Puppet - Smart Proxy - DNS, allow_transfers

bignicp · October 23, 2018, 9:38pm

How do I set up DNS replication using the smart-proxy puppet module?

I think it would be trivial for users to set the allow_transfers param within the puppet module (Apparently this can be done using puppet-dns )

Variable/Param listed here: named.zone.erb

<% unless @allow_transfer.empty? -%>
    allow-transfer { <%= @allow_transfer.join('; ') %>; };
<% end -%>

From the readme.md

Slaves can also be configured by setting `allow_transfer` in the master's zone and setting `zonetype => 'slave' ` in the slave's zone.

Furthermore it looks like the puppet-foreman_proxy module makes a call to the puppet-dns one, however I haven’t worked out a way of setting the values zonetype or allow_transfers

String $dns_zone = $::foreman_proxy::params::dns_zone,

I’m far from a puppet expert though, so more than happy for someone to correct me here!

Foreman and Proxy version

Foreman: 1.19.0
Smart-proxy: 1.17.0-RC2

Foreman and Proxy plugin versions:

mod 'theforeman-dns', '5.3.1'
mod 'theforeman-foreman_proxy', '8.0.2'

Other relevant data:
My puppet site.pp file looks like the following:

TRUNCATED...
node 'myforemanproxy.mydomain.internal.lan' {

  $puppet_host = 'mypuppethost.mydomain.internal.lan'

  class{'::foreman_proxy':
    puppet                => false,
    puppetca              => false,
    tftp                  => true,
    dhcp                  => true,
    dns                   => true,
    bmc                   => true,
    realm                 => false,
    register_in_foreman   => false,
    puppet_url            => "https://${puppet_host}:8140",
    foreman_base_url      => "https://${puppet_host}/",
    oauth_consumer_key    => "<REDACTED>",
    oauth_consumer_secret => "<REDACTED>",
    trusted_hosts         => [$puppet_host],
    dhcp_gateway          => '10.0.0.1',
    dhcp_range            => '10.0.0.2 10.0.0.254',
    dhcp_subnets          => ['10.0.0.1/255.255.255.0'],
    dhcp_search_domains   => ['mydomain.internal.lan'],
    dhcp_key_name         => undef,
    dhcp_key_secret       => undef,
    dhcp_omapi_port       => 7911,
    tftp_servername       => '10.0.0.2',
    dns_managed           => true,
    dns_zone              => 'mydomain.internal.lan',
    dns_reverse           => '24.0.0.10.in-addr.arpa',
    dns_forwarders        => ['1.1.1.1', '2.2.2.2'],
  }
}

Any and all help appreciated - thanks!

bignicp · October 24, 2018, 9:38am

I incorrectly showed where I believe the puppet-dns module is called. I now understand it to be here:

  if $foreman_proxy::dns and $foreman_proxy::dns_managed {
    include ::foreman_proxy::proxydns
    include ::dns::params

By the looks of it allow_transfers isn’t exposed as a parameter, but as a variable - so how can I set that from the foreman_proxy module?

Cheers,
Nic

ekohl · October 24, 2018, 10:22am

Yes, you can. Option one is through hiera, but you’ll run into the issue that you also need to set it on the dns::zone which you can’t.

The other option is probably more flexible. Our foreman_proxy::proxydns class is rather limited. You can set foreman_proxy::dns_managed to false and set up your DNS server in your puppet manifest. This probably the option you want to choose.

bignicp · October 24, 2018, 10:40am

Thanks for the reply.

The issue I was having with setting dns_managed to false - was that I kept getting errors relating to zonepathfile not being an absolute path and after setting that one around concat... target something or other (I can retry and rerun if necessary)…