From 2d45a83f1be61098725cdecced14c10cd431c3ca Mon Sep 17 00:00:00 2001 From: Frank Brehm Date: Wed, 9 Mar 2016 16:25:51 +0100 Subject: [PATCH] Reorganizing the states for bind --- .gitignore | 1 + bind/conf.sls | 12 ++-- bind/default_zones.sls | 100 ++++++++++++++++++++++------ bind/dirs.sls | 21 ++++-- bind/files/db.0 | 12 ++++ bind/files/db.127 | 13 ++++ bind/files/db.255 | 12 ++++ bind/files/db.empty | 14 ++++ bind/files/db.local | 14 ++++ bind/files/db.root | 88 ++++++++++++++++++++++++ bind/files/named.conf.default-zones | 39 +++++++++++ bind/files/zones.rfc1918 | 39 +++++------ bind/user.sls | 3 +- 13 files changed, 318 insertions(+), 50 deletions(-) create mode 100644 bind/files/db.0 create mode 100644 bind/files/db.127 create mode 100644 bind/files/db.255 create mode 100644 bind/files/db.empty create mode 100644 bind/files/db.local create mode 100644 bind/files/db.root create mode 100644 bind/files/named.conf.default-zones diff --git a/.gitignore b/.gitignore index 4710d26..8a6bd7a 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ *.pyc .idea/* +/postfix/files/main-all.cf diff --git a/bind/conf.sls b/bind/conf.sls index 694c1d6..8fa5dab 100644 --- a/bind/conf.sls +++ b/bind/conf.sls @@ -1,6 +1,8 @@ +{%- set etc_dir = salt['pillar.get']('bind:etc-dir', '/etc/bind') -%} -/etc/bind/named-acl.conf: +bind-conf_acl: file.managed: + - name: {{ etc_dir }}/named-acl.conf - source: salt://bind/files/named-acl.conf - user: root - group: root @@ -8,10 +10,11 @@ - template: jinja - backup: minion - require: - - file: /etc/bind + - file: bind-etc-dir -/etc/bind/named-log.conf: +bind-conf_log: file.managed: + - name: {{ etc_dir }}/named-log.conf - source: salt://bind/files/named-log.conf - user: root - group: root @@ -19,9 +22,8 @@ - template: jinja - backup: minion - require: - - file: /etc/bind + - file: bind-etc-dir - file: /var/log/bind - # vim: filetype=sls diff --git a/bind/default_zones.sls b/bind/default_zones.sls index 0b77205..b177a8a 100644 --- a/bind/default_zones.sls +++ b/bind/default_zones.sls @@ -1,36 +1,94 @@ +{%- set def_zones_dir = salt['pillar.get']('bind:default-zones-dir', '/etc/bind') -%} +{%- set etc_dir = salt['pillar.get']('bind:etc-dir', '/etc/bind') -%} -/etc/bind/db.0: - file.exists: +zone-db.0: + file.managed: + - name: {{ def_zones_dir }}/db.0 + - source: salt://bind/files/db.0 + - user: root + - group: root + - mode: 644 + - backup: minion - require: - - file: /etc/bind + - file: bind-default-zones-dir -/etc/bind/db.127: - file.exists: +zone-db.127: + file.managed: + - name: {{ def_zones_dir }}/db.127 + - source: salt://bind/files/db.127 + - user: root + - group: root + - mode: 644 + - backup: minion - require: - - file: /etc/bind + - file: bind-default-zones-dir -/etc/bind/db.255: - file.exists: +zone-db.255: + file.managed: + - name: {{ def_zones_dir }}/db.255 + - source: salt://bind/files/db.255 + - user: root + - group: root + - mode: 644 + - backup: minion + - require: + - file: bind-default-zones-dir + +zone-db.empty: + file.managed: + - name: {{ def_zones_dir }}/db.empty + - source: salt://bind/files/db.empty + - user: root + - group: root + - mode: 644 + - backup: minion - require: - - file: /etc/bind + - file: bind-default-zones-dir -/etc/bind/db.empty: - file.exists: +zone-db.local: + file.managed: + - name: {{ def_zones_dir }}/db.local + - source: salt://bind/files/db.local + - user: root + - group: root + - mode: 644 + - backup: minion - require: - - file: /etc/bind + - file: bind-default-zones-dir -/etc/bind/db.local: - file.exists: +zone-db.root: + file.managed: + - name: {{ def_zones_dir }}/db.root + - source: salt://bind/files/db.root + - user: root + - group: root + - mode: 644 + - backup: minion - require: - - file: /etc/bind + - file: bind-default-zones-dir -/etc/bind/db.root: - file.exists: +bind-conf_default-zones: + file.managed: + - name: {{ etc_dir }}/named.conf.default-zones + - source: salt://bind/files/named.conf.default-zones + - user: root + - group: root + - mode: 644 + - template: jinja + - backup: minion - require: - - file: /etc/bind + - file: bind-etc-dir + - file: bind-default-zones-dir + - file: zone-db.0 + - file: zone-db.127 + - file: zone-db.255 + - file: zone-db.empty + - file: zone-db.local + - file: zone-db.root -/etc/bind/zones.rfc1918: +bind-conf_zones.rfc1918: file.managed: + - name: {{ etc_dir }}/zones.rfc1918 - source: salt://bind/files/zones.rfc1918 - user: root - group: root @@ -38,6 +96,6 @@ - template: jinja - backup: minion - require: - - file: /etc/bind - - file: /etc/bind/db.empty + - file: bind-etc-dir + - file: zone-db.empty diff --git a/bind/dirs.sls b/bind/dirs.sls index bab58c8..6448caa 100644 --- a/bind/dirs.sls +++ b/bind/dirs.sls @@ -1,6 +1,10 @@ +{%- set home_dir = salt['pillar.get']('bind:home-dir', '/var/cache/bind') -%} +{%- set etc_dir = salt['pillar.get']('bind:etc-dir', '/etc/bind') -%} +{%- set def_zones_dir = salt['pillar.get']('bind:default-zones-dir', '/etc/bind') -%} -/etc/bind: +bind-etc-dir: file.directory: + - name: {{ etc_dir }} - user: root - group: bind - dir_mode: 2755 @@ -8,16 +12,25 @@ - require: - group: bind-group -/etc/bind/zones: +bind-zones-dir: file.directory: + - name: {{ etc_dir }}/zones - user: root - group: bind - dir_mode: 755 - require: - - file: /etc/bind + - file: bind-etc-dir -/var/cache/bind: +bind-default-zones-dir: file.directory: + - name: {{ def_zones_dir }} + - makedirs: True + - require: + - file: bind-etc-dir + +bind-home-dir: + file.directory: + - name: {{ home_dir }} - user: root - group: bind - dir_mode: 775 diff --git a/bind/files/db.0 b/bind/files/db.0 new file mode 100644 index 0000000..e3aabdb --- /dev/null +++ b/bind/files/db.0 @@ -0,0 +1,12 @@ +; +; BIND reverse data file for broadcast zone +; +$TTL 604800 +@ IN SOA localhost. root.localhost. ( + 1 ; Serial + 604800 ; Refresh + 86400 ; Retry + 2419200 ; Expire + 604800 ) ; Negative Cache TTL +; +@ IN NS localhost. diff --git a/bind/files/db.127 b/bind/files/db.127 new file mode 100644 index 0000000..cd05bef --- /dev/null +++ b/bind/files/db.127 @@ -0,0 +1,13 @@ +; +; BIND reverse data file for local loopback interface +; +$TTL 604800 +@ IN SOA localhost. root.localhost. ( + 1 ; Serial + 604800 ; Refresh + 86400 ; Retry + 2419200 ; Expire + 604800 ) ; Negative Cache TTL +; +@ IN NS localhost. +1.0.0 IN PTR localhost. diff --git a/bind/files/db.255 b/bind/files/db.255 new file mode 100644 index 0000000..e3aabdb --- /dev/null +++ b/bind/files/db.255 @@ -0,0 +1,12 @@ +; +; BIND reverse data file for broadcast zone +; +$TTL 604800 +@ IN SOA localhost. root.localhost. ( + 1 ; Serial + 604800 ; Refresh + 86400 ; Retry + 2419200 ; Expire + 604800 ) ; Negative Cache TTL +; +@ IN NS localhost. diff --git a/bind/files/db.empty b/bind/files/db.empty new file mode 100644 index 0000000..8a12858 --- /dev/null +++ b/bind/files/db.empty @@ -0,0 +1,14 @@ +; BIND reverse data file for empty rfc1918 zone +; +; DO NOT EDIT THIS FILE - it is used for multiple zones. +; Instead, copy it, edit named.conf, and use that copy. +; +$TTL 86400 +@ IN SOA localhost. root.localhost. ( + 1 ; Serial + 604800 ; Refresh + 86400 ; Retry + 2419200 ; Expire + 86400 ) ; Negative Cache TTL +; +@ IN NS localhost. diff --git a/bind/files/db.local b/bind/files/db.local new file mode 100644 index 0000000..2f272d4 --- /dev/null +++ b/bind/files/db.local @@ -0,0 +1,14 @@ +; +; BIND data file for local loopback interface +; +$TTL 604800 +@ IN SOA localhost. root.localhost. ( + 2 ; Serial + 604800 ; Refresh + 86400 ; Retry + 2419200 ; Expire + 604800 ) ; Negative Cache TTL +; +@ IN NS localhost. +@ IN A 127.0.0.1 +@ IN AAAA ::1 diff --git a/bind/files/db.root b/bind/files/db.root new file mode 100644 index 0000000..6c19741 --- /dev/null +++ b/bind/files/db.root @@ -0,0 +1,88 @@ +; This file holds the information on root name servers needed to +; initialize cache of Internet domain name servers +; (e.g. reference this file in the "cache . " +; configuration file of BIND domain name servers). +; +; This file is made available by InterNIC +; under anonymous FTP as +; file /domain/named.cache +; on server FTP.INTERNIC.NET +; -OR- RS.INTERNIC.NET +; +; last update: Jan 3, 2013 +; related version of root zone: 2013010300 +; +; formerly NS.INTERNIC.NET +; +. 3600000 IN NS A.ROOT-SERVERS.NET. +A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4 +A.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:BA3E::2:30 +; +; FORMERLY NS1.ISI.EDU +; +. 3600000 NS B.ROOT-SERVERS.NET. +B.ROOT-SERVERS.NET. 3600000 A 192.228.79.201 +; +; FORMERLY C.PSI.NET +; +. 3600000 NS C.ROOT-SERVERS.NET. +C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12 +; +; FORMERLY TERP.UMD.EDU +; +. 3600000 NS D.ROOT-SERVERS.NET. +D.ROOT-SERVERS.NET. 3600000 A 199.7.91.13 +D.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2D::D +; +; FORMERLY NS.NASA.GOV +; +. 3600000 NS E.ROOT-SERVERS.NET. +E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10 +; +; FORMERLY NS.ISC.ORG +; +. 3600000 NS F.ROOT-SERVERS.NET. +F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241 +F.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2F::F +; +; FORMERLY NS.NIC.DDN.MIL +; +. 3600000 NS G.ROOT-SERVERS.NET. +G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4 +; +; FORMERLY AOS.ARL.ARMY.MIL +; +. 3600000 NS H.ROOT-SERVERS.NET. +H.ROOT-SERVERS.NET. 3600000 A 128.63.2.53 +H.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:1::803F:235 +; +; FORMERLY NIC.NORDU.NET +; +. 3600000 NS I.ROOT-SERVERS.NET. +I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17 +I.ROOT-SERVERS.NET. 3600000 AAAA 2001:7FE::53 +; +; OPERATED BY VERISIGN, INC. +; +. 3600000 NS J.ROOT-SERVERS.NET. +J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30 +J.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:C27::2:30 +; +; OPERATED BY RIPE NCC +; +. 3600000 NS K.ROOT-SERVERS.NET. +K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129 +K.ROOT-SERVERS.NET. 3600000 AAAA 2001:7FD::1 +; +; OPERATED BY ICANN +; +. 3600000 NS L.ROOT-SERVERS.NET. +L.ROOT-SERVERS.NET. 3600000 A 199.7.83.42 +L.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:3::42 +; +; OPERATED BY WIDE +; +. 3600000 NS M.ROOT-SERVERS.NET. +M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33 +M.ROOT-SERVERS.NET. 3600000 AAAA 2001:DC3::35 +; End of File diff --git a/bind/files/named.conf.default-zones b/bind/files/named.conf.default-zones new file mode 100644 index 0000000..c7d7ae5 --- /dev/null +++ b/bind/files/named.conf.default-zones @@ -0,0 +1,39 @@ +{%- set def_zones_dir = salt['pillar.get']('bind:default-zones-dir', '/etc/bind') -%} +//############################################################### +//# Bind9-Konfigurationsdatei Default zones +//# /etc/bind/named.conf.default-zones +//# +//# Host {{ grains['fqdn'] }} +//# +//############################################################### + +// prime the server with knowledge of the root servers +zone "." { + type hint; + file "{{ def_zones_dir }}/db.root"; +}; + +// be authoritative for the localhost forward and reverse zones, and for +// broadcast zones as per RFC 1912 + +zone "localhost" { + type master; + file "{{ def_zones_dir }}/db.local"; +}; + +zone "127.in-addr.arpa" { + type master; + file "{{ def_zones_dir }}/db.127"; +}; + +zone "0.in-addr.arpa" { + type master; + file "{{ def_zones_dir }}/db.0"; +}; + +zone "255.in-addr.arpa" { + type master; + file "{{ def_zones_dir }}/db.255"; +}; + +# vim: ts=4 filetype=named noai diff --git a/bind/files/zones.rfc1918 b/bind/files/zones.rfc1918 index e139e0c..a5839c0 100644 --- a/bind/files/zones.rfc1918 +++ b/bind/files/zones.rfc1918 @@ -1,3 +1,4 @@ +{%- set def_zones_dir = salt['pillar.get']('bind:default-zones-dir', '/etc/bind') -%} //############################################################### //# Bind9-Konfigurationsdatei Default zones RFC 1918 //# /etc/bind/zones.rfc1918 @@ -6,25 +7,25 @@ //# //############################################################### -zone "10.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; - -zone "16.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; -zone "17.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; -zone "18.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; -zone "19.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; -zone "20.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; -zone "21.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; -zone "22.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; -zone "23.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; -zone "24.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; -zone "25.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; -zone "26.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; -zone "27.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; -zone "28.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; -zone "29.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; -zone "30.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; -zone "31.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; +zone "10.in-addr.arpa" { type master; file "{{ def_zones_dir }}/db.empty"; }; -zone "168.192.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; +zone "16.172.in-addr.arpa" { type master; file "{{ def_zones_dir }}/db.empty"; }; +zone "17.172.in-addr.arpa" { type master; file "{{ def_zones_dir }}/db.empty"; }; +zone "18.172.in-addr.arpa" { type master; file "{{ def_zones_dir }}/db.empty"; }; +zone "19.172.in-addr.arpa" { type master; file "{{ def_zones_dir }}/db.empty"; }; +zone "20.172.in-addr.arpa" { type master; file "{{ def_zones_dir }}/db.empty"; }; +zone "21.172.in-addr.arpa" { type master; file "{{ def_zones_dir }}/db.empty"; }; +zone "22.172.in-addr.arpa" { type master; file "{{ def_zones_dir }}/db.empty"; }; +zone "23.172.in-addr.arpa" { type master; file "{{ def_zones_dir }}/db.empty"; }; +zone "24.172.in-addr.arpa" { type master; file "{{ def_zones_dir }}/db.empty"; }; +zone "25.172.in-addr.arpa" { type master; file "{{ def_zones_dir }}/db.empty"; }; +zone "26.172.in-addr.arpa" { type master; file "{{ def_zones_dir }}/db.empty"; }; +zone "27.172.in-addr.arpa" { type master; file "{{ def_zones_dir }}/db.empty"; }; +zone "28.172.in-addr.arpa" { type master; file "{{ def_zones_dir }}/db.empty"; }; +zone "29.172.in-addr.arpa" { type master; file "{{ def_zones_dir }}/db.empty"; }; +zone "30.172.in-addr.arpa" { type master; file "{{ def_zones_dir }}/db.empty"; }; +zone "31.172.in-addr.arpa" { type master; file "{{ def_zones_dir }}/db.empty"; }; + +zone "168.192.in-addr.arpa" { type master; file "{{ def_zones_dir }}/db.empty"; }; # vim: ts=4 filetype=named noai diff --git a/bind/user.sls b/bind/user.sls index d105b44..e7a2aa1 100644 --- a/bind/user.sls +++ b/bind/user.sls @@ -1,3 +1,4 @@ +{%- set home_dir = salt['pillar.get']('bind:home-dir', '/var/cache/bind') -%} bind-group: group.present: @@ -10,7 +11,7 @@ bind-user: - gid: bind - fullname: Bind daemon user - shell: /bin/false - - home: /var/cache/bind + - home: {{ home_dir }} - system: True - createhome: False - require: -- 2.39.5