|
| 1 | +# @summary |
| 2 | +# @param enable |
| 3 | +# Whether to enable dnstap. |
| 4 | +# @param bidirectional |
| 5 | +# Whether to enable bidirectional dnstap. |
| 6 | +# @param socket_path |
| 7 | +# The path to the dnstap socket. |
| 8 | +# @param ip |
| 9 | +# The IP address for dnstap. |
| 10 | +# @param tls |
| 11 | +# Whether to enable TLS for dnstap. |
| 12 | +# @param tls_host |
| 13 | +# The TLS host for dnstap. |
| 14 | +# @param tls_cert_bundle |
| 15 | +# The path to the TLS certificate bundle. |
| 16 | +# @param tls_cert_key_file |
| 17 | +# The path to the TLS certificate key file. |
| 18 | +# @param tls_cert_cert_file |
| 19 | +# The path to the TLS certificate file. |
| 20 | +# @param send_identity |
| 21 | +# Whether to send the identity in dnstap messages. |
| 22 | +# @param send_version |
| 23 | +# Whether to send the version in dnstap messages. |
| 24 | +# @param identity |
| 25 | +# The identity to send in dnstap messages. |
| 26 | +# @param version |
| 27 | +# The version to send in dnstap messages. |
| 28 | +# @param sample_rate |
| 29 | +# The sample rate for dnstap messages. |
| 30 | +# @param log_resolver_query_messages |
| 31 | +# Whether to log resolver query messages. |
| 32 | +# @param log_resolver_response_messages |
| 33 | +# Whether to log resolver response messages. |
| 34 | +# @param log_client_query_messages |
| 35 | +# Whether to log client query messages. |
| 36 | +# @param log_client_response_messages |
| 37 | +# Whether to log client response messages. |
| 38 | +# @param log_forwarder_query_messages |
| 39 | +# Whether to log forwarder query messages. |
| 40 | +# @param log_forwarder_response_messages |
| 41 | +# Whether to log forwarder response messages. |
| 42 | +class unbound::dnstap ( |
| 43 | + Boolean $enable = true, # version 1.11 |
| 44 | + Boolean $bidirectional = true, # version 1.11 |
| 45 | + Optional[Stdlib::Absolutepath] $socket_path = undef, # version 1.11 |
| 46 | + Optional[Unbound::Address] $ip = undef, # version 1.11 |
| 47 | + Boolean $tls = true, # version 1.11 |
| 48 | + Optional[Stdlib::Host] $tls_host = undef, # version 1.11 |
| 49 | + Optional[Stdlib::Absolutepath] $tls_cert_bundle = undef, # version 1.11 |
| 50 | + Optional[Stdlib::Absolutepath] $tls_cert_key_file = undef, # version 1.11 |
| 51 | + Optional[Stdlib::Absolutepath] $tls_cert_cert_file = undef, # version 1.11 |
| 52 | + Boolean $send_identity = false, # version 1.11 |
| 53 | + Boolean $send_version = false, # version 1.11 |
| 54 | + Optional[String[1]] $identity = undef, # version 1.11 |
| 55 | + Optional[String[1]] $version = undef, # version 1.11 |
| 56 | + Integer[0,1000] $sample_rate = 0, # version 1.21 |
| 57 | + Boolean $log_resolver_query_messages = false, # version 1.11 |
| 58 | + Boolean $log_resolver_response_messages = false, # version 1.11 |
| 59 | + Boolean $log_client_query_messages = false, # version 1.11 |
| 60 | + Boolean $log_client_response_messages = false, # version 1.11 |
| 61 | + Boolean $log_forwarder_query_messages = false, # version 1.11 |
| 62 | + Boolean $log_forwarder_response_messages = false, # version 1.11 |
| 63 | + |
| 64 | +) { |
| 65 | + include unbound |
| 66 | + if $enable and $socket_path == undef and $ip == undef { |
| 67 | + fail('Either ip or socket_path is required when dnstap is enabled') |
| 68 | + } |
| 69 | + if $enable { |
| 70 | + $ip_config = $ip.then |$v| { |
| 71 | + @("CONFIG") |
| 72 | + ${unbound::print_config('dnstap-ip', $v, '1.11')} |
| 73 | + ${unbound::print_config('dnstap-tls', $tls, '1.11')} |
| 74 | + ${unbound::print_config('dnstap-tls-host', $tls_host, '1.11')} |
| 75 | + ${unbound::print_config('dnstap-tls-cert-bundle', $tls_cert_bundle, '1.11')} |
| 76 | + ${unbound::print_config('dnstap-tls-cert-key-file', $tls_cert_key_file, '1.11')} |
| 77 | + ${unbound::print_config('dnstap-tls-cert-cert-file', $tls_cert_cert_file, '1.11')} |
| 78 | + | CONFIG |
| 79 | + } |
| 80 | + $config = @("CONFIG") |
| 81 | + dnstap: |
| 82 | + ${unbound::print_config('dnstap-enable', $enable, '1.11')} |
| 83 | + ${unbound::print_config('dnstap-bidirectional', $bidirectional, '1.11')} |
| 84 | + ${unbound::print_config('dnstap-socket-path', $socket_path, '1.11')} |
| 85 | + ${$ip_config} |
| 86 | + ${unbound::print_config('dnstap-send-identity', $send_identity, '1.11')} |
| 87 | + ${unbound::print_config('dnstap-send-version', $send_version, '1.11')} |
| 88 | + ${unbound::print_config('dnstap-identity', $identity, '1.11')} |
| 89 | + ${unbound::print_config('dnstap-version', $version, '1.11')} |
| 90 | + ${unbound::print_config('dnstap-sample-rate', $sample_rate, '1.21')} |
| 91 | + ${unbound::print_config('dnstap-log-resolver-query-messages', $log_resolver_query_messages, '1.11')} |
| 92 | + ${unbound::print_config('dnstap-log-resolver-response-messages', $log_resolver_response_messages, '1.11')} |
| 93 | + ${unbound::print_config('dnstap-log-client-query-messages', $log_client_query_messages, '1.11')} |
| 94 | + ${unbound::print_config('dnstap-log-client-response-messages', $log_client_response_messages, '1.11')} |
| 95 | + ${unbound::print_config('dnstap-log-forwarder-query-messages', $log_forwarder_query_messages, '1.11')} |
| 96 | + ${unbound::print_config('dnstap-log-forwarder-response-messages', $log_forwarder_response_messages, '1.11')} |
| 97 | + | CONFIG |
| 98 | + concat::fragment { 'unbound-dnstap': |
| 99 | + order => '20', |
| 100 | + target => $unbound::config_file, |
| 101 | + content => $config.split("\n").filter |$x| { !$x.empty }.join("\n"), |
| 102 | + } |
| 103 | + } |
| 104 | +} |
0 commit comments