From 698382cd9c27d670d579a7703073117af746a137 Mon Sep 17 00:00:00 2001 From: Jerzy Drozdz Date: Fri, 24 Mar 2017 23:22:23 +0100 Subject: [PATCH 01/10] Added options for loop in redhat config --- bind/files/redhat/named.conf | 20 ++++++++++++-------- pillar.example | 9 +++++++++ 2 files changed, 21 insertions(+), 8 deletions(-) diff --git a/bind/files/redhat/named.conf b/bind/files/redhat/named.conf index 946f91f..7a9f757 100644 --- a/bind/files/redhat/named.conf +++ b/bind/files/redhat/named.conf @@ -8,19 +8,23 @@ // options { - //listen-on port 53 { 127.0.0.1; }; - listen-on port 53 { any; }; - listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; - allow-query { any; }; - recursion yes; - dnssec-enable yes; - dnssec-validation yes; - dnssec-lookaside auto; +{#- Allow inclusion of arbitrary statements #} +{%- for statement, value in salt['pillar.get']('bind:config:options', {}).items() -%} + {%- if value is iterable and value is not string %} + {{ statement }} { + {%- for item in value %} + {{ item }}; + {%- endfor %} + }; + {%- else %} + {{ statement }} {{ value }}; + {%- endif %} +{%- endfor %} /* Path to ISC DLV key */ bindkeys-file "/etc/named.iscdlv.key"; diff --git a/pillar.example b/pillar.example index f11b3dc..486230b 100644 --- a/pillar.example +++ b/pillar.example @@ -24,6 +24,14 @@ bind: mode: 640 # File & Directory mode options: allow-recursion: '{ any; }' # Never include this on a public resolver +# RedHat defaults, needed to generate default config file + listen-on: 'port 53 { 127.0.0.1; }' + listen-on-v6: 'port 53 { ::1; }' + allow-query: '{ localhost; }' + recursion: 'yes' + dnssec-enable: 'yes' + dnssec-validation: 'yes' +# End RedHat defaults protocol: 4 # Force bind to serve only one IP protocol # (ipv4: 4, ipv6: 6). Omitting this reverts to @@ -38,6 +46,7 @@ bind: # End Debian based systems + ### Keys, Zones, ACLs and Views ### bind: keys: From c1312aa11bcdac0e4052cc6f93f0cee2a1e3a363 Mon Sep 17 00:00:00 2001 From: Jerzy Drozdz Date: Sat, 25 Mar 2017 00:16:24 +0100 Subject: [PATCH 02/10] Added logging configuration --- bind/files/redhat/named.conf | 37 ++++++++++++++++++++++++++++++++++-- 1 file changed, 35 insertions(+), 2 deletions(-) diff --git a/bind/files/redhat/named.conf b/bind/files/redhat/named.conf index 7a9f757..8641a12 100644 --- a/bind/files/redhat/named.conf +++ b/bind/files/redhat/named.conf @@ -14,11 +14,11 @@ options { memstatistics-file "/var/named/data/named_mem_stats.txt"; {#- Allow inclusion of arbitrary statements #} -{%- for statement, value in salt['pillar.get']('bind:config:options', {}).items() -%} +{%- for statement, value in salt['pillar.get']('bind:config:options', map.get('options', {})).items() -%} {%- if value is iterable and value is not string %} {{ statement }} { {%- for item in value %} - {{ item }}; + {{ item }}; {%- endfor %} }; {%- else %} @@ -37,6 +37,39 @@ logging { file "data/named.run"; severity dynamic; }; + +{%- for channel, value in salt['pillar.get']('bind:config:logging:channels', {}).items() -%} + {%- if value is iterable %} + channel {{ channel }} { + {%- for statement, item in value.items() %} + {{ statement }} {{ item }}; + {%- endfor %} + }; + {%- endif %} +{%- endfor %} + +{%- for statement, value in salt['pillar.get']('bind:config:logging:category', {}).items() -%} + category {{ statement }} { + {%- for item in value %} + {{ item }}; + {%- endfor %} + }; +{%- endfor %} + +{%- for statement, value in salt['pillar.get']('bind:config:logging', {}).items() -%} + {%- if statement not in ( 'channels', 