From a883ffaf557fc5fe6f6cf909c640490502a0a081 Mon Sep 17 00:00:00 2001 From: Shane Poage Date: Mon, 23 Mar 2015 06:54:37 -0500 Subject: [PATCH] Simplified/unified some of the config state definitions. Added logic to automatically convert lists in pillar data to lists of configuration data for options. --- bind/config.sls | 93 ++++++++++------------------ bind/files/debian/named.conf | 8 ++- bind/files/debian/named.conf.local | 25 ++++---- bind/files/debian/named.conf.options | 23 ++++--- bind/files/redhat/named.conf | 2 +- bind/map.jinja | 8 ++- 6 files changed, 75 insertions(+), 84 deletions(-) diff --git a/bind/config.sls b/bind/config.sls index 1ea12a0..3811d15 100644 --- a/bind/config.sls +++ b/bind/config.sls @@ -11,7 +11,7 @@ include: bind_restart: service.running: - - name: bind9 + - name: {{ map.service }} - reload: False - watch: - file: {{ map.log_dir }}/query.log @@ -36,15 +36,16 @@ named_directory: - require: - pkg: bind -{% if grains['os_family'] == 'RedHat' %} bind_config: file.managed: - name: {{ map.config }} - - source: 'salt://bind/files/redhat/named.conf' + - source: 'salt://{{ map.config_source_dir }}/named.conf' - template: jinja - user: {{ salt['pillar.get']('bind:config:user', map.user) }} - group: {{ salt['pillar.get']('bind:config:group', map.group) }} - - mode: {{ salt['pillar.get']('bind:config:mode', '640') }} + - mode: {{ salt['pillar.get']('bind:config:mode', map.mode) }} + - context: + map: {{ map }} - require: - pkg: bind - watch_in: @@ -53,48 +54,7 @@ bind_config: bind_local_config: file.managed: - name: {{ map.local_config }} - - source: 'salt://bind/files/redhat/named.conf.local' - - template: jinja - - user: {{ salt['pillar.get']('bind:config:user', map.user) }} - - group: {{ salt['pillar.get']('bind:config:group', map.group) }} - - mode: {{ salt['pillar.get']('bind:config:mode', '644') }} - - require: - - pkg: bind - - watch_in: - - service: named -{% endif %} - -{% if grains['os_family'] == 'Debian' %} -bind_config: - file.managed: - - name: {{ map.config }} - - source: 'salt://bind/files/debian/named.conf' - - template: jinja - - user: {{ salt['pillar.get']('bind:config:user', map.user) }} - - group: {{ salt['pillar.get']('bind:config:group', map.group) }} - - mode: {{ salt['pillar.get']('bind:config:mode', '644') }} - - require: - - pkg: bind - - watch_in: - - service: bind - -bind_key_config: - file.managed: - - name: {{ map.key_config }} - - source: 'salt://bind/files/debian/named.conf.key' - - template: jinja - - user: {{ salt['pillar.get']('bind:config:user', map.user) }} - - group: {{ salt['pillar.get']('bind:config:group', map.group) }} - - mode: {{ salt['pillar.get']('bind:config:mode', '644') }} - - require: - - pkg: bind - - watch_in: - - service: bind - -bind_local_config: - file.managed: - - name: {{ map.local_config }} - - source: 'salt://bind/files/debian/named.conf.local' + - source: 'salt://{{ map.config_source_dir }}/named.conf.local' - template: jinja - user: {{ salt['pillar.get']('bind:config:user', map.user) }} - group: {{ salt['pillar.get']('bind:config:group', map.group) }} @@ -107,10 +67,24 @@ bind_local_config: - watch_in: - service: bind +{% if grains['os_family'] == 'Debian' %} +bind_key_config: + file.managed: + - name: {{ map.key_config }} + - source: 'salt://{{ map.config_source_dir }}/named.conf.key' + - template: jinja + - user: {{ salt['pillar.get']('bind:config:user', map.user) }} + - group: {{ salt['pillar.get']('bind:config:group', map.group) }} + - mode: {{ salt['pillar.get']('bind:config:mode', '644') }} + - require: + - pkg: bind + - watch_in: + - service: bind + bind_options_config: file.managed: - name: {{ map.options_config }} - - source: 'salt://bind/files/debian/named.conf.options' + - source: 'salt://{{ map.config_source_dir }}/named.conf.options' - template: jinja - user: {{ salt['pillar.get']('bind:config:user', map.user) }} - group: {{ salt['pillar.get']('bind:config:group', map.group) }} @@ -123,7 +97,7 @@ bind_options_config: bind_default_zones: file.managed: - name: {{ map.default_zones_config }} - - source: 'salt://bind/files/debian/named.conf.default-zones' + - source: 'salt://{{ map.config_source_dir }}/named.conf.default-zones' - template: jinja - user: {{ salt['pillar.get']('bind:config:user', map.user) }} - group: {{ salt['pillar.get']('bind:config:group', map.group) }} @@ -135,17 +109,16 @@ bind_default_zones: /etc/logrotate.d/{{ map.service }}: file.managed: - - source: salt://bind/files/debian/logrotate_bind + - source: salt://{{ map.config_source_dir }}/logrotate_bind - template: jinja - user: root - group: root - template: jinja - context: map: {{ map }} - {% endif %} -{% for key,args in salt['pillar.get']('bind:configured_zones', {}).iteritems() -%} +{% for key, args in salt['pillar.get']('bind:configured_zones', {}).iteritems() -%} {%- set file = salt['pillar.get']("bind:available_zones:" + key + ":file") %} {% if args['type'] == "master" -%} zones-{{ file }}: @@ -161,7 +134,7 @@ zones-{{ file }}: - file: {{ map.named_directory }} {% if args['dnssec'] is defined and args['dnssec'] -%} -signed-{{file}}: +signed-{{ file }}: cmd.run: - cwd: {{ map.named_directory }} - name: zonesigner -zone {{ key }} {{ file }} @@ -173,9 +146,9 @@ signed-{{file}}: {% endfor %} {%- for view, view_data in salt['pillar.get']('bind:configured_views', {}).iteritems() %} -{% for key,args in view_data.get('configured_zones', {}).iteritems() -%} -{%- set file = salt['pillar.get']("bind:available_zones:" + key + ":file") %} -{% if args['type'] == "master" -%} +{% for key,args in view_data.get('configured_zones', {}).iteritems() -%} +{%- set file = salt['pillar.get']("bind:available_zones:" + key + ":file") %} +{% if args['type'] == "master" -%} zones-{{ file }}: file.managed: - name: {{ map.named_directory }}/{{ file }} @@ -188,15 +161,15 @@ zones-{{ file }}: - require: - file: {{ map.named_directory }} -{% if args['dnssec'] is defined and args['dnssec'] -%} -signed-{{file}}: +{% if args['dnssec'] is defined and args['dnssec'] -%} +signed-{{ file }}: cmd.run: - cwd: {{ map.named_directory }} - name: zonesigner -zone {{ key }} {{ file }} - prereq: - file: zones-{{ file }} -{% endif %} +{% endif %} -{% endif %} -{% endfor %} +{% endif %} +{% endfor %} {% endfor %} diff --git a/bind/files/debian/named.conf b/bind/files/debian/named.conf index 80314b0..aa8432a 100644 --- a/bind/files/debian/named.conf +++ b/bind/files/debian/named.conf @@ -6,6 +6,8 @@ // // If you are just adding zones, please do that in /etc/bind/named.conf.local -include "/etc/bind/named.conf.key"; -include "/etc/bind/named.conf.options"; -include "/etc/bind/named.conf.local"; +include "{{ map.options_config }}"; +include "{{ map.local_config }}"; +{%- if salt['pillar.get']('bind:keys', {}) is defined %} +include "{{ map.key_config }}"; +{% endif %} diff --git a/bind/files/debian/named.conf.local b/bind/files/debian/named.conf.local index 68e2b0b..ba58855 100644 --- a/bind/files/debian/named.conf.local +++ b/bind/files/debian/named.conf.local @@ -15,7 +15,7 @@ zone "{{ key }}" { {% else -%} file "zones/{{ file }}"; {%- endif %} - {% if args['allow-update'] is defined -%} + {% if args['allow-update'] is defined -%} allow-update { {{args['allow-update']}}; }; {%- endif %} {%- if args.update_policy is defined %} @@ -23,7 +23,7 @@ zone "{{ key }}" { {%- for policy in args.update_policy %} {{ policy }}; {%- endfor %} - }; + }; {%- endif %} {% if args['type'] == "master" -%} {% if args['notify'] -%} @@ -38,11 +38,11 @@ zone "{{ key }}" { }; {%- endmacro %} -{%- if not pillar.bind.configured_views is defined %} -include "/etc/bind/named.conf.default-zones"; +{%- if salt['pillar.get']('bind:configured_views', {}) is not defined %} +include "{{ map.default_zones_config }}"; {%- endif %} -{% for key,args in salt['pillar.get']('bind:configured_zones', {}).iteritems() -%} +{% for key, args in salt['pillar.get']('bind:configured_zones', {}).iteritems() -%} {%- set file = salt['pillar.get']("bind:available_zones:" + key + ":file") %} {%- set masters = salt['pillar.get']("bind:available_zones:" + key + ":masters") %} {{ zone(key, args, file, masters) }} @@ -50,18 +50,18 @@ include "/etc/bind/named.conf.default-zones"; {% for view, view_data in salt['pillar.get']('bind:configured_views', {}).iteritems() %} -view {{ view }}{ -{%- if view == 'default' %} - include "/etc/bind/named.conf.default-zones"; +view {{ view }} { +{%- if view == 'default' %} + include "{{ map.default_zones_config }}"; {%- endif %} -match-clients{ +match-clients { {%- for acl in view_data.get('match_clients', {}) %} {{ acl }}; {%- endfor %} }; -{% for key,args in view_data.get('configured_zones', {}).iteritems() -%} +{% for key, args in view_data.get('configured_zones', {}).iteritems() -%} {%- set file = salt['pillar.get']("bind:available_zones:" + key + ":file") %} {%- set masters = salt['pillar.get']("bind:available_zones:" + key + ":masters") %} {{ zone(key, args, file, masters) }} @@ -70,6 +70,9 @@ match-clients{ {%- endfor %} logging { - channel "querylog" { file "{{ map.log_dir }}/query.log"; print-time yes; }; + channel "querylog" { + file "{{ map.log_dir }}/query.log"; + print-time yes; + }; category queries { querylog; }; }; diff --git a/bind/files/debian/named.conf.options b/bind/files/debian/named.conf.options index c465724..39c7c56 100644 --- a/bind/files/debian/named.conf.options +++ b/bind/files/debian/named.conf.options @@ -15,12 +15,21 @@ options { // }; auth-nxdomain no; # conform to RFC1035 - {% if salt['pillar.get']('bind:config:ipv6', 'False') %} - listen-on-v6 { {{ salt['pillar.get']('bind:config:ipv6_listen', 'any') }}; }; - {% endif -%} - {# Allow inclusion of arbitrary statements -#} - {% for statement, value in salt['pillar.get']('bind:config:options', {}).iteritems() -%} - {{ statement }} {{ value}} - {% endfor -%} +{%- if salt['pillar.get']('bind:config:ipv6', False) %} + listen-on-v6 { {{ salt['pillar.get']('bind:config:ipv6_listen', 'any') }}; }; +{%- endif -%} + +{#- Allow inclusion of arbitrary statements #} +{%- for statement, value in salt['pillar.get']('bind:config:options', {}).iteritems() -%} + {%- if value is iterable and value is not string %} + {{ statement }} { + {%- for item in value %} + {{ item }}; + {%- endfor %} + }; + {%- else %} + {{ statement }} {{ value }}; + {%- endif %} +{%- endfor %} }; diff --git a/bind/files/redhat/named.conf b/bind/files/redhat/named.conf index 710c37a..946f91f 100644 --- a/bind/files/redhat/named.conf +++ b/bind/files/redhat/named.conf @@ -41,5 +41,5 @@ zone "." IN { }; include "/etc/named.rfc1912.zones"; -include "/etc/named.conf.local"; +include "{{ map.local_config }}"; include "/etc/named.root.key"; diff --git a/bind/map.jinja b/bind/map.jinja index bc7aa87..b26c44e 100644 --- a/bind/map.jinja +++ b/bind/map.jinja @@ -2,6 +2,7 @@ 'Debian': { 'pkgs': ['bind9', 'bind9utils', 'dnssec-tools'], 'service': 'bind9', + 'config_source_dir': 'bind/files/debian', 'config': '/etc/bind/named.conf', 'local_config': '/etc/bind/named.conf.local', 'key_config': '/etc/bind/named.conf.key', @@ -10,17 +11,20 @@ 'named_directory': '/var/cache/bind/zones', 'log_dir': '/var/log/bind9', 'user': 'root', - 'group': 'bind' + 'group': 'bind', + 'mode': '644' }, 'RedHat': { 'pkgs': ['bind'], 'service': 'named', + 'config_source_dir': 'bind/files/redhat', 'config': '/etc/named.conf', 'local_config': '/etc/named.conf.local', 'named_directory': '/var/named/data', 'log_dir': '/var/log/named', 'user': 'root', - 'group': 'named' + 'group': 'named', + 'mode': '640' }, }, merge=salt['grains.filter_by']({ 'Ubuntu': {