add key for support dynamic zones

2025-04-15 17:20:21 +00:00 · 2014-10-16 10:54:02 +00:00 · 2014-10-16 10:54:02 +00:00 · 4c5d5e8aee
commit 4c5d5e8aee
parent 532d9a8a09
7 changed files with 40 additions and 0 deletions
--- a/bind/config.sls
+++ b/bind/config.sls
@ -58,6 +58,20 @@ bind_config:
    - watch_in:
      - service: bind

+bind_key_config:
+  file:
+    - managed
+    - name: {{ map.key_config }}
+    - source: 'salt://bind/files/debian/named.conf.key'
+    - template: jinja
+    - user: {{ salt['pillar.get']('bind:config:user', map.user) }}
+    - group: {{ salt['pillar.get']('bind:config:group', map.group) }}
+    - mode: {{ salt['pillar.get']('bind:config:mode', '644') }}
+    - require:
+      - pkg: bind
+    - watch_in:
+      - service: bind
+
 bind_local_config:
  file:
    - managed
--- a/bind/files/debian/named.conf
+++ b/bind/files/debian/named.conf
@ -6,6 +6,7 @@
 //
 // If you are just adding zones, please do that in /etc/bind/named.conf.local

+include "/etc/bind/named.conf.key";
 include "/etc/bind/named.conf.options";
 include "/etc/bind/named.conf.local";
 include "/etc/bind/named.conf.default-zones";
--- a/bind/files/debian/named.conf.key
+++ b/bind/files/debian/named.conf.key
@ -0,0 +1,12 @@
+# vim: sts=2 ts=2 sw=2 et ai
+//
+// Do any local configuration here
+//
+
+{% for key,args in salt['pillar.get']('bind:keys', {}).iteritems()  -%}
+key "{{ key }}" {
+  algorithm {{ args['algorithm'] | default('HMAC-MD5.SIG-ALG.REG.INT') }};
+  secret {{ args['secret'] }};
+};
+{% endfor %}
+
--- a/bind/files/debian/named.conf.local
+++ b/bind/files/debian/named.conf.local
@ -1,3 +1,4 @@
+# vim: sts=2 ts=2 sw=2 et ai
 //
 // Do any local configuration here
 //
@ -12,6 +13,9 @@
 zone "{{ key }}" {
  type {{ args['type'] }};
  file "zones/{{ file }}";
+  {% if args['allow-update'] is defined  -%}
+  allow-update { {{args['allow-update']}}; };
+  {%- endif %}
  {% if args['type'] == "master" -%}
    {% if args['notify'] -%}
  notify yes;
--- a/bind/map.jinja
+++ b/bind/map.jinja
@ -4,6 +4,7 @@
        'service': 'bind9',
        'config': '/etc/bind/named.conf',
        'local_config': '/etc/bind/named.conf.local',
+        'key_config': '/etc/bind/named.conf.key',
        'options_config': '/etc/bind/named.conf.options',
        'default_zones_config': '/etc/bind/named.conf.default-zones',
        'named_directory': '/var/cache/bind/zones',
--- a/bind/zones
+++ b/bind/zones
@ -0,0 +1 @@
+/srv/salt/zones
--- a/pillar.example
+++ b/pillar.example
@ -13,6 +13,9 @@ bind:
    mode: 640

 bind:
+  keys:
+    "core_dhcp":
+      secret: "YourSecretKey"
  configured_zones:
    sub.domain.com:
      type: master
@ -20,6 +23,10 @@ bind:
    1.168.192.in-addr.arpa:
      type: master
      notify: False
+    dynamic.domain.com:
+      type: master
+      allow-update: "key core_dhcp"
+      notify: True 

 available_zones:
  sub.domain.org: