Comments (8)
@jlutran can you expand more on your use case? would something like the following work
$default_local_zone = { '.' => 'refuse' }
$nsd_zones = lookup('nsd::zones').keys
$local_zones = $nsd_zones.reduce($default_local_zone) |$memo, $zone| {
$tmp = merge($memo, {$zone => 'transparent'})
$tmp
}
class {'unbound':
$local_zone = $local_zones
}
from puppet-unbound.
I use unbound::local_zone as a resolver whitelist on my hosts :
- Set resolver to localhost only
- Disable all zones resolving ({ '.' => 'refuse' })
- Add custom zones using multiple unbound::local_zone calls in separate puppet profiles
Your code above is working, but hard to implement in my case because ::unbound::local_zone
class is called from multiple puppet manifests.
from puppet-unbound.
@xaque208 what do you think of this? i think the use case is a valid one and it is maybe worth bringing back the local_zone type. however it may be initiative unless we once again change the structure of the unbound::local_zone
variable so it can be used with create_resources, e.g.
class{ 'unbound'
local_zone => { 'example.com' => { 'type' => 'refuse' }
}
this would mean the current method like the following would stop working
class{ 'unbound'
local_zone => { 'example.com' => 'refuse' }
}
the other options is to create a resource that can add local_zone data with a different format to unbound::local_zone
. this would be similar to unbound::remote
vs unbound::local_data
. im happy to do the work if you give me direction
from puppet-unbound.
@b4ldr I assume then that the unbound
class would then contain a create_resources('unbound::local', $local_zone...)
or are you thinking something different?
@jlutran Would storing all of the local_zone data in the same hiera data object be enough for you? I'm curious to learn more about why local_zone is in multiple manifests on the same node. I assume just for organization purposes. Is that right?
from puppet-unbound.
@b4ldr I assume then that the unbound class would then contain a create_resources('unbound::local', $local_zone...) or are you thinking something different?
yes, it would mean going back to the old way of doing it.
from puppet-unbound.
Bringing back the local_zone class while also supporting a parameter on the unbound class that, if defined, is passed to create_resources seems like the best of both worlds. I'm speculating here, as I don't use the feature, but users would be able to define the resources centrally in hiera, or scattered throughout the manifest.
from puppet-unbound.
@jlutran Would storing all of the local_zone data in the same hiera data object be enough for you? I'm curious to learn more about why local_zone is in multiple manifests on the same node. I assume just for organization purposes. Is that right?
I use a default unbound profile, and then set some local zones on custom roles. For example :
class profiles::unbound(
$default_nameservers = hiera('public_nameservers', []),
$proxy_endpoint = hiera('proxy', undef),
$git_endpoint = hiera('git_source', undef),
) {
unbound::forward { '.': address => $default_nameservers }
ensure_resource('unbound::local_zone', '.', { 'type' => 'refuse' })
ensure_resource('unbound::local_zone', $default_sync_server, { 'type' => 'transparent' })
if( $proxy_endpoint ) {
$proxy_domain = regsubst($proxy_endpoint, '^http[s]?://([^:/]+).*$', '\1')
ensure_resource('unbound::local_zone', $proxy_domain, { 'type' => 'transparent' })
}
if( $git_endpoint ) {
$git_domain = regsubst($git_endpoint, '^http[s]?://([^:/]+).*$', '\1')
ensure_resource('unbound::local_zone', $git_domain, { 'type' => 'transparent' })
}
}
class profiles::custom_role($metrics_endpoint) {
ensure_resource('unbound::local_zone', $metrics_endpoint, { 'type' => 'transparent' })
}
And so on...
from puppet-unbound.
#182 has been merged to resolve this. Apologies for the trouble.
from puppet-unbound.
Related Issues (20)
- Wrong quoting for local-data TXT records HOT 5
- version 2.4.3 breaks the configfile for tls-upstream on CentOS 7
- `unbound_version` fact needs a test HOT 1
- Debian: module change ownership of directory /run to unbound HOT 13
- add ability to define/generate local-data + override local-zone template HOT 3
- commit 5868593634371290ad013e4a3005f25cb8d7e1fe broke the module for me HOT 6
- Fix installation on Debian distribution - e.g. unbound option auto-trust-anchor-file is provided two times HOT 8
- Handle TXT records containing double quotes and white space
- Resource default statements in module HOT 17
- Drop EOL Debian 8
- Please support 'respip' in module_config HOT 1
- add deprecation message on the forge HOT 4
- unbound_version not set on first run causing unexpected config file setting HOT 1
- No support Static record mapping to multiple IP
- Documentation is misleading when using unbound::stub
- Outgoing port permit/avoid order wrong when outgoing_port_permit_first = false
- Option trust_anchor_file is not usable
- Allow to restart instead of reload on config changes
- $conf_d and $unbound_conf_d are not documented and unclear how they differ beyond their location HOT 2
- Newer versions of Unbound require the "include:" line in its own stanza HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from puppet-unbound.