Support for SUSE distributions

bind/files/suse/default

@@ -0,0 +1,70 @@
+{% set protocol = salt['pillar.get']('bind:config:protocol', False) -%}
+{% set param = [] -%}
+{% if protocol -%}
+  {{ param.append('-' + protocol|string) }}
+{% endif -%}
+## Path: Network/DNS/Name Server
+## Description: Names server settings
+
+## Type: yesno
+## Default: yes
+## ServiceRestart: lwresd,named
+#
+# Shall the DNS server 'named' or the LightWeight RESolver Daemon, lwresd run
+# in the chroot jail /var/lib/named/?
+#
+# Each time you start one of the daemons with the init script, /etc/named.conf,
+# /etc/named.conf.include, /etc/rndc.key, and all files listed in
+# NAMED_CONF_INCLUDE_FILES will be copied relative to /var/lib/named/.
+#
+# The pid file will be in /var/lib/named/var/run/named/ and named named.pid
+# or lwresd.pid.
+#
+NAMED_RUN_CHROOTED="yes"
+
+## Type: string
+## Default: ""
+## ServiceRestart: lwresd,named
+#
+# Additional arguments when starting the name daemon with the init script
+# /etc/init.d/named or rcnamed.
+#
+# For example "-n 2" to use two CPUs if named is unable to determine the
+# number of available CPUs.
+#
+# See man 8 named for all available commandline options.
+#
+# "-t /var/lib/named/var" is added if NAMED_RUN_CHROOTED is set to yes.
+#
+# "-u named" is used in any case by the init script to run the named daemon as
+# user 'named' after completing privileged operations.
+#
+NAMED_ARGS="{{ param|join(' ') }}"
+## Type: string
+## Default: ""
+## ServiceReload: named
+#
+# All mentioned config files will be copied relativ to /var/lib/named/, when
+# 'named' is started in the chroot jail.
+#
+# /etc/named.conf and /etc/rndc.key are always copied.  Also all files from
+# include statements in named.conf.
+#
+# Filenames can be relative to /etc/named.d/.
+#
+# Please take care of the order if one file needs a setting of another.
+#
+# Example: "/etc/named-dhcpd.key ldap.dump rndc-access.conf"
+#
+NAMED_CONF_INCLUDE_FILES="{{ map.local_config }} {{ salt['pillar.get']('bind:config:includes', [])|join(' ') }}"
+
+## Type: string
+## Default: "createNamedConfInclude"
+## ServiceReload: named
+#
+# Programms to be executed each time the DNS server 'named' is started or
+# reloaded.
+#
+# Filenames can be relative to /usr/share/bind/.
+#
+NAMED_INITIALIZE_SCRIPTS="createNamedConfInclude"

bind/files/suse/named.conf

@@ -0,0 +1,176 @@
+# Copyright (c) 2001-2004 SuSE Linux AG, Nuernberg, Germany.
+# All rights reserved.
+#
+# Author: Frank Bodammer, Lars Mueller <lmuelle@suse.de>
+#
+# /etc/named.conf
+#
+# This is a sample configuration file for the name server BIND 9.  It works as
+# a caching only name server without modification.
+#
+# A sample configuration for setting up your own domain can be found in
+# /usr/share/doc/packages/bind/sample-config.
+#
+# A description of all available options can be found in
+# /usr/share/doc/packages/bind/misc/options.
+
+options {
+
+	# The directory statement defines the name server's working directory
+
+	directory "/var/lib/named";
+
+	# enable DNSSEC validation
+	#
+	# If BIND logs error messages about the root key being expired, you
+	# will need to update your keys. See https://www.isc.org/bind-keys
+	#
+	# dnssec-enable yes (default), indicates that a secure DNS service
+	# is being used which may be one, or more, of TSIG
+	# (for securing zone transfers or DDNS updates), SIG(0)
+	# (for securing DDNS updates) or DNSSEC.
+
+	#dnssec-enable yes;
+
+	# dnssec-validation yes (default), indicates that a resolver
+	# (a caching or caching-only name server) will attempt to validate
+	# replies from DNSSEC enabled (signed) zones. To perform this task
+	# the server also needs either a valid trusted-keys clause
+	# (containing one or more trusted-anchors or a managed-keys clause.
+
+	#dnssec-validation auto;
+	managed-keys-directory "/var/lib/named/dyn/";
+
+	# Write dump and statistics file to the log subdirectory.  The
+	# pathenames are relative to the chroot jail.
+
+	dump-file "/var/log/named_dump.db";
+	statistics-file "/var/log/named.stats";
+
+	# The forwarders record contains a list of servers to which queries
+	# should be forwarded.  Enable this line and modify the IP address to
+	# your provider's name server.  Up to three servers may be listed.
+
+	#forwarders { 192.0.2.1; 192.0.2.2; };
+
+	# Enable the next entry to prefer usage of the name server declared in
+	# the forwarders section.
+
+	#forward first;
+
+	# The listen-on record contains a list of local network interfaces to
+	# listen on.  Optionally the port can be specified.  Default is to
+	# listen on all interfaces found on your system.  The default port is
+	# 53.
+
+	#listen-on port 53 { 127.0.0.1; };
+
+	# The listen-on-v6 record enables or disables listening on IPv6
+	# interfaces.  Allowed values are 'any' and 'none' or a list of
+	# addresses.
+
+	listen-on-v6 { any; };
+
+	# The next three statements may be needed if a firewall stands between
+	# the local server and the internet.
+
+	#query-source address * port 53;
+	#transfer-source * port 53;
+	#notify-source * port 53;
+
+	# The allow-query record contains a list of networks or IP addresses
+	# to accept and deny queries from. The default is to allow queries
+	# from all hosts.
+
+	#allow-query { 127.0.0.1; };
+
+	# If notify is set to yes (default), notify messages are sent to other
+	# name servers when the the zone data is changed.  Instead of setting
+	# a global 'notify' statement in the 'options' section, a separate
+	# 'notify' can be added to each zone definition.
+
+	notify no;
+
+    disable-empty-zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";
+
+{#- Allow inclusion of arbitrary statements #}
+{%- for statement, value in salt['pillar.get']('bind:config:options', map.get('options', {})).items() -%}
+    {%- if value is iterable and value is not string %}
+        {{ statement }} {
+        {%- for item in value %}
+                {{ item }};
+        {%- endfor %}
+        };
+    {%- else %}
+        {{ statement }} {{ value }};
+    {%- endif %}
+{%- endfor %}
+
+};
+
+# To configure named's logging remove the leading '#' characters of the
+# following examples.
+#logging {
+#	# Log queries to a file limited to a size of 100 MB.
+#	channel query_logging {
+#		file "/var/log/named_querylog"
+#			versions 3 size 100M;
+#		print-time yes;			// timestamp log entries
+#	};
+#	category queries {
+#		query_logging;
+#	};
+#
+#	# Or log this kind alternatively to syslog.
+#	channel syslog_queries {
+#		syslog user;
+#		severity info;
+#	};
+#	category queries { syslog_queries; };
+#
+#	# Log general name server errors to syslog.
+#	channel syslog_errors {
+#		syslog user;
+#		severity error;
+#	};
+#	category default { syslog_errors;  };
+#
+#	# Don't log lame server messages.
+#	category lame-servers { null; };
+#};
+
+# The following zone definitions don't need any modification.  The first one
+# is the definition of the root name servers.  The second one defines
+# localhost while the third defines the reverse lookup for localhost.
+
+zone "." in {
+	type hint;
+	file "root.hint";
+};
+
+zone "localhost" in {
+	type master;
+	file "localhost.zone";
+};
+
+zone "0.0.127.in-addr.arpa" in {
+	type master;
+	file "127.0.0.zone";
+};
+
+zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
+    type master;
+    file "127.0.0.zone";
+};
+
+
+# Include the meta include file generated by createNamedConfInclude.  This
+# includes all files as configured in NAMED_CONF_INCLUDE_FILES from
+# /etc/sysconfig/named
+
+include "/etc/named.conf.include";
+
+# You can insert further zone records for your own domains below or create
+# single files in /etc/named.d/ and add the file names to
+# NAMED_CONF_INCLUDE_FILES.
+# See /usr/share/doc/packages/bind/README.SUSE for more details.

bind/files/suse/named.conf.local

@@ -0,0 +1,77 @@
+//
+// Do any local configuration here
+//
+{%- macro zone(key, args, file, masters) %}
+zone "{{ key }}" IN {
+        type {{ args['type'] }};
+  {% if args['type'] == 'forward' -%}
+    {% if args['forward'] is defined -%}
+        forward {{ args['forward'] }};
+    {%- endif %}
+        forwarders {
+    {% for forwarder in args.forwarders -%}
+                {{ forwarder }};
+    {%- endfor %}
+  };
+  {% else -%}
+  {% if args['dnssec'] is defined and args['dnssec'] -%}
+        file "{{ file }}.signed";
+  {% else -%}
+        file "{{ file }}";
+  {%- endif %}
+  {%- if args['allow-update'] is defined %}
+        allow-update { {{args['allow-update']}}; };
+  {%- endif %}
+  {%- if args.update_policy is defined %}
+        update-policy {
+  {%-   for policy in args.update_policy %}
+                {{ policy }};
+  {%- endfor %}
+        };
+  {%- endif %}
+  {%- if args['allow-transfer'] is defined %}
+        allow-transfer { {{ args.get('allow-transfer', []) | join('; ') }}; };
+  {%- endif %}
+  {%- if args['also-notify'] is defined %}
+        also-notify { {{ args.get('also-notify', []) | join('; ') }}; };
+  {%- endif %}
+  {%- if args['type'] == 'slave' %}
+    {%- if args['allow-notify'] is defined %}
+        allow-notify { {{ args.get('allow-notify', []) | join('; ') }}; };
+    {%- endif %}
+  {%- endif %}
+  {%- if args['type'] == "master" -%}
+    {% if args['notify'] %}
+        notify yes;
+    {% else %}
+        notify no;
+    {%- endif -%}
+  {% else %}
+        notify no;
+    {%- if masters is iterable and masters is not string %}
+        masters {
+      {%- for item in masters %}
+                {{ item }};
+      {%- endfor %}
+        };
+    {%- else %}
+        masters { {{ masters }} };
+    {%- endif %}
+  {%- endif %}
+  {%- endif %}
+};
+{%- endmacro %}
+
+{% for key, args in salt['pillar.get']('bind:configured_zones', {}).items() -%}
+{%- set file = args.get('file', salt['pillar.get']("bind:available_zones:" + key + ":file")) %}
+{%- set masters = args.get('masters', salt['pillar.get']("bind:available_zones:" + key + ":masters")) %}
+{{ zone(key, args, file, masters) }}
+{% endfor %}
+
+{%- for name, data in salt['pillar.get']('bind:configured_acls', {}).items() %}
+acl {{ name }} {
+  {%- for d in data %}
+        {{ d }};
+  {%- endfor %}
+};
+{%- endfor %}

bind/map.jinja

@@ -73,6 +73,21 @@
         'group': 'bind',
         'mode': '640'
     },
+    'Suse': {
+        'pkgs': ['bind'],
+        'service': 'named',
+        'config_source_dir': 'bind/files/suse',
+        'zones_source_dir': 'zones',
+        'config': '/etc/named.conf',
+        'local_config': '/etc/named.d/named.conf.local',
+        'default_config': '/etc/sysconfig/named',
+        'named_directory': '/var/lib/named',
+        'log_dir': '/var/log/named',
+        'log_mode': '640',
+        'user': 'root',
+        'group': 'named',
+        'mode': '640',
+    },
 }, merge=salt['grains.filter_by']({
     'jessie': {
         'pkgs': ['bind9', 'bind9utils'],