cookbook 'pdns', '= 3.4.1'
pdns
(50) Versions
3.4.1
-
-
10.0.0
-
9.0.0
-
8.0.3
-
8.0.2
-
8.0.1
-
8.0.0
-
6.1.1
-
6.1.0
-
6.0.0
-
5.0.0
-
4.4.0
-
4.3.1
-
4.3.0
-
4.2.0
-
4.1.0
-
4.0.0
-
3.5.0
-
3.4.1
-
3.4.0
-
3.3.2
-
3.3.1
-
3.3.0
-
3.2.0
-
3.1.0
-
3.0.0
-
2.5.0
-
2.4.1
-
2.4.0
-
2.3.0
-
2.2.1
-
2.2.0
-
2.1.1
-
2.1.0
-
2.0.0
-
1.1.1
-
1.1.0
-
1.0.5
-
1.0.4
-
1.0.3
-
1.0.2
-
1.0.1
-
1.0.0
-
0.3.4
-
0.3.2
-
0.3.0
-
0.2.0
-
0.1.2
-
0.1.0
-
0.0.2
-
0.0.1
Follow14
- 10.0.0
- 9.0.0
- 8.0.3
- 8.0.2
- 8.0.1
- 8.0.0
- 6.1.1
- 6.1.0
- 6.0.0
- 5.0.0
- 4.4.0
- 4.3.1
- 4.3.0
- 4.2.0
- 4.1.0
- 4.0.0
- 3.5.0
- 3.4.1
- 3.4.0
- 3.3.2
- 3.3.1
- 3.3.0
- 3.2.0
- 3.1.0
- 3.0.0
- 2.5.0
- 2.4.1
- 2.4.0
- 2.3.0
- 2.2.1
- 2.2.0
- 2.1.1
- 2.1.0
- 2.0.0
- 1.1.1
- 1.1.0
- 1.0.5
- 1.0.4
- 1.0.3
- 1.0.2
- 1.0.1
- 1.0.0
- 0.3.4
- 0.3.2
- 0.3.0
- 0.2.0
- 0.1.2
- 0.1.0
- 0.0.2
- 0.0.1
Installs/Configures PowerDNS Recursor and Authoritative server
cookbook 'pdns', '= 3.4.1', :supermarket
knife supermarket install pdns
knife supermarket download pdns
PowerDNS Community Cookbook
Provides resources for installing and configuring both PowerDNS authoritative and recursor. It uses the official PowerDNS repositories for packages and installs the appropiate configuration for your platform's init system.
Build Status
Requirements
IMPORTANT: Please read the Deprecations and Compatibility Notes sections below since there are breaking changes between versions 2 and 3 of this cookbook.
Deprecations
- The recipe and attribute based way of setting different PowerDNS installs is completely deprecated, there are no attributes in the newest version of this cookbok neither recipes to add to the run list.
-
pdnsrecord
anddomainrecord
resources have been deprecated since they were coupled with sqlite3 backend. - Ubuntu 12.02 support has been removed, if you want this platform to be supported PRs are welcome, see the CONTRIBUTING.md file.
Compatibility Notes
**This cookbook has been completely rewritten, transitioning from an attribute recipe based design to a newer resource based design.
TLDR:
BREAKING CHANGES, Please pin your PowerDNS installs pin your cookbook to the latest 2.5.0 version. We also advise to read this document carefully.
**
The current version of the cookbook provides basic support for recursors and authoritative servers with a handful of platforms, backends and init systems supported. You can find what is supported in this table:
Platform | Backends | Init Systems |
---|---|---|
Debian | bind, postgresql | SysVinit |
CentOS | bind, postgresql | SysVinit |
IMPORTANT:
Versions 3.0 to 3.2 of this cookbook has used a different naming schema for init scripts and config files.
In order to conform with PowerDNS specifications for its virtual hosting features, we have changed the way of naming init scripts and config files. PowerDNS advices not to use hyphens -
on init scripts, after their own prefixes (which uses hyphens).
If you are upgrading from one of those versions here are some recomendations to migrate to newer versions.
- Authoritative:
What has changed inside the resources:
Services declaration change on (3.0.0 to 3.2.0) from: service 'pdns-authoritative-<your-resource-name>' do
To (> 3.3.0): service "pdns-authoritative_#{new_resource.instance_name}" do
Configuration files change on (3.0.0 to 3.2.0) from: template "pdns-authoritative-#{new_resource.instance_name}.conf" do
To (> 3.3.0): template "pdns-authoritative_#{new_resource.instance_name}.conf" do
Init scripts change on (3.0.0 to 3.2.0) from: template "/etc/init.d/pdns-authoritative-#{new_resource.instance_name}" do
To (> 3.3.0): template "/etc/init.d/pdns-authoritative_#{new_resource.instance_name}" do
One way of fixing this is to add to your recipe a block of code similar to the one below this lines, this will delete the outdated configuration files.
execute 'service pdns-authoritative- stop' do
action :run
only_if { ::File.exists? '/etc/init.d/pdns-authoritative-' }
end
execute '/usr/sbin/update-rc.d -f pdns-authoritative- remove' do
action :run
only_if { ::File.exists? '/etc/init.d/pdns-authoritative-' }
end
file 'pdns-authoritative-.conf' do
action :delete
end
file '/etc/init.d/pdns-authoritative-' do
action :delete
end
- Recursor
What has changed inside the resources:
Services declaration change on (3.0.0 to 3.2.0) from: service 'pdns-recursor-<your-resource-name>' do
To (> 3.3.0): service "pdns-recursor_#{new_resource.instance_name}" do
Init scripts change on (3.0.0 to 3.2.0) from: template "/etc/init.d/pdns-recursor-#{new_resource.instance_name}" do
To (> 3.3.0): template "/etc/init.d/pdns-recursor_#{new_resource.instance_name}" do
For the recursor it's the same, you'll need to add something like this to your recipe:
execute 'service pdns_recursor- stop' do
action :run
only_if { ::File.exists? '/etc/init.d/pdns_recursor-' }
end
execute '/usr/sbin/update-rc.d -f pdns_recursor- remove' do
action :run
only_if { ::File.exists? '/etc/init.d/pdns_recursor-' }
end
file '/etc/init.d/pdns_recursor-' dp
action :delete
end
- Final Note
If you decide to follow the convention recommended by PDNS for Virtual Hosting, and you want to change the hyphens used for underscore, you'll need to additionally delete or rename some configuration files as you would normally do when changing the name on a chef resource.
Platforms:
- Ubuntu (14.04)
- CentOS (6.8)
Chef:
- Chef 12.5+
Init Systems:
Only SysVinit
is supported for "pdns-authoritative".
SysVinit
and Systemd
are supported for "pdns-recursor".
Required Cookbooks:
- apt
- yum
Suggested Cookbooks:
- postgres (for the PostgreSQL backend)
Usage
Combine the different resources in order to install, configure, and manage your PowerDNS instances. This is a list of resouces that can be used:
| Resource | Functionality |
|-------------------------------------|---------------------------------------------------|
| pdns_authoritative_install | Installs an authoritative server |
| pdns_authoritative_config | Configures an authoritative instance |
| pdns_authoritative_service | Manages an authoritative instance |
| pdns_authoritative_backend | Installs authoritative backend |
| pdns_recursor_install | Installs a recusor |
| pdns_recursor_config | Configures a recursor instance |
| pdns_recursor_service | Manages a a recursor instance |
To fully configure an authoritative server you need to add at least 3 resources to your recipe, pdns_authoritative_install
, pdns_authoritative_config
and pdns_authoritative_service
. If you want to install any backend other than the default (bind) for the authoritative server you need to add a fourth resource: pdns_authoritative_backend
. There are some good usage examples in test/cookbooks/pdns_test/recipes/
.
For a recursor use the pdns_recursor_install
, pdns_recursor_config
, and pdns_recursor_service
resources in your wrapper cookbooks to install, configure, and define PowerDNS recursors. Set the different properties on the resources according to your install and configuration needs. You can see a good example on this in test/cookbooks/pdns_test/recipes_recursor_install_single.rb
For advanced use it is recommended to take a look at the chef resources themselves.
Properties
PowerDNS uses hyphens -
in their configuration files, chef resources and ruby symbols don't work very well with hyphens, so using underscore _
in this cookbook for properties is required and will be tranlated automatically to hyphens in the configuration templates, example:
pdns_authoritative_config 'server_01' do
action :create
launch ['gpgsql']
variables(
gpgsql_host: '127.0.0.1',
gpgsql_user: 'pdns',
gpgsql_port: 5432,
gpgsql_dbname: 'pdns',
gpgsql_password: 'wadus'
)
end
Will create a file named /etc/powerdns/pdns-authoritative_server_01.conf
:
launch ['gpgsql']
gpgsql-host=127.0.0.1
gpgsql-user=pdns
gpgsql-port=5432
gpgsql-dbname=pdns
gpgsql-password=wadus
Most properties are simple ruby strings, but there is another cases that require special attention.
Properties specified as elements in arrays will be split up (see split ruby method) and separated by commas.
Boolean properties will be always translated to 'yes' or 'no'.
Some properties need to be set consistently accross resources, they will be noted in their specific sections.
Most of the properties are optional and have sane defaults, so they are only recommended for customized installs.
pdns_authoritative_install
Installs PowerDNS authoritative server 4.X series using PowerDNS official repository in the supported platforms.
Properties
Name | Class | Default value | Consistent? |
---|---|---|---|
instance_name | String | name_property | Yes |
version | String, nil | nil | No |
debug | true, false | false | No |
Usage example
Install a PowerDNS authoritative server package named server-01
with the latest version available in the repository.
pdns_authoritative_install 'server_01' do
action :install
end
pdns_authoritative_config
Creates a PowerDNS recursor configuration, there is a fixed set of required properties (listed below) but most of the configuration is left to the user freely, every property set in the variables
hash property will be rendered in the config template. Remember that using underscores _
for property names is required and it's translated to hyphens -
in configuration templates.
Properties
Name | Class | Default value | Consistent? |
---|---|---|---|
instance_name | String | name_property | Yes |
launch | Array, nil | ['bind'] | No |
config_dir | String | see default_authoritative_config_directory helper method |
Yes |
socket_dir | String | "/var/run/#{resource.instance_name}" | Yes |
run_group | String | see default_authoritative_run_user helper method |
No |
run_user | String | see default_authoritative_run_user helper method |
No |
run_user_home | String | see default_user_attributes helper method |
No |
run_user_shell | String | see default_user_attributes helper method |
No |
setuid | String | resource.run_user | No |
setgid | String | resource.run_group | No |
source | String,nil | 'authoritative_service.conf.erb' | No |
cookbook | String,nil | 'pdns' | No |
variables | Hash | { bind_config: "#{resource.config_dir}/bindbackend.conf" } | No |
Usage Example
Create a PowerDNS authoritative configuration file named server-01
:
pdns_authoritative_config 'server_01' do
action :create
launch ['gpgsql']
variables(
gpgsql_host: '127.0.0.1',
gpgsql_user: 'pdns',
gpgsql_port: 5432,
gpgsql_dbname: 'pdns',
gpgsql_password: 'wadus',
allow_axfr_ips: [ '127.0.0.0/8', '::1', '195.234.23,34'],
api: true,
api-_eadonly: true
)
end
pdns_authoritative_service
Creates a init service to manage a PowerDNS authoritative instance. This service supports all the regular actions (start, stop, restart, etc.). Check the compatibility section to see which init services are supported.
Important: services are not restarted or reloaded automatically on config changes in this cookbook, you need to add this in your wrapper cookbook if you desire this functionality, the pdns_authoritative_service
cookbook provides actions to do it.
Properties
Name | Class | Default value | Consistent? |
---|---|---|---|
instance_name | String | name_property | Yes |
cookbook | String, nil | 'pdns' | No |
source | String, nil | 'authoritative.init.debian.erb' | No |
config_dir | String | see default_authoritative_config_directory helper method |
Yes |
socket_dir | String | lazy { | resource |
Usage example
pdns_authoritative_service 'server_01' do
action [:enable, :start]
end
pdns_authoritative_backend
Installs one backend package for the PowerDNS authoritative server. You'll still need to install and configure the backend itself in your wrapper cookbook. You can see the list of available backends supported in every platform in libraries/authoritative_helpers.rb
Please review PowerDNS documentation section to understand specific naming and settings for every backend since they differ.
