Merge pull request #84 from nadvornik/serial

Auto-update zone file serial

Author: javierbertoli

bind/config.sls

@@ -168,23 +168,30 @@ bind_rndc_client_config:
 {%- endif %}
 {% endif %}
 
-{% for zone, zone_data in salt['pillar.get']('bind:configured_zones', {}).items() -%}
+{%- set views = {False: salt['pillar.get']('bind', {})} %}{# process non-view zones in the same loop #}
+{%- do views.update(salt['pillar.get']('bind:configured_views', {})) %}
+{%- for view, view_data in views.items() %}
+{%- set dash_view = '-' + view if view else '' %}
+{% for zone, zone_data in view_data.get('configured_zones', {}).items() -%}
 {%- set file = salt['pillar.get']("bind:available_zones:" + zone + ":file", false) %}
 {%- set zone_records = salt['pillar.get']('bind:available_zones:' + zone + ':records', {}) %}
 {# If we define RRs in pillar, we use the internal template to generate the zone file
    otherwise, we fallback to the old behaviour and use the declared file
 #}
 {%- set zone_source = 'salt://bind/files/zone.jinja' if zone_records != {} else 'salt://' ~ map.zones_source_dir ~ '/' ~ file %}
-{% if file and zone_data['type'] == "master" -%}
-zones-{{ zone }}:
+{%- set serial_auto = salt['pillar.get']('bind:available_zones:' + zone + ':soa:serial', '') == 'auto' %}
+{% if file and zone_data['type'] == 'master' -%}
+zones{{ dash_view }}-{{ zone }}{{ '.include' if serial_auto else ''}}:
   file.managed:
-    - name: {{ map.named_directory }}/{{ file }}
+    - name: {{ map.named_directory }}/{{ file }}{{ '.include' if serial_auto else ''}}
     - source: {{ zone_source }}
     - template: jinja
     {% if zone_records != {} %}
     - context:
+      zone: zones{{ dash_view }}-{{ zone }}
       soa: {{ salt['pillar.get']("bind:available_zones:" + zone + ":soa") }}
       records: {{ zone_records }}
+      include: False
     {% endif %}
     - user: {{ salt['pillar.get']('bind:config:user', map.user) }}
     - group: {{ salt['pillar.get']('bind:config:group', map.group) }}
@@ -194,36 +201,25 @@ zones-{{ zone }}:
     - require:
       - file: named_directory
 
-{% if zone_data['dnssec'] is defined and zone_data['dnssec'] -%}
-signed-{{ zone }}:
-  cmd.run:
-    - cwd: {{ map.named_directory }}
-    - name: zonesigner -zone {{ zone }} {{ file }}
-    - prereq:
-      - file: zones-{{ zone }}
-{% endif %}
-
-{% endif %}
-{% endfor %}
-
-{%- for view, view_data in salt['pillar.get']('bind:configured_views', {}).items() %}
-{% for zone, zone_data in view_data.get('configured_zones', {}).items() -%}
-{%- set file = salt['pillar.get']("bind:available_zones:" + zone + ":file", false) %}
-{%- set zone_records = salt['pillar.get']('bind:available_zones:' + zone + ':records', {}) %}
-{# If we define RRs in pillar, we use the internal template to generate the zone file
-   otherwise, we fallback to the old behaviour and use the declared file
-#}
-{%- set zone_source = 'salt://bind/zone.jinja' if zone_records != {} else 'salt://' ~ map.zones_source_dir ~ '/' ~ file %}
-{% if file and zone_data['type'] == 'master' -%}
-zones-{{ view }}-{{ zone }}:
+{% if serial_auto %}
+zones{{ dash_view }}-{{ zone }}:
+  module.wait:
+    - name: dnsutil.serial
+    - update: True
+    - zone: zones{{ dash_view }}-{{ zone }}
+    - watch:
+      - file: {{ map.named_directory }}/{{ file }}.include
   file.managed:
     - name: {{ map.named_directory }}/{{ file }}
+    - require:
+      - module: zones{{ dash_view }}-{{ zone }}
     - source: {{ zone_source }}
     - template: jinja
     {% if zone_records != {} %}
     - context:
+      zone: zones{{ dash_view }}-{{ zone }}
       soa: {{ salt['pillar.get']("bind:available_zones:" + zone + ":soa") }}
-      records: {{ zone_records }}
+      include: {{ file }}.include
     {% endif %}
     - user: {{ salt['pillar.get']('bind:config:user', map.user) }}
     - group: {{ salt['pillar.get']('bind:config:group', map.group) }}
@@ -232,14 +228,14 @@ zones-{{ view }}-{{ zone }}:
       - service: bind
     - require:
       - file: named_directory
-
+{% endif %}
 {% if zone_data['dnssec'] is defined and zone_data['dnssec'] -%}
-signed-{{ view }}-{{ zone }}:
+signed{{ dash_view }}-{{ zone }}:
   cmd.run:
     - cwd: {{ map.named_directory }}
     - name: zonesigner -zone {{ zone }} {{ file }}
     - prereq:
-      - file: zones-{{ view }}-{{ zone }}
+      - file: zones{{ dash_view }}-{{ zone }}
 {% endif %}
 
 {% endif %}

bind/files/zone.jinja

@@ -3,6 +3,7 @@
 ; Modify the values passed to the bind pillar instead.
 ;
 {%- set zone_serial = soa['serial'] %}
+{%- set serial_auto = zone_serial == 'auto' %}
 {%- set zone_ns = soa['ns'] %}
 {%- set zone_contact = soa['contact'] %}
 {%- set zone_class = soa['class'] if soa['class'] is defined else 'IN' %}
@@ -11,17 +12,22 @@
 {%- set zone_expiry = soa['expiry'] if soa['expiry'] is defined else '2w' %}
 {%- set zone_nxdomain = soa['nxdomain'] if soa['nxdomain'