From 2cef37f747e75018b0bbf497437a63478f230116 Mon Sep 17 00:00:00 2001 From: root Date: Sun, 22 Mar 2015 22:07:22 +0100 Subject: [PATCH 1/4] Add support for views. --- README.rst | 5 +++++ bind/config.sls | 29 +++++++++++++++++++++++++ bind/files/debian/named.conf | 1 - bind/files/debian/named.conf.local | 35 +++++++++++++++++++++++++++--- pillar.example | 9 ++++++++ 5 files changed, 75 insertions(+), 4 deletions(-) diff --git a/README.rst b/README.rst index 322b3a6..3b37697 100644 --- a/README.rst +++ b/README.rst @@ -37,3 +37,8 @@ Example Pillar user: root group: named mode: 640 + +Notes +===== + +* When using views all zones must be configured in views! diff --git a/bind/config.sls b/bind/config.sls index a0cb04d..35a33f9 100644 --- a/bind/config.sls +++ b/bind/config.sls @@ -155,3 +155,32 @@ signed-{{file}}: {% endif %} {% endfor %} + +{%- for view, view_data in salt['pillar.get']('bind:configured_views', {}).iteritems() %} +{% for key,args in view_data.get('configured_zones', {}).iteritems() -%} +{%- set file = salt['pillar.get']("bind:available_zones:" + key + ":file") %} +{% if args['type'] == "master" -%} +zones-{{ file }}: + file.managed: + - name: {{ map.named_directory }}/{{ file }} + - source: 'salt://bind/zones/{{ file }}' + - user: {{ salt['pillar.get']('bind:config:user', map.user) }} + - group: {{ salt['pillar.get']('bind:config:group', map.group) }} + - mode: {{ salt['pillar.get']('bind:config:mode', '644') }} + - watch_in: + - service: bind + - require: + - file: {{ map.named_directory }} + +{% if args['dnssec'] is defined and args['dnssec'] -%} +signed-{{file}}: + cmd.run: + - cwd: {{ map.named_directory }} + - name: zonesigner -zone {{ key }} {{ file }} + - prereq: + - file: zones-{{ file }} +{% endif %} + +{% endif %} +{% endfor %} +{% endfor %} diff --git a/bind/files/debian/named.conf b/bind/files/debian/named.conf index 80f3eb5..80314b0 100644 --- a/bind/files/debian/named.conf +++ b/bind/files/debian/named.conf @@ -9,4 +9,3 @@ include "/etc/bind/named.conf.key"; include "/etc/bind/named.conf.options"; include "/etc/bind/named.conf.local"; -include "/etc/bind/named.conf.default-zones"; diff --git a/bind/files/debian/named.conf.local b/bind/files/debian/named.conf.local index 3376cf9..53a4653 100644 --- a/bind/files/debian/named.conf.local +++ b/bind/files/debian/named.conf.local @@ -7,9 +7,7 @@ // organization //include "/etc/bind/zones.rfc1918"; -{% for key,args in salt['pillar.get']('bind:configured_zones', {}).iteritems() -%} -{%- set file = salt['pillar.get']("bind:available_zones:" + key + ":file") %} -{%- set masters = salt['pillar.get']("bind:available_zones:" + key + ":masters") %} +{%- macro zone(key, args, file, masters) %} zone "{{ key }}" { type {{ args['type'] }}; {% if args['dnssec'] is defined and args['dnssec'] -%} @@ -31,8 +29,39 @@ zone "{{ key }}" { masters { {{ masters }} }; {%- endif %} }; +{%- endmacro %} + +{%- if not pillar.bind.configured_views is defined %} +include "/etc/bind/named.conf.default-zones"; +{%- endif %} + +{% for key,args in salt['pillar.get']('bind:configured_zones', {}).iteritems() -%} +{%- set file = salt['pillar.get']("bind:available_zones:" + key + ":file") %} +{%- set masters = salt['pillar.get']("bind:available_zones:" + key + ":masters") %} +{{ zone(key, args, file, masters) }} {% endfor %} +{% for view, view_data in salt['pillar.get']('bind:configured_views', {}).iteritems() %} + +view {{ view }}{ +{%- if view == 'default' %} + include "/etc/bind/named.conf.default-zones"; +{%- endif %} + +match-clients{ +{%- for acl in view_data.get('match_clients', {}) %} + {{ acl }}; +{%- endfor %} +}; + +{% for key,args in view_data.get('configured_zones', {}).iteritems() -%} +{%- set file = salt['pillar.get']("bind:available_zones:" + key + ":file") %} +{%- set masters = salt['pillar.get']("bind:available_zones:" + key + ":masters") %} + {{ zone(key, args, file, masters) }} +{%- endfor %} +}; +{%- endfor %} + logging { channel "querylog" { file "{{ map.log_dir }}/query.log"; print-time yes; }; category queries { querylog; }; diff --git a/pillar.example b/pillar.example index 82f4c84..7be83c6 100644 --- a/pillar.example +++ b/pillar.example @@ -29,6 +29,15 @@ bind: type: master allow-update: "key core_dhcp" notify: True + configured_views: + myview1: + match_clients: + - client1 + - client2 + configured_zones: + my.zone: + type: master + notify: False bind: available_zones: From c9a480c9920bce77d2d08cad11f387f8639624d8 Mon Sep 17 00:00:00 2001 From: root Date: Sun, 22 Mar 2015 22:10:01 +0100 Subject: [PATCH 2/4] Update example pillar in README to better reflect basic configuration. --- README.rst | 21 +++++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) diff --git a/README.rst b/README.rst index 3b37697..c88ae43 100644 --- a/README.rst +++ b/README.rst @@ -31,12 +31,21 @@ Example Pillar .. code:: yaml bind: - config: - name: /etc/named.conf - source: salt://bind/files/named.conf - user: root - group: named - mode: 640 + configured_zones: + sub.domain.com: + type: master + notify: False + configured_views: + myview1: + match_clients: + - client1 + - client2 + configured_zones: + my.zone: + type: master + notify: False + +See *bind/pillar.example*. Notes ===== From 0de651043f22318604af12b8c1284cc372f0e227 Mon Sep 17 00:00:00 2001 From: root Date: Sun, 22 Mar 2015 22:58:29 +0100 Subject: [PATCH 3/4] Fix creation of logfile (query.log) during first install. --- bind/config.sls | 32 ++++++++++++++++++++++++-------- 1 file changed, 24 insertions(+), 8 deletions(-) diff --git a/bind/config.sls b/bind/config.sls index 35a33f9..1ea12a0 100644 --- a/bind/config.sls +++ b/bind/config.sls @@ -3,6 +3,29 @@ include: - bind +{{ map.log_dir }}: + file.directory: + - user: root + - group: bind + - mode: 775 + +bind_restart: + service.running: + - name: bind9 + - reload: False + - watch: + - file: {{ map.log_dir }}/query.log + - require: + - file: {{ map.log_dir }}/query.log + +{{ map.log_dir }}/query.log: + file.managed: + - user: bind + - group: bind + - mode: 644 + - require: + - file: {{ map.log_dir }} + named_directory: file.directory: - name: {{ map.named_directory }} @@ -80,6 +103,7 @@ bind_local_config: map: {{ map }} - require: - pkg: bind + - file: {{ map.log_dir }}/query.log - watch_in: - service: bind @@ -109,14 +133,6 @@ bind_default_zones: - watch_in: - service: bind -{{ map.log_dir }}: - file.directory: - - user: root - - group: bind - - mode: 775 - - template: jinja - - /etc/logrotate.d/{{ map.service }}: file.managed: - source: salt://bind/files/debian/logrotate_bind From 3b6f48959eadbb913f6f9bea8efb0fd374dfa7a8 Mon Sep 17 00:00:00 2001 From: root Date: Sun, 22 Mar 2015 23:26:35 +0100 Subject: [PATCH 4/4] Add support for dynamic zone updates. --- bind/files/debian/named.conf.local | 7 +++++++ pillar.example | 2 ++ 2 files changed, 9 insertions(+) diff --git a/bind/files/debian/named.conf.local b/bind/files/debian/named.conf.local index 53a4653..68e2b0b 100644 --- a/bind/files/debian/named.conf.local +++ b/bind/files/debian/named.conf.local @@ -18,6 +18,13 @@ zone "{{ key }}" { {% if args['allow-update'] is defined -%} allow-update { {{args['allow-update']}}; }; {%- endif %} + {%- if args.update_policy is defined %} + update-policy { + {%- for policy in args.update_policy %} + {{ policy }}; + {%- endfor %} + }; + {%- endif %} {% if args['type'] == "master" -%} {% if args['notify'] -%} notify yes; diff --git a/pillar.example b/pillar.example index 7be83c6..2d322db 100644 --- a/pillar.example +++ b/pillar.example @@ -38,6 +38,8 @@ bind: my.zone: type: master notify: False + update_policy: + - "grant core_dhcp name dns_entry_allowed_to_update. ANY" bind: available_zones: