saltstack-formulas/bind-formula
1
0
Fork 0
mirror of https://github.com/saltstack-formulas/bind-formula.git synced 2025-04-17 02:00:23 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request #81 from ppieprzycki/dl_features

Browse source 
New features and pillar.example
This commit is contained in:
Javier Bértoli 2017-10-31 18:06:15 -03:00 committed by GitHub
commit ebc14ba258
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
6 changed files with 301 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

31
bind/config.sls
View file

@ -130,6 +130,37 @@ bind_default_zones:
- group: root - group: root
- context: - context:
map: {{ map }} map: {{ map }}
{%- if salt['pillar.get']('bind:config:use_extensive_logging', False) %}
bind_logging_config:
file.managed:
- name: {{ map.logging_config }}
- source: salt://{{ map.config_source_dir }}/named.conf.logging
- template: jinja
- user: {{ salt['pillar.get']('bind:config:user', map.user) }}
- group: {{ salt['pillar.get']('bind:config:group', map.group) }}
- mode: {{ salt['pillar.get']('bind:config:mode', '644') }}
- context:
map: {{ map }}
- require:
- pkg: bind
- watch_in:
- service: bind
{%- endif %}
{%- if salt['pillar.get']('bind:rndc_client', False) %}
bind_rndc_client_config:
file.managed:
- name: {{ map.rndc_client_config }}
- source: salt://{{ map.config_source_dir }}/rndc.conf
- template: jinja
- user: {{ salt['pillar.get']('bind:config:user', map.user) }}
- group: {{ salt['pillar.get']('bind:config:group', map.group) }}
- mode: {{ salt['pillar.get']('bind:config:mode', '640') }}
- context:
map: {{ map }}
- require:
- pkg: bind
{%- endif %}
{% endif %} {% endif %}
{% for zone, zone_data in salt['pillar.get']('bind:configured_zones', {}).items() -%} {% for zone, zone_data in salt['pillar.get']('bind:configured_zones', {}).items() -%}

65
bind/files/debian/named.conf.local
View file

@ -41,6 +41,12 @@ zone "{{ key }}" {
{%- if args['also-notify'] is defined %} {%- if args['also-notify'] is defined %}
also-notify { {{ args.get('also-notify', []) | join('; ') }}; }; also-notify { {{ args.get('also-notify', []) | join('; ') }}; };
{%- endif %} {%- endif %}
{%- if args['allow-query'] is defined %}
allow-query { {{ args.get('allow-query', []) | join('; ') }}; };
{%- endif %}
{%- if args['zone-statistics'] is defined %}
zone-statistics yes;
{%- endif %}
{%- if args['type'] == "master" -%} {%- if args['type'] == "master" -%}
{% if args['notify'] %} {% if args['notify'] %}
notify yes; notify yes;
@ -68,8 +74,17 @@ include "{{ map.default_zones_config }}";
{%- endif %} {%- endif %}
{% for key, args in salt['pillar.get']('bind:configured_zones', {}).items() -%} {% for key, args in salt['pillar.get']('bind:configured_zones', {}).items() -%}
{%- if salt['pillar.get']("bind:configured_zones:" + key + ":file") -%}
{%- set file = salt['pillar.get']("bind:configured_zones:" + key + ":file") %}
{% else %}
{%- set file = salt['pillar.get']("bind:available_zones:" + key + ":file") %} {%- set file = salt['pillar.get']("bind:available_zones:" + key + ":file") %}
{%- endif -%}
{%- if salt['pillar.get']("bind:configured_zones:" + key + ":masters") -%}
{%- set masters = salt['pillar.get']("bind:configured_zones:" + key + ":masters") %}
{% else %}
{%- set masters = salt['pillar.get']("bind:available_zones:" + key + ":masters") %} {%- set masters = salt['pillar.get']("bind:available_zones:" + key + ":masters") %}
{%- endif -%}
{{ zone(key, args, file, masters) }} {{ zone(key, args, file, masters) }}
{% endfor %} {% endfor %}
@ -94,6 +109,9 @@ match-clients {
}; };
{%- endfor %} {%- endfor %}
{%- if salt['pillar.get']('bind:config:use_extensive_logging', False) %}
include "{{ map.logging_config }}";
{% else %}
logging { logging {
channel "querylog" { channel "querylog" {
file "{{ map.log_dir }}/query.log"; file "{{ map.log_dir }}/query.log";
@ -101,6 +119,45 @@ logging {
}; };
category queries { querylog; }; category queries { querylog; };
}; };
{%- endif %}
{%- if salt['pillar.get']('bind:controls', False) %}
controls {
{%- for name, control in salt['pillar.get']('bind:controls').iteritems() if control.get('enabled', True) %}
inet {{ control.get('bind', {}).get('address', '127.0.0.1') }} port {{ control.get('bind', {}).get('port', 953) }}
{%- if control.get('allow') %}
allow {
{%- for allow in control.allow %}
{{ allow }};
{%- endfor %}
}
{%- endif %}
{%- if control.get('keys') %}
keys {
{%- for key in control.get('keys') %}
{{ key }};
{%- endfor %}
}
{%- endif %};
{%- endfor %}
};
{%- endif %}
{%- if salt['pillar.get']('bind:statistics', False) %}
statistics-channels {
{%- for name, channel in salt['pillar.get']('bind:statistics').iteritems() if channel.get('enabled', True) %}
inet {{ channel.get('bind', {}).get('address', '127.0.0.1') }} port {{ channel.get('bind', {}).get('port', 953) }}
{%- if channel.get('allow') %}
allow {
{%- for allow in channel.allow %}
{{ allow }};
{%- endfor %}
}
{%- endif %};
{%- endfor %}
};
{%- endif %}
{%- for name, data in salt['pillar.get']('bind:configured_acls', {}).items() %} {%- for name, data in salt['pillar.get']('bind:configured_acls', {}).items() %}
acl {{ name }} { acl {{ name }} {
@ -109,3 +166,11 @@ acl {{ name }} {
{%- endfor %} {%- endfor %}
}; };
{%- endfor %} {%- endfor %}
{%- for name, data in salt['pillar.get']('bind:configured_masters', {}).items() %}
masters {{ name }} {
{%- for d in data %}
{{ d }};
{%- endfor %}
};
{%- endfor %}

33
bind/files/debian/named.conf.logging Normal file
View file

@ -0,0 +1,33 @@
logging {
{% for channel in salt['pillar.get']('bind:config:use_extensive_logging:channel') %}
channel {{channel}} {
{%- if salt['pillar.get']('bind:config:use_extensive_logging:channel:'+channel+':file', False) %}
file "{{ map.log_dir }}/{{salt['pillar.get']('bind:config:use_extensive_logging:channel:'+channel+':file')}}" versions {{salt['pillar.get']('bind:config:use_extensive_logging:channel:'+channel+':versions', '3')}} size {{salt['pillar.get']('bind:config:use_extensive_logging:channel:'+channel+':size', '20m')}};
{%- endif %}
{%- if salt['pillar.get']('bind:config:use_extensive_logging:channel:'+channel+':print-time') %}
print-time yes;
{%- endif %}
{%- if salt['pillar.get']('bind:config:use_extensive_logging:channel:'+channel+':print-category') %}
print-category yes;
{%- endif %}
{%- if salt['pillar.get']('bind:config:use_extensive_logging:channel:'+channel+':print-severity') %}
print-severity yes;
{%- endif %}
{%- if salt['pillar.get']('bind:config:use_extensive_logging:channel:'+channel+':severity') %}
severity {{salt['pillar.get']('bind:config:use_extensive_logging:channel:'+channel+':severity')}};
{%- endif %}
{%- if salt['pillar.get']('bind:config:use_extensive_logging:channel:'+channel+':syslog') %}
syslog {{salt['pillar.get']('bind:config:use_extensive_logging:channel:'+channel+':syslog')}};
{%- endif %}
};
{% endfor %}
{%- for category in salt['pillar.get']('bind:config:use_extensive_logging:category') %}
category {{category}} { {{ salt['pillar.get']('bind:config:use_extensive_logging:category:'+category, []) | join('; ') }}; };
{%- endfor %}
};

4
bind/files/zone.jinja
View file

@ -11,9 +11,9 @@
{%- set zone_expiry = soa['expiry'] if soa['expiry'] is defined else '2w' %} {%- set zone_expiry = soa['expiry'] if soa['expiry'] is defined else '2w' %}
{%- set zone_nxdomain = soa['nxdomain'] if soa['nxdomain'] is defined else '1m' %} {%- set zone_nxdomain = soa['nxdomain'] if soa['nxdomain'] is defined else '1m' %}
{%- if soa['ttl'] is defined -%} {% if soa['ttl'] is defined %}
$TTL {{ soa['ttl'] }} $TTL {{ soa['ttl'] }}
{%- endif %} {% endif %}
@ {{ zone_class }} SOA {{ zone_ns }} {{ zone_contact }} ( @ {{ zone_class }} SOA {{ zone_ns }} {{ zone_contact }} (
{{ zone_serial }} ; serial {{ zone_serial }} ; serial
{{ zone_refresh }} ; refresh {{ zone_refresh }} ; refresh

7
bind/map.jinja
View file

@ -10,12 +10,17 @@
'options_config': '/etc/bind/named.conf.options', 'options_config': '/etc/bind/named.conf.options',
'default_config': '/etc/default/bind9', 'default_config': '/etc/default/bind9',
'default_zones_config': '/etc/bind/named.conf.default-zones', 'default_zones_config': '/etc/bind/named.conf.default-zones',
'logging_config': '/etc/bind/named.conf.logging',
'rndc_client_config': '/etc/bind/rndc.conf',
'named_directory': '/var/cache/bind/zones', 'named_directory': '/var/cache/bind/zones',
'log_dir': '/var/log/bind9', 'log_dir': '/var/log/bind9',
'log_mode': '644', 'log_mode': '644',
'user': 'bind', 'user': 'bind',
'group': 'bind', 'group': 'bind',
'mode': '644' 'mode': '644',
'options': {
'querylog': 'no'
}
}, },
'RedHat': { 'RedHat': {
'pkgs': ['bind'], 'pkgs': ['bind'],

167
pillar.example
View file

@ -32,19 +32,180 @@ bind:
dnssec-enable: 'yes' dnssec-enable: 'yes'
dnssec-validation: 'yes' dnssec-validation: 'yes'
# End RedHat defaults # End RedHat defaults
protocol: 4 # Force bind to serve only one IP protocol protocol: 4 # Force bind to serve only one IP protocol
# (ipv4: 4, ipv6: 6). Omitting this reverts to # (ipv4: 4, ipv6: 6). Omitting this reverts to
# binds default of both. # binds default of both.
# Debian and FreeBSD based systems # Debian and FreeBSD based systems
default_zones: True # If set to True, the default-zones configuration default_zones: True # If set to True, the default-zones configuration
# will be enabled. Defaults to False. # will be enabled. Defaults to False.
includes: # Include any additional configuration file(s) in includes: # Include any additional configuration file(s) in
- /some/additional/named.conf # named.conf - /some/additional/named.conf # named.conf
# End Debian based systems # Debian based systems optional configs
bind:
config:
options:
querylog: 'yes' # Enable query logs, by default is disabled in map.jinja (yes,no)
use_extensive_logging: # Enable extensive config for logging. Partial example. For proposed settings please refer to
channel: # https://kb.isc.org/article/AA-01526/0/BIND-Logging-some-basic-recommendations.html
default_log:
file: default
size: '200m' # size of a individual file (default 20m)
versions: '10' # how many files will be stored (default 3)
print-time: yes
print-category: yes
print-severity: yes
severity: info
queries_log:
file: queries
print-time: yes
print-category: yes
print-severity: yes
severity: info
query-errors_log:
file: query-errors
print-time: yes
print-category: yes
print-severity: yes
severity: dynamic
default_syslog:
print-time: yes
print-category: yes
print-severity: yes
syslog: daemon
severity: info
default_debug:
file: named.run
print-time: yes
print-category: yes
print-severity: yes
severity: info
category:
default:
- default_syslog
- default_debug
- default_log
config:
- default_syslog
- default_debug
- default_log
network:
- default_syslog
- default_debug
- default_log
general:
- default_syslog
- default_debug
- default_log
queries:
- queries_log
query-errors:
- query-errors_log
rndc_client: # Generate rndc.conf file it uses previously defined keys
options:
default:
server: localhost
port: 953
key: my_default_key
server:
'127.0.0.1':
key: dns_key
'localhost':
key: dns_key
'8.8.8.8':
key: my_default_key
controls: # If you define controls then you also should configure rndc_client
local:
enabled: true
bind:
address: 127.0.0.1
port: 953
allow:
- 127.0.0.1
keys:
- core_dhcp
myip4:
enabled: true
bind:
address: 10.161.161.168
port: 953
allow:
- 10.161.161.168
- my_net
keys:
- core_dhcp
statistics: # Enable statistics-channel
local:
enabled: true
bind:
address: 127.0.0.1
port: 8053
allow:
- 127.0.0.1
myip4:
enabled: true
bind:
address: 10.161.161.168
port: 8123
allow:
- 10.161.64.168
- my_net
configured_zones: # Debian based systems can have zones using only configured_zones
sub.domain.com: # This zone will be copied from zones_source_dir
file: sub.domain.com # You can optionally specify name of a file here.
type: master # Yo don't have define zone again in available_zones.
# This feature is backward compatibile and only available in debian
notify: False # if type master you need specify notify True/False
sub2.domain.com:
file: sub2.domain.com
type: master
notify: True
allow-query:
- any
allow-transfer:
- my_net
allow-update: 'none'
also-notify:
- 1.2.3.4
- 1.2.3.3
zone-statistics: yes # Enable detailed statistics for zone. You need enable statistics first
test.zone.com:
file: test.zone.com
type: slave
notify: False
masters:
- my_dns_masters # You can specify masters by using name
test.zone2.com: # Zone definied in default style of this formula
type: slave # You need specify all info inside available_zones
notify: False
configured_masters: # Configure master dns
my_dns_masters:
- 10.10.20.20
- 10.10.30.30
available_zones: # Configuration required in default style
test.zone2.com:
file: test.zone2.com # You are required specify file name here
masters: # As also masters if you have slave type zone
- 10.167.73.21
- 10.174.60.44
# End Debian based systems features
### Keys, Zones, ACLs and Views ### ### Keys, Zones, ACLs and Views ###