Merge pull request #103 from joe-bowman/fix-debian-directory-bug

fix named_directory bug in Debian/Ubuntu by using the map value
2025-04-17 10:10:26 +00:00 · 2018-07-30 09:38:32 -03:00 · 2018-07-30 09:38:32 -03:00 · 23dcc6a86a
commit 23dcc6a86a
parent 72030c9009 2e585637e1
9 changed files with 49 additions and 18 deletions
--- a/.gitignore
+++ b/.gitignore
@ -101,3 +101,6 @@ ENV/

 # mypy
 .mypy_cache/
+
+# Ruby Gemfile.lock
+Gemfile.lock
--- a/bind/config.sls
+++ b/bind/config.sls
@ -7,6 +7,12 @@
 {%- set key_size = salt['pillar.get']('bind:lookup:key_size', map.key_size) %}
 {%- set key_flags = {'zsk': 256, 'ksk': 257} %}

+{%- if map.get('zones_directory') %}
+  {%- set zones_directory = map.zones_directory %}
+{%- else %}
+  {%- set zones_directory = map.named_directory %}
+{%- endif %}
+
 include:
  - bind

@ -45,6 +51,19 @@ named_directory:
    - require:
      - pkg: bind

+{% if map.get('zones_directory') %}
+bind_zones_directory:
+  file.directory:
+    - name: {{ zones_directory }}
+    - user: {{ salt['pillar.get']('bind:config:user', map.user) }}
+    - group: {{ salt['pillar.get']('bind:config:group', map.group) }}
+    - mode: 775
+    - makedirs: True
+    - require:
+      - pkg: bind
+      - file: named_directory
+{% endif %}
+
 bind_config:
  file.managed:
    - name: {{ map.config }}
@ -74,6 +93,7 @@ bind_local_config:
    - mode: {{ salt['pillar.get']('bind:config:mode', '644') }}
    - context:
        map: {{ map }}
+        zones_directory: {{ zones_directory }}
    - require:
      - pkg: bind
      - file: {{ map.chroot_dir }}{{ map.log_dir }}/query.log
@ -119,6 +139,8 @@ bind_options_config:
    - mode: {{ salt['pillar.get']('bind:config:mode', '644') }}
    - context:
        key_directory: {{ map.key_directory }}
+        named_directory: {{ map.named_directory }}
+        zones_directory: {{ zones_directory }}
    - require:
      - pkg: bind
    - watch_in:
@ -196,7 +218,7 @@ bind_rndc_client_config:
 {% if file and zone_data['type'] == 'master' -%}
 zones{{ dash_view }}-{{ zone }}{{ '.include' if serial_auto else ''}}:
  file.managed:
-    - name: {{ map.named_directory }}/{{ file }}{{ '.include' if serial_auto else ''}}
+    - name: {{ zones_directory }}/{{ file }}{{ '.include' if serial_auto else ''}}
    - source: {{ zone_source }}
    - template: jinja
    {% if zone_records != {} %}
@ -213,6 +235,9 @@ zones{{ dash_view }}-{{ zone }}{{ '.include' if serial_auto else ''}}:
      - service: bind
    - require:
      - file: named_directory
+      {% if map.get('zones_directory') %}
+      - file: bind_zones_directory
+      {% endif %}

 {% if serial_auto %}
 zones{{ dash_view }}-{{ zone }}:
@ -221,9 +246,9 @@ zones{{ dash_view }}-{{ zone }}:
    - update: True
    - zone: zones{{ dash_view }}-{{ zone }}
    - watch:
-      - file: {{ map.named_directory }}/{{ file }}.include
+      - file: {{ zones_directory }}/{{ file }}.include
  file.managed:
-    - name: {{ map.named_directory }}/{{ file }}
+    - name: {{ zones_directory }}/{{ file }}
    - require:
      - module: zones{{ dash_view }}-{{ zone }}
    - source: {{ zone_source }}
@ -232,7 +257,7 @@ zones{{ dash_view }}-{{ zone }}:
    - context:
      zone: zones{{ dash_view }}-{{ zone }}
      soa: {{ salt['pillar.get']("bind:available_zones:" + zone + ":soa") }}
-      include: {{ file }}.include
+      include: {{ zones_directory }}/{{ file }}.include
    {% endif %}
    - user: {{ salt['pillar.get']('bind:config:user', map.user) }}
    - group: {{ salt['pillar.get']('bind:config:group', map.group) }}
@ -241,11 +266,14 @@ zones{{ dash_view }}-{{ zone }}:
      - service: bind
    - require:
      - file: named_directory
+      {% if map.get('zones_directory') %}
+      - file: bind_zones_directory
+      {% endif %}
 {% endif %}
 {% if zone_data['dnssec'] is defined and zone_data['dnssec'] -%}
 signed{{ dash_view }}-{{ zone }}:
  cmd.run:
-    - cwd: {{ map.named_directory }}
+    - cwd: {{ zones_directory }}
    - name: zonesigner -zone {{ zone }} {{ file }}
    - prereq:
      - file: zones{{ dash_view }}-{{ zone }}
--- a/bind/files/arch/named.conf
+++ b/bind/files/arch/named.conf
@ -1,7 +1,7 @@
 // vim:set ts=4 sw=4 et:

 options {
-    directory "/var/named";
+    directory "{{ named_directory }}";
    pid-file "/run/named/named.pid";

    // Uncomment these to enable IPv6 connections support
--- a/bind/files/debian/named.conf.options
+++ b/bind/files/debian/named.conf.options
@ -1,7 +1,7 @@
 {%- set key_directory = salt['pillar.get']('bind:lookup:key_directory', key_directory) %}

 options {
-        directory "/var/cache/bind";
+        directory "{{ named_directory }}";

        // If there is a firewall between you and nameservers you want
        // to talk to, you may need to fix the firewall to allow multiple
--- a/bind/files/freebsd/named.conf
+++ b/bind/files/freebsd/named.conf
@ -11,7 +11,7 @@
 options {
 	// All file and path names are relative to the chroot directory,
 	// if any, and should be fully qualified.
-	directory	"/usr/local/etc/namedb/working";
+	directory	"{{ named_directory }}";
 	pid-file	"/var/run/named/pid";
 	dump-file	"/var/dump/named_dump.db";
 	statistics-file	"/var/stats/named.stats";
@ -389,4 +389,3 @@ key "{{ key }}" {
 {%- for incl in salt['pillar.get']('bind:config:includes', []) %}
 include "{{ incl }}";
 {% endfor %}
-
--- a/bind/files/named.conf.local.jinja
+++ b/bind/files/named.conf.local.jinja
@ -21,9 +21,9 @@ zone "{{ key }}" {
  };
  {% else -%}
  {% if args['dnssec'] is defined and args['dnssec'] -%}
-  file "{{ map.named_directory }}/{{ file }}.signed";
+  file "{{ zones_directory }}/{{ file }}.signed";
  {% else -%}
-  file "{{ map.named_directory }}/{{ file }}";
+  file "{{ zones_directory }}/{{ file }}";
  {%- endif %}
  {% if args['auto-dnssec'] is defined -%}
  auto-dnssec {{ args['auto-dnssec'] }};
--- a/bind/files/redhat/named.conf
+++ b/bind/files/redhat/named.conf
@ -8,10 +8,10 @@
 //

 options {
-        directory       "/var/named";
-        dump-file       "/var/named/data/cache_dump.db";
-        statistics-file "/var/named/data/named_stats.txt";
-        memstatistics-file "/var/named/data/named_mem_stats.txt";
+        directory       "{{ map.get('named_directory') }}";
+        dump-file       "{{ map.get('named_directory') }}/data/cache_dump.db";
+        statistics-file "{{ map.get('named_directory') }}/data/named_stats.txt";
+        memstatistics-file "{{ map.get('named_directory') }}/data/named_mem_stats.txt";

 {#- Allow inclusion of arbitrary statements #}
 {%- for statement, value in salt['pillar.get']('bind:config:options', map.get('options', {})).items() -%}
@ -29,7 +29,7 @@ options {
        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";

-        managed-keys-directory "/var/named/dynamic";
+        managed-keys-directory "{{ map.get('named_directory') }}/dynamic";
 };

 zone "." IN {
--- a/bind/files/suse/named.conf
+++ b/bind/files/suse/named.conf
@ -18,7 +18,7 @@ options {

 	# The directory statement defines the name server's working directory

-	directory "/var/lib/named";
+	directory "{{ named_directory }}";

 	# enable DNSSEC validation
 	#
--- a/bind/map.jinja
+++ b/bind/map.jinja
@ -12,7 +12,8 @@
        'default_zones_config': '/etc/bind/named.conf.default-zones',
        'logging_config': '/etc/bind/named.conf.logging',
        'rndc_client_config': '/etc/bind/rndc.conf',
-        'named_directory': '/var/cache/bind/zones',
+        'named_directory': '/var/cache/bind',
+        'zones_directory': '/var/cache/bind/zones',
        'chroot_dir': '',
        'log_dir': '/var/log/bind9',
        'log_mode': '644',