saltstack-formulas/bind-formula
1
0
Fork 0
mirror of https://github.com/saltstack-formulas/bind-formula.git synced 2025-04-16 17:50:23 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
bind-formula/bind/files/named.conf.local.jinja

185 lines
5.2 KiB
Text
Raw Normal View History

add key for support dynamic zones
2014-10-16 10:54:02 +00:00
# vim: sts=2 ts=2 sw=2 et ai
Updating bind salt-formula to include support to manage Bind on Debian based systems. Also including the ability to manage what zones are configured on DNS servers. Changing defaults to be pulled from the map.jinja. Added values to map.jinja for group and user.
2014-01-03 15:57:10 -08:00
//
// Do any local configuration here
//
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";
Squash commits Update named.conf.local.jinja Some reorganization of the format. In the for-loop that handles configured_views: - Add if-block on lines 124-128 to allow specifying a file for your view, rather than defaulting to the name of the specified zone. This allows multiple views to serve the same zone, but use a different file. Update pillar.example Add documentation and an example on specifying the file to be used for a view, as well as documented that you should not define the top-level 'configured_zones' key when using views. Small comment update. Add comment about using ACLs and views. Create pillar-with-views.example An example of the bind pillar that defines multiple views for internal and external record sets. This doesn't include the other portion of the pillar the defines the bind config - this is zones, views and ACLs only. The config portion is not affected by this. Add more comment clarification. Add comment explaining file name requirements. The filename must match the corresponding zone name (without the .txt extension) because the config.sls jinja logic uses the filename to match to the zone when setting zone_records. It also is hardcoded to replace ".txt" with "" in order to make this match work, and so .txt extension is required for the logic to work. Update config.sls Add logic to detect a file specified in a view, and match it to a zone under available_zones to enable creating that zone file. Revert back Made a bad commit. Update with the required logic. Added an if-block to test for the file argument in the zone_data, and if found, use that view and update the zone variable to match the zone defined under available_zones. Fix variable set. Set zone based on file with the .txt extension removed. Update README.rst Add paragraph about using views. Update pillar-with-views.example Add some more comments for explanation.
2018-11-14 11:11:07 -05:00
{% for name, data in salt['pillar.get']('bind:configured_acls', {})|dictsort %}
acl {{ name }} {
{%- for d in data %}
{{ d }};
{%- endfor %}
};
{%- endfor %}
{%- for name, data in salt['pillar.get']('bind:configured_masters', {})|dictsort %}
masters {{ name }} {
{%- for d in data %}
{{ d }};
{%- endfor %}
};
{%- endfor %}
Add support for views.
2015-03-22 22:07:22 +01:00
{%- macro zone(key, args, file, masters) %}
Updating bind salt-formula to include support to manage Bind on Debian based systems. Also including the ability to manage what zones are configured on DNS servers. Changing defaults to be pulled from the map.jinja. Added values to map.jinja for group and user.
2014-01-03 15:57:10 -08:00
zone "{{ key }}" {
type {{ args['type'] }};
add support for forward zones
2016-01-09 08:12:21 +00:00
{% if args['type'] == 'forward' -%}
added 'forward ( only | first );' support for named.conf.local
2016-04-18 13:46:31 +00:00
{% if args['forward'] is defined -%}
forward {{ args['forward'] }};
{%- endif %}
add support for forward zones
2016-01-09 08:12:21 +00:00
forwarders {
{% for forwarder in args.forwarders -%}
{{ forwarder }};
added 'forward ( only | first );' support for named.conf.local
2016-04-18 13:46:31 +00:00
{%- endfor %}
add support for forward zones
2016-01-09 08:12:21 +00:00
};
{% else -%}
should use the signed file in named.config.local if dnssec, else the plain one
2015-02-03 10:35:11 +01:00
{% if args['dnssec'] is defined and args['dnssec'] -%}
Make `zones_directory` compatible with all distros As all but Debian based distros seem to put the zonefiles in `named_directory` itself it's been removed from `map.jinja` for all but debian. Within `bind.config` we set `zones_directory` to `named_directory` if not defined in `map.jinja`/pillar. All zonefile actions then write using the `zones_directory` variable.
2018-07-27 13:30:14 +01:00
file "{{ zones_directory }}/{{ file }}.signed";
should use the signed file in named.config.local if dnssec, else the plain one
2015-02-03 10:35:11 +01:00
{% else -%}
Make `zones_directory` compatible with all distros As all but Debian based distros seem to put the zonefiles in `named_directory` itself it's been removed from `map.jinja` for all but debian. Within `bind.config` we set `zones_directory` to `named_directory` if not defined in `map.jinja`/pillar. All zonefile actions then write using the `zones_directory` variable.
2018-07-27 13:30:14 +01:00
file "{{ zones_directory }}/{{ file }}";
should use the signed file in named.config.local if dnssec, else the plain one
2015-02-03 10:35:11 +01:00
{%- endif %}
Add support for inline-signing, see #64 for details
2018-06-06 13:53:28 +02:00
{% if args['auto-dnssec'] is defined -%}
auto-dnssec {{ args['auto-dnssec'] }};
inline-signing yes;
{%- endif %}
Fix some named.conf.local template whitespace
2016-07-19 03:24:32 -07:00
{%- if args['allow-update'] is defined %}
fix(named.conf.local.jinja): fix `salt-lint` errors ```bash Examining bind/files/named.conf.local.jinja of type state [206] Jinja variables should have spaces before and after: {{ var_name }} bind/files/named.conf.local.jinja:49 allow-update { {{args['allow-update']}}; }; ```
2019-10-09 04:12:50 +01:00
allow-update { {{ args['allow-update'] }}; };
add key for support dynamic zones
2014-10-16 10:54:02 +00:00
{%- endif %}
Add support for dynamic zone updates.
2015-03-22 23:26:35 +01:00
{%- if args.update_policy is defined %}
update-policy {
{%- for policy in args.update_policy %}
{{ policy }};
{%- endfor %}
Simplified/unified some of the config state definitions. Added logic to automatically convert lists in pillar data to lists of configuration data for options.
2015-03-23 06:54:37 -05:00
};
Add support for dynamic zone updates.
2015-03-22 23:26:35 +01:00
{%- endif %}
Fix some named.conf.local template whitespace
2016-07-19 03:24:32 -07:00
{%- if args['allow-transfer'] is defined %}
allow-transfer { {{ args.get('allow-transfer', []) | join('; ') }}; };
{%- endif %}
support also-notify
2016-07-31 21:46:06 +02:00
{%- if args['also-notify'] is defined %}
also-notify { {{ args.get('also-notify', []) | join('; ') }}; };
{%- endif %}
New features and pillar.example
2017-10-18 22:35:21 +02:00
{%- if args['allow-query'] is defined %}
allow-query { {{ args.get('allow-query', []) | join('; ') }}; };
{%- endif %}
{%- if args['zone-statistics'] is defined %}
zone-statistics yes;
{%- endif %}
Fix some named.conf.local template whitespace
2016-07-19 03:24:32 -07:00
{%- if args['type'] == "master" -%}
{% if args['notify'] %}
Updating bind salt-formula to include support to manage Bind on Debian based systems. Also including the ability to manage what zones are configured on DNS servers. Changing defaults to be pulled from the map.jinja. Added values to map.jinja for group and user.
2014-01-03 15:57:10 -08:00
notify yes;
Fix some named.conf.local template whitespace
2016-07-19 03:24:32 -07:00
{% else %}
Updating bind salt-formula to include support to manage Bind on Debian based systems. Also including the ability to manage what zones are configured on DNS servers. Changing defaults to be pulled from the map.jinja. Added values to map.jinja for group and user.
2014-01-03 15:57:10 -08:00
notify no;
{%- endif -%}
Fix some named.conf.local template whitespace
2016-07-19 03:24:32 -07:00
{% else %}
cleaning up bind9 salt formula. syncing with updates from upstream.
2014-03-01 14:54:41 -08:00
notify no;
Support list of `masters` in `named.conf.local` template Updates the archlinux, debian, freebsd templates to support passing a list of values to `masters` instead of a string. This is already supported by the redhat template, but lacking in the other 3.
2017-07-11 23:11:10 -04:00
{%- if masters is iterable and masters is not string %}
masters {
{%- for item in masters %}
{{ item }};
{%- endfor %}
};
{%- else %}
masters { {{ masters }} };
{%- endif %}
Updating bind salt-formula to include support to manage Bind on Debian based systems. Also including the ability to manage what zones are configured on DNS servers. Changing defaults to be pulled from the map.jinja. Added values to map.jinja for group and user.
2014-01-03 15:57:10 -08:00
{%- endif %}
add support for forward zones
2016-01-09 08:12:21 +00:00
{%- endif %}
Updating bind salt-formula to include support to manage Bind on Debian based systems. Also including the ability to manage what zones are configured on DNS servers. Changing defaults to be pulled from the map.jinja. Added values to map.jinja for group and user.
2014-01-03 15:57:10 -08:00
};
Add support for views.
2015-03-22 22:07:22 +01:00
{%- endmacro %}
Simplified/unified some of the config state definitions. Added logic to automatically convert lists in pillar data to lists of configuration data for options.
2015-03-23 06:54:37 -05:00
{%- if salt['pillar.get']('bind:configured_views', {}) is not defined %}
include "{{ map.default_zones_config }}";
Add support for views.
2015-03-22 22:07:22 +01:00
{%- endif %}
Sort hashes To process hash entries in deterministic order. Without this patch, config entries were different for every run and required a service restart when nothing actually changed. Doing it similar to https://github.com/saltstack-formulas/munin-formula/commit/0fe2f7e66b68bebaa62247f670d43affe6cb9c96
2018-08-31 13:46:54 +02:00
{% for key, args in salt['pillar.get']('bind:configured_zones', {})|dictsort -%}
New features and pillar.example
2017-10-18 22:35:21 +02:00
{%- if salt['pillar.get']("bind:configured_zones:" + key + ":file") -%}
{%- set file = salt['pillar.get']("bind:configured_zones:" + key + ":file") %}
{% else %}
Add support for views.
2015-03-22 22:07:22 +01:00
{%- set file = salt['pillar.get']("bind:available_zones:" + key + ":file") %}
New features and pillar.example
2017-10-18 22:35:21 +02:00
{%- endif -%}
{%- if salt['pillar.get']("bind:configured_zones:" + key + ":masters") -%}
{%- set masters = salt['pillar.get']("bind:configured_zones:" + key + ":masters") %}
{% else %}
Add support for views.
2015-03-22 22:07:22 +01:00
{%- set masters = salt['pillar.get']("bind:available_zones:" + key + ":masters") %}
New features and pillar.example
2017-10-18 22:35:21 +02:00
{%- endif -%}
Add support for views.
2015-03-22 22:07:22 +01:00
{{ zone(key, args, file, masters) }}
Updating bind salt-formula to include support to manage Bind on Debian based systems. Also including the ability to manage what zones are configured on DNS servers. Changing defaults to be pulled from the map.jinja. Added values to map.jinja for group and user.
2014-01-03 15:57:10 -08:00
{% endfor %}
Squash commits Update named.conf.local.jinja Some reorganization of the format. In the for-loop that handles configured_views: - Add if-block on lines 124-128 to allow specifying a file for your view, rather than defaulting to the name of the specified zone. This allows multiple views to serve the same zone, but use a different file. Update pillar.example Add documentation and an example on specifying the file to be used for a view, as well as documented that you should not define the top-level 'configured_zones' key when using views. Small comment update. Add comment about using ACLs and views. Create pillar-with-views.example An example of the bind pillar that defines multiple views for internal and external record sets. This doesn't include the other portion of the pillar the defines the bind config - this is zones, views and ACLs only. The config portion is not affected by this. Add more comment clarification. Add comment explaining file name requirements. The filename must match the corresponding zone name (without the .txt extension) because the config.sls jinja logic uses the filename to match to the zone when setting zone_records. It also is hardcoded to replace ".txt" with "" in order to make this match work, and so .txt extension is required for the logic to work. Update config.sls Add logic to detect a file specified in a view, and match it to a zone under available_zones to enable creating that zone file. Revert back Made a bad commit. Update with the required logic. Added an if-block to test for the file argument in the zone_data, and if found, use that view and update the zone variable to match the zone defined under available_zones. Fix variable set. Set zone based on file with the .txt extension removed. Update README.rst Add paragraph about using views. Update pillar-with-views.example Add some more comments for explanation.
2018-11-14 11:11:07 -05:00
{%- for view, view_data in salt['pillar.get']('bind:configured_views', {})|dictsort %}
Add support for views.
2015-03-22 22:07:22 +01:00
Simplified/unified some of the config state definitions. Added logic to automatically convert lists in pillar data to lists of configuration data for options.
2015-03-23 06:54:37 -05:00
view {{ view }} {
{%- if view == 'default' %}
include "{{ map.default_zones_config }}";
Add support for views.
2015-03-22 22:07:22 +01:00
{%- endif %}
Squash commits Update named.conf.local.jinja Some reorganization of the format. In the for-loop that handles configured_views: - Add if-block on lines 124-128 to allow specifying a file for your view, rather than defaulting to the name of the specified zone. This allows multiple views to serve the same zone, but use a different file. Update pillar.example Add documentation and an example on specifying the file to be used for a view, as well as documented that you should not define the top-level 'configured_zones' key when using views. Small comment update. Add comment about using ACLs and views. Create pillar-with-views.example An example of the bind pillar that defines multiple views for internal and external record sets. This doesn't include the other portion of the pillar the defines the bind config - this is zones, views and ACLs only. The config portion is not affected by this. Add more comment clarification. Add comment explaining file name requirements. The filename must match the corresponding zone name (without the .txt extension) because the config.sls jinja logic uses the filename to match to the zone when setting zone_records. It also is hardcoded to replace ".txt" with "" in order to make this match work, and so .txt extension is required for the logic to work. Update config.sls Add logic to detect a file specified in a view, and match it to a zone under available_zones to enable creating that zone file. Revert back Made a bad commit. Update with the required logic. Added an if-block to test for the file argument in the zone_data, and if found, use that view and update the zone variable to match the zone defined under available_zones. Fix variable set. Set zone based on file with the .txt extension removed. Update README.rst Add paragraph about using views. Update pillar-with-views.example Add some more comments for explanation.
2018-11-14 11:11:07 -05:00
match-clients {
Add support for views.
2015-03-22 22:07:22 +01:00
{%- for acl in view_data.get('match_clients', {}) %}
Squash commits Update named.conf.local.jinja Some reorganization of the format. In the for-loop that handles configured_views: - Add if-block on lines 124-128 to allow specifying a file for your view, rather than defaulting to the name of the specified zone. This allows multiple views to serve the same zone, but use a different file. Update pillar.example Add documentation and an example on specifying the file to be used for a view, as well as documented that you should not define the top-level 'configured_zones' key when using views. Small comment update. Add comment about using ACLs and views. Create pillar-with-views.example An example of the bind pillar that defines multiple views for internal and external record sets. This doesn't include the other portion of the pillar the defines the bind config - this is zones, views and ACLs only. The config portion is not affected by this. Add more comment clarification. Add comment explaining file name requirements. The filename must match the corresponding zone name (without the .txt extension) because the config.sls jinja logic uses the filename to match to the zone when setting zone_records. It also is hardcoded to replace ".txt" with "" in order to make this match work, and so .txt extension is required for the logic to work. Update config.sls Add logic to detect a file specified in a view, and match it to a zone under available_zones to enable creating that zone file. Revert back Made a bad commit. Update with the required logic. Added an if-block to test for the file argument in the zone_data, and if found, use that view and update the zone variable to match the zone defined under available_zones. Fix variable set. Set zone based on file with the .txt extension removed. Update README.rst Add paragraph about using views. Update pillar-with-views.example Add some more comments for explanation.
2018-11-14 11:11:07 -05:00
{{ acl }};
Add support for views.
2015-03-22 22:07:22 +01:00
{%- endfor %}
Squash commits Update named.conf.local.jinja Some reorganization of the format. In the for-loop that handles configured_views: - Add if-block on lines 124-128 to allow specifying a file for your view, rather than defaulting to the name of the specified zone. This allows multiple views to serve the same zone, but use a different file. Update pillar.example Add documentation and an example on specifying the file to be used for a view, as well as documented that you should not define the top-level 'configured_zones' key when using views. Small comment update. Add comment about using ACLs and views. Create pillar-with-views.example An example of the bind pillar that defines multiple views for internal and external record sets. This doesn't include the other portion of the pillar the defines the bind config - this is zones, views and ACLs only. The config portion is not affected by this. Add more comment clarification. Add comment explaining file name requirements. The filename must match the corresponding zone name (without the .txt extension) because the config.sls jinja logic uses the filename to match to the zone when setting zone_records. It also is hardcoded to replace ".txt" with "" in order to make this match work, and so .txt extension is required for the logic to work. Update config.sls Add logic to detect a file specified in a view, and match it to a zone under available_zones to enable creating that zone file. Revert back Made a bad commit. Update with the required logic. Added an if-block to test for the file argument in the zone_data, and if found, use that view and update the zone variable to match the zone defined under available_zones. Fix variable set. Set zone based on file with the .txt extension removed. Update README.rst Add paragraph about using views. Update pillar-with-views.example Add some more comments for explanation.
2018-11-14 11:11:07 -05:00
};
Add support for views.
2015-03-22 22:07:22 +01:00
Squash commits Update named.conf.local.jinja Some reorganization of the format. In the for-loop that handles configured_views: - Add if-block on lines 124-128 to allow specifying a file for your view, rather than defaulting to the name of the specified zone. This allows multiple views to serve the same zone, but use a different file. Update pillar.example Add documentation and an example on specifying the file to be used for a view, as well as documented that you should not define the top-level 'configured_zones' key when using views. Small comment update. Add comment about using ACLs and views. Create pillar-with-views.example An example of the bind pillar that defines multiple views for internal and external record sets. This doesn't include the other portion of the pillar the defines the bind config - this is zones, views and ACLs only. The config portion is not affected by this. Add more comment clarification. Add comment explaining file name requirements. The filename must match the corresponding zone name (without the .txt extension) because the config.sls jinja logic uses the filename to match to the zone when setting zone_records. It also is hardcoded to replace ".txt" with "" in order to make this match work, and so .txt extension is required for the logic to work. Update config.sls Add logic to detect a file specified in a view, and match it to a zone under available_zones to enable creating that zone file. Revert back Made a bad commit. Update with the required logic. Added an if-block to test for the file argument in the zone_data, and if found, use that view and update the zone variable to match the zone defined under available_zones. Fix variable set. Set zone based on file with the .txt extension removed. Update README.rst Add paragraph about using views. Update pillar-with-views.example Add some more comments for explanation.
2018-11-14 11:11:07 -05:00
{%- for key, args in view_data.get('configured_zones', {})|dictsort -%}
{%- if 'file' in args %}
{%- set file = args.file %}
{%- else %}
{%- set file = salt['pillar.get']("bind:available_zones:" + key + ":file") %}
{%- endif %}
Add support for views.
2015-03-22 22:07:22 +01:00
{%- set masters = salt['pillar.get']("bind:available_zones:" + key + ":masters") %}
Squash commits Update named.conf.local.jinja Some reorganization of the format. In the for-loop that handles configured_views: - Add if-block on lines 124-128 to allow specifying a file for your view, rather than defaulting to the name of the specified zone. This allows multiple views to serve the same zone, but use a different file. Update pillar.example Add documentation and an example on specifying the file to be used for a view, as well as documented that you should not define the top-level 'configured_zones' key when using views. Small comment update. Add comment about using ACLs and views. Create pillar-with-views.example An example of the bind pillar that defines multiple views for internal and external record sets. This doesn't include the other portion of the pillar the defines the bind config - this is zones, views and ACLs only. The config portion is not affected by this. Add more comment clarification. Add comment explaining file name requirements. The filename must match the corresponding zone name (without the .txt extension) because the config.sls jinja logic uses the filename to match to the zone when setting zone_records. It also is hardcoded to replace ".txt" with "" in order to make this match work, and so .txt extension is required for the logic to work. Update config.sls Add logic to detect a file specified in a view, and match it to a zone under available_zones to enable creating that zone file. Revert back Made a bad commit. Update with the required logic. Added an if-block to test for the file argument in the zone_data, and if found, use that view and update the zone variable to match the zone defined under available_zones. Fix variable set. Set zone based on file with the .txt extension removed. Update README.rst Add paragraph about using views. Update pillar-with-views.example Add some more comments for explanation.
2018-11-14 11:11:07 -05:00
{{ zone(key, args, file, masters) }}
Add support for views.
2015-03-22 22:07:22 +01:00
{%- endfor %}
};
{%- endfor %}
Refactor named.conf.local & logging across platforms
2018-05-26 19:57:58 -03:00
{%- if salt['pillar.get']('bind:config:enable_logging', True) %}
New features and pillar.example
2017-10-18 22:35:21 +02:00
{%- if salt['pillar.get']('bind:config:use_extensive_logging', False) %}
include "{{ map.logging_config }}";
{% else %}
Updating bind salt-formula to include support to manage Bind on Debian based systems. Also including the ability to manage what zones are configured on DNS servers. Changing defaults to be pulled from the map.jinja. Added values to map.jinja for group and user.
2014-01-03 15:57:10 -08:00
logging {
Simplified/unified some of the config state definitions. Added logic to automatically convert lists in pillar data to lists of configuration data for options.
2015-03-23 06:54:37 -05:00
channel "querylog" {
file "{{ map.log_dir }}/query.log";
print-time yes;
};
Updating bind salt-formula to include support to manage Bind on Debian based systems. Also including the ability to manage what zones are configured on DNS servers. Changing defaults to be pulled from the map.jinja. Added values to map.jinja for group and user.
2014-01-03 15:57:10 -08:00
category queries { querylog; };
};
New features and pillar.example
2017-10-18 22:35:21 +02:00
{%- endif %}
Refactor named.conf.local & logging across platforms
2018-05-26 19:57:58 -03:00
{%- endif %}
New features and pillar.example
2017-10-18 22:35:21 +02:00
{%- if salt['pillar.get']('bind:controls', False) %}
controls {
Use dictsort instead of iteritems to process entries in deterministic order
2018-09-04 21:10:24 +02:00
{%- for name, control in salt['pillar.get']('bind:controls')|dictsort if control.get('enabled', True) %}
New features and pillar.example
2017-10-18 22:35:21 +02:00
inet {{ control.get('bind', {}).get('address', '127.0.0.1') }} port {{ control.get('bind', {}).get('port', 953) }}
{%- if control.get('allow') %}
allow {
{%- for allow in control.allow %}
{{ allow }};
{%- endfor %}
}
{%- endif %}
{%- if control.get('keys') %}
keys {
{%- for key in control.get('keys') %}
{{ key }};
{%- endfor %}
}
{%- endif %};
{%- endfor %}
};
{%- endif %}
{%- if salt['pillar.get']('bind:statistics', False) %}
statistics-channels {
Use dictsort instead of iteritems to process entries in deterministic order
2018-09-04 21:10:24 +02:00
{%- for name, channel in salt['pillar.get']('bind:statistics')|dictsort if channel.get('enabled', True) %}
New features and pillar.example
2017-10-18 22:35:21 +02:00
inet {{ channel.get('bind', {}).get('address', '127.0.0.1') }} port {{ channel.get('bind', {}).get('port', 953) }}
{%- if channel.get('allow') %}
allow {
{%- for allow in channel.allow %}
{{ allow }};
{%- endfor %}
}
{%- endif %};
{%- endfor %}
};
{%- endif %}
Reference in a new issue Copy permalink