Auto-update zone file serial

use saltstack/salt#15828

Author: nadvornik

bind/config.sls

@@ -175,16 +175,19 @@ bind_rndc_client_config:
    otherwise, we fallback to the old behaviour and use the declared file
 #}
 {%- set zone_source = 'salt://bind/files/zone.jinja' if zone_records != {} else 'salt://' ~ map.zones_source_dir ~ '/' ~ file %}
+{%- set serial_auto = salt['pillar.get']('bind:available_zones:' + zone + ':soa:serial', '') == 'auto' %}
 {% if file and zone_data['type'] == "master" -%}
-zones-{{ zone }}:
+zones-{{ zone }}{{ '.include' if serial_auto else ''}}:
   file.managed:
-    - name: {{ map.named_directory }}/{{ file }}
+    - name: {{ map.named_directory }}/{{ file }}{{ '.include' if serial_auto else ''}}
     - source: {{ zone_source }}
     - template: jinja
     {% if zone_records != {} %}
     - context:
+      zone: zones-{{ zone }}
       soa: {{ salt['pillar.get']("bind:available_zones:" + zone + ":soa") }}
       records: {{ zone_records }}
+      include: False
     {% endif %}
     - user: {{ salt['pillar.get']('bind:config:user', map.user) }}
     - group: {{ salt['pillar.get']('bind:config:group', map.group) }}
@@ -194,6 +197,31 @@ zones-{{ zone }}:
     - require:
       - file: named_directory
 
+{% if serial_auto %}
+zones-{{ zone }}:
+  module.wait:
+    - name: dnsutil.serial
+    - update: True
+    - zone: zones-{{ zone }}
+    - watch:
+      - file: {{ map.named_directory }}/{{ file }}.include
+  file.managed:
+    - name: {{ map.named_directory }}/{{ file }}
+    - require:
+      - module: zones-{{ zone }}
+    - source: {{ zone_source }}
+    - template: jinja
+    {% if zone_records != {} %}
+    - context:
+      zone: zones-{{ zone }}
+      soa: {{ salt['pillar.get']("bind:available_zones:" + zone + ":soa") }}
+      include: {{ file }}.include
+    {% endif %}
+    - user: {{ salt['pillar.get']('bind:config:user', map.user) }}
+    - group: {{ salt['pillar.get']('bind:config:group', map.group) }}
+    - mode: {{ salt['pillar.get']('bind:config:mode', '644') }}
+{% endif %}
+
 {% if zone_data['dnssec'] is defined and zone_data['dnssec'] -%}
 signed-{{ zone }}:
   cmd.run:
@@ -214,16 +242,19 @@ signed-{{ zone }}:
    otherwise, we fallback to the old behaviour and use the declared file
 #}
 {%- set zone_source = 'salt://bind/zone.jinja' if zone_records != {} else 'salt://' ~ map.zones_source_dir ~ '/' ~ file %}
+{%- set serial_auto = salt['pillar.get']('bind:available_zones:' + zone + ':soa:serial', '') == 'auto' %}
 {% if file and zone_data['type'] == 'master' -%}
-zones-{{ view }}-{{ zone }}:
+zones-{{ view }}-{{ zone }}{{ '.include' if serial_auto else ''}}:
   file.managed:
-    - name: {{ map.named_directory }}/{{ file }}
+    - name: {{ map.named_directory }}/{{ file }}{{ '.include' if serial_auto else ''}}
     - source: {{ zone_source }}
     - template: jinja
     {% if zone_records != {} %}
     - context:
+      zone: zones-{{ view }}-{{ zone }}
       soa: {{ salt['pillar.get']("bind:available_zones:" + zone + ":soa") }}
       records: {{ zone_records }}
+      include: False
     {% endif %}
     - user: {{ salt['pillar.get']('bind:config:user', map.user) }}
     - group: {{ salt['pillar.get']('bind:config:group', map.group) }}
@@ -233,6 +264,30 @@ zones-{{ view }}-{{ zone }}:
     - require:
       - file: named_directory
 
+{% if serial_auto %}
+zones-{{ view }}-{{ zone }}:
+  module.wait:
+    - name: dnsutil.serial
+    - update: True
+    - zone: zones-{{ view }}-{{ zone }}
+    - watch:
+      - file: {{ map.named_directory }}/{{ file }}.include
+  file.managed:
+    - name: {{ map.named_directory }}/{{ file }}
+    - require:
+      - module: zones-{{ view }}-{{ zone }}
+    - source: {{ zone_source }}
+    - template: jinja
+    {% if zone_records != {} %}
+    - context:
+      zone: zones-{{ view }}-{{ zone }}
+      soa: {{ salt['pillar.get']("bind:available_zones:" + zone + ":soa") }}
+      include: {{ file }}.include
+    {% endif %}
+    - user: {{ salt['pillar.get']('bind:config:user', map.user) }}
+    - group: {{ salt['pillar.get']('bind:config:group', map.group) }}
+    - mode: {{ salt['pillar.get']('bind:config:mode', '644') }}
+{% endif %}
 {% if zone_data['dnssec'] is defined and zone_data['dnssec'] -%}
 signed-{{ view }}-{{ zone }}:
   cmd.run:

bind/files/zone.jinja

@@ -3,6 +3,7 @@
 ; Modify the values passed to the bind pillar instead.
 ;
 {%- set zone_serial = soa['serial'] %}
+{%- set serial_auto = zone_serial == 'auto' %}
 {%- set zone_ns = soa['ns'] %}
 {%- set zone_contact = soa['contact'] %}
 {%- set zone_class = soa['class'] if soa['class'] is defined else 'IN' %}
@@ -11,17 +12,22 @@
 {%- set zone_expiry = soa['expiry'] if soa['expiry'] is defined else '2w' %}
 {%- set zone_nxdomain = soa['nxdomain'] if soa['nxdomain'] is defined else '1m' %}
 
+{% if not serial_auto or include %}
 {% if soa['ttl'] is defined %}
 $TTL {{ soa['ttl'] }}
 {% endif %}
 @ {{ zone_class }} SOA {{ zone_ns }} {{ zone_contact }} (
-    {{ zone_serial }} ; serial
+    {{ salt['dnsutil.serial'](zone) if serial_auto else zone_serial }} ; serial
     {{ zone_refresh }} ; refresh
     {{ zone_retry }} ; retry
     {{ zone_expiry }} ; expiry
     {{ zone_nxdomain }} ; nxdomain ttl
 );
+{%- endif %}
 
+{% if include %}
+$INCLUDE {{ include }}
+{% else %}
 {% for type, rrs in records.iteritems() %}
 ;
 ; {{ type }} RRs
@@ -36,3 +42,4 @@ $TTL {{ soa['ttl'] }}
 {%- endif %}
 {%- endfor %}
 {% endfor %}
+{%- endif %}

pillar.example

@@ -272,6 +272,7 @@ bind:
         ns: ns1.example.com                       # Required
         contact: hostmaster.example.com           # Required
         serial: 2017041001                        # Required
+#        serial: auto                             # Alternatively, autoupdate serial on each change
         class: IN                                 # Optional. Default: IN
         refresh: 8600                             # Optional. Default: 12h
         retry: 900                                # Optional. Default: 15m