Merge "Allow necessary write permissions for BIND zone creation"
This commit is contained in:
commit
78e64fac7e
|
@ -24,7 +24,7 @@ class designate::backend::bind9 (
|
|||
$rndc_host = '127.0.0.1',
|
||||
$rndc_port = '953',
|
||||
$rndc_config_file = '/etc/rndc.conf',
|
||||
$rndc_key_file = '/etc/rndc.key'
|
||||
$rndc_key_file = '/etc/rndc.key',
|
||||
) {
|
||||
|
||||
include ::designate::deps
|
||||
|
@ -43,4 +43,15 @@ class designate::backend::bind9 (
|
|||
content => 'allow-new-zones yes;',
|
||||
order => '20',
|
||||
}
|
||||
|
||||
# /var/named is root:named on RedHat and /var/cache/bind is root:bind on
|
||||
# Debian. Both groups only have read access but require write permission in
|
||||
# order to be able to use rndc addzone/delzone commands that Designate uses.
|
||||
# NOTE(bnemec): ensure_resource is to avoid a chicken and egg problem with
|
||||
# removing this from puppet-openstack-integration. Once that has been done
|
||||
# the ensure_resource wrapper could be removed.
|
||||
ensure_resource('file', $::dns::params::vardir, {
|
||||
mode => 'g+w',
|
||||
require => Package[$::dns::params::dns_server_package]
|
||||
})
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue