib/puppet/parser/functions/validate_unbound_addr.rb
b/lib/puppet/parser/functions/validate_unbound_addr.rb
index d8c5d7b..4b1b4cf 100644
--- a/lib/puppet/parser/functions/validate_unbound_addr.rb
+++ b/lib/puppet/parser/functions/validate_unbound_addr.rb
@@ -1,4 +1,6 @@
-require 'puppet_x/unbound/validate_addrs'
+require File.expand_path(File.join(File.dirname(FILE), '..', '..',
'..',
-
'puppet_x', 'unbound','validate_addrs.rb'))
+Puppet::Parser::Functions.newfunction(:validate_unbound_addr) do |args|
if (args.size != 1) then
Using this, the IPs were generated quite fine as "stub-addr" and
hostnames as "stub-host" entries as they should.
Thanks!
-Markus
from puppet-unbound.
zachfi
commented on June 29, 2024
That puppet_x code is missing on the master it looks like. So now that we rely on functions, and functions are executed on the master.
If you have an environment that contains this code, you can do puppet plugin download --environment $e -v on the master to ensure that the function and the rest of the lib code are available on the master side.
from puppet-unbound.
F00baer
commented on June 29, 2024
On 2015-07-29 00:33, Zach Leslie wrote:
That puppet_x code is missing on the master it looks like. So now that
we rely on functions, and functions are executed on the master.If you have an environment that contains this code, you can do |puppet
plugin download --environment $e -v| on the master to ensure that the
function and the rest of the lib code are available on the master side.—
Reply to this email directly or view it on GitHub
#102 (comment).
Thanks for the hint, just downloaded the plugins using your command and
now the module works as it was.
-Markus
from puppet-unbound.
zachfi
commented on June 29, 2024
#104 has been merged and 1.2.0 has been released for this effort. Thank you for the report.
from puppet-unbound.
Related Issues (20)
- unbound-checkconf fails on first-time configuration (pid dir is missing) HOT 4
- Wrong quoting for local-data TXT records HOT 5
- version 2.4.3 breaks the configfile for tls-upstream on CentOS 7
- `unbound_version` fact needs a test HOT 1
- Debian: module change ownership of directory /run to unbound HOT 13
- add ability to define/generate local-data + override local-zone template HOT 3
- commit 5868593634371290ad013e4a3005f25cb8d7e1fe broke the module for me HOT 6
- Fix installation on Debian distribution - e.g. unbound option auto-trust-anchor-file is provided two times HOT 8
- Handle TXT records containing double quotes and white space
- Resource default statements in module HOT 17
- Drop EOL Debian 8
- Please support 'respip' in module_config HOT 1
- add deprecation message on the forge HOT 4
- unbound_version not set on first run causing unexpected config file setting HOT 1
- No support Static record mapping to multiple IP
- Documentation is misleading when using unbound::stub
- Outgoing port permit/avoid order wrong when outgoing_port_permit_first = false
- Option trust_anchor_file is not usable
- Allow to restart instead of reload on config changes
- $conf_d and $unbound_conf_d are not documented and unclear how they differ beyond their location HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from puppet-unbound.