From 282f022d3de75a9fead6c58523a253db2196aa49 Mon Sep 17 00:00:00 2001 From: Cosmin Dumitru Date: Sun, 19 Oct 2014 15:24:41 +0200 Subject: [PATCH 01/22] version check for logrotate --- bind/config.sls | 1 + bind/files/debian/logrotate_bind | 2 ++ 2 files changed, 3 insertions(+) diff --git a/bind/config.sls b/bind/config.sls index 1dc68c1..aa43db0 100644 --- a/bind/config.sls +++ b/bind/config.sls @@ -127,6 +127,7 @@ bind_default_zones: file: - managed - source: salt://bind/files/debian/logrotate_bind + - template: jinja - user: root - group: root diff --git a/bind/files/debian/logrotate_bind b/bind/files/debian/logrotate_bind index 9677a5a..a17b4ae 100644 --- a/bind/files/debian/logrotate_bind +++ b/bind/files/debian/logrotate_bind @@ -7,5 +7,7 @@ copytruncate compress create 0664 bind root + {% if not salt['pkg.version']('logrotate').startswith('3.7')-%} su + {% endif %} } From 6891f1d7f283034644addb7dffc14d641d69ae21 Mon Sep 17 00:00:00 2001 From: Skyler Berg Date: Wed, 19 Nov 2014 11:31:10 -0800 Subject: [PATCH 02/22] Switch logging dir to /var/log/named for Ubuntu Apparmor expects /var/log/named to be the logging directory for bind9 in Ubuntu 12.04 (and most likely 14.04). --- bind/config.sls | 9 +++++++-- bind/files/debian/logrotate_bind | 2 +- bind/files/debian/named.conf.local | 2 +- bind/map.jinja | 8 +++++++- 4 files changed, 16 insertions(+), 5 deletions(-) diff --git a/bind/config.sls b/bind/config.sls index 1dc68c1..63208a7 100644 --- a/bind/config.sls +++ b/bind/config.sls @@ -81,6 +81,8 @@ bind_local_config: - user: {{ salt['pillar.get']('bind:config:user', map.user) }} - group: {{ salt['pillar.get']('bind:config:group', map.group) }} - mode: {{ salt['pillar.get']('bind:config:mode', '644') }} + - context: + map: {{ map }} - require: - pkg: bind - watch_in: @@ -114,7 +116,7 @@ bind_default_zones: - watch_in: - service: bind -/var/log/bind9: +{{ map.log_dir }}: file: - directory - user: root @@ -123,12 +125,15 @@ bind_default_zones: - template: jinja -/etc/logrotate.d/bind9: +/etc/logrotate.d/{{ map.service }}: file: - managed - source: salt://bind/files/debian/logrotate_bind - user: root - group: root + - template: jinja + - context: + map: {{ map }} {% endif %} diff --git a/bind/files/debian/logrotate_bind b/bind/files/debian/logrotate_bind index 9677a5a..396e1a7 100644 --- a/bind/files/debian/logrotate_bind +++ b/bind/files/debian/logrotate_bind @@ -1,4 +1,4 @@ -/var/log/bind9/query.log { +{{ map.log_dir }}/query.log { rotate 7 daily missingok diff --git a/bind/files/debian/named.conf.local b/bind/files/debian/named.conf.local index 322a56b..1eb485a 100644 --- a/bind/files/debian/named.conf.local +++ b/bind/files/debian/named.conf.local @@ -30,6 +30,6 @@ zone "{{ key }}" { {% endfor %} logging { - channel "querylog" { file "/var/log/bind9/query.log"; print-time yes; }; + channel "querylog" { file "{{ map.log_dir }}/query.log"; print-time yes; }; category queries { querylog; }; }; diff --git a/bind/map.jinja b/bind/map.jinja index 1be4d25..f1a53a3 100644 --- a/bind/map.jinja +++ b/bind/map.jinja @@ -8,6 +8,7 @@ 'options_config': '/etc/bind/named.conf.options', 'default_zones_config': '/etc/bind/named.conf.default-zones', 'named_directory': '/var/cache/bind/zones', + 'log_dir': '/var/log/bind9', 'user': 'root', 'group': 'bind' }, @@ -17,7 +18,12 @@ 'config': '/etc/named.conf', 'local_config': '/etc/named.conf.local', 'named_directory': '/var/named/data', + 'log_dir': '/var/log/named', 'user': 'root', 'group': 'named' }, -}, merge=salt['pillar.get']('bind:lookup')) %} +}, merge=salt['grains.filter_by']({ + 'Ubuntu': { + 'log_dir': '/var/log/named' + }, +}, grain='os', merge=salt['pillar.get']('bind:lookup'))) %} From c019d1e946483c1f8e406f564c8963bec98c5bf9 Mon Sep 17 00:00:00 2001 From: Skyler Berg Date: Thu, 20 Nov 2014 10:31:11 -0800 Subject: [PATCH 03/22] Allow inclusion of arbitrary options --- bind/files/debian/named.conf.options | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/bind/files/debian/named.conf.options b/bind/files/debian/named.conf.options index 7661808..c465724 100644 --- a/bind/files/debian/named.conf.options +++ b/bind/files/debian/named.conf.options @@ -17,5 +17,10 @@ options { auth-nxdomain no; # conform to RFC1035 {% if salt['pillar.get']('bind:config:ipv6', 'False') %} listen-on-v6 { {{ salt['pillar.get']('bind:config:ipv6_listen', 'any') }}; }; - {% endif %} + {% endif -%} + + {# Allow inclusion of arbitrary statements -#} + {% for statement, value in salt['pillar.get']('bind:config:options', {}).iteritems() -%} + {{ statement }} {{ value}} + {% endfor -%} }; From f3dce66398295c0196becc32c0de63a7abce26b8 Mon Sep 17 00:00:00 2001 From: Skyler Berg Date: Thu, 20 Nov 2014 10:45:44 -0800 Subject: [PATCH 04/22] Add an example of configuring an arbitrary option to pillar.example --- pillar.example | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pillar.example b/pillar.example index cbda55f..9d72ce2 100644 --- a/pillar.example +++ b/pillar.example @@ -11,6 +11,8 @@ bind: user: root group: named mode: 640 + options: + allow-recursion: '{ any; };' # Never include this on a public resolver bind: keys: From 0de2c1bed054026001f7dc468dc3e7268ad5b331 Mon Sep 17 00:00:00 2001 From: Seth House Date: Sat, 13 Dec 2014 00:19:58 -0700 Subject: [PATCH 05/22] Change states to use short-dec style --- bind/config.sls | 30 ++++++++++-------------------- bind/init.sls | 6 ++---- 2 files changed, 12 insertions(+), 24 deletions(-) diff --git a/bind/config.sls b/bind/config.sls index 8bb5771..98fef95 100644 --- a/bind/config.sls +++ b/bind/config.sls @@ -15,8 +15,7 @@ named_directory: {% if grains['os_family'] == 'RedHat' %} bind_config: - file: - - managed + file.managed: - name: {{ map.config }} - source: 'salt://bind/files/redhat/named.conf' - template: jinja @@ -29,8 +28,7 @@ bind_config: - service: bind bind_local_config: - file: - - managed + file.managed: - name: {{ map.local_config }} - source: 'salt://bind/files/redhat/named.conf.local' - template: jinja @@ -45,8 +43,7 @@ bind_local_config: {% if grains['os_family'] == 'Debian' %} bind_config: - file: - - managed + file.managed: - name: {{ map.config }} - source: 'salt://bind/files/debian/named.conf' - template: jinja @@ -59,8 +56,7 @@ bind_config: - service: bind bind_key_config: - file: - - managed + file.managed: - name: {{ map.key_config }} - source: 'salt://bind/files/debian/named.conf.key' - template: jinja @@ -73,8 +69,7 @@ bind_key_config: - service: bind bind_local_config: - file: - - managed + file.managed: - name: {{ map.local_config }} - source: 'salt://bind/files/debian/named.conf.local' - template: jinja @@ -89,8 +84,7 @@ bind_local_config: - service: bind bind_options_config: - file: - - managed + file.managed: - name: {{ map.options_config }} - source: 'salt://bind/files/debian/named.conf.options' - template: jinja @@ -103,8 +97,7 @@ bind_options_config: - service: bind bind_default_zones: - file: - - managed + file.managed: - name: {{ map.default_zones_config }} - source: 'salt://bind/files/debian/named.conf.default-zones' - template: jinja @@ -117,8 +110,7 @@ bind_default_zones: - service: bind {{ map.log_dir }}: - file: - - directory + file.directory: - user: root - group: bind - mode: 775 @@ -126,8 +118,7 @@ bind_default_zones: /etc/logrotate.d/{{ map.service }}: - file: - - managed + file.managed: - source: salt://bind/files/debian/logrotate_bind - template: jinja - user: root @@ -142,8 +133,7 @@ bind_default_zones: {%- set file = salt['pillar.get']("available_zones:" + key + ":file") %} {% if args['type'] == "master" -%} zones-{{ file }}: - file: - - managed + file.managed: - name: {{ map.named_directory }}/{{ file }} - source: 'salt://bind/zones/{{ file }}' - user: {{ salt['pillar.get']('bind:config:user', map.user) }} diff --git a/bind/init.sls b/bind/init.sls index c24af2b..feb6609 100644 --- a/bind/init.sls +++ b/bind/init.sls @@ -1,11 +1,9 @@ {% from "bind/map.jinja" import map with context %} bind: - pkg: - - installed + pkg.installed: - pkgs: {{ map.pkgs|json }} - service: - - running + service.running: - name: {{ map.service }} - enable: True - reload: True From e7623e1065d558aeac32082528ab3a7ab156e48f Mon Sep 17 00:00:00 2001 From: david Date: Mon, 2 Feb 2015 19:09:56 +0100 Subject: [PATCH 06/22] this package is needed on Debian/Ubuntu for dnssec to work, or else: 'pid': 30370, 'retcode': 127, 'stderr': '/bin/bash: zonesigner: command not found', 'stdout': ' --- bind/map.jinja | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bind/map.jinja b/bind/map.jinja index f1a53a3..bc7aa87 100644 --- a/bind/map.jinja +++ b/bind/map.jinja @@ -1,6 +1,6 @@ {% set map = salt['grains.filter_by']({ 'Debian': { - 'pkgs': ['bind9', 'bind9utils'], + 'pkgs': ['bind9', 'bind9utils', 'dnssec-tools'], 'service': 'bind9', 'config': '/etc/bind/named.conf', 'local_config': '/etc/bind/named.conf.local', From 11374068ce6b484654b44920e79222f8d09c29ac Mon Sep 17 00:00:00 2001 From: david Date: Tue, 3 Feb 2015 10:35:11 +0100 Subject: [PATCH 07/22] should use the signed file in named.config.local if dnssec, else the plain one --- bind/files/debian/named.conf.local | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/bind/files/debian/named.conf.local b/bind/files/debian/named.conf.local index 1eb485a..23b4f6c 100644 --- a/bind/files/debian/named.conf.local +++ b/bind/files/debian/named.conf.local @@ -12,7 +12,11 @@ {%- set masters = salt['pillar.get']("available_zones:" + key + ":masters") %} zone "{{ key }}" { type {{ args['type'] }}; + {% if args['dnssec'] is defined and args['dnssec'] -%} + file "zones/{{ file }}.signed"; + {% else -%} file "zones/{{ file }}"; + {%- endif %} {% if args['allow-update'] is defined -%} allow-update { {{args['allow-update']}}; }; {%- endif %} From ea66c97e7ea982f8f06d0f2bef041ddaccbed2b8 Mon Sep 17 00:00:00 2001 From: root Date: Wed, 18 Feb 2015 23:04:16 +0100 Subject: [PATCH 08/22] Fix some pillar paths for key "available_zones". --- bind/config.sls | 2 +- bind/files/debian/named.conf.local | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/bind/config.sls b/bind/config.sls index 98fef95..a0cb04d 100644 --- a/bind/config.sls +++ b/bind/config.sls @@ -130,7 +130,7 @@ bind_default_zones: {% endif %} {% for key,args in salt['pillar.get']('bind:configured_zones', {}).iteritems() -%} -{%- set file = salt['pillar.get']("available_zones:" + key + ":file") %} +{%- set file = salt['pillar.get']("bind:available_zones:" + key + ":file") %} {% if args['type'] == "master" -%} zones-{{ file }}: file.managed: diff --git a/bind/files/debian/named.conf.local b/bind/files/debian/named.conf.local index 23b4f6c..3376cf9 100644 --- a/bind/files/debian/named.conf.local +++ b/bind/files/debian/named.conf.local @@ -8,8 +8,8 @@ //include "/etc/bind/zones.rfc1918"; {% for key,args in salt['pillar.get']('bind:configured_zones', {}).iteritems() -%} -{%- set file = salt['pillar.get']("available_zones:" + key + ":file") %} -{%- set masters = salt['pillar.get']("available_zones:" + key + ":masters") %} +{%- set file = salt['pillar.get']("bind:available_zones:" + key + ":file") %} +{%- set masters = salt['pillar.get']("bind:available_zones:" + key + ":masters") %} zone "{{ key }}" { type {{ args['type'] }}; {% if args['dnssec'] is defined and args['dnssec'] -%} From f3ca2c660b1219ef92efc909914946c1d7dd0fdc Mon Sep 17 00:00:00 2001 From: root Date: Thu, 19 Feb 2015 23:17:11 +0100 Subject: [PATCH 09/22] Move available_zones to bind key. --- pillar.example | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/pillar.example b/pillar.example index 9d72ce2..82f4c84 100644 --- a/pillar.example +++ b/pillar.example @@ -30,7 +30,8 @@ bind: allow-update: "key core_dhcp" notify: True -available_zones: - sub.domain.org: - file: db.sub.domain.org - masters: "192.168.0.1;" +bind: + available_zones: + sub.domain.org: + file: db.sub.domain.org + masters: "192.168.0.1;" From 2cef37f747e75018b0bbf497437a63478f230116 Mon Sep 17 00:00:00 2001 From: root Date: Sun, 22 Mar 2015 22:07:22 +0100 Subject: [PATCH 10/22] Add support for views. --- README.rst | 5 +++++ bind/config.sls | 29 +++++++++++++++++++++++++ bind/files/debian/named.conf | 1 - bind/files/debian/named.conf.local | 35 +++++++++++++++++++++++++++--- pillar.example | 9 ++++++++ 5 files changed, 75 insertions(+), 4 deletions(-) diff --git a/README.rst b/README.rst index 322b3a6..3b37697 100644 --- a/README.rst +++ b/README.rst @@ -37,3 +37,8 @@ Example Pillar user: root group: named mode: 640 + +Notes +===== + +* When using views all zones must be configured in views! diff --git a/bind/config.sls b/bind/config.sls index a0cb04d..35a33f9 100644 --- a/bind/config.sls +++ b/bind/config.sls @@ -155,3 +155,32 @@ signed-{{file}}: {% endif %} {% endfor %} + +{%- for view, view_data in salt['pillar.get']('bind:configured_views', {}).iteritems() %} +{% for key,args in view_data.get('configured_zones', {}).iteritems() -%} +{%- set file = salt['pillar.get']("bind:available_zones:" + key + ":file") %} +{% if args['type'] == "master" -%} +zones-{{ file }}: + file.managed: + - name: {{ map.named_directory }}/{{ file }} + - source: 'salt://bind/zones/{{ file }}' + - user: {{ salt['pillar.get']('bind:config:user', map.user) }} + - group: {{ salt['pillar.get']('bind:config:group', map.group) }} + - mode: {{ salt['pillar.get']('bind:config:mode', '644') }} + - watch_in: + - service: bind + - require: + - file: {{ map.named_directory }} + +{% if args['dnssec'] is defined and args['dnssec'] -%} +signed-{{file}}: + cmd.run: + - cwd: {{ map.named_directory }} + - name: zonesigner -zone {{ key }} {{ file }} + - prereq: + - file: zones-{{ file }} +{% endif %} + +{% endif %} +{% endfor %} +{% endfor %} diff --git a/bind/files/debian/named.conf b/bind/files/debian/named.conf index 80f3eb5..80314b0 100644 --- a/bind/files/debian/named.conf +++ b/bind/files/debian/named.conf @@ -9,4 +9,3 @@ include "/etc/bind/named.conf.key"; include "/etc/bind/named.conf.options"; include "/etc/bind/named.conf.local"; -include "/etc/bind/named.conf.default-zones"; diff --git a/bind/files/debian/named.conf.local b/bind/files/debian/named.conf.local index 3376cf9..53a4653 100644 --- a/bind/files/debian/named.conf.local +++ b/bind/files/debian/named.conf.local @@ -7,9 +7,7 @@ // organization //include "/etc/bind/zones.rfc1918"; -{% for key,args in salt['pillar.get']('bind:configured_zones', {}).iteritems() -%} -{%- set file = salt['pillar.get']("bind:available_zones:" + key + ":file") %} -{%- set masters = salt['pillar.get']("bind:available_zones:" + key + ":masters") %} +{%- macro zone(key, args, file, masters) %} zone "{{ key }}" { type {{ args['type'] }}; {% if args['dnssec'] is defined and args['dnssec'] -%} @@ -31,8 +29,39 @@ zone "{{ key }}" { masters { {{ masters }} }; {%- endif %} }; +{%- endmacro %} + +{%- if not pillar.bind.configured_views is defined %} +include "/etc/bind/named.conf.default-zones"; +{%- endif %} + +{% for key,args in salt['pillar.get']('bind:configured_zones', {}).iteritems() -%} +{%- set file = salt['pillar.get']("bind:available_zones:" + key + ":file") %} +{%- set masters = salt['pillar.get']("bind:available_zones:" + key + ":masters") %} +{{ zone(key, args, file, masters) }} {% endfor %} +{% for view, view_data in salt['pillar.get']('bind:configured_views', {}).iteritems() %} + +view {{ view }}{ +{%- if view == 'default' %} + include "/etc/bind/named.conf.default-zones"; +{%- endif %} + +match-clients{ +{%- for acl in view_data.get('match_clients', {}) %} + {{ acl }}; +{%- endfor %} +}; + +{% for key,args in view_data.get('configured_zones', {}).iteritems() -%} +{%- set file = salt['pillar.get']("bind:available_zones:" + key + ":file") %} +{%- set masters = salt['pillar.get']("bind:available_zones:" + key + ":masters") %} + {{ zone(key, args, file, masters) }} +{%- endfor %} +}; +{%- endfor %} + logging { channel "querylog" { file "{{ map.log_dir }}/query.log"; print-time yes; }; category queries { querylog; }; diff --git a/pillar.example b/pillar.example index 82f4c84..7be83c6 100644 --- a/pillar.example +++ b/pillar.example @@ -29,6 +29,15 @@ bind: type: master allow-update: "key core_dhcp" notify: True + configured_views: + myview1: + match_clients: + - client1 + - client2 + configured_zones: + my.zone: + type: master + notify: False bind: available_zones: From c9a480c9920bce77d2d08cad11f387f8639624d8 Mon Sep 17 00:00:00 2001 From: root Date: Sun, 22 Mar 2015 22:10:01 +0100 Subject: [PATCH 11/22] Update example pillar in README to better reflect basic configuration. --- README.rst | 21 +++++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) diff --git a/README.rst b/README.rst index 3b37697..c88ae43 100644 --- a/README.rst +++ b/README.rst @@ -31,12 +31,21 @@ Example Pillar .. code:: yaml bind: - config: - name: /etc/named.conf - source: salt://bind/files/named.conf - user: root - group: named - mode: 640 + configured_zones: + sub.domain.com: + type: master + notify: False + configured_views: + myview1: + match_clients: + - client1 + - client2 + configured_zones: + my.zone: + type: master + notify: False + +See *bind/pillar.example*. Notes ===== From 0de651043f22318604af12b8c1284cc372f0e227 Mon Sep 17 00:00:00 2001 From: root Date: Sun, 22 Mar 2015 22:58:29 +0100 Subject: [PATCH 12/22] Fix creation of logfile (query.log) during first install. --- bind/config.sls | 32 ++++++++++++++++++++++++-------- 1 file changed, 24 insertions(+), 8 deletions(-) diff --git a/bind/config.sls b/bind/config.sls index 35a33f9..1ea12a0 100644 --- a/bind/config.sls +++ b/bind/config.sls @@ -3,6 +3,29 @@ include: - bind +{{ map.log_dir }}: + file.directory: + - user: root + - group: bind + - mode: 775 + +bind_restart: + service.running: + - name: bind9 + - reload: False + - watch: + - file: {{ map.log_dir }}/query.log + - require: + - file: {{ map.log_dir }}/query.log + +{{ map.log_dir }}/query.log: + file.managed: + - user: bind + - group: bind + - mode: 644 + - require: + - file: {{ map.log_dir }} + named_directory: file.directory: - name: {{ map.named_directory }} @@ -80,6 +103,7 @@ bind_local_config: map: {{ map }} - require: - pkg: bind + - file: {{ map.log_dir }}/query.log - watch_in: - service: bind @@ -109,14 +133,6 @@ bind_default_zones: - watch_in: - service: bind -{{ map.log_dir }}: - file.directory: - - user: root - - group: bind - - mode: 775 - - template: jinja - - /etc/logrotate.d/{{ map.service }}: file.managed: - source: salt://bind/files/debian/logrotate_bind From 3b6f48959eadbb913f6f9bea8efb0fd374dfa7a8 Mon Sep 17 00:00:00 2001 From: root Date: Sun, 22 Mar 2015 23:26:35 +0100 Subject: [PATCH 13/22] Add support for dynamic zone updates. --- bind/files/debian/named.conf.local | 7 +++++++ pillar.example | 2 ++ 2 files changed, 9 insertions(+) diff --git a/bind/files/debian/named.conf.local b/bind/files/debian/named.conf.local index 53a4653..68e2b0b 100644 --- a/bind/files/debian/named.conf.local +++ b/bind/files/debian/named.conf.local @@ -18,6 +18,13 @@ zone "{{ key }}" { {% if args['allow-update'] is defined -%} allow-update { {{args['allow-update']}}; }; {%- endif %} + {%- if args.update_policy is defined %} + update-policy { + {%- for policy in args.update_policy %} + {{ policy }}; + {%- endfor %} + }; + {%- endif %} {% if args['type'] == "master" -%} {% if args['notify'] -%} notify yes; diff --git a/pillar.example b/pillar.example index 7be83c6..2d322db 100644 --- a/pillar.example +++ b/pillar.example @@ -38,6 +38,8 @@ bind: my.zone: type: master notify: False + update_policy: + - "grant core_dhcp name dns_entry_allowed_to_update. ANY" bind: available_zones: From a883ffaf557fc5fe6f6cf909c640490502a0a081 Mon Sep 17 00:00:00 2001 From: Shane Poage Date: Mon, 23 Mar 2015 06:54:37 -0500 Subject: [PATCH 14/22] Simplified/unified some of the config state definitions. Added logic to automatically convert lists in pillar data to lists of configuration data for options. --- bind/config.sls | 93 ++++++++++------------------ bind/files/debian/named.conf | 8 ++- bind/files/debian/named.conf.local | 25 ++++---- bind/files/debian/named.conf.options | 23 ++++--- bind/files/redhat/named.conf | 2 +- bind/map.jinja | 8 ++- 6 files changed, 75 insertions(+), 84 deletions(-) diff --git a/bind/config.sls b/bind/config.sls index 1ea12a0..3811d15 100644 --- a/bind/config.sls +++ b/bind/config.sls @@ -11,7 +11,7 @@ include: bind_restart: service.running: - - name: bind9 + - name: {{ map.service }} - reload: False - watch: - file: {{ map.log_dir }}/query.log @@ -36,15 +36,16 @@ named_directory: - require: - pkg: bind -{% if grains['os_family'] == 'RedHat' %} bind_config: file.managed: - name: {{ map.config }} - - source: 'salt://bind/files/redhat/named.conf' + - source: 'salt://{{ map.config_source_dir }}/named.conf' - template: jinja - user: {{ salt['pillar.get']('bind:config:user', map.user) }} - group: {{ salt['pillar.get']('bind:config:group', map.group) }} - - mode: {{ salt['pillar.get']('bind:config:mode', '640') }} + - mode: {{ salt['pillar.get']('bind:config:mode', map.mode) }} + - context: + map: {{ map }} - require: - pkg: bind - watch_in: @@ -53,48 +54,7 @@ bind_config: bind_local_config: file.managed: - name: {{ map.local_config }} - - source: 'salt://bind/files/redhat/named.conf.local' - - template: jinja - - user: {{ salt['pillar.get']('bind:config:user', map.user) }} - - group: {{ salt['pillar.get']('bind:config:group', map.group) }} - - mode: {{ salt['pillar.get']('bind:config:mode', '644') }} - - require: - - pkg: bind - - watch_in: - - service: named -{% endif %} - -{% if grains['os_family'] == 'Debian' %} -bind_config: - file.managed: - - name: {{ map.config }} - - source: 'salt://bind/files/debian/named.conf' - - template: jinja - - user: {{ salt['pillar.get']('bind:config:user', map.user) }} - - group: {{ salt['pillar.get']('bind:config:group', map.group) }} - - mode: {{ salt['pillar.get']('bind:config:mode', '644') }} - - require: - - pkg: bind - - watch_in: - - service: bind - -bind_key_config: - file.managed: - - name: {{ map.key_config }} - - source: 'salt://bind/files/debian/named.conf.key' - - template: jinja - - user: {{ salt['pillar.get']('bind:config:user', map.user) }} - - group: {{ salt['pillar.get']('bind:config:group', map.group) }} - - mode: {{ salt['pillar.get']('bind:config:mode', '644') }} - - require: - - pkg: bind - - watch_in: - - service: bind - -bind_local_config: - file.managed: - - name: {{ map.local_config }} - - source: 'salt://bind/files/debian/named.conf.local' + - source: 'salt://{{ map.config_source_dir }}/named.conf.local' - template: jinja - user: {{ salt['pillar.get']('bind:config:user', map.user) }} - group: {{ salt['pillar.get']('bind:config:group', map.group) }} @@ -107,10 +67,24 @@ bind_local_config: - watch_in: - service: bind +{% if grains['os_family'] == 'Debian' %} +bind_key_config: + file.managed: + - name: {{ map.key_config }} + - source: 'salt://{{ map.config_source_dir }}/named.conf.key' + - template: jinja + - user: {{ salt['pillar.get']('bind:config:user', map.user) }} + - group: {{ salt['pillar.get']('bind:config:group', map.group) }} + - mode: {{ salt['pillar.get']('bind:config:mode', '644') }} + - require: + - pkg: bind + - watch_in: + - service: bind + bind_options_config: file.managed: - name: {{ map.options_config }} - - source: 'salt://bind/files/debian/named.conf.options' + - source: 'salt://{{ map.config_source_dir }}/named.conf.options' - template: jinja - user: {{ salt['pillar.get']('bind:config:user', map.user) }} - group: {{ salt['pillar.get']('bind:config:group', map.group) }} @@ -123,7 +97,7 @@ bind_options_config: bind_default_zones: file.managed: - name: {{ map.default_zones_config }} - - source: 'salt://bind/files/debian/named.conf.default-zones' + - source: 'salt://{{ map.config_source_dir }}/named.conf.default-zones' - template: jinja - user: {{ salt['pillar.get']('bind:config:user', map.user) }} - group: {{ salt['pillar.get']('bind:config:group', map.group) }} @@ -135,17 +109,16 @@ bind_default_zones: /etc/logrotate.d/{{ map.service }}: file.managed: - - source: salt://bind/files/debian/logrotate_bind + - source: salt://{{ map.config_source_dir }}/logrotate_bind - template: jinja - user: root - group: root - template: jinja - context: map: {{ map }} - {% endif %} -{% for key,args in salt['pillar.get']('bind:configured_zones', {}).iteritems() -%} +{% for key, args in salt['pillar.get']('bind:configured_zones', {}).iteritems() -%} {%- set file = salt['pillar.get']("bind:available_zones:" + key + ":file") %} {% if args['type'] == "master" -%} zones-{{ file }}: @@ -161,7 +134,7 @@ zones-{{ file }}: - file: {{ map.named_directory }} {% if args['dnssec'] is defined and args['dnssec'] -%} -signed-{{file}}: +signed-{{ file }}: cmd.run: - cwd: {{ map.named_directory }} - name: zonesigner -zone {{ key }} {{ file }} @@ -173,9 +146,9 @@ signed-{{file}}: {% endfor %} {%- for view, view_data in salt['pillar.get']('bind:configured_views', {}).iteritems() %} -{% for key,args in view_data.get('configured_zones', {}).iteritems() -%} -{%- set file = salt['pillar.get']("bind:available_zones:" + key + ":file") %} -{% if args['type'] == "master" -%} +{% for key,args in view_data.get('configured_zones', {}).iteritems() -%} +{%- set file = salt['pillar.get']("bind:available_zones:" + key + ":file") %} +{% if args['type'] == "master" -%} zones-{{ file }}: file.managed: - name: {{ map.named_directory }}/{{ file }} @@ -188,15 +161,15 @@ zones-{{ file }}: - require: - file: {{ map.named_directory }} -{% if args['dnssec'] is defined and args['dnssec'] -%} -signed-{{file}}: +{% if args['dnssec'] is defined and args['dnssec'] -%} +signed-{{ file }}: cmd.run: - cwd: {{ map.named_directory }} - name: zonesigner -zone {{ key }} {{ file }} - prereq: - file: zones-{{ file }} -{% endif %} +{% endif %} -{% endif %} -{% endfor %} +{% endif %} +{% endfor %} {% endfor %} diff --git a/bind/files/debian/named.conf b/bind/files/debian/named.conf index 80314b0..aa8432a 100644 --- a/bind/files/debian/named.conf +++ b/bind/files/debian/named.conf @@ -6,6 +6,8 @@ // // If you are just adding zones, please do that in /etc/bind/named.conf.local -include "/etc/bind/named.conf.key"; -include "/etc/bind/named.conf.options"; -include "/etc/bind/named.conf.local"; +include "{{ map.options_config }}"; +include "{{ map.local_config }}"; +{%- if salt['pillar.get']('bind:keys', {}) is defined %} +include "{{ map.key_config }}"; +{% endif %} diff --git a/bind/files/debian/named.conf.local b/bind/files/debian/named.conf.local index 68e2b0b..ba58855 100644 --- a/bind/files/debian/named.conf.local +++ b/bind/files/debian/named.conf.local @@ -15,7 +15,7 @@ zone "{{ key }}" { {% else -%} file "zones/{{ file }}"; {%- endif %} - {% if args['allow-update'] is defined -%} + {% if args['allow-update'] is defined -%} allow-update { {{args['allow-update']}}; }; {%- endif %} {%- if args.update_policy is defined %} @@ -23,7 +23,7 @@ zone "{{ key }}" { {%- for policy in args.update_policy %} {{ policy }}; {%- endfor %} - }; + }; {%- endif %} {% if args['type'] == "master" -%} {% if args['notify'] -%} @@ -38,11 +38,11 @@ zone "{{ key }}" { }; {%- endmacro %} -{%- if not pillar.bind.configured_views is defined %} -include "/etc/bind/named.conf.default-zones"; +{%- if salt['pillar.get']('bind:configured_views', {}) is not defined %} +include "{{ map.default_zones_config }}"; {%- endif %} -{% for key,args in salt['pillar.get']('bind:configured_zones', {}).iteritems() -%} +{% for key, args in salt['pillar.get']('bind:configured_zones', {}).iteritems() -%} {%- set file = salt['pillar.get']("bind:available_zones:" + key + ":file") %} {%- set masters = salt['pillar.get']("bind:available_zones:" + key + ":masters") %} {{ zone(key, args, file, masters) }} @@ -50,18 +50,18 @@ include "/etc/bind/named.conf.default-zones"; {% for view, view_data in salt['pillar.get']('bind:configured_views', {}).iteritems() %} -view {{ view }}{ -{%- if view == 'default' %} - include "/etc/bind/named.conf.default-zones"; +view {{ view }} { +{%- if view == 'default' %} + include "{{ map.default_zones_config }}"; {%- endif %} -match-clients{ +match-clients { {%- for acl in view_data.get('match_clients', {}) %} {{ acl }}; {%- endfor %} }; -{% for key,args in view_data.get('configured_zones', {}).iteritems() -%} +{% for key, args in view_data.get('configured_zones', {}).iteritems() -%} {%- set file = salt['pillar.get']("bind:available_zones:" + key + ":file") %} {%- set masters = salt['pillar.get']("bind:available_zones:" + key + ":masters") %} {{ zone(key, args, file, masters) }} @@ -70,6 +70,9 @@ match-clients{ {%- endfor %} logging { - channel "querylog" { file "{{ map.log_dir }}/query.log"; print-time yes; }; + channel "querylog" { + file "{{ map.log_dir }}/query.log"; + print-time yes; + }; category queries { querylog; }; }; diff --git a/bind/files/debian/named.conf.options b/bind/files/debian/named.conf.options index c465724..39c7c56 100644 --- a/bind/files/debian/named.conf.options +++ b/bind/files/debian/named.conf.options @@ -15,12 +15,21 @@ options { // }; auth-nxdomain no; # conform to RFC1035 - {% if salt['pillar.get']('bind:config:ipv6', 'False') %} - listen-on-v6 { {{ salt['pillar.get']('bind:config:ipv6_listen', 'any') }}; }; - {% endif -%} - {# Allow inclusion of arbitrary statements -#} - {% for statement, value in salt['pillar.get']('bind:config:options', {}).iteritems() -%} - {{ statement }} {{ value}} - {% endfor -%} +{%- if salt['pillar.get']('bind:config:ipv6', False) %} + listen-on-v6 { {{ salt['pillar.get']('bind:config:ipv6_listen', 'any') }}; }; +{%- endif -%} + +{#- Allow inclusion of arbitrary statements #} +{%- for statement, value in salt['pillar.get']('bind:config:options', {}).iteritems() -%} + {%- if value is iterable and value is not string %} + {{ statement }} { + {%- for item in value %} + {{ item }}; + {%- endfor %} + }; + {%- else %} + {{ statement }} {{ value }}; + {%- endif %} +{%- endfor %} }; diff --git a/bind/files/redhat/named.conf b/bind/files/redhat/named.conf index 710c37a..946f91f 100644 --- a/bind/files/redhat/named.conf +++ b/bind/files/redhat/named.conf @@ -41,5 +41,5 @@ zone "." IN { }; include "/etc/named.rfc1912.zones"; -include "/etc/named.conf.local"; +include "{{ map.local_config }}"; include "/etc/named.root.key"; diff --git a/bind/map.jinja b/bind/map.jinja index bc7aa87..b26c44e 100644 --- a/bind/map.jinja +++ b/bind/map.jinja @@ -2,6 +2,7 @@ 'Debian': { 'pkgs': ['bind9', 'bind9utils', 'dnssec-tools'], 'service': 'bind9', + 'config_source_dir': 'bind/files/debian', 'config': '/etc/bind/named.conf', 'local_config': '/etc/bind/named.conf.local', 'key_config': '/etc/bind/named.conf.key', @@ -10,17 +11,20 @@ 'named_directory': '/var/cache/bind/zones', 'log_dir': '/var/log/bind9', 'user': 'root', - 'group': 'bind' + 'group': 'bind', + 'mode': '644' }, 'RedHat': { 'pkgs': ['bind'], 'service': 'named', + 'config_source_dir': 'bind/files/redhat', 'config': '/etc/named.conf', 'local_config': '/etc/named.conf.local', 'named_directory': '/var/named/data', 'log_dir': '/var/log/named', 'user': 'root', - 'group': 'named' + 'group': 'named', + 'mode': '640' }, }, merge=salt['grains.filter_by']({ 'Ubuntu': { From 166ceefa970146aef28faf2897c550efbb2c3928 Mon Sep 17 00:00:00 2001 From: Hung Nguyen Viet Date: Wed, 25 Mar 2015 10:27:32 +0700 Subject: [PATCH 15/22] there is no group bind if pkg is not installed --- bind/config.sls | 2 ++ 1 file changed, 2 insertions(+) diff --git a/bind/config.sls b/bind/config.sls index 3811d15..fe68c3f 100644 --- a/bind/config.sls +++ b/bind/config.sls @@ -8,6 +8,8 @@ include: - user: root - group: bind - mode: 775 + - require: + - pkg: bind bind_restart: service.running: From de9bc987eee5bf3fefaf450a8caca9221b760d70 Mon Sep 17 00:00:00 2001 From: Hung Nguyen Viet Date: Wed, 25 Mar 2015 10:27:56 +0700 Subject: [PATCH 16/22] watch also does what require does and more --- bind/config.sls | 2 -- 1 file changed, 2 deletions(-) diff --git a/bind/config.sls b/bind/config.sls index fe68c3f..c388056 100644 --- a/bind/config.sls +++ b/bind/config.sls @@ -17,8 +17,6 @@ bind_restart: - reload: False - watch: - file: {{ map.log_dir }}/query.log - - require: - - file: {{ map.log_dir }}/query.log {{ map.log_dir }}/query.log: file.managed: From ece098cc086151877ad38b2f3a73428a110a02e4 Mon Sep 17 00:00:00 2001 From: Hung Nguyen Viet Date: Wed, 25 Mar 2015 10:29:08 +0700 Subject: [PATCH 17/22] remove duplicate arg --- bind/config.sls | 1 - 1 file changed, 1 deletion(-) diff --git a/bind/config.sls b/bind/config.sls index c388056..29f19db 100644 --- a/bind/config.sls +++ b/bind/config.sls @@ -113,7 +113,6 @@ bind_default_zones: - template: jinja - user: root - group: root - - template: jinja - context: map: {{ map }} {% endif %} From 8972734ba0280c17078964f720036994b1dcf1f7 Mon Sep 17 00:00:00 2001 From: Hung Nguyen Viet Date: Wed, 25 Mar 2015 10:30:01 +0700 Subject: [PATCH 18/22] require ID, not file path --- bind/config.sls | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/bind/config.sls b/bind/config.sls index 29f19db..486d313 100644 --- a/bind/config.sls +++ b/bind/config.sls @@ -130,7 +130,7 @@ zones-{{ file }}: - watch_in: - service: bind - require: - - file: {{ map.named_directory }} + - file: named_directory {% if args['dnssec'] is defined and args['dnssec'] -%} signed-{{ file }}: @@ -158,7 +158,7 @@ zones-{{ file }}: - watch_in: - service: bind - require: - - file: {{ map.named_directory }} + - file: named_directory {% if args['dnssec'] is defined and args['dnssec'] -%} signed-{{ file }}: From 2beaf0ec327a4ca70373184406c701d3ece4dfa6 Mon Sep 17 00:00:00 2001 From: Hung Nguyen Viet Date: Wed, 25 Mar 2015 10:31:57 +0700 Subject: [PATCH 19/22] use group from map file, not hardcode --- bind/config.sls | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/bind/config.sls b/bind/config.sls index 486d313..740559e 100644 --- a/bind/config.sls +++ b/bind/config.sls @@ -6,7 +6,7 @@ include: {{ map.log_dir }}: file.directory: - user: root - - group: bind + - group: {{ salt['pillar.get']('bind:config:group', map.group) }} - mode: 775 - require: - pkg: bind @@ -21,7 +21,7 @@ bind_restart: {{ map.log_dir }}/query.log: file.managed: - user: bind - - group: bind + - group: {{ salt['pillar.get']('bind:config:group', map.group) }} - mode: 644 - require: - file: {{ map.log_dir }} From 47e0fc62d3da2aed61f55d412e59be39be8cc0d1 Mon Sep 17 00:00:00 2001 From: Florian Bittner Date: Thu, 2 Apr 2015 18:11:01 +0200 Subject: [PATCH 20/22] Add allow-transfer statement which disallows zone transfer by default. --- bind/files/debian/named.conf.local | 5 +++++ pillar.example | 3 +++ 2 files changed, 8 insertions(+) diff --git a/bind/files/debian/named.conf.local b/bind/files/debian/named.conf.local index ba58855..bdc3cee 100644 --- a/bind/files/debian/named.conf.local +++ b/bind/files/debian/named.conf.local @@ -25,6 +25,11 @@ zone "{{ key }}" { {%- endfor %} }; {%- endif %} + allow-transfer { + {% for remote in args.get('allow-transfer', {}) %} + {{ remote }}; + {% endfor %} + }; {% if args['type'] == "master" -%} {% if args['notify'] -%} notify yes; diff --git a/pillar.example b/pillar.example index 2d322db..0e7e7b6 100644 --- a/pillar.example +++ b/pillar.example @@ -25,6 +25,9 @@ bind: 1.168.192.in-addr.arpa: type: master notify: False + allow-transfer: + - 1.1.1.1 + - 2.2.2.2 dynamic.domain.com: type: master allow-update: "key core_dhcp" From 7746a1733a3623cfc86e47c63d52568f949b8a8b Mon Sep 17 00:00:00 2001 From: Nitin Madhok Date: Thu, 7 May 2015 13:44:53 -0400 Subject: [PATCH 21/22] Update Licensing year and remove extra new line characters --- LICENSE | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/LICENSE b/LICENSE index 52ec1c1..d919c41 100644 --- a/LICENSE +++ b/LICENSE @@ -1,4 +1,4 @@ - Copyright (c) 2013 Salt Stack Formulas + Copyright (c) 2013-2015 Salt Stack Formulas Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -11,4 +11,3 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. - From facb8e1f39b5c767c166be048c74ddd20f2fafa6 Mon Sep 17 00:00:00 2001 From: Nick Date: Wed, 3 Jun 2015 15:53:51 +1000 Subject: [PATCH 22/22] pillar.get wasn't finding the available_zones key --- bind/files/redhat/named.conf.local | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/bind/files/redhat/named.conf.local b/bind/files/redhat/named.conf.local index 569e6d9..03a053d 100644 --- a/bind/files/redhat/named.conf.local +++ b/bind/files/redhat/named.conf.local @@ -7,8 +7,8 @@ //include "/etc/bind/zones.rfc1918"; {% for key,args in salt['pillar.get']('bind:configured_zones', {}).iteritems() -%} -{%- set file = salt['pillar.get']("available_zones:" + key + ":file") %} -{%- set masters = salt['pillar.get']("available_zones:" + key + ":masters") %} +{%- set file = salt['pillar.get']("bind:available_zones:" + key + ":file") %} +{%- set masters = salt['pillar.get']("bind:available_zones:" + key + ":masters") %} zone "{{ key }}" { type {{ args['type'] }}; file "data/{{ file }}";