{"id":15013990,"url":"https://github.com/sensson/puppet-powerdns","last_synced_at":"2025-03-03T03:00:20.649Z","repository":{"id":10116342,"uuid":"64535450","full_name":"sensson/puppet-powerdns","owner":"sensson","description":"A Puppet module to install and configure the PowerDNS 4.x authorative server and recursor","archived":false,"fork":false,"pushed_at":"2025-02-17T16:45:06.000Z","size":370,"stargazers_count":13,"open_issues_count":1,"forks_count":48,"subscribers_count":5,"default_branch":"main","last_synced_at":"2025-02-21T15:05:51.356Z","etag":null,"topics":["powerdns","puppet"],"latest_commit_sha":null,"homepage":"","language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/sensson.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2016-07-30T08:53:26.000Z","updated_at":"2025-02-17T16:45:09.000Z","dependencies_parsed_at":"2024-06-19T00:09:23.936Z","dependency_job_id":"e2d0cfed-9d45-4d7e-ab28-7e3ae525d055","html_url":"https://github.com/sensson/puppet-powerdns","commit_stats":{"total_commits":264,"total_committers":31,"mean_commits":8.516129032258064,"dds":0.5378787878787878,"last_synced_commit":"97f9e11dabb50a1b22f6bc750da110dfbbe2b333"},"previous_names":[],"tags_count":46,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sensson%2Fpuppet-powerdns","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sensson%2Fpuppet-powerdns/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sensson%2Fpuppet-powerdns/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sensson%2Fpuppet-powerdns/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/sensson","download_url":"https://codeload.github.com/sensson/puppet-powerdns/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":240191288,"owners_count":19762609,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["powerdns","puppet"],"created_at":"2024-09-24T19:45:02.388Z","updated_at":"2025-02-24T02:00:18.649Z","avatar_url":"https://github.com/sensson.png","language":"Ruby","funding_links":[],"categories":[],"sub_categories":[],"readme":"# PowerDNS\n\n[![Build Status](https://github.com/sensson/puppet-powerdns/workflows/CI/badge.svg)](https://github.com/sensson/puppet-powerdns/actions) [![Puppet Forge](https://img.shields.io/puppetforge/v/sensson/powerdns.svg?maxAge=2592000?style=plastic)](https://forge.puppet.com/sensson/powerdns)\n\nThis module can be used to configure both the recursor and authoritative\nPowerDNS 4 server. It officially supports Puppet 7 and higher.\n\n## Examples\n\n### Installation and configuration\n\nThis will install the authoritative PowerDNS server which includes the\nMySQL server and the management of the database and its tables. This is\nthe bare minimum.\n\n```puppet\nclass { 'powerdns':\n  db_password      =\u003e 's0m4r4nd0mp4ssw0rd',\n  db_root_password =\u003e 'v3rys3c4r3',\n}\n```\n\nIf you want to install both the recursor and the authoritative service on the\nsame server it is recommended to have the services listen on their own IP\naddress. The example below needs to be adjusted to use the ip addresses of your\nserver.\n\nThis may fail the first time on Debian-based distro's.\n\n```puppet\npowerdns::config { 'authoritative-local-address':\n  type    =\u003e 'authoritative',\n  setting =\u003e 'local-address',\n  value   =\u003e '127.0.0.1',\n}\npowerdns::config { 'recursor-local-address':\n  type    =\u003e 'recursor',\n  setting =\u003e 'local-address',\n  value   =\u003e '127.0.0.2',\n}\nclass { 'powerdns':\n  db_password      =\u003e 's0m4r4nd0mp4ssw0rd',\n  db_root_password =\u003e 'v3rys3c4r3',\n  recursor         =\u003e true,\n}\n```\n\n### Recursor forward zones\n\nMultiple forward zones can be configured using `powerdns::forward_zones`.\n\n```puppet\ninclude powerdns::recursor\n```\n\nThe configuration will be serialized into `forward-zones-file` config file.\n\n```yaml\npowerdns::forward_zones:\n  'example.com': 10.0.0.1\n  'foo': 192.168.1.1\n   # recurse queries\n  '+.': 1.1.1.1;8.8.8.8;8.8.4.4\n```\n\n### Backends\n\nThe default backend is MySQL. It also comes with support for PostgreSQL, Bind,\nLDAP, SQLite and lmdb.\n\nIf you don't specify the backend it assumes you will use MySQL.\n\n```puppet\nclass { 'powerdns':\n  backend     =\u003e 'mysql',\n  db_password =\u003e 's0m4r4nd0mp4ssw0rd',\n}\n```\n\nTo use PostgreSQL set `backend` to `postgresql`.\n\n```puppet\nclass { 'powerdns':\n  backend     =\u003e 'postgresql',\n  db_password =\u003e 's0m4r4nd0mp4ssw0rd',\n}\n```\n\nTo use Bind you must set `backend_install` and `backend_create_tables` to\nfalse. For example:\n\n```puppet\nclass { 'powerdns':\n  backend               =\u003e 'bind',\n  backend_install       =\u003e false,\n  backend_create_tables =\u003e false,\n}\n```\n\nTo use LDAP you must set `backend_install` and `backend_create_tables` to\nfalse. For example:\n\n```puppet\nclass { 'powerdns':\n  backend               =\u003e 'ldap',\n  backend_install       =\u003e false,\n  backend_create_tables =\u003e false,\n}\n```\n\nTo use SQLite you must set `backend` to `sqlite`. Ensure that the `pdns` user\nhas write permissions to directory holding database file. For example:\n\n```puppet\nclass { 'powerdns':\n  backend =\u003e 'sqlite',\n  db_file =\u003e '/opt/powerdns.sqlite3',\n}\n```\nTo use lmdb you must set `backend_install` and `backend_create_tables` to\nfalse. For example:\n\n```puppet\nclass { 'powerdns':\n  backend               =\u003e 'lmdb',\n  backend_install       =\u003e false,\n  backend_create_tables =\u003e false,\n}\n```\n\n### Manage zones with this module\nWith this module you can manage zones if you use a backend that is capable of doing so (eg. sqllite, postgres or mysql).\n\nYou can add a zone 'example.org' by using:\n``` puppet\n powerdns_zone{'example.org': }\n```\nThis will add the zone which is then managed through puppet any records not added\nthrough puppet will be deleted additionaly a SOA record is generated. To just ensure the\nzone is available, but not manage any records use (and do not add any powerdns\\_record\nresources with target this domain):\n``` puppet\n powerdns_zone{'example.org':\n   manage_records =\u003e false,\n }\n```\n\nTo addjust the SOA record (if add\\_soa is set to true), use the soa\\_\\* parameters documented in the powerdns\\_record resource.\n\nThe zone records can be managed through the powerdns\\_record resource. As an example we add a NS an A and an AAAA record:\n``` puppet\n powerdns_record{'nameserver1':\n   target_zone =\u003e 'example.org',\n   rname       =\u003e '.',  # a dot takes the target_zone only as rname\n   rtype       =\u003e 'NS',\n   rttl        =\u003e '4242',\n   rcontent    =\u003e 'ns1.example.org.' # pay attention to the dot at the end !\n }\n powerdns_record{'ns1.example.org':\n   rcontent =\u003e '127.0.0.1',\n }\n powerdns_record{'ipv6-ns1.example.org':\n   target_zone =\u003e 'example.org',\n   rname       =\u003e 'ns1',  # for the full record, the target_zone will be amended\n   rtype       =\u003e 'AAAA',\n   rcontent    =\u003e '::1',\n }\n powerdns_record{'www-server':\n   target_zone =\u003e 'example.org',\n   rname       =\u003e 'www',\n   rcontent    =\u003e '127.0.0.1'\n }\n```\nRemark: if the target\\_zone is not managed with powerdns\\_zone resource, powerdns\\_record does not change anything!\n\n### Sensitive secrets\n\nPasswords can be passed either as plain-text strings or as [Puppet's Sensitive type](https://www.puppet.com/docs/puppet/7/lang_data_sensitive.html) when appropriate encrypted backend is configured on Puppet server.\n\n### Manage autoprimaries (automatic provisioning of secondaries)\nIt's possible to manage the the 'autoprimaries' with puppet (For a decription of the autoprimary functionality in\npowerdns see [powerdns manual](https://doc.powerdns.com/authoritative/modes-of-operation.html#autoprimary-automatic-provisioning-of-secondaries).\nThe autoprimaries are set with the powerdns\\_autoprimary resource. As an example we add the primary 1.2.3.4 named ns1.example.org whith the account 'test'\n``` yaml\npowerdns_autoprimary{'1.2.3.4@ns1.example.org':\n  ensure  =\u003e 'present',\n  account =\u003e 'test',\n}\n```\nAs an alternative, you can set the autoprimaries parameter of the powerdns class to achive the same (eg. if you use hiera).\n\nFor removal of an autoprimary set ensure to 'absent' or set the parameter purge\\_autoprimaries of the powerdns class to true which willa\nremove all autoprimaries that are not present in the puppet manifest.\n\n## Reference\n\n### Parameters\n\n#### powerdns\n\nWe provide a number of configuration options to change particular settings\nor to override our defaults when required.\n\n##### `authoritative`\n\nInstall the PowerDNS authoritative server. Defaults to true.\n\n##### `recursor`\n\nInstall the PowerDNS recursor. Defaults to false.\n\n##### `backend`\n\nChoose a backend for the authoritative server. Valid values are 'mysql',\n'postgresql' and 'bind'. Defaults to 'mysql'.\n\n##### `backend_install`\n\nIf you set this to true it will try to install a database backend for\nyou. This requires `db_root_password`. Defaults to true.\n\n##### `backend_create_tables`\n\nIf set to true, it will ensure the required powerdns tables exist in your\nbackend database. If your database is on a separate host or you are using the\nthe Bind backend, set `backend_install` and `backend_create_tables` to false.\nDefaults to true.\n\n##### `db_root_password`\n\nIf you set `backend_install` to true you are asked to specify a root\npassword for your database. Accepts either `String` or `Sensitive` type.\n\n##### `db_username`\n\nSet the database username. Defaults to 'powerdns'.\n\n##### `db_password`\n\nSet the database password. Accepts either `String` or `Sensitive` type. Default is empty.\n\n##### `db_name`\n\nThe database you want to use for PowerDNS. Defaults to 'powerdns'.\n\n##### `db_host`\n\nThe host where your database should be created. Defaults to 'localhost'.\n\n##### `db_port`\n\nThe port to use when connecting to your database. Defaults to '3306'. Only\nsupported in the MySQL backend currently.\n\n##### `db_file`\n\nThe file where database will be stored when using SQLite backend. Defaults to '/var/lib/powerdns/powerdns.sqlite3'\n\n##### `ldap_host`\n\nThe host where your LDAP server can be found. Defaults to 'ldap://localhost/'.\n\n##### `ldap_basedn`\n\nThe path to search for in LDAP. Defaults to undef.\n\n##### `ldap_method`\n\nDefines how LDAP is queried. Defaults to 'strict'.\n\n##### `ldap_binddn`\n\nPath to the object to authenticate against. Defaults to undef.\n\n##### `ldap_secret`\n\nPassword for simple authentication against ldap_basedn. Accepts either `String` or `Sensitive` type. Defaults to undef.\n\n##### `lmdb_filename`\n\nThe file where database will be stored when using LMDB backend. Defaults to '/var/lib/powerdns/powerdns.lmdb'\n\n##### `lmdb_schema_version`\n\nThe schema version to use when creating the LMDB database. Defaults to undef, using the powerdns default.\n\n##### `lmdb_shards`\n\nThe number of shards to use when creating the LMDB database. Defaults to undef, using the powerdns default.\n\n##### `lmdb_sync_mode`\n\nThe sync mode to use when creating the LMDB database. Defaults to undef, using the powerdns default.\n\n##### `custom_repo`\n\nDon't manage the PowerDNS repo with this module. Defaults to false.\n\n##### `custom_epel`\n\nDon't manage the EPEL repo with this module. Defaults to false.\n\n##### `version`\n\nSet the PowerDNS version. Defaults to '4.1'.\n\n##### `mysql_schema_file`\n\nSet the PowerDNS MySQL schema file. Defaults to the location provided by\nPowerDNS.\n\n##### `pgsql_schema_file`\n\nSet the PowerDNS PostgreSQL schema file. Defaults to the location provided by\nPowerDNS.\n\n#### powerdns::authoritative and powerdns::recursor\n\n##### `package_ensure`\n\nYou can set the package version to be installed. Defaults to 'installed'.\n\n### Defines\n\n#### powerdns::config\n\nAll PowerDNS settings can be managed with `powerdns::config`. Depending on the\nbackend we will set a few configuration settings by default. All other\nvariables can be changed as follows:\n\n```puppet\npowerdns::config { 'api':\n  ensure  =\u003e present,\n  setting =\u003e 'api',\n  value   =\u003e 'yes',\n  type    =\u003e 'authoritative',\n}\n```\n\n##### `setting`\n\nThe setting you want to change.\n\n##### `value`\n\nThe value for the above setting.\n\n##### `type`\n\nThe configuration file you want to change. Valid values are 'authoritative',\n'recursor'. Defaults to 'authoritative'.\n\n##### `ensure`\n\nSpecify whether or not this configuration should be present. Valid values are\n'present', 'absent'. Defaults to 'present'.\n\n### Hiera\n\nThis module supports Hiera and uses create_resources to configure PowerDNS\nif you want to. An example can be found below:\n\n```puppet\npowerdns::db_root_password: 's0m4r4nd0mp4ssw0rd'\npowerdns::db_username: 'powerdns'\npowerdns::db_password: 's0m4r4nd0mp4ssw0rd'\npowerdns::recursor: true\npowerdns::recursor::package_ensure: 'latest'\npowerdns::authoritative::package_ensure: 'latest'\n\npowerdns::auth::config:\n  gmysql-dnssec:\n    value: ''\n  local-address:\n    value: '127.0.0.1'\n  api:\n    value: 'yes'\n```\n\n#### Prevent duplicate declaration\n\nIn this example we configure `local-address` to `127.0.0.1`. If you also\nrun a recursor on the same server and you would like to configure\n`local-address` via Hiera you need to set `setting` and change the name of\nthe parameter in Hiera to a unique value.\n\nFor example:\n\n```puppet\npowerdns::auth::config:\n  local-address-auth:\n    setting: 'local-address'\n    value: '127.0.0.1'\npowerdns::recursor::config:\n  local-address-recursor:\n    setting: 'local-address'\n    value: '127.0.0.2'\n```\n\nIf you have other settings that share the same name between the recursor and\nauthoritative server you would have to use the same approach to prevent\nduplicate declaration errors.\n\n## Limitations\n\nThis module has been tested on:\n\n* CentOS 7, 8\n* Ubuntu 18.04\n* Debian 10\n\nWe believe it also on other operating systems such as:\n\n* Oracle Linux\n* RedHat Enterprise Linux\n* Scientific Linux\n* Arch Linux\n\nSchemas in the packages on EL have the exact PowerDNS hardcoded in the paths,\nthe main class has three parameters where you can adjust it.\n\n* `mysql_schema_file`\n* `pgsql_schema_file`\n* `sqlite_schema_file`\n\n## Development\n\nWe strongly believe in the power of open source. This module is our way\nof saying thanks.\n\nIf you want to contribute please:\n\n1. Fork the repository.\n2. Run tests. It's always good to know that you can start with a clean slate.\n3. Add a test for your change.\n4. Make sure it passes.\n5. Push to your fork and submit a pull request to the `main` branch.\n\nWe can only accept pull requests with passing tests.\n\nTo install all of its dependencies please run:\n\n```bash\nbundle install --path vendor/bundle --without development\n```\n\n### Running unit tests\n\n```bash\nbundle exec rake test\n```\n\n### Running acceptance tests\n\nThe unit tests only verify if the code runs, not if it does exactly\nwhat we want on a real machine. For this we use Beaker. Beaker will\nstart a new virtual machine (using Vagrant) and runs a series of\nsimple tests.\n\nYou can run Beaker tests with:\n\n```bash\nbundle exec rake spec_prep\nBEAKER_destroy=onpass bundle exec rake beaker:centos7\nBEAKER_destroy=onpass bundle exec rake beaker:oel7\nBEAKER_destroy=onpass bundle exec rake beaker:ubuntu1804\nBEAKER_destroy=onpass bundle exec rake beaker:debian10\n```\n\nWe recommend specifying `BEAKER_destroy=onpass` as it will keep the\nVagrant machine running in case something fails.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsensson%2Fpuppet-powerdns","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsensson%2Fpuppet-powerdns","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsensson%2Fpuppet-powerdns/lists"}