Properties
Name | Class | Default value | Consistent? |
---|---|---|---|
instance_name | String | name_property | No |
version | String, nil | nil | No |
Usage Example
Install a PostgreSQL backend for the PowerDNS authoritative server:
pdns_authoritative_backend 'postgresql' do
action :install
end
pdns_recursor_install
Installs PowerDNS recursor 4.X series using PowerDNS official repository in the supported platforms.
Properties
Name | Class | Default value | Consistent? |
---|---|---|---|
version | String | name_property | Yes |
debug | True, False | String, nil | No |
Usage Example
Install a 4. powerdns instance named 'my_recursor' on ubuntu 14.04:
pdns_recursor_install 'my_recursor' do
version '4.0.4-1pdns.trusty'
end
pdns_recursor_service
Sets up a PowerDNS recursor instance using the appropiate init system .
Important: services not restarted or reloaded automatically on config changes in this cookbook, you need to add this in your wrapper cookbook if you desire this functionality, the pdns_recursor_service
cookbook provides actions to do it.
Properties
Name | Class | Default value | Consistent? |
---|---|---|---|
instance_name | String | name_property | Yes |
config_dir | String | see default_recursor_config_directory helper method |
Yes |
cookbook (SysVinit) | String,nil | 'pdns' | No |
source (SysVinit) | String,nil | 'recursor.init.#{node['platform_family']}.erb' | No |
socket_dir (SysVinit) | String | "/var/run/#{resource.instance_name}" | Yes |
-
config_dir
: Path of the recursor configuration directory. -
cookbook
: Cookbook for a custom configuration template (Applied only when using SysVinit). -
source
: Name of the recursor custom template (Applied only when using SysVinit). -
socket_dir
: Directory where sockets are created (Applied only when using SysVinit).
Usage Example
Configure a PowerDNS recursor service instance named 'my_recursor' in your wrapper cookbook for Acme Corp with a custom template named my-recursor.erb
pdns_recursor_service 'my_recursor' do
source 'my-recursor.erb'
cookbook 'acme-pdns-recursor'
end
pdns_recursor_config
Creates a PowerDNS recursor configuration.
Properties
| | Name | Class | Default value | Consistent? |
|----------------|-------------|--------------------------------------------------------|-------------|
| instance_name | String | name_property | Yes |
| config_dir | String | see default_recursor_config_directory
helper method | Yes |
| socket_dir | String | /var/run/#{resource.instance_name} | Yes |
| run_group | String | see default_recursor_run_user
helper method | No |
| run_user | String | see default_recursor_run_user
helper method | No |
| run_user_home | String | see default_user_attributes
helper method | No |
| run_user_shell | String | see default_user_attributes
helper method | No |
| setuid | String | resource.run_user | No |
| setgid | String | resource.run_group | No |
| source | String, nil | 'recursor_service.conf.erb' | No |
| cookbook | String, nil | 'pdns' | No |
| variables | Hash | {} | No |
-
config_dir
(C): Path of the recursor configuration directory. -
socket_dir
(C): Directory where sockets are created. -
source
(C): Name of the recursor custom template. -
socket_dir
(C): Directory where sockets are created. -
cookbook
(C): Cookbook for a custom configuration template -
variables
: Variables for the configuration template. -
run_group
: Unix group that runs the recursor. -
run_user
: Unix user that runs the recursor. -
run_user_home
: Home of the Unix user that runs the recursor. -
run_user_shell
: Shell of the Unix user that runs the recursor.
Usage Example
Create a PowerDNS recursor configuration named 'my_recursor' in your wrapper cookbook for Acme Corp which uses a custom template named my-recursor.erb
and a few attributes:
pdns_recursor_config 'my_recursor' do
source 'my-recursor.erb'
cookbook 'acme-pdns-recursor'
variables(client-tcp-timeout: '20', loglevel: '5', network-timeout: '2000')
end
Virtual Hosting
PowerDNS supports virtual hosting: running many instances of PowerDNS on different ports on the same machine. This is done by a few clever hacks on the init scripts that allow to specify different config files for each instance. This cookbook leverages this functionality in both recursor and authoritative.
PowerDNS recommends a specific naming schema authoritative for virtual hosting. Specifically it does not allow hyphens (-) on the init scripts beyond the first which is provided by the init script (/etc/init.d/pdns-
).
We have adopted the convention of using underscores (_) in the name attributes of underscores in order to comply with this requirement.
Contributing
There is an specific file for contributing guidelines on this cokbook: CONTRIBUTING.md
Testing
There is an specific file for testing guidelines on this cokbook: TESTING.md
License & Authors
- Author:: Aaron Kalin (aaron.kalin@dnsimple.com)
- Author:: Jacobo García (jacobo.garcia@dnsimple.com)
- Author:: Anthony Eden (anthony.eden@dnsimple.com)
Copyright:: 2010-2014, Chef Software, Inc & 2014-2016 Aetrion, LLC. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Dependent cookbooks
apt >= 0.0.0 |
yum >= 0.0.0 |
Contingent cookbooks
There are no cookbooks that are contingent upon this one.
3.4.1 / 2017-06-29
Bug Fixes
- Stopping the default recursor on
pdns_recursor_service
for sysvinit. Fixes: https://github.com/dnsimple/chef-pdns/issues/77
Maintenance
- Removing DB schema from files/ directory
3.4.0 / 2017-06-27
Maintenance
- Split the rake file into differents pieces
- Add concurrency for kitchen tests.
3.3.2 / 2017-06-20
Bug Fixes
- Recursor init script should create pid directory on start if it does not exist.
3.3.1 / 2017-06-20
Bug Fixes
- Fixing MySQL package name for debian
3.3.0 / 2017-06-14
Enhancements
- Recursor latest version 4.0.5
- Updated README
Bug Fixes
- Correcting naming conventions on init scripts that were not following PowerDNS considerations for virtual hosting.
- Fixing tests
3.2.0 / 2017-06-02
Enhancements
- Added systemd support for recursors
Bug Fixes
- Stop and Disable the service 'pdns-recursor' as soon as new instance is created
3.1.0 / 2017-06-01
Enhancements
- Expanding ChefSpec matchers
3.0.0 / 2017-05-29
Enhancements
- Complete rewrite of the cookbook
- Using official PowerDNS apt repositories
- Using Chef 12.5+ resources to create PowerDNS installs and settings for recursors and authoritatives.
- ChefSpec and Inspec Tests
- Centos 6, 7 Support
- Ubuntu 14.04, 16.04 Support
- Debian 8 support
2.5.0 / 2017-02-08
Maintenance
- Updating to latest pdns 3.4.11
- Updating to latest recursor 3.7.4
Bug fixes
- Adding libssl-dev as dependency for source installs
2.4.1 / 2016-14-09
Bug Fixes
- Update download link to correct one for 3.4.10
2.4.0 / 2016-13-09
Enhancements
- Add partial support for CentOS/REHL (recursor) PR #36
2.3.0 / 2016-09-09
Warning
- In PowerDNS 3.4.10 the default for any-to-tcp has been changed to 'yes'
Bug fixes
- Update authoritative to 3.4.10 to fix PowerDNS Security Advisory 2016-01
- https://doc.powerdns.com/md/security/powerdns-advisory-2016-01/
- Crafted queries can cause unexpected backend load
- update source_url and issues_url
Enhancements
- Add a new Rakefile for testing
- Clean up docs a little
2.2.1 / 2016-03-03
Bug Fixes
- Resolved an issue where pdns install would run over and over again due to a bad path.
2.2.0 / 2016-03-03
Enhancements
- We have eliminated the node attributes from the attributes folder to make this cookbook more wrapper pattern friendly. Remember kids, don't put node attributes in your attributes folder, everyone will have a bad time. :(
Cleanup
- Added some basic rubocop rules that we're starting to use with DNSimple cookbook. Nothing intense, but should help get things looking spiffy :+1:
- Made sure to comply with foodcritic, the ultimate yelp reviewer of the Chef Supermarket.
2.1.1 / 2016-03-03
Bug Fixes
- Renamed some ambiguous variables that might be causing a bug in certain circumstances.
Cleanup
- Updated some copyrights and trimmed a bunch of whitespace
2.1.0 / 2016-11-01
Enhancements
- Added bind as backend option and made it default
Cleanup
- Some spelling mistakes in the README were corrected
2.0.0 / 2015-12-23
Enhancements
- Adds the capability of installing a recursor from source
- Adds the capability of installing a recursor with pipe backend (source and package install).
- Updating documentation.
Cleanup
- Major code refactor
Breaking changes
- Resolver no longer uses a separated template for configuration and it uses the same attribute (flavor) to decide the functionality, so it is not possible to install a resolver and an authoritative on the same machine anymore.
- Only authoritative servers install or compile backends now.
1.1.1 / 2015-12-23
Enhancements
- Creating schema, grants and users for postgres backend.
Bug Fixes
- Handling the URL for downloading the source gracefully using lazy evaluation since this provoked a malformed URL string when concatenated with the version on source recipe.
1.1.0 / 2015-12-10
Enhancements
- Recursor is now the default behavior
- Using bind as a default backend per recommendation on irc channel
- Adding a new slave PowerDNS server configuration
- Refactor of authoritative part
- Refactor of build related code
- Expanded documentation
1.0.5 / 2015-11-10
Security
- Updating to 3.4.7 addressing PowerDNS Security Advisory 2015-03. More information about this CVE can be found here: http://www.openwall.com/lists/oss-security/2015/11/09/3
1.0.4 / 2015-09-02
Security
- Updating to 3.4.6 addressing PowerDNS Security Advisory 2015-02. More information about this CVE can be found here: http://www.openwall.com/lists/oss-security/2015/09/02/5
1.0.3 / 2015-05-04
Bug Fixes
- Executing bootstrap command on every pdns compilation run
1.0.2 / 2015-05-04
Security
- Updating to version 3.4.4 of authoritative powerdns server in order to address PowerDNS Security Advisory 2015-01: Label decompression bug can cause crashes or CPU spikes.
Bug Fixes
- Allowing pdns_server to automatically upgrade in source installs
1.0.1 / 2014-12-17
Bug Fixes
- Adding missing configuration bits for authoritative_package recipe
1.0.0 / 2014-12-15
Breaking Changes
There have been major changes to the recipes and attributes of this
cookbook in the first of many efforts to stabilize and modernize everything.
Please review the updated README and take special note of the install type
and backend attributes to suit your configuration.We plan to eventually migrate the recipes over to LWRP's to make this
cookbook easier to wrap and extend.
0.3.4 / 2014-07-15
Testing
- Testing Updates
Bug Fixes
- Fixed missing build-essential include
0.3.3 / 2014-07-15
Bug Fixes
- Not actually sure what happened here
0.3.2 / 2014-07-14
Bug Fixes
- Remove incorrect search domains
0.3.0 / 2014-02-21
Bug Fixes
- DNS should install the sqlite gem (needs build-essentials) and use the correct pdns template filename [COOK-978]
0.2.0 / 2013-08-28
Improvements
- Add source recipe [COOK-3106]
0.1.2 / 2013-05-07
Bug Fixes
- pdns cookbook has foodcritic failures [COOK-2986]
Improvements
- Configure a PowerDNS server [COOK-2604]
0.1.0
Initial Release
- Fixes for centos/rhel boxen and pdns::recursor cookbook [COOK-1080]
Collaborator Number Metric
3.4.1 passed this metric
Contributing File Metric
3.4.1 passed this metric
License Metric
3.4.1 passed this metric
Testing File Metric
3.4.1 passed this metric
Version Tag Metric
3.4.1 passed this metric
3.4.1 passed this metric
3.4.1 passed this metric
License Metric
3.4.1 passed this metric
Testing File Metric
3.4.1 passed this metric
Version Tag Metric
3.4.1 passed this metric
3.4.1 passed this metric
3.4.1 passed this metric
Version Tag Metric
3.4.1 passed this metric
3.4.1 passed this metric