├── bind ├── utils.sls ├── init.sls ├── files │ ├── debian │ │ ├── logrotate_bind │ │ ├── default │ │ ├── named.conf.key │ │ ├── named.conf │ │ ├── named.conf.default-zones │ │ ├── named.conf.options │ │ └── named.conf.local │ ├── redhat │ │ ├── default │ │ ├── named.conf.local │ │ └── named.conf │ └── arch │ │ ├── named.conf.local │ │ └── named.conf ├── map.jinja └── config.sls ├── LICENSE ├── README.rst └── pillar.example /bind/utils.sls: -------------------------------------------------------------------------------- 1 | bind9-host: 2 | pkg.installed 3 | -------------------------------------------------------------------------------- /bind/init.sls: -------------------------------------------------------------------------------- 1 | {% from "bind/map.jinja" import map with context %} 2 | 3 | bind: 4 | pkg.installed: 5 | - pkgs: {{ map.pkgs|json }} 6 | service.running: 7 | - name: {{ map.service }} 8 | - enable: True 9 | - reload: True 10 | -------------------------------------------------------------------------------- /bind/files/debian/logrotate_bind: -------------------------------------------------------------------------------- 1 | {{ map.log_dir }}/query.log { 2 | rotate 7 3 | daily 4 | missingok 5 | notifempty 6 | sharedscripts 7 | copytruncate 8 | compress 9 | create 0664 bind root 10 | {% if not salt['pkg.version']('logrotate').startswith('3.7')-%} 11 | su 12 | {% endif %} 13 | } 14 | -------------------------------------------------------------------------------- /bind/files/redhat/default: -------------------------------------------------------------------------------- 1 | {% set protocol = salt['pillar.get']('bind:config:protocol', False) -%} 2 | {% set param = [] -%} 3 | {% if protocol -%} 4 | {{ param.append('-' + protocol|string) }} 5 | {% endif -%} 6 | # ROOTDIR="/var/named/chroot" 7 | # KEYTAB_FILE="/dir/file" 8 | # DISABLE_ZONE_CHECKING 9 | OPTIONS="{{ param|join(' ') }}" 10 | -------------------------------------------------------------------------------- /bind/files/debian/default: -------------------------------------------------------------------------------- 1 | {% set protocol = salt['pillar.get']('bind:config:protocol', False) -%} 2 | {% set param = ['-u bind'] -%} 3 | {% if protocol -%} 4 | {{ param.append('-' + protocol|string) }} 5 | {% endif -%} 6 | # run resolvconf? 7 | RESOLVCONF=no 8 | 9 | # startup options for the server 10 | # force ipv4 only 11 | OPTIONS="{{ param|join(' ') }}" 12 | 13 | -------------------------------------------------------------------------------- /bind/files/debian/named.conf.key: -------------------------------------------------------------------------------- 1 | # vim: sts=2 ts=2 sw=2 et ai 2 | // 3 | // Do any local configuration here 4 | // 5 | 6 | {% for key,args in salt['pillar.get']('bind:keys', {}).iteritems() -%} 7 | key "{{ key }}" { 8 | algorithm {{ args['algorithm'] | default('HMAC-MD5.SIG-ALG.REG.INT') }}; 9 | secret "{{ args['secret'] }}"; 10 | }; 11 | {% endfor %} 12 | 13 | -------------------------------------------------------------------------------- /bind/files/debian/named.conf: -------------------------------------------------------------------------------- 1 | // This is the primary configuration file for the BIND DNS server named. 2 | // 3 | // Please read /usr/share/doc/bind9/README.Debian.gz for information on the 4 | // structure of BIND configuration files in Debian, *BEFORE* you customize 5 | // this configuration file. 6 | // 7 | // If you are just adding zones, please do that in /etc/bind/named.conf.local 8 | 9 | include "{{ map.options_config }}"; 10 | include "{{ map.local_config }}"; 11 | {%- if salt['pillar.get']('bind:keys', {}) is defined %} 12 | include "{{ map.key_config }}"; 13 | {% endif %} 14 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Copyright (c) 2013-2015 Salt Stack Formulas 2 | 3 | Licensed under the Apache License, Version 2.0 (the "License"); 4 | you may not use this file except in compliance with the License. 5 | You may obtain a copy of the License at 6 | 7 | http://www.apache.org/licenses/LICENSE-2.0 8 | 9 | Unless required by applicable law or agreed to in writing, software 10 | distributed under the License is distributed on an "AS IS" BASIS, 11 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | See the License for the specific language governing permissions and 13 | limitations under the License. 14 | -------------------------------------------------------------------------------- /bind/files/debian/named.conf.default-zones: -------------------------------------------------------------------------------- 1 | // prime the server with knowledge of the root servers 2 | zone "." { 3 | type hint; 4 | file "/etc/bind/db.root"; 5 | }; 6 | 7 | // be authoritative for the localhost forward and reverse zones, and for 8 | // broadcast zones as per RFC 1912 9 | 10 | zone "localhost" { 11 | type master; 12 | file "/etc/bind/db.local"; 13 | }; 14 | 15 | zone "127.in-addr.arpa" { 16 | type master; 17 | file "/etc/bind/db.127"; 18 | }; 19 | 20 | zone "0.in-addr.arpa" { 21 | type master; 22 | file "/etc/bind/db.0"; 23 | }; 24 | 25 | zone "255.in-addr.arpa" { 26 | type master; 27 | file "/etc/bind/db.255"; 28 | }; 29 | -------------------------------------------------------------------------------- /bind/files/arch/named.conf.local: -------------------------------------------------------------------------------- 1 | // 2 | // Do any local configuration here 3 | // 4 | 5 | // Consider adding the 1918 zones here, if they are not used in your 6 | // organization 7 | //include "/etc/bind/zones.rfc1918"; 8 | 9 | {% for key,args in salt['pillar.get']('bind:configured_zones', {}).iteritems() -%} 10 | {%- set file = salt['pillar.get']("bind:available_zones:" + key + ":file") %} 11 | {%- set masters = salt['pillar.get']("bind:available_zones:" + key + ":masters") %} 12 | zone "{{ key }}" { 13 | type {{ args['type'] }}; 14 | file "{{ file }}"; 15 | {% if args['type'] == "master" -%} 16 | {% if args['notify'] -%} 17 | notify yes; 18 | {% else -%} 19 | notify no; 20 | {%- endif -%} 21 | {% else -%} 22 | notify no; 23 | masters { {{ masters }} }; 24 | {%- endif %} 25 | }; 26 | {% endfor %} 27 | 28 | -------------------------------------------------------------------------------- /bind/files/redhat/named.conf.local: -------------------------------------------------------------------------------- 1 | // 2 | // Do any local configuration here 3 | // 4 | 5 | // Consider adding the 1918 zones here, if they are not used in your 6 | // organization 7 | //include "/etc/bind/zones.rfc1918"; 8 | 9 | {% for key,args in salt['pillar.get']('bind:configured_zones', {}).iteritems() -%} 10 | {%- set file = salt['pillar.get']("bind:available_zones:" + key + ":file") %} 11 | {%- set masters = salt['pillar.get']("bind:available_zones:" + key + ":masters") %} 12 | zone "{{ key }}" { 13 | type {{ args['type'] }}; 14 | file "data/{{ file }}"; 15 | {% if args['type'] == "master" -%} 16 | {% if args['notify'] -%} 17 | notify yes; 18 | {% else -%} 19 | notify no; 20 | {%- endif -%} 21 | {% else -%} 22 | notify no; 23 | masters { {{ masters }} }; 24 | {%- endif %} 25 | }; 26 | {% endfor %} 27 | 28 | -------------------------------------------------------------------------------- /README.rst: -------------------------------------------------------------------------------- 1 | ==== 2 | bind 3 | ==== 4 | 5 | Formulas to set up and configure the bind DNS server. 6 | 7 | .. note:: 8 | 9 | See the full `Salt Formulas installation and usage instructions 10 | `_. 11 | 12 | Available states 13 | ================ 14 | 15 | .. contents:: 16 | :local: 17 | 18 | ``bind`` 19 | -------- 20 | 21 | Install the bind package and start the bind service. 22 | 23 | ``bind.config`` 24 | --------------- 25 | 26 | Manage the bind configuration file. 27 | 28 | Example Pillar 29 | ============== 30 | 31 | .. code:: yaml 32 | 33 | bind: 34 | configured_zones: 35 | sub.domain.com: 36 | type: master 37 | notify: False 38 | configured_views: 39 | myview1: 40 | match_clients: 41 | - client1 42 | - client2 43 | configured_zones: 44 | my.zone: 45 | type: master 46 | notify: False 47 | 48 | See *bind/pillar.example*. 49 | 50 | Notes 51 | ===== 52 | 53 | * When using views all zones must be configured in views! 54 | -------------------------------------------------------------------------------- /bind/files/debian/named.conf.options: -------------------------------------------------------------------------------- 1 | options { 2 | directory "/var/cache/bind"; 3 | 4 | // If there is a firewall between you and nameservers you want 5 | // to talk to, you may need to fix the firewall to allow multiple 6 | // ports to talk. See http://www.kb.cert.org/vuls/id/800113 7 | 8 | // If your ISP provided one or more IP addresses for stable 9 | // nameservers, you probably want to use them as forwarders. 10 | // Uncomment the following block, and insert the addresses replacing 11 | // the all-0's placeholder. 12 | 13 | // forwarders { 14 | // 0.0.0.0; 15 | // }; 16 | 17 | auth-nxdomain no; # conform to RFC1035 18 | 19 | {%- if salt['pillar.get']('bind:config:ipv6', False) %} 20 | listen-on-v6 { {{ salt['pillar.get']('bind:config:ipv6_listen', 'any') }}; }; 21 | {%- endif -%} 22 | 23 | {#- Allow inclusion of arbitrary statements #} 24 | {%- for statement, value in salt['pillar.get']('bind:config:options', {}).iteritems() -%} 25 | {%- if value is iterable and value is not string %} 26 | {{ statement }} { 27 | {%- for item in value %} 28 | {{ item }}; 29 | {%- endfor %} 30 | }; 31 | {%- else %} 32 | {{ statement }} {{ value }}; 33 | {%- endif %} 34 | {%- endfor %} 35 | }; 36 | -------------------------------------------------------------------------------- /pillar.example: -------------------------------------------------------------------------------- 1 | bind: 2 | lookup: 3 | pkgs: 4 | - bind 5 | service: named 6 | 7 | bind: 8 | config: 9 | tmpl: salt://bind/files/debian/named.conf 10 | user: root 11 | group: named 12 | mode: 640 13 | options: 14 | allow-recursion: '{ any; };' # Never include this on a public resolver 15 | 16 | # force bind to serve only one IP protocol (ipv4: 4, ipv6: 6). omitting this reverts to binds default of both. 17 | protocol: 4 18 | 19 | bind: 20 | keys: 21 | "core_dhcp": 22 | secret: "YourSecretKey" 23 | configured_zones: 24 | sub.domain.com: 25 | type: master 26 | notify: False 27 | 1.168.192.in-addr.arpa: 28 | type: master 29 | notify: False 30 | allow-transfer: 31 | - 1.1.1.1 32 | - 2.2.2.2 33 | dynamic.domain.com: 34 | type: master 35 | allow-update: "key core_dhcp" 36 | notify: True 37 | configured_views: 38 | myview1: 39 | match_clients: 40 | - client1 41 | - client2 42 | configured_zones: 43 | my.zone: 44 | type: master 45 | notify: False 46 | update_policy: 47 | - "grant core_dhcp name dns_entry_allowed_to_update. ANY" 48 | 49 | bind: 50 | available_zones: 51 | sub.domain.org: 52 | file: db.sub.domain.org 53 | masters: "192.168.0.1;" 54 | -------------------------------------------------------------------------------- /bind/files/redhat/named.conf: -------------------------------------------------------------------------------- 1 | // 2 | // named.conf 3 | // 4 | // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS 5 | // server as a caching only nameserver (as a localhost DNS resolver only). 6 | // 7 | // See /usr/share/doc/bind*/sample/ for example named configuration files. 8 | // 9 | 10 | options { 11 | //listen-on port 53 { 127.0.0.1; }; 12 | listen-on port 53 { any; }; 13 | listen-on-v6 port 53 { ::1; }; 14 | directory "/var/named"; 15 | dump-file "/var/named/data/cache_dump.db"; 16 | statistics-file "/var/named/data/named_stats.txt"; 17 | memstatistics-file "/var/named/data/named_mem_stats.txt"; 18 | allow-query { any; }; 19 | recursion yes; 20 | 21 | dnssec-enable yes; 22 | dnssec-validation yes; 23 | dnssec-lookaside auto; 24 | 25 | /* Path to ISC DLV key */ 26 | bindkeys-file "/etc/named.iscdlv.key"; 27 | 28 | managed-keys-directory "/var/named/dynamic"; 29 | }; 30 | 31 | logging { 32 | channel default_debug { 33 | file "data/named.run"; 34 | severity dynamic; 35 | }; 36 | }; 37 | 38 | zone "." IN { 39 | type hint; 40 | file "named.ca"; 41 | }; 42 | 43 | include "/etc/named.rfc1912.zones"; 44 | include "{{ map.local_config }}"; 45 | include "/etc/named.root.key"; 46 | -------------------------------------------------------------------------------- /bind/map.jinja: -------------------------------------------------------------------------------- 1 | {% set map = salt['grains.filter_by']({ 2 | 'Debian': { 3 | 'pkgs': ['bind9', 'bind9utils', 'dnssec-tools'], 4 | 'service': 'bind9', 5 | 'config_source_dir': 'bind/files/debian', 6 | 'zones_source_dir': 'dns/zones', 7 | 'config': '/etc/bind/named.conf', 8 | 'local_config': '/etc/bind/named.conf.local', 9 | 'key_config': '/etc/bind/named.conf.key', 10 | 'options_config': '/etc/bind/named.conf.options', 11 | 'default_config': '/etc/default/bind9', 12 | 'default_zones_config': '/etc/bind/named.conf.default-zones', 13 | 'named_directory': '/var/cache/bind/zones', 14 | 'log_dir': '/var/log/bind9', 15 | 'user': 'root', 16 | 'group': 'bind', 17 | 'mode': '644' 18 | }, 19 | 'RedHat': { 20 | 'pkgs': ['bind'], 21 | 'service': 'named', 22 | 'config_source_dir': 'bind/files/redhat', 23 | 'zones_source_dir': '/srv/salt/zones', 24 | 'config': '/etc/named.conf', 25 | 'local_config': '/etc/named.conf.local', 26 | 'default_config': '/etc/sysconfig/named', 27 | 'named_directory': '/var/named/data', 28 | 'log_dir': '/var/log/named', 29 | 'user': 'root', 30 | 'group': 'named', 31 | 'mode': '640' 32 | }, 33 | 'Arch': { 34 | 'pkgs': ['bind', 'bind-tools', 'dnssec-tools'], 35 | 'service': 'named', 36 | 'config_source_dir': 'bind/files/arch', 37 | 'zones_source_dir': 'zones', 38 | 'config': '/etc/named.conf', 39 | 'local_config': '/etc/named.conf.local', 40 | 'named_directory': '/var/named', 41 | 'log_dir': '/var/log/named', 42 | 'user': 'root', 43 | 'group': 'named', 44 | 'mode': '640' 45 | }, 46 | }, merge=salt['grains.filter_by']({ 47 | 'Ubuntu': { 48 | 'log_dir': '/var/log/named', 49 | 'user': 'bind' 50 | }, 51 | }, grain='os', merge=salt['pillar.get']('bind:lookup'))) %} 52 | -------------------------------------------------------------------------------- /bind/files/arch/named.conf: -------------------------------------------------------------------------------- 1 | // vim:set ts=4 sw=4 et: 2 | 3 | options { 4 | directory "/var/named"; 5 | pid-file "/run/named/named.pid"; 6 | 7 | // Uncomment these to enable IPv6 connections support 8 | // IPv4 will still work: 9 | // listen-on-v6 { any; }; 10 | // Add this for no IPv4: 11 | // listen-on { none; }; 12 | 13 | {#- Allow inclusion of arbitrary statements #} 14 | {%- for statement, value in salt['pillar.get']('bind:config:options', {}).iteritems() -%} 15 | {%- if value is iterable and value is not string %} 16 | {{ statement }} { 17 | {%- for item in value %} 18 | {{ item }}; 19 | {%- endfor %} 20 | }; 21 | {%- else %} 22 | {{ statement }} {{ value }}; 23 | {%- endif %} 24 | {%- endfor %} 25 | }; 26 | 27 | zone "localhost" IN { 28 | type master; 29 | file "localhost.zone"; 30 | }; 31 | 32 | zone "0.0.127.in-addr.arpa" IN { 33 | type master; 34 | file "127.0.0.zone"; 35 | }; 36 | 37 | zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" { 38 | type master; 39 | file "localhost.ip6.zone"; 40 | }; 41 | 42 | zone "255.in-addr.arpa" IN { 43 | type master; 44 | file "empty.zone"; 45 | }; 46 | 47 | zone "0.in-addr.arpa" IN { 48 | type master; 49 | file "empty.zone"; 50 | }; 51 | 52 | zone "." IN { 53 | type hint; 54 | file "root.hint"; 55 | }; 56 | 57 | //zone "example.org" IN { 58 | // type slave; 59 | // file "example.zone"; 60 | // masters { 61 | // 192.168.1.100; 62 | // }; 63 | // allow-query { any; }; 64 | // allow-transfer { any; }; 65 | //}; 66 | 67 | //logging { 68 | // channel xfer-log { 69 | // file "/var/log/named.log"; 70 | // print-category yes; 71 | // print-severity yes; 72 | // severity info; 73 | // }; 74 | // category xfer-in { xfer-log; }; 75 | // category xfer-out { xfer-log; }; 76 | // category notify { xfer-log; }; 77 | //}; 78 | 79 | include "{{ map.local_config }}"; 80 | -------------------------------------------------------------------------------- /bind/files/debian/named.conf.local: -------------------------------------------------------------------------------- 1 | # vim: sts=2 ts=2 sw=2 et ai 2 | // 3 | // Do any local configuration here 4 | // 5 | 6 | // Consider adding the 1918 zones here, if they are not used in your 7 | // organization 8 | //include "/etc/bind/zones.rfc1918"; 9 | 10 | {%- macro zone(key, args, file, masters) %} 11 | zone "{{ key }}" { 12 | type {{ args['type'] }}; 13 | {% if args['dnssec'] is defined and args['dnssec'] -%} 14 | file "zones/{{ file }}.signed"; 15 | {% else -%} 16 | file "zones/{{ file }}"; 17 | {%- endif %} 18 | {% if args['allow-update'] is defined -%} 19 | allow-update { {{args['allow-update']}}; }; 20 | {%- endif %} 21 | {%- if args.update_policy is defined %} 22 | update-policy { 23 | {%- for policy in args.update_policy %} 24 | {{ policy }}; 25 | {%- endfor %} 26 | }; 27 | {%- endif %} 28 | allow-transfer { 29 | {% for remote in args.get('allow-transfer', {}) %} 30 | {{ remote }}; 31 | {% endfor %} 32 | }; 33 | {% if args['type'] == "master" -%} 34 | {% if args['notify'] -%} 35 | notify yes; 36 | {% else -%} 37 | notify no; 38 | {%- endif -%} 39 | {% else -%} 40 | notify no; 41 | masters { {{ masters }} }; 42 | {%- endif %} 43 | }; 44 | {%- endmacro %} 45 | 46 | {%- if salt['pillar.get']('bind:configured_views', {}) is not defined %} 47 | include "{{ map.default_zones_config }}"; 48 | {%- endif %} 49 | 50 | {% for key, args in salt['pillar.get']('bind:configured_zones', {}).iteritems() -%} 51 | {%- set file = salt['pillar.get']("bind:available_zones:" + key + ":file") %} 52 | {%- set masters = salt['pillar.get']("bind:available_zones:" + key + ":masters") %} 53 | {{ zone(key, args, file, masters) }} 54 | {% endfor %} 55 | 56 | {% for view, view_data in salt['pillar.get']('bind:configured_views', {}).iteritems() %} 57 | 58 | view {{ view }} { 59 | {%- if view == 'default' %} 60 | include "{{ map.default_zones_config }}"; 61 | {%- endif %} 62 | 63 | match-clients { 64 | {%- for acl in view_data.get('match_clients', {}) %} 65 | {{ acl }}; 66 | {%- endfor %} 67 | }; 68 | 69 | {% for key, args in view_data.get('configured_zones', {}).iteritems() -%} 70 | {%- set file = salt['pillar.get']("bind:available_zones:" + key + ":file") %} 71 | {%- set masters = salt['pillar.get']("bind:available_zones:" + key + ":masters") %} 72 | {{ zone(key, args, file, masters) }} 73 | {%- endfor %} 74 | }; 75 | {%- endfor %} 76 | 77 | logging { 78 | channel "querylog" { 79 | file "{{ map.log_dir }}/query.log"; 80 | print-time yes; 81 | }; 82 | category queries { querylog; }; 83 | }; 84 | -------------------------------------------------------------------------------- /bind/config.sls: -------------------------------------------------------------------------------- 1 | {% from "bind/map.jinja" import map with context %} 2 | 3 | include: 4 | - bind 5 | 6 | {{ map.log_dir }}: 7 | file.directory: 8 | - user: root 9 | - group: {{ salt['pillar.get']('bind:config:group', map.group) }} 10 | - mode: 775 11 | - require: 12 | - pkg: bind 13 | 14 | bind_restart: 15 | service.running: 16 | - name: {{ map.service }} 17 | - reload: False 18 | - watch: 19 | - file: {{ map.log_dir }}/query.log 20 | 21 | {{ map.log_dir }}/query.log: 22 | file.managed: 23 | - user: {{ salt['pillar.get']('bind:config:user', map.user) }} 24 | - group: {{ salt['pillar.get']('bind:config:group', map.group) }} 25 | - mode: 644 26 | - require: 27 | - file: {{ map.log_dir }} 28 | 29 | named_directory: 30 | file.directory: 31 | - name: {{ map.named_directory }} 32 | - user: {{ salt['pillar.get']('bind:config:user', map.user) }} 33 | - group: {{ salt['pillar.get']('bind:config:group', map.group) }} 34 | - mode: 775 35 | - makedirs: True 36 | - require: 37 | - pkg: bind 38 | 39 | bind_config: 40 | file.managed: 41 | - name: {{ map.config }} 42 | - source: 'salt://{{ map.config_source_dir }}/named.conf' 43 | - template: jinja 44 | - user: {{ salt['pillar.get']('bind:config:user', map.user) }} 45 | - group: {{ salt['pillar.get']('bind:config:group', map.group) }} 46 | - mode: {{ salt['pillar.get']('bind:config:mode', map.mode) }} 47 | - context: 48 | map: {{ map }} 49 | - require: 50 | - pkg: bind 51 | - watch_in: 52 | - service: bind 53 | 54 | bind_local_config: 55 | file.managed: 56 | - name: {{ map.local_config }} 57 | - source: 'salt://{{ map.config_source_dir }}/named.conf.local' 58 | - template: jinja 59 | - user: {{ salt['pillar.get']('bind:config:user', map.user) }} 60 | - group: {{ salt['pillar.get']('bind:config:group', map.group) }} 61 | - mode: {{ salt['pillar.get']('bind:config:mode', '644') }} 62 | - context: 63 | map: {{ map }} 64 | - require: 65 | - pkg: bind 66 | - file: {{ map.log_dir }}/query.log 67 | - watch_in: 68 | - service: bind 69 | 70 | {% if grains['os_family'] != 'Arch' %} 71 | bind_default_config: 72 | file.managed: 73 | - name: {{ map.default_config }} 74 | - source: salt://{{ map.config_source_dir }}/default 75 | - template: jinja 76 | - user: root 77 | - group: root 78 | - mode: 644 79 | - watch_in: 80 | - service: bind_restart 81 | {% endif %} 82 | 83 | {% if grains['os_family'] == 'Debian' %} 84 | bind_key_config: 85 | file.managed: 86 | - name: {{ map.key_config }} 87 | - source: 'salt://{{ map.config_source_dir }}/named.conf.key' 88 | - template: jinja 89 | - user: {{ salt['pillar.get']('bind:config:user', map.user) }} 90 | - group: {{ salt['pillar.get']('bind:config:group', map.group) }} 91 | - mode: {{ salt['pillar.get']('bind:config:mode', '644') }} 92 | - require: 93 | - pkg: bind 94 | - watch_in: 95 | - service: bind 96 | 97 | bind_options_config: 98 | file.managed: 99 | - name: {{ map.options_config }} 100 | - source: 'salt://{{ map.config_source_dir }}/named.conf.options' 101 | - template: jinja 102 | - user: {{ salt['pillar.get']('bind:config:user', map.user) }} 103 | - group: {{ salt['pillar.get']('bind:config:group', map.group) }} 104 | - mode: {{ salt['pillar.get']('bind:config:mode', '644') }} 105 | - require: 106 | - pkg: bind 107 | - watch_in: 108 | - service: bind 109 | 110 | bind_default_zones: 111 | file.managed: 112 | - name: {{ map.default_zones_config }} 113 | - source: 'salt://{{ map.config_source_dir }}/named.conf.default-zones' 114 | - template: jinja 115 | - user: {{ salt['pillar.get']('bind:config:user', map.user) }} 116 | - group: {{ salt['pillar.get']('bind:config:group', map.group) }} 117 | - mode: {{ salt['pillar.get']('bind:config:mode', '644') }} 118 | - require: 119 | - pkg: bind 120 | - watch_in: 121 | - service: bind 122 | 123 | /etc/logrotate.d/{{ map.service }}: 124 | file.managed: 125 | - source: salt://{{ map.config_source_dir }}/logrotate_bind 126 | - template: jinja 127 | - user: root 128 | - group: root 129 | - context: 130 | map: {{ map }} 131 | {% endif %} 132 | 133 | {% for zone, zone_data in salt['pillar.get']('bind:configured_zones', {}).iteritems() -%} 134 | {%- set file = salt['pillar.get']("bind:available_zones:" + zone + ":file") %} 135 | {% if file and zone_data['type'] == "master" -%} 136 | zones-{{ zone }}: 137 | file.managed: 138 | - name: {{ map.named_directory }}/{{ file }} 139 | - source: 'salt://{{ map.zones_source_dir }}/{{ file }}' 140 | - template: jinja 141 | - user: {{ salt['pillar.get']('bind:config:user', map.user) }} 142 | - group: {{ salt['pillar.get']('bind:config:group', map.group) }} 143 | - mode: {{ salt['pillar.get']('bind:config:mode', '644') }} 144 | - watch_in: 145 | - service: bind 146 | - require: 147 | - file: named_directory 148 | 149 | {% if zone_data['dnssec'] is defined and zone_data['dnssec'] -%} 150 | signed-{{ zone }}: 151 | cmd.run: 152 | - cwd: {{ map.named_directory }} 153 | - name: zonesigner -zone {{ zone }} {{ file }} 154 | - prereq: 155 | - file: zones-{{ zone }} 156 | {% endif %} 157 | 158 | {% endif %} 159 | {% endfor %} 160 | 161 | {%- for view, view_data in salt['pillar.get']('bind:configured_views', {}).iteritems() %} 162 | {% for zone, zone_data in view_data.get('configured_zones', {}).iteritems() -%} 163 | {%- set file = salt['pillar.get']("bind:available_zones:" + zone + ":file") %} 164 | {% if file and zone_data['type'] == "master" -%} 165 | zones-{{ view }}-{{ zone }}: 166 | file.managed: 167 | - name: {{ map.named_directory }}/{{ file }} 168 | - source: 'salt://{{ map.zones_source_dir }}/{{ file }}' 169 | - template: jinja 170 | - user: {{ salt['pillar.get']('bind:config:user', map.user) }} 171 | - group: {{ salt['pillar.get']('bind:config:group', map.group) }} 172 | - mode: {{ salt['pillar.get']('bind:config:mode', '644') }} 173 | - watch_in: 174 | - service: bind 175 | - require: 176 | - file: named_directory 177 | 178 | {% if zone_data['dnssec'] is defined and zone_data['dnssec'] -%} 179 | signed-{{ view }}-{{ zone }}: 180 | cmd.run: 181 | - cwd: {{ map.named_directory }} 182 | - name: zonesigner -zone {{ zone }} {{ file }} 183 | - prereq: 184 | - file: zones-{{ view }}-{{ zone }} 185 | {% endif %} 186 | 187 | {% endif %} 188 | {% endfor %} 189 | {% endfor %} 190 | --------------------------------------------------------------------------------