Version information
This version is compatible with:
- Puppet Enterprise 2023.2.x, 2023.1.x, 2023.0.x, 2021.7.x, 2021.6.x, 2021.5.x, 2021.4.x, 2021.3.x, 2021.2.x, 2021.1.x, 2021.0.x, 2019.8.x
- Puppet >= 6.22.1 < 8.0.0
- , ,
Start using this module
Add this module to your Puppetfile:
mod 'simp-resolv', '0.7.0'
Learn more about managing modules with a PuppetfileDocumentation
](http://www.apache.org/licenses/LICENSE-2.0.html)
Table of Contents
- Description
- Setup - The basics of getting started with resolv
- Usage - Configuration options and additional functionality
- Reference - An under-the-hood peek at what the module is doing and how
- Limitations - OS compatibility, etc.
- Development - Guide for contributing to the module
Description
This module sets up DNS client config, including /etc/resolv.conf
and /etc/host.conf
.
This is a SIMP module
This module is a component of the System Integrity Management Platform, a compliance-management framework built on Puppet.
If you find any issues, they may be submitted to our bug tracker.
This module is optimally designed for use within a larger SIMP ecosystem, but it can be used independently:
- When included within the SIMP ecosystem, security compliance settings will be managed from the Puppet server.
Setup
What resolv affects
/etc/resolv.conf
/etc/host.conf
Network Manager
Beginning with resolv
Include the class on any systems you want to manage.
Usage
Include the class from hiera:
---
classes:
- ::resolv
File contents can be tweaked by adding more hieradata:
---
resolv::rotate: false
resolv::host_conf::multi: true
nmcli
Managing device DNS entries can be done via nmcli accordingly:
---
resolv::use_nmcli: true
resolv::nmcli_connection_name: 'System eth0'
resolv::nmcli_ignore_auto_dns: true
resolv::nmcli_auto_reapply_device: true
Reference
Please refer to the REFERENCE.md.
Limitations
SIMP Puppet modules are generally intended for use on Red Hat Enterprise Linux and compatible distributions, such as CentOS. Please see the metadata.json
file for the most up-to-date list of supported operating systems, Puppet versions, and module dependencies.
Development
Please read our [Contribution Guide] (https://simp.readthedocs.io/en/stable/contributors_guide/index.html).
Reference
Table of Contents
Classes
resolv
: Configures /etc/resolv.conf or the NetworkManager equivalentresolv::host_conf
: Configures /etc/host.conf
Data types
Resolv::Domain
: Valid values for the resolv.conf "domain" optionResolv::Sortlist
: Valid resolv.confsortlist
field
Classes
resolv
Configures /etc/resolv.conf or the NetworkManager equivalent
- See also
- resolv.conf(5)
Parameters
The following parameters are available in the resolv
class.
ensure
Data type: Enum['present', 'absent']
Remove the resolv.conf from the system if set to absent
- No other actions will be performed on the resolv.conf file if this is set
Default value: 'present'
servers
Data type: Optional[Variant[Boolean[false], Array[Simplib::IP,0,3]]]
An array of servers to query. If the first server is '127.0.0.1' or '::1' then the host will be set up as a caching DNS server unless $caching is set to false. The other hosts will be used as the higher level nameservers
- Set to
false
to actively remove this option from the configuration
Default value: simplib::lookup('simp_options::dns::servers', 'default_value' => undef )
search
Data type: Optional[Variant[Boolean[false], Array[Simplib::Domain]]]
Array of entries that will be searched, in order, for hosts.
- Set to
false
to actively remove this option from the configuration
Default value: simplib::lookup('simp_options::dns::search', 'default_value' => undef )
resolv_domain
Data type: Optional[Variant[Boolean[false], Resolv::Domain]]
Local domain name, defaults to the domain of your host.
-
This is obsolete, please use
$search
instead. -
Set to
false
to actively remove this option from the configuration
Default value: undef
debug
Data type: Boolean
Print debugging messages
Default value: false
rotate
Data type: Boolean
When true
, enables round-robin selection of $servers to distribute the
query load.
Default value: true
no_check_names
Data type: Boolean
When true
, disables the modern BIND checking of incoming hostnames and
mail names for invalid characters such as underscore (_
), non-ASCII, or
control characters.
Default value: false
inet6
Data type: Boolean
When true
, use AAAA (IPv6) queries and convert A (IPv4) results
Default value: false
ndots
Data type: Variant[Boolean[false], Integer[0,15]]
Value for the ndots:
option in resolv.conf
- Set to
false
to actively remove this option from the configuration
Default value: 1
timeout
Data type: Variant[Boolean[false], Integer[0,30]]
Amount of time (in seconds) the resolver will wait for a response
- Set to
false
to actively remove this option from the configuration
Default value: 2
attempts
Data type: Variant[Boolean[false], Integer[0,5]]
Number of times to attempt querying $servers before giving up
- Set to
false
to actively remove this option from the configuration
Default value: 2
named_server
Data type: Boolean
A boolean that states that this server is definitively a named server. Bypasses the need for $named_autoconf below.
Default value: false
named_autoconf
Data type: Boolean
A boolean that controlls whether or not to autoconfigure named. true => If the server where puppet is being run is in the list of $servers then automatically configure named. false => Do not autoconfigure named.
Default value: true
caching
Data type: Boolean
If the $servers array above starts with '127.0.0.1' or '::1', then the system will set itself up as a caching nameserver unless this is set to false.
Default value: true
use_nmcli
Data type: Boolean
Allows the user to update DNS entries via nmcli instead of directly modifying resolv.conf
Default value: pick($facts.dig('simplib__networkmanager', 'enabled'), false)
nmcli_connection_name
Data type: Optional[String[1]]
DEPRECATED => Remains for API until next release
Default value: undef
nmcli_ignore_auto_dns
Data type: Optional[Boolean]
DEPRECATED => Remains for API until next release
Default value: undef
nmcli_auto_reapply_device
Data type: Optional[Boolean]
DEPRECATED => Remains for API until next release
Default value: undef
sortlist
Data type: Optional[Variant[Boolean[false], Resolv::Sortlist]]
Optional Array of address/netmask pairs that allow addresses returned by gethostbyname to be sorted.
- Set to
false
to actively remove this option from the configuration
Default value: undef
extra_options
Data type: Optional[Array[String[1]]]
Optional Array to put any options that may not be covered by the variables below. These will be appended to the options string.
- Adding
--
in front of any option will actively remove it from the configuration if not using NMCLI - When using NMCLI , '--' items will be ignored since it is authoritative
@example Manage Extra Options
extra_options:
# Add ip6-bytestring
- 'ip6-bytestring'
# Ensure that ip6-dotint is not set
- '--ip6-dotint'
Default value: undef
content
Data type: Optional[Variant[Array[String[1]], String[1]]]
Unless in NMCLI mode, ignores all other options and writes the specified
content to /etc/resolv.conf
Default value: undef
ignore_dhcp_dns
Data type: Boolean
Ignores entries passed down from DHCP
Default value: true
resolv::host_conf
Configures /etc/host.conf
- See also
- host.conf(5)
Parameters
The following parameters are available in the resolv::host_conf
class.
trim
Data type: Optional[Array[Pattern[/^\./]]]
Default value: undef
multi
Data type: Boolean
Default value: true
reorder
Data type: Boolean
Default value: true
spoof
Data type: Optional[String]
defunct, see: https://bugzilla.redhat.com/show_bug.cgi?id=1577265)
Remains to prevent issues with direct class
calls.
Default value: undef
Data types
Resolv::Domain
Valid values for the resolv.conf "domain" option
Alias of Variant[Simplib::Domain, Enum['.']]
Resolv::Sortlist
Valid resolv.conf sortlist
field
Alias of Array[Variant[Simplib::IP,Simplib::IP::V4::DDQ,Simplib::IP::V6], 0, 10]
- Wed Jun 30 2021 Trevor Vaughan tvaughan@onyxpoint.com - 0.7.0
- Fixed a bug in the Augeas template
- Adjusted the tests to effect change on a switch to/from NetworkManager
- Wed Jun 16 2021 Chris Tessmer chris.tessmer@onyxpoint.com - 0.7.0
- Removed support for Puppet 5
- Ensured support for Puppet 7 in requirements and stdlib
- Tue Dec 15 2020 Trevor Vaughan tvaughan@onyxpoint.com - 0.6.0-0
- Use config files for managing the global NetworkManager configuration
- Remove EL 6 support since the OS is no longer supported
- Add the ability to precisely update the resolv.conf contents
- Add the ability to specify the entire contents of the resolv.conf
- Add the ability to remove the resolv.conf completely
- Tue Jul 07 2020 Kendall Moore kendall.moore@onyxpoint.com - 0.5.0-0
- Use connection name instead of device name for managing with nmcli
- Update REFERENCE.md to include new class params
- Improved error handling for Network Manager
- Fri Jun 05 2020 Kendall Moore kendall.moore@onyxpoint.com - 0.4.0-0
- Add optional management of DNS servers via nmcli
- Fri Jan 10 2020 Jeanne greulich jeanne.greulich@onyxpoint.com - 0.3.0-0
- Add EL8 support
- Update the upper bound of simp-simplib to < 5.0.0
- Thu Jun 06 2019 Steven Pritchard steven.pritchard@onyxpoint.com -0.2.0-0
- Add v2 compliance_markup data
- Fri Mar 22 2019 Liz Nemsick lnemsick.simp@gmail.com - 0.1.3-0
- Use simplib::host_is_me in lieu of simplib's Puppet 3 host_is_me
- Wed Mar 06 2019 Trevor Vaughan tvaughan@onyxpoint.com - 0.1.2-0
- Deprecate the 'resolv::host_conf::spoof' parameter since it does not have any actual effect on the system. See https://bugzilla.redhat.com/show_bug.cgi?id=1577265 for information.
- Add official support for Puppet 6
- Update URLs in the README.md
- Update upperbound of stdlib
- Fri Sep 07 2018 Liz Nemsick lnemsick.simp@gmail.com - 0.1.1-0
- Drop Hiera 4 support
- Tue Jun 26 2018 Nick Miller nick.miller@onyxpoint.com - 0.1.1-0
- Update CI assets
- Support Puppet 5
- Support OEL
- Tue Dec 12 2017 Chris Tessmer chris.tessmer@onyxpoint.com - 0.1.0-0
- Improve validation for resolv.conf parameters
- Add type aliases, epp with typed parameters
- Update data types in init.pp parameter list (backwards compatible)
- NOTE: The data type for the parameters
$resolv::servers
and$resolv::search
has changed fromSimplib::Netlist
to Arrays with more specific requirements. This has not been considered a breaking API change, since the original data types were too permissive and non-valid data would have either been ignored or broken name resolution.
- NOTE: The data type for the parameters
- Thu Jul 06 2017 Liz Nemsick lnemsick.simp@gmail.com - 0.0.2-0
- Update puppet dependency and remove OBE pe dependency in metadata.json
- Thu Dec 8 2016 Nick Miller nick.miller@onyxpoint.com - 0.0.1
- Most of this content was from simplib
- The dns autoconfiguation content was moved to a profile in simp/simp
- First cut
Dependencies
- simp/simplib (>= 3.15.0 < 5.0.0)
- simp/named (>= 6.0.0 < 7.0.0)
- puppetlabs/stdlib (>= 6.6.0 < 8.0.0)
resolv - A SIMP Puppet module for managing client-side dns settings Per Section 105 of the Copyright Act of 1976, these works are not entitled to domestic copyright protection under US Federal law. The US Government retains the right to pursue copyright protections outside of the United States. The United States Government has unlimited rights in this software and all derivatives thereof, pursuant to the contracts under which it was developed and the License under which it falls. --- Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.