diff --git a/bind/config.sls b/bind/config.sls index 64555dd..e8a86a1 100644 --- a/bind/config.sls +++ b/bind/config.sls @@ -3,13 +3,24 @@ include: - bind +named_directory: + file.directory: + - name: {{ map.named_directory }} + - user: {{ salt['pillar.get']('bind:config:user', 'map.user') }} + - group: {{ salt['pillar.get']('bind:config:group', 'map.group') }} + - mode: 775 + - makedirs: True + - require: + - pkg: bind + +{% if grains['os_family'] == 'RedHat' %} bind_config: file: - managed - name: {{ map.config }} - - source: {{ salt['pillar.get']('bind:config:tmpl', 'salt://bind/files/named.conf') }} + - source: 'salt://bind/files/redhat/named.conf' - template: jinja - - user: {{ salt['pillar.get']('bind:config:user', map.user ) }} + - user: {{ salt['pillar.get']('bind:config:user', map.user) }} - group: {{ salt['pillar.get']('bind:config:group', map.group) }} - mode: {{ salt['pillar.get']('bind:config:mode', '640') }} - require: @@ -17,41 +28,44 @@ bind_config: - watch_in: - service: bind -named_directory: - file.directory: - - name: {{ map.named_directory }} - - user: {{ salt['pillar.get']('bind:config:user', map.user) }} - - group: {{ salt['pillar.get']('bind:config:group', map.group) }} - - mode: 775 - - makedirs: True - - require: - - pkg: bind - -{% if grains['os_family'] == 'RedHat' %} bind_local_config: file: - managed - name: {{ map.local_config }} - source: 'salt://bind/files/redhat/named.conf.local' - template: jinja - - user: {{ salt['pillar.get']('bind:config:user', map.user) }} - - group: {{ salt['pillar.get']('bind:config:group', map.group) }} + - user: {{ salt['pillar.get']('bind:config:user', 'map.user') }} + - group: {{ salt['pillar.get']('bind:config:group', 'map.group') }} - mode: {{ salt['pillar.get']('bind:config:mode', '644') }} - require: - pkg: bind - watch_in: - - service: bind + - service: named {% endif %} {% if grains['os_family'] == 'Debian' %} +bind_config: + file: + - managed + - name: {{ map.config }} + - source: 'salt://bind/files/debian/named.conf' + - template: jinja + - user: {{ salt['pillar.get']('bind:config:user', map.user) }} + - group: {{ salt['pillar.get']('bind:config:group', map.group) }} + - mode: {{ salt['pillar.get']('bind:config:mode', '640') }} + - require: + - pkg: bind + - watch_in: + - service: bind + bind_local_config: file: - managed - name: {{ map.local_config }} - source: 'salt://bind/files/debian/named.conf.local' - template: jinja - - user: {{ salt['pillar.get']('bind:config:user', map.user) }} - - group: {{ salt['pillar.get']('bind:config:group', map.group) }} + - user: {{ salt['pillar.get']('bind:config:user', 'map.user') }} + - group: {{ salt['pillar.get']('bind:config:group', 'map.group') }} - mode: {{ salt['pillar.get']('bind:config:mode', '644') }} - require: - pkg: bind @@ -64,8 +78,8 @@ bind_options_config: - name: {{ map.options_config }} - source: 'salt://bind/files/debian/named.conf.options' - template: jinja - - user: {{ salt['pillar.get']('bind:config:user', map.user) }} - - group: {{ salt['pillar.get']('bind:config:group', map.group) }} + - user: {{ salt['pillar.get']('bind:config:user', 'map.user') }} + - group: {{ salt['pillar.get']('bind:config:group', 'map.group') }} - mode: {{ salt['pillar.get']('bind:config:mode', '644') }} - require: - pkg: bind @@ -78,13 +92,20 @@ bind_default_zones: - name: {{ map.default_zones_config }} - source: 'salt://bind/files/debian/named.conf.default-zones' - template: jinja - - user: {{ salt['pillar.get']('bind:config:user', 'root') }} - - group: {{ salt['pillar.get']('bind:config:group', 'bind') }} + - user: {{ salt['pillar.get']('bind:config:user', 'map.user') }} + - group: {{ salt['pillar.get']('bind:config:group', 'map.group') }} - mode: {{ salt['pillar.get']('bind:config:mode', '644') }} - require: - pkg: bind - watch_in: - service: bind + +/var/log/bind9: + file: + - directory + - user: root + - group: bind + - mode: 775 {% endif %} {% for key,args in salt['pillar.get']('bind:configured_zones', {}).iteritems() -%} @@ -95,12 +116,22 @@ zones-{{ file }}: - managed - name: {{ map.named_directory }}/{{ file }} - source: 'salt://bind/zones/{{ file }}' - - user: {{ salt['pillar.get']('bind:config:user', map.user) }} - - group: {{ salt['pillar.get']('bind:config:group', map.group) }} + - user: {{ salt['pillar.get']('bind:config:user', 'map.user') }} + - group: {{ salt['pillar.get']('bind:config:group', 'map.group') }} - mode: {{ salt['pillar.get']('bind:config:mode', '644') }} - watch_in: - service: bind - require: - file: {{ map.named_directory }} + +{% if args['dnssec'] is defined and args['dnssec'] -%} +signed-{{file}}: + cmd.run: + - cwd: {{ map.named_directory }} + - name: zonesigner -zone {{ key }} {{ file }} + - prereq: + - file: zones-{{ file }} +{% endif %} + {% endif %} {% endfor %} diff --git a/bind/files/debian/named.conf.local b/bind/files/debian/named.conf.local index 32456b9..3d8c931 100644 --- a/bind/files/debian/named.conf.local +++ b/bind/files/debian/named.conf.local @@ -19,6 +19,7 @@ zone "{{ key }}" { notify no; {%- endif -%} {% else -%} + notify no; masters { {{ masters }} }; {%- endif %} }; diff --git a/bind/files/debian/named.conf.options b/bind/files/debian/named.conf.options index 29256cc..7661808 100644 --- a/bind/files/debian/named.conf.options +++ b/bind/files/debian/named.conf.options @@ -15,5 +15,7 @@ options { // }; auth-nxdomain no; # conform to RFC1035 - //listen-on-v6 { any; }; + {% if salt['pillar.get']('bind:config:ipv6', 'False') %} + listen-on-v6 { {{ salt['pillar.get']('bind:config:ipv6_listen', 'any') }}; }; + {% endif %} }; diff --git a/bind/files/named.conf b/bind/files/named.conf deleted file mode 100644 index 4ada43d..0000000 --- a/bind/files/named.conf +++ /dev/null @@ -1,15 +0,0 @@ -{% if ipv6 %} -listen-on-v6 { {{ ipv6_listen }}; }; -{% endif %} - -{# -{% for dns_zone in pillar['dns_zones'] %} -zone "{{ dns_zone['zone'] }}" { - type {{ dns_zone['type'] }}; - file "{{ dns_zone['file'] }}"; - {% if dns_zone['type'] == "slave" %} - masters { {{ dns_zone['masters'] }} }; - {% endif %} -}; -{% endfor %} -#} diff --git a/bind/files/redhat/named.conf.local b/bind/files/redhat/named.conf.local index 4c6a2b0..569e6d9 100644 --- a/bind/files/redhat/named.conf.local +++ b/bind/files/redhat/named.conf.local @@ -2,20 +2,26 @@ // Do any local configuration here // +// Consider adding the 1918 zones here, if they are not used in your +// organization +//include "/etc/bind/zones.rfc1918"; + {% for key,args in salt['pillar.get']('bind:configured_zones', {}).iteritems() -%} {%- set file = salt['pillar.get']("available_zones:" + key + ":file") %} {%- set masters = salt['pillar.get']("available_zones:" + key + ":masters") %} - zone "{{ key }}" { - type {{ args['type'] }}; - file "data/{{ file }}"; - {% if args['type'] == "master" -%} - {% if args['notify'] -%} - notify yes; - {% else -%} - notify no; - {%- endif %} +zone "{{ key }}" { + type {{ args['type'] }}; + file "data/{{ file }}"; + {% if args['type'] == "master" -%} + {% if args['notify'] -%} + notify yes; {% else -%} - masters { {{ masters }} }; - {%- endif %} - }; + notify no; + {%- endif -%} + {% else -%} + notify no; + masters { {{ masters }} }; + {%- endif %} +}; {% endfor %} + diff --git a/bind/init.sls b/bind/init.sls index d4dc1f2..c24af2b 100644 --- a/bind/init.sls +++ b/bind/init.sls @@ -8,3 +8,4 @@ bind: - running - name: {{ map.service }} - enable: True + - reload: True diff --git a/bind/map.jinja b/bind/map.jinja index 2f37219..3fea5ff 100644 --- a/bind/map.jinja +++ b/bind/map.jinja @@ -8,7 +8,7 @@ 'default_zones_config': '/etc/bind/named.conf.default-zones', 'named_directory': '/var/cache/bind/zones', 'user': 'root', - 'group': 'bind', + 'group': 'bind' }, 'RedHat': { 'pkgs': ['bind'], @@ -17,6 +17,6 @@ 'local_config': '/etc/named.conf.local', 'named_directory': '/var/named/data', 'user': 'root', - 'group': 'named', + 'group': 'named' }, }, merge=salt['pillar.get']('bind:lookup')) %} diff --git a/bind/utils.sls b/bind/utils.sls new file mode 100644 index 0000000..d24a57e --- /dev/null +++ b/bind/utils.sls @@ -0,0 +1,2 @@ +bind9-host: + pkg.installed