'category' ) %} + {%- if value is iterable and value is not string %} + {{ statement }} { + {%- for item in value %} + {{ item }}; + {%- endfor %} + }; + {%- else %} + {{ statement }} {{ value }}; + {%- endif %} + {%- endif %} +{%- endfor %} + }; zone "." IN { From 5f93b7fe07967efa0347a99ba63761fce911ce16 Mon Sep 17 00:00:00 2001 From: Jerzy Drozdz Date: Sat, 25 Mar 2017 00:18:59 +0100 Subject: [PATCH 03/10] RedHat defaults moved to map.jinja --- bind/map.jinja | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/bind/map.jinja b/bind/map.jinja index e3e6b1b..5c72eeb 100644 --- a/bind/map.jinja +++ b/bind/map.jinja @@ -30,7 +30,15 @@ 'log_mode': '640', 'user': 'root', 'group': 'named', - 'mode': '640' + 'mode': '640', + 'options': { + 'listen-on': 'port 53 { 127.0.0.1; }', + 'listen-on-v6': 'port 53 { ::1; }', + 'allow-query': '{ localhost; }', + 'recursion': 'yes', + 'dnssec-enable': 'yes', + 'dnssec-validation': 'yes' + } }, 'Arch': { 'pkgs': ['bind', 'bind-tools', 'dnssec-tools'], From 1cf371921ca6c385e0635deab7fdcf5daa767eec Mon Sep 17 00:00:00 2001 From: Jerzy Drozdz Date: Sat, 25 Mar 2017 00:29:49 +0100 Subject: [PATCH 04/10] Corrected 'named_directory' default value --- bind/map.jinja | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bind/map.jinja b/bind/map.jinja index 5c72eeb..6178a17 100644 --- a/bind/map.jinja +++ b/bind/map.jinja @@ -25,7 +25,7 @@ 'config': '/etc/named.conf', 'local_config': '/etc/named.conf.local', 'default_config': '/etc/sysconfig/named', - 'named_directory': '/var/named/data', + 'named_directory': '/var/named', 'log_dir': '/var/log/named', 'log_mode': '640', 'user': 'root', From 8d93eabd86885e056ef6ca300aca1ed8a8dbb768 Mon Sep 17 00:00:00 2001 From: Jerzy Drozdz Date: Sat, 25 Mar 2017 01:30:14 +0100 Subject: [PATCH 05/10] Copied part of functionality from debian conf.local --- bind/files/redhat/named.conf.local | 58 +++++++++++++++++++++++++----- 1 file changed, 50 insertions(+), 8 deletions(-) diff --git a/bind/files/redhat/named.conf.local b/bind/files/redhat/named.conf.local index f4a7128..3f666fd 100644 --- a/bind/files/redhat/named.conf.local +++ b/bind/files/redhat/named.conf.local @@ -6,9 +6,7 @@ // organization //include "/etc/bind/zones.rfc1918"; -{% for key,args in salt['pillar.get']('bind:configured_zones', {}).items() -%} -{%- set file = salt['pillar.get']("bind:available_zones:" + key + ":file") %} -{%- set masters = salt['pillar.get']("bind:available_zones:" + key + ":masters") %} +{%- macro zone(key, args, file, masters) %} zone "{{ key }}" { type {{ args['type'] }}; {% if args['type'] == 'forward' -%} @@ -21,20 +19,64 @@ zone "{{ key }}" { {%- endfor %} }; {% else -%} - file "data/{{ file }}"; + {% if args['dnssec'] is defined and args['dnssec'] -%} + file "{{ map.named_directory }}/{{ file }}.signed"; + {% else -%} + file "{{ map.named_directory }}/{{ file }}"; + {%- endif %} + {%- if args['allow-update'] is defined %} + allow-update { {{args['allow-update']}}; }; + {%- endif %} + {%- if args.update_policy is defined %} + update-policy { + {%- for policy in args.update_policy %} + {{ policy }}; + {%- endfor %} + }; + {%- endif %} + {%- if args['allow-transfer'] is defined %} + allow-transfer { {{ args.get('allow-transfer', []) | join('; ') }}; }; + {%- endif %} {%- if args['also-notify'] is defined %} also-notify { {{ args.get('also-notify', []) | join('; ') }}; }; {%- endif %} - {% if args['type'] == "master" -%} - {% if args['notify'] -%} + {%- if args['type'] == 'slave' %} + {%- if args['allow-notify'] is defined %} + allow-notify { {{ args.get('allow-notify', []) | join('; ') }}; }; + {%- endif %} + {%- endif %} + {%- if args['type'] == "master" -%} + {% if args['notify'] %} notify yes; - {% else -%} + {% else %} notify no; {%- endif -%} - {% else -%} + {% else %} notify no; + {%- if masters is iterable and masters is not string %} + masters { + {%- for item in masters %} + {{ item }}; + {%- endfor %} + }; + {%- else %} masters { {{ masters }} }; + {%- endif %} {%- endif %} {%- endif %} }; +{%- endmacro %} + +{% for key, args in salt['pillar.get']('bind:configured_zones', {}).items() -%} +{%- set file = args.get('file', salt['pillar.get']("bind:available_zones:" + key + ":file")) %} +{%- set masters = args.get('masters', salt['pillar.get']("bind:available_zones:" + key + ":masters")) %} +{{ zone(key, args, file, masters) }} {% endfor %} + +{%- for name, data in salt['pillar.get']('bind:configured_acls', {}).items() %} +acl {{ name }} { + {%- for d in data %} + {{ d }}; + {%- endfor %} +}; +{%- endfor %} From 29ea62ec2191e6d415df07b0236889e88e8a258e Mon Sep 17 00:00:00 2001 From: Jerzy Drozdz Date: Sat, 25 Mar 2017 01:56:40 +0100 Subject: [PATCH 06/10] Changed zone file path --- bind/files/redhat/named.conf.local | 42 +++++++++++++++--------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/bind/files/redhat/named.conf.local b/bind/files/redhat/named.conf.local index 3f666fd..ea3dcfd 100644 --- a/bind/files/redhat/named.conf.local +++ b/bind/files/redhat/named.conf.local @@ -8,59 +8,59 @@ {%- macro zone(key, args, file, masters) %} zone "{{ key }}" { - type {{ args['type'] }}; + type {{ args['type'] }}; {% if args['type'] == 'forward' -%} {% if args['forward'] is defined -%} - forward {{ args['forward'] }}; + forward {{ args['forward'] }}; {%- endif %} - forwarders { + forwarders { {% for forwarder in args.forwarders -%} - {{ forwarder }}; + {{ forwarder }}; {%- endfor %} }; {% else -%} {% if args['dnssec'] is defined and args['dnssec'] -%} - file "{{ map.named_directory }}/{{ file }}.signed"; + file "{{ file }}.signed"; {% else -%} - file "{{ map.named_directory }}/{{ file }}"; + file "{{ file }}"; {%- endif %} {%- if args['allow-update'] is defined %} - allow-update { {{args['allow-update']}}; }; + allow-update { {{args['allow-update']}}; }; {%- endif %} {%- if args.update_policy is defined %} - update-policy { + update-policy { {%- for policy in args.update_policy %} - {{ policy }}; + {{ policy }}; {%- endfor %} - }; + }; {%- endif %} {%- if args['allow-transfer'] is defined %} - allow-transfer { {{ args.get('allow-transfer', []) | join('; ') }}; }; + allow-transfer { {{ args.get('allow-transfer', []) | join('; ') }}; }; {%- endif %} {%- if args['also-notify'] is defined %} - also-notify { {{ args.get('also-notify', []) | join('; ') }}; }; + also-notify { {{ args.get('also-notify', []) | join('; ') }}; }; {%- endif %} {%- if args['type'] == 'slave' %} {%- if args['allow-notify'] is defined %} - allow-notify { {{ args.get('allow-notify', []) | join('; ') }}; }; + allow-notify { {{ args.get('allow-notify', []) | join('; ') }}; }; {%- endif %} {%- endif %} {%- if args['type'] == "master" -%} {% if args['notify'] %} - notify yes; + notify yes; {% else %} - notify no; + notify no; {%- endif -%} {% else %} - notify no; + notify no; {%- if masters is iterable and masters is not string %} - masters { + masters { {%- for item in masters %} - {{ item }}; + {{ item }}; {%- endfor %} - }; + }; {%- else %} - masters { {{ masters }} }; + masters { {{ masters }} }; {%- endif %} {%- endif %} {%- endif %} @@ -76,7 +76,7 @@ zone "{{ key }}" { {%- for name, data in salt['pillar.get']('bind:configured_acls', {}).items() %} acl {{ name }} { {%- for d in data %} - {{ d }}; + {{ d }}; {%- endfor %} }; {%- endfor %} From 18150770aa47f393c292508e7f16872eaac7de51 Mon Sep 17 00:00:00 2001 From: Jerzy Drozdz Date: Sat, 25 Mar 2017 01:58:35 +0100 Subject: [PATCH 07/10] Added zone class --- bind/files/redhat/named.conf.local | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bind/files/redhat/named.conf.local b/bind/files/redhat/named.conf.local index ea3dcfd..fc5907a 100644 --- a/bind/files/redhat/named.conf.local +++ b/bind/files/redhat/named.conf.local @@ -7,7 +7,7 @@ //include "/etc/bind/zones.rfc1918"; {%- macro zone(key, args, file, masters) %} -zone "{{ key }}" { +zone "{{ key }}" IN { type {{ args['type'] }}; {% if args['type'] == 'forward' -%} {% if args['forward'] is defined -%} From a8b0353c90948ee31ac94a641015f5ee1a290667 Mon Sep 17 00:00:00 2001 From: Jerzy Drozdz Date: Sat, 25 Mar 2017 02:18:26 +0100 Subject: [PATCH 08/10] Set replace to False for query.log state --- bind/config.sls | 1 + 1 file changed, 1 insertion(+) diff --git a/bind/config.sls b/bind/config.sls index bad7c27..cb9ba7a 100644 --- a/bind/config.sls +++ b/bind/config.sls @@ -20,6 +20,7 @@ bind_restart: {{ map.log_dir }}/query.log: file.managed: + - replace: False - user: {{ salt['pillar.get']('bind:config:user', map.user) }} - group: {{ salt['pillar.get']('bind:config:group', map.group) }} - mode: {{ salt['pillar.get']('bind:config:log_mode', map.log_mode) }} From cab5e24854f84490d26b13d17e854b2e7d70fe61 Mon Sep 17 00:00:00 2001 From: Jerzy Drozdz Date: Wed, 29 Mar 2017 17:45:17 +0200 Subject: [PATCH 09/10] Formating fix --- bind/files/redhat/named.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bind/files/redhat/named.conf b/bind/files/redhat/named.conf index 8641a12..11a10da 100644 --- a/bind/files/redhat/named.conf +++ b/bind/files/redhat/named.conf @@ -48,7 +48,7 @@ logging { {%- endif %} {%- endfor %} -{%- for statement, value in salt['pillar.get']('bind:config:logging:category', {}).items() -%} +{%- for statement, value in salt['pillar.get']('bind:config:logging:category', {}).items() %} category {{ statement }} { {%- for item in value %} {{ item }}; From 2156b92221186be32ba1324a96acb1077fccdc8d Mon Sep 17 00:00:00 2001 From: Jerzy Drozdz Date: Sun, 9 Apr 2017 10:56:08 +0200 Subject: [PATCH 10/10] Added configured_zones as file path source --- bind/config.sls | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/bind/config.sls b/bind/config.sls index cb9ba7a..2804364 100644 --- a/bind/config.sls +++ b/bind/config.sls @@ -132,7 +132,7 @@ bind_default_zones: {% endif %} {% for zone, zone_data in salt['pillar.get']('bind:configured_zones', {}).items() -%} -{%- set file = salt['pillar.get']("bind:available_zones:" + zone + ":file") %} +{%- set file = salt['pillar.get']("bind:available_zones:" + zone + ":file", zone_data.get('file')) %} {% if file and zone_data['type'] == "master" -%} zones-{{ zone }}: file.managed: @@ -161,7 +161,7 @@ signed-{{ zone }}: {%- for view, view_data in salt['pillar.get']('bind:configured_views', {}).items() %} {% for zone, zone_data in view_data.get('configured_zones', {}).items() -%} -{%- set file = salt['pillar.get']("bind:available_zones:" + zone + ":file") %} +{%- set file = salt['pillar.get']("bind:available_zones:" + zone + ":file", zone_data.get('file')) %} {% if file and zone_data['type'] == "master" -%} zones-{{ view }}-{{ zone }}: file.managed: