Merge pull request #7 from garethgreenaway/master

Cleaning up the bind9 salt formula.

bind/config.sls

@@ -3,11 +3,22 @@
 include:
   - bind
 
+named_directory:
+  file.directory:
+    - name: {{ map.named_directory }}
+    - user: {{ salt['pillar.get']('bind:config:user', 'map.user') }}
+    - group: {{ salt['pillar.get']('bind:config:group', 'map.group') }}
+    - mode: 775
+    - makedirs: True
+    - require:
+      - pkg: bind
+
+{% if grains['os_family'] == 'RedHat' %}
 bind_config:
   file:
     - managed
     - name: {{ map.config }}
-    - source: {{ salt['pillar.get']('bind:config:tmpl', 'salt://bind/files/named.conf') }}
+    - source: 'salt://bind/files/redhat/named.conf'
     - template: jinja
     - user: {{ salt['pillar.get']('bind:config:user', map.user) }}
     - group: {{ salt['pillar.get']('bind:config:group', map.group) }}
@@ -17,41 +28,44 @@ bind_config:
     - watch_in:
       - service: bind
 
-named_directory:
-  file.directory:
-    - name: {{ map.named_directory }}
-    - user: {{ salt['pillar.get']('bind:config:user', map.user) }}
-    - group: {{ salt['pillar.get']('bind:config:group', map.group) }}
-    - mode: 775
-    - makedirs: True
-    - require:
-      - pkg: bind
-
-{% if grains['os_family'] == 'RedHat' %}
 bind_local_config:
   file:
     - managed
     - name: {{ map.local_config }}
     - source: 'salt://bind/files/redhat/named.conf.local'
     - template: jinja
-    - user: {{ salt['pillar.get']('bind:config:user', map.user) }}
+    - user: {{ salt['pillar.get']('bind:config:user', 'map.user') }}
-    - group: {{ salt['pillar.get']('bind:config:group', map.group) }}
+    - group: {{ salt['pillar.get']('bind:config:group', 'map.group') }}
     - mode: {{ salt['pillar.get']('bind:config:mode', '644') }}
     - require:
       - pkg: bind
     - watch_in:
-      - service: bind
+      - service: named
 {% endif %}
 
 {% if grains['os_family'] == 'Debian' %}
+bind_config:
+  file:
+    - managed
+    - name: {{ map.config }}
+    - source: 'salt://bind/files/debian/named.conf'
+    - template: jinja
+    - user: {{ salt['pillar.get']('bind:config:user', map.user) }}
+    - group: {{ salt['pillar.get']('bind:config:group', map.group) }}
+    - mode: {{ salt['pillar.get']('bind:config:mode', '640') }}
+    - require:
+      - pkg: bind
+    - watch_in:
+      - service: bind
+
 bind_local_config:
   file:
     - managed
     - name: {{ map.local_config }}
     - source: 'salt://bind/files/debian/named.conf.local'
     - template: jinja
-    - user: {{ salt['pillar.get']('bind:config:user', map.user) }}
+    - user: {{ salt['pillar.get']('bind:config:user', 'map.user') }}
-    - group: {{ salt['pillar.get']('bind:config:group', map.group) }}
+    - group: {{ salt['pillar.get']('bind:config:group', 'map.group') }}
     - mode: {{ salt['pillar.get']('bind:config:mode', '644') }}
     - require:
       - pkg: bind
@@ -64,8 +78,8 @@ bind_options_config:
     - name: {{ map.options_config }}
     - source: 'salt://bind/files/debian/named.conf.options'
     - template: jinja
-    - user: {{ salt['pillar.get']('bind:config:user', map.user) }}
+    - user: {{ salt['pillar.get']('bind:config:user', 'map.user') }}
-    - group: {{ salt['pillar.get']('bind:config:group', map.group) }}
+    - group: {{ salt['pillar.get']('bind:config:group', 'map.group') }}
     - mode: {{ salt['pillar.get']('bind:config:mode', '644') }}
     - require:
       - pkg: bind
@@ -78,13 +92,20 @@ bind_default_zones:
     - name: {{ map.default_zones_config }}
     - source: 'salt://bind/files/debian/named.conf.default-zones'
     - template: jinja
-    - user: {{ salt['pillar.get']('bind:config:user', 'root') }}
+    - user: {{ salt['pillar.get']('bind:config:user', 'map.user') }}
-    - group: {{ salt['pillar.get']('bind:config:group', 'bind') }}
+    - group: {{ salt['pillar.get']('bind:config:group', 'map.group') }}
     - mode: {{ salt['pillar.get']('bind:config:mode', '644') }}
     - require:
       - pkg: bind
     - watch_in:
       - service: bind
+
+/var/log/bind9:
+  file:
+    - directory
+    - user: root
+    - group: bind
+    - mode: 775
 {% endif %}
 
 {% for key,args in salt['pillar.get']('bind:configured_zones', {}).iteritems()  -%}
@@ -95,12 +116,22 @@ zones-{{ file }}:
     - managed
     - name: {{ map.named_directory }}/{{ file }}
     - source: 'salt://bind/zones/{{ file }}'
-    - user: {{ salt['pillar.get']('bind:config:user', map.user) }}
+    - user: {{ salt['pillar.get']('bind:config:user', 'map.user') }}
-    - group: {{ salt['pillar.get']('bind:config:group', map.group) }}
+    - group: {{ salt['pillar.get']('bind:config:group', 'map.group') }}
     - mode: {{ salt['pillar.get']('bind:config:mode', '644') }}
     - watch_in:
       - service: bind
     - require:
       - file: {{ map.named_directory }}
+
+{% if args['dnssec'] is defined and args['dnssec'] -%}
+signed-{{file}}:
+  cmd.run:
+    - cwd: {{ map.named_directory }}
+    - name: zonesigner -zone {{ key }} {{ file }}
+    - prereq:
+      - file: zones-{{ file }}
+{% endif %}
+
 {% endif %}
 {% endfor %}

bind/files/debian/named.conf.local

@@ -19,6 +19,7 @@ zone "{{ key }}" {
   notify no;
     {%- endif -%}
   {% else -%}
+  notify no;
   masters { {{ masters }} };
   {%- endif %}
 };

bind/files/debian/named.conf.options

@@ -15,5 +15,7 @@ options {
         // };
 
         auth-nxdomain no;    # conform to RFC1035
-        //listen-on-v6 { any; };
+        {% if salt['pillar.get']('bind:config:ipv6', 'False') %}
+        listen-on-v6 { {{ salt['pillar.get']('bind:config:ipv6_listen', 'any') }}; };
+        {% endif %}
 };

bind/files/named.conf

@@ -1,15 +0,0 @@
-{% if ipv6 %}
-listen-on-v6 { {{ ipv6_listen }}; };
-{% endif %}
-
-{#
-{% for dns_zone in pillar['dns_zones'] %}
-zone "{{ dns_zone['zone'] }}" {
-        type {{ dns_zone['type'] }};
-        file "{{ dns_zone['file'] }}";
-        {% if dns_zone['type'] == "slave" %}
-        masters { {{ dns_zone['masters'] }} };
-        {% endif %}
-};
-{% endfor %}
-#}

bind/files/redhat/named.conf.local

@@ -2,6 +2,10 @@
 // Do any local configuration here
 //
 
+// Consider adding the 1918 zones here, if they are not used in your
+// organization
+//include "/etc/bind/zones.rfc1918";
+
 {% for key,args in salt['pillar.get']('bind:configured_zones', {}).iteritems()  -%}
 {%- set file = salt['pillar.get']("available_zones:" + key + ":file") %}
 {%- set masters = salt['pillar.get']("available_zones:" + key + ":masters") %}
@@ -13,9 +17,11 @@
   notify yes;
     {% else -%}
   notify no;
-      {%- endif %}
+    {%- endif -%}
   {% else -%}
+  notify no;
   masters { {{ masters }} };
   {%- endif %}
 };
 {% endfor %}
+

bind/init.sls

@@ -8,3 +8,4 @@ bind:
     - running
     - name: {{ map.service }}
     - enable: True
+    - reload: True

bind/map.jinja

@@ -8,7 +8,7 @@
         'default_zones_config': '/etc/bind/named.conf.default-zones',
         'named_directory': '/var/cache/bind/zones',
         'user': 'root',
-        'group': 'bind',
+        'group': 'bind'
     },
     'RedHat': {
         'pkgs': ['bind'],
@@ -17,6 +17,6 @@
         'local_config': '/etc/named.conf.local',
         'named_directory': '/var/named/data',
         'user': 'root',
-        'group': 'named',
+        'group': 'named'
     },
 }, merge=salt['pillar.get']('bind:lookup')) %}

bind/utils.sls

@@ -0,0 +1,2 @@
+bind9-host:
+  pkg.installed