Merge pull request #24 from daschatten/master

Support for views, updated readme and a bugfix.
2025-04-15 17:20:21 +00:00 · 2015-03-22 18:30:11 -04:00 · 2015-03-22 18:30:11 -04:00 · 28def67f99
commit 28def67f99
parent c5840f5e55 3b6f48959e
5 changed files with 123 additions and 18 deletions
--- a/README.rst
+++ b/README.rst
@ -31,9 +31,23 @@ Example Pillar
 .. code:: yaml

    bind:
-      config:
-        name: /etc/named.conf
-        source: salt://bind/files/named.conf
-        user: root
-        group: named
-        mode: 640
+      configured_zones:
+        sub.domain.com:
+          type: master
+          notify: False
+      configured_views:
+        myview1:
+          match_clients:
+            - client1
+            - client2
+        configured_zones:
+          my.zone:
+            type: master
+            notify: False
+
+See *bind/pillar.example*.
+
+Notes
+=====
+
+* When using views all zones must be configured in views!
--- a/bind/config.sls
+++ b/bind/config.sls
@ -3,6 +3,29 @@
 include:
  - bind

+{{ map.log_dir }}:
+  file.directory:
+    - user: root
+    - group: bind
+    - mode: 775
+
+bind_restart:
+  service.running:
+    - name: bind9
+    - reload: False
+    - watch:
+      - file: {{ map.log_dir }}/query.log
+    - require:
+      - file: {{ map.log_dir }}/query.log
+
+{{ map.log_dir }}/query.log:
+  file.managed:
+    - user: bind
+    - group: bind
+    - mode: 644
+    - require:
+      - file: {{ map.log_dir }}
+
 named_directory:
  file.directory:
    - name: {{ map.named_directory }}
@ -80,6 +103,7 @@ bind_local_config:
        map: {{ map }}
    - require:
      - pkg: bind
+      - file: {{ map.log_dir }}/query.log
    - watch_in:
      - service: bind

@ -109,14 +133,6 @@ bind_default_zones:
    - watch_in:
      - service: bind

-{{ map.log_dir }}:
-  file.directory:
-    - user: root
-    - group: bind
-    - mode: 775
-    - template: jinja
-
-
 /etc/logrotate.d/{{ map.service }}:
  file.managed:
    - source: salt://bind/files/debian/logrotate_bind
@ -155,3 +171,32 @@ signed-{{file}}:

 {% endif %}
 {% endfor %}
+
+{%- for view, view_data in salt['pillar.get']('bind:configured_views', {}).iteritems() %}
+{%   for key,args in view_data.get('configured_zones', {}).iteritems()  -%}
+{%-  set file = salt['pillar.get']("bind:available_zones:" + key + ":file") %}
+{%   if args['type'] == "master" -%}
+zones-{{ file }}:
+  file.managed:
+    - name: {{ map.named_directory }}/{{ file }}
+    - source: 'salt://bind/zones/{{ file }}'
+    - user: {{ salt['pillar.get']('bind:config:user', map.user) }}
+    - group: {{ salt['pillar.get']('bind:config:group', map.group) }}
+    - mode: {{ salt['pillar.get']('bind:config:mode', '644') }}
+    - watch_in:
+      - service: bind
+    - require:
+      - file: {{ map.named_directory }}
+
+{%   if args['dnssec'] is defined and args['dnssec'] -%}
+signed-{{file}}:
+  cmd.run:
+    - cwd: {{ map.named_directory }}
+    - name: zonesigner -zone {{ key }} {{ file }}
+    - prereq:
+      - file: zones-{{ file }}
+{%   endif %}
+
+{%   endif %}
+{%   endfor %}
+{% endfor %}
--- a/bind/files/debian/named.conf
+++ b/bind/files/debian/named.conf
@ -9,4 +9,3 @@
 include "/etc/bind/named.conf.key";
 include "/etc/bind/named.conf.options";
 include "/etc/bind/named.conf.local";
-include "/etc/bind/named.conf.default-zones";
--- a/bind/files/debian/named.conf.local
+++ b/bind/files/debian/named.conf.local
@ -7,9 +7,7 @@
 // organization
 //include "/etc/bind/zones.rfc1918";

-{% for key,args in salt['pillar.get']('bind:configured_zones', {}).iteritems()  -%}
-{%- set file = salt['pillar.get']("bind:available_zones:" + key + ":file") %}
-{%- set masters = salt['pillar.get']("bind:available_zones:" + key + ":masters") %}
+{%- macro zone(key, args, file, masters) %}
 zone "{{ key }}" {
  type {{ args['type'] }};
  {% if args['dnssec'] is defined and args['dnssec'] -%}
@ -20,6 +18,13 @@ zone "{{ key }}" {
  {% if args['allow-update'] is defined  -%}
  allow-update { {{args['allow-update']}}; };
  {%- endif %}
+  {%- if args.update_policy is defined %}
+  update-policy {
+  {%-   for policy in args.update_policy %}
+    {{ policy }};
+  {%- endfor %}
+  };    
+  {%- endif %}
  {% if args['type'] == "master" -%}
    {% if args['notify'] -%}
  notify yes;
@ -31,8 +36,39 @@ zone "{{ key }}" {
  masters { {{ masters }} };
  {%- endif %}
 };
+{%- endmacro %}
+
+{%- if not pillar.bind.configured_views is defined %}
+include "/etc/bind/named.conf.default-zones";
+{%- endif %}
+
+{% for key,args in salt['pillar.get']('bind:configured_zones', {}).iteritems()  -%}
+{%- set file = salt['pillar.get']("bind:available_zones:" + key + ":file") %}
+{%- set masters = salt['pillar.get']("bind:available_zones:" + key + ":masters") %}
+{{ zone(key, args, file, masters) }}
 {% endfor %}

+{% for view, view_data in salt['pillar.get']('bind:configured_views', {}).iteritems() %}
+
+view {{ view }}{
+{%-   if view == 'default' %}
+  include "/etc/bind/named.conf.default-zones";
+{%- endif %}
+
+match-clients{
+{%- for acl in view_data.get('match_clients', {}) %}
+  {{ acl }};
+{%- endfor %}
+};
+
+{% for key,args in view_data.get('configured_zones', {}).iteritems()  -%}
+{%- set file = salt['pillar.get']("bind:available_zones:" + key + ":file") %}
+{%- set masters = salt['pillar.get']("bind:available_zones:" + key + ":masters") %}
+  {{ zone(key, args, file, masters) }}
+{%- endfor %}
+};
+{%- endfor %}
+
 logging {
  channel "querylog" { file "{{ map.log_dir }}/query.log"; print-time yes; };
  category queries { querylog; };
--- a/pillar.example
+++ b/pillar.example
@ -29,6 +29,17 @@ bind:
      type: master
      allow-update: "key core_dhcp"
      notify: True 
+  configured_views:
+    myview1:
+      match_clients:
+        - client1
+        - client2
+      configured_zones:
+        my.zone:
+          type: master
+          notify: False
+          update_policy:
+            - "grant core_dhcp name dns_entry_allowed_to_update. ANY"

 bind:
  available_zones: