From: Frank Brehm Date: Sun, 13 Mar 2016 12:10:23 +0000 (+0100) Subject: Adding states for dynamic zones X-Git-Url: https://git.uhu-banane.net/?a=commitdiff_plain;h=63de6165882c9d4611691e72719fc4140ddb0675;p=salt%2Fstates.git Adding states for dynamic zones --- diff --git a/bind/conf.sls b/bind/conf.sls index 1a2722a..74291cc 100644 --- a/bind/conf.sls +++ b/bind/conf.sls @@ -1,6 +1,7 @@ {%- set etc_dir = salt['pillar.get']('bind:etc-dir', '/etc/bind') -%} {%- set home_dir = salt['pillar.get']('bind:home-dir', '/var/cache/bind') -%} {%- set my_zones = salt['pillar.get']('bind:my-zones', {}) -%} +{%- set dyn_zones = salt['pillar.get']('bind:dyn-zones', {}) -%} bind-conf_acl: file.managed: @@ -78,11 +79,15 @@ bind-conf_local: {% for zone in my_zones %} {%- set masters = my_zones[zone]['master'] -%} +{%- set filename = my_zones[zone].get('filename', False) -%} +{%- if not filename -%} + {%- set filename = zone + ".zone" -%} +{%- endif -%} {%- if grains['fqdn'] in masters %} bind-zone_{{ zone }}: file.managed: - - name: {{ etc_dir }}/zones/{{ zone }}.zone - - source: salt://bind/zones/{{ zone }}.zone + - name: {{ etc_dir }}/zones/{{ filename }} + - source: salt://bind/zones/{{ filename }} - user: root - group: root - mode: 644 @@ -135,6 +140,63 @@ bind-conf_sec: - watch_in: - service: bind +{% for zone in dyn_zones %} +{%- set masters = dyn_zones[zone]['master'] -%} +{%- set filename = dyn_zones[zone].get('filename', False) -%} +{%- if not filename -%} + {%- set filename = zone + ".zone" -%} +{%- endif -%} +{%- if grains['fqdn'] in masters %} +bind-def-dyn-zone_{{ zone }}: + file.managed: + - name: {{ etc_dir }}/dyn/{{ filename }}.default + - source: salt://bind/zones/{{ filename }} + - user: root + - group: root + - mode: 644 + - template: jinja + - backup: minion + - require: + - pkg: bind + - file: bind-etc-dir + - file: bind-dyn-zones-dir + +bind-dyn-zone_{{ zone }}: + cmd.run: + - name: cp {{ etc_dir }}/dyn/{{ filename }}.default {{ etc_dir }}/dyn/{{ filename }} + - unless: + - test -f {{ etc_dir }}/dyn/{{ filename }} + - require: + - pkg: bind + - file: bind-etc-dir + - file: bind-dyn-zones-dir + - file: bind-def-dyn-zone_{{ zone }} + +{%- endif %} +{% endfor %} + +bind-conf_dyn: + file.managed: + - name: {{ etc_dir }}/named-dyn.conf + - source: salt://bind/files/named-dyn.conf + - user: root + - group: root + - mode: 644 + - template: jinja + - backup: minion + - require: + - pkg: bind + - file: bind-etc-dir + - file: bind-zones-dir +{%- for zone in dyn_zones %} +{%- set masters = dyn_zones[zone]['master'] -%} +{%- if grains['fqdn'] in masters %} +# - file: bind-dyn-zone_{{ zone }} +{%- endif -%} +{%- endfor %} + - watch_in: + - service: bind + bind-conf: file.managed: - name: {{ etc_dir }}/named.conf diff --git a/bind/dirs.sls b/bind/dirs.sls index d71825b..4f58d8f 100644 --- a/bind/dirs.sls +++ b/bind/dirs.sls @@ -31,6 +31,16 @@ bind-default-zones-dir: - pkg: bind - file: bind-etc-dir +bind-dyn-zones-dir: + file.directory: + - name: {{ etc_dir }}/dyn + - user: bind + - group: bind + - dir_mode: 770 + - require: + - pkg: bind + - file: bind-etc-dir + bind-home-dir: file.directory: - name: {{ home_dir }} diff --git a/bind/files/named-dyn.conf b/bind/files/named-dyn.conf new file mode 100644 index 0000000..2b24aae --- /dev/null +++ b/bind/files/named-dyn.conf @@ -0,0 +1,53 @@ +{%- set etc_dir = salt['pillar.get']('bind:etc-dir', '/etc/bind') -%} +{%- set bind_role = salt['pillar.get']('bind:role', 'secondary') -%} +{%- set dyn_zones = salt['pillar.get']('bind:dyn-zones', {}) -%} +{%- set ips = grains['ipv4'] + grains['ipv6'] -%} +//############################################################### +//# Bind9-Konfigurationsdatei - Dynamische Zonen +//# {{ etc_dir }}/named-dyn.conf +//# +//# Host {{ grains['fqdn'] }} +//# +//############################################################### + +{% for zone in dyn_zones %} +{%- set masters = dyn_zones[zone]['master'] -%} +{%- set slaves = dyn_zones[zone]['slaves'] -%} +{%- set filename = dyn_zones[zone].get('filename', False) -%} +{%- if not filename -%} + {%- set filename = zone + ".zone" -%} +{%- endif -%} +{%- if grains['fqdn'] in masters|sort %} +zone "{{ zone }}" { + type master; + file "{{ etc_dir }}/dyn/{{ filename }}"; + allow-update { + allow-dyn-update; + key dyn-dns-updater; + }; + allow-transfer { + common-allow-transfer; + }; + also-notify { + {%- for slave in slaves|sort %}{% set ip = slaves[slave] %} + {{ ip }}; + {%- endfor %} + }; +}; +{%- elif grains['fqdn'] in slaves %} +zone "{{ zone }}" { + type slave; + file "{{ filename }}"; + masters { + {%- for master in masters %}{% set ip = masters[master] %} + {{ ip }}; + {%- endfor %} + }; + allow-transfer { + common-allow-transfer; + }; +}; +{%- endif %} +{% endfor %} + +# vim: ts=4 filetype=named noai diff --git a/bind/files/named-pri.conf b/bind/files/named-pri.conf index 8786f69..b5c218b 100644 --- a/bind/files/named-pri.conf +++ b/bind/files/named-pri.conf @@ -31,7 +31,7 @@ zone "{{ zone }}" { also-notify { {%- for slave in slaves|sort %}{% set ip = slaves[slave] %} {{ ip }}; - {%- endfor -%} + {%- endfor %} }; }; {%- endif -%} diff --git a/bind/files/named-pri1.conf b/bind/files/named-pri1.conf deleted file mode 100644 index 47222c7..0000000 --- a/bind/files/named-pri1.conf +++ /dev/null @@ -1,37 +0,0 @@ -{%- set etc_dir = salt['pillar.get']('bind:etc-dir', '/etc/bind') -%} -{%- set bind_role = salt['pillar.get']('bind:role', 'secondary') -%} -{%- set is_master = False -%} -{%- if bind_role|lower == 'primary' -%} - {%- set is_master = True -%} -{%- endif -%} -{%- set my_zones = salt['pillar.get']('bind:my-zones', {}) -%} -//############################################################### -//# Bind9-Konfigurationsdatei - Primäre Zonen -//# {{ etc_dir }}/named-pri.conf -//# -//# Host {{ grains['fqdn'] }} -//# -//############################################################### - -//############################################################### -//# Master-Zonen (Primary) -{%- for zone in my_zones %} -{%- if grains('fqdn') in my_zones.zone.slaves %} -zone "{{ zone }}" { - type master; - file "{{ etc_dir }}/zones/{{ zone }}.zone"; - allow-update { none; }; - allow-transfer { - common-allow-transfer; - }; - also-notify { - also-notify-uhu-banane; - }; -}; - -{% endif %} -{% endfor %} - -// Keine! - -# vim: ts=4 filetype=named noai diff --git a/bind/files/named-sec.conf b/bind/files/named-sec.conf index 049bd91..a9ef532 100644 --- a/bind/files/named-sec.conf +++ b/bind/files/named-sec.conf @@ -27,7 +27,7 @@ zone "{{ zone }}" { masters { {%- for master in masters %}{% set ip = masters[master] %} {{ ip }}; - {%- endfor -%} + {%- endfor %} }; allow-transfer { common-allow-transfer;