From 4c5d5e8aee690e361e15858d299a1417eea207c8 Mon Sep 17 00:00:00 2001 From: root Date: Thu, 16 Oct 2014 10:54:02 +0000 Subject: [PATCH] add key for support dynamic zones --- bind/config.sls | 14 ++++++++++++++ bind/files/debian/named.conf | 1 + bind/files/debian/named.conf.key | 12 ++++++++++++ bind/files/debian/named.conf.local | 4 ++++ bind/map.jinja | 1 + bind/zones | 1 + pillar.example | 7 +++++++ 7 files changed, 40 insertions(+) create mode 100644 bind/files/debian/named.conf.key create mode 120000 bind/zones diff --git a/bind/config.sls b/bind/config.sls index c0ff2a4..1dc68c1 100644 --- a/bind/config.sls +++ b/bind/config.sls @@ -58,6 +58,20 @@ bind_config: - watch_in: - service: bind +bind_key_config: + file: + - managed + - name: {{ map.key_config }} + - source: 'salt://bind/files/debian/named.conf.key' + - template: jinja + - user: {{ salt['pillar.get']('bind:config:user', map.user) }} + - group: {{ salt['pillar.get']('bind:config:group', map.group) }} + - mode: {{ salt['pillar.get']('bind:config:mode', '644') }} + - require: + - pkg: bind + - watch_in: + - service: bind + bind_local_config: file: - managed diff --git a/bind/files/debian/named.conf b/bind/files/debian/named.conf index 880786a..80f3eb5 100644 --- a/bind/files/debian/named.conf +++ b/bind/files/debian/named.conf @@ -6,6 +6,7 @@ // // If you are just adding zones, please do that in /etc/bind/named.conf.local +include "/etc/bind/named.conf.key"; include "/etc/bind/named.conf.options"; include "/etc/bind/named.conf.local"; include "/etc/bind/named.conf.default-zones"; diff --git a/bind/files/debian/named.conf.key b/bind/files/debian/named.conf.key new file mode 100644 index 0000000..e9beaad --- /dev/null +++ b/bind/files/debian/named.conf.key @@ -0,0 +1,12 @@ +# vim: sts=2 ts=2 sw=2 et ai +// +// Do any local configuration here +// + +{% for key,args in salt['pillar.get']('bind:keys', {}).iteritems() -%} +key "{{ key }}" { + algorithm {{ args['algorithm'] | default('HMAC-MD5.SIG-ALG.REG.INT') }}; + secret {{ args['secret'] }}; +}; +{% endfor %} + diff --git a/bind/files/debian/named.conf.local b/bind/files/debian/named.conf.local index 3d8c931..322a56b 100644 --- a/bind/files/debian/named.conf.local +++ b/bind/files/debian/named.conf.local @@ -1,3 +1,4 @@ +# vim: sts=2 ts=2 sw=2 et ai // // Do any local configuration here // @@ -12,6 +13,9 @@ zone "{{ key }}" { type {{ args['type'] }}; file "zones/{{ file }}"; + {% if args['allow-update'] is defined -%} + allow-update { {{args['allow-update']}}; }; + {%- endif %} {% if args['type'] == "master" -%} {% if args['notify'] -%} notify yes; diff --git a/bind/map.jinja b/bind/map.jinja index 3fea5ff..1be4d25 100644 --- a/bind/map.jinja +++ b/bind/map.jinja @@ -4,6 +4,7 @@ 'service': 'bind9', 'config': '/etc/bind/named.conf', 'local_config': '/etc/bind/named.conf.local', + 'key_config': '/etc/bind/named.conf.key', 'options_config': '/etc/bind/named.conf.options', 'default_zones_config': '/etc/bind/named.conf.default-zones', 'named_directory': '/var/cache/bind/zones', diff --git a/bind/zones b/bind/zones new file mode 120000 index 0000000..82df46a --- /dev/null +++ b/bind/zones @@ -0,0 +1 @@ +/srv/salt/zones \ No newline at end of file diff --git a/pillar.example b/pillar.example index f0ba3ea..cbda55f 100644 --- a/pillar.example +++ b/pillar.example @@ -13,6 +13,9 @@ bind: mode: 640 bind: + keys: + "core_dhcp": + secret: "YourSecretKey" configured_zones: sub.domain.com: type: master @@ -20,6 +23,10 @@ bind: 1.168.192.in-addr.arpa: type: master notify: False + dynamic.domain.com: + type: master + allow-update: "key core_dhcp" + notify: True available_zones: sub.domain.org: