Allow necessary write permissions for BIND zone creation
By default on both Red Hat and Ubuntu BIND does not have the necessary file permissions to create new zones. Since we need to be able to do that for Designate to function, we need to tweak the permissions at deployment time. Previously this was done in puppet-openstack-integration, but for TripleO to deploy Designate we need it done in this module as TripleO doesn't use p-o-i. Change-Id: I09e8799f0b2a4113833983d67b3c4d40a0355933 bp designate-support
This commit is contained in:
Ben Nemec
parent
dca15cf79a
commit
970212fc1c
|
|
@ -24,7 +24,7 @@ class designate::backend::bind9 (
|
|||
$rndc_host = '127.0.0.1',
|
||||
$rndc_port = '953',
|
||||
$rndc_config_file = '/etc/rndc.conf',
|
||||
$rndc_key_file = '/etc/rndc.key'
|
||||
$rndc_key_file = '/etc/rndc.key',
|
||||
) {
|
||||
|
||||
include ::designate::deps
|
||||
|
|
@ -43,4 +43,15 @@ class designate::backend::bind9 (
|
|||
content => 'allow-new-zones yes;',
|
||||
order => '20',
|
||||
}
|
||||
|
||||
# /var/named is root:named on RedHat and /var/cache/bind is root:bind on
|
||||
# Debian. Both groups only have read access but require write permission in
|
||||
# order to be able to use rndc addzone/delzone commands that Designate uses.
|
||||
# NOTE(bnemec): ensure_resource is to avoid a chicken and egg problem with
|
||||
# removing this from puppet-openstack-integration. Once that has been done
|
||||
# the ensure_resource wrapper could be removed.
|
||||
ensure_resource('file', $::dns::params::vardir, {
|
||||
mode => 'g+w',
|
||||
require => Package[$::dns::params::dns_server_package]
|
||||
})
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue