Add support for YAML config

[deric]

Pull Request (PR) description

Powerdns supports yaml config since version 5.0. Since 5.2 the default recursor.conf will be parsed as YAML unless --enable-old-settings flag is provided (which this module currently doesn't support) or recursor.yml config exists. This is rather a breaking change (on powerdns side).

Upgrading the old config, e.g.:

powerdns::forward_zones:
  '+.': 1.1.1.1;8.8.8.8;8.8.4.4
powerdns::recursor::config:
  allow-from:
    value: 0.0.0.0/0
  distributor-threads:
    value: 1
  dnssec:
    value: 'off'
  local-address:
    value: 0.0.0.0:53
  log-common-errors:
    value: true
  threads:
    value: 2

requires non-trivial changes, but can be generated using rec_control show-yaml if you upgraded to at least 5.0 release first.

powerdns::recursor_version: '5.3'
powerdns::recursor_use_yaml: true
powerdns::forward_zones:
  - zone: .
    forwarders:
      - 1.1.1.1
      - 8.8.8.8
      - 8.8.4.4
    recurse: true
powerdns::recursor::config:
  incoming:
    allow_from:
      - 0.0.0.0/0
    distributor_threads: 1
    listen:
      - 0.0.0.0:53
  logging:
    common_errors: true
    trace: fail
  recursor:
    forward_zones_file: /etc/powerdns/forward_zones.conf
    threads: 2

The PR replaces old configs by "new" YAML configs with .conf extensions by default. This might be confusing, but keeping both files would be even more confusing, considering that both configs would be parsed by the Recursor (recursor.yml takes precedence, if exists).

Just iterating on @peelman work done in #226. Debian 13 currently requires more work, will be done in separate PR.

This Pull Request (PR) fixes the following issues

Fixes #172

[peelman]

What would the maintainers like to see in order to get this merged? @saz @ju5t ?

[ju5t]

FYI: I'm not a maintainer anymore.

I think for this to be released all operating systems need to be supported. This can be in multiple PR's, as long as someone ensures no release goes out with partial YAML support.

@deric this PR includes the upgrade to PowerDNS 5 in #232. It's better to leave that out.

[deric]

Debian 13 currently has problems with mysql tests:

  Nov 04 13:30:10 debian13-64-openvox8.example.com pdns_server[1989]: Polled security status of version 5.0.1 at startup, no known issues reported: OK
  Nov 04 13:30:10 debian13-64-openvox8.example.com pdns_server[1989]: gmysql Connection failed: Unable to connect to database: ERROR 1698 (28000): Access denied for user 'powerdns'@'localhost'
  Nov 04 13:30:10 debian13-64-openvox8.example.com pdns_server[1989]: Caught an exception instantiating a backend (gmysql): Unable to launch gmysql connection: Unable to connect to database: ERROR 1698 (28000): Access denied for user 'powerdns'@'localhost'
  Nov 04 13:30:10 debian13-64-openvox8.example.com pdns_server[1989]: Cleaning up
  Nov 04 13:30:10 debian13-64-openvox8.example.com pdns_server[1989]: PDNSException while filling the zone cache: Unable to launch gmysql connection: Unable to connect to database: ERROR 1698 (28000): Access denied for user 'powerdns'@'localhost'

which is out of scope of this module, the issue is tracked here: puppetlabs/puppetlabs-mysql#1670

[peelman]

For somebody who isn't a maintainer any longer, you certainly have strong opinions about the scope of the project and the commitments it requires.

I'll stick with my fork for our needs while you neckbeards worry about the 2%.

[ju5t]

@peelman you mistakenly think that I have a strong opinion about it though. I don't.

I'll stick with my fork for our needs while you neckbeards worry about the 2%.

That's fine, it's the beauty of open source. You can fork when you disagree or when you need something that's not released.

For somebody who isn't a maintainer any longer, you certainly have strong opinions about the scope of the project and the commitments it requires.

I spent hours and hours of my spare time on this project in the last 9 years. If you feel wronged because a feature isn't immediately there or when someone has a different idea about the scope of the project, don't use this package, fork it, do whatever you want with it.

Complaining about something when people spend their own time building things is just stupid.

Good luck with your fork.

[bastelfreak]

Hi,
one of the Vox Pupuli PMC people here 👋

@deric thank you for the PR, new features are always appreciated.

For somebody who isn't a maintainer any longer, you certainly have strong opinions about the scope of the project and the commitments it requires.

This has little to do with strong opinions. Vox Pupuli maintains 198 modules right now, with 237 people. In order to keep this alive, it's required to have proper review and contribution guidelines. They are also linked when you raise a PR (but GitHub does a good job at hiding them somewhere on the site 😞 ).

The review guidelines are here: https://voxpupuli.org/docs/reviewing_pr/. A few highlights that are relevant here:

• to make future refactorings or potential reverts possible, we require separate PRs (, or at least commits, depending on the situation), for individual new features or bugfixes
• We require passing CI checks

I'll stick with my fork for our needs while you neckbeards worry about the 2%.

Please stay friendly. Also this has nothing to do with some weird edge cases. When CI doesn't pass on the HEAD branch anymore, it's impossible to merge new features because we cannot verify them anymore (at least not with way more effort).

[bastelfreak]

Do the newer operating systems still support the old format?

[peelman]

https://doc.powerdns.com/recursor/yamlsettings.html

With the release of 5.2.0, the default will be to expect a YAML configuration file and reading of old-style recursor.conf files will have to be enabled specifically by providing a command line option --enable-old-settings.

In a future release support for the “old-style” recursor.conf settings file will be dropped.

[deric]

5.0 and 5.1 do support, 5.2 and newer would require overriding the systemd service file in order to pass --enable-old-settings on most distributions.

We should be testing here different powerdns versions (in combinations with OS version).

[saz]

Shouldn't we make the decision based on the recursor_version?

Note

Starting with version 5.0.0, Recursor supports a new YAML syntax for configuration files as described here. If both recursor.conf and recursor.yml files are found in the configuration directory the YAML file is used. A configuration using the old style syntax can be converted to a YAML configuration using the instructions in [Conversion of old-style settings to YAML format](https://doc.powerdns.com/recursor/appendices/yamlconversion.html).

Release 5.0.0 will install a default old-style recursor.conf file.

Starting with version 5.1.0, in the absence of a recursor.yml file, an existing recursor.conf will be processed as YAML, if that fails, it will be processed as old-style configuration. Packages will stop installing a old-style recursor.conf file and start installing a default recursor.conf file containing YAML syntax.

With the release of 5.2.0, the default will be to expect a YAML configuration file and reading of old-style recursor.conf files will have to be enabled specifically by providing a command line option --enable-old-settings.

In a future release support for the “old-style” recursor.conf settings file will be dropped.

source: https://doc.powerdns.com/recursor/yamlsettings.html

[deric]

@saz Yeah, you're right. There are no earlier packages for Debian 13. For Debian 12 we shouldn't set the version (any recursor version between 4.8 to 5.3 is supported). See https://repo.powerdns.com/debian/dists/

[saz]

There's an overview on https://repo.powerdns.com/ with supported versions per distro and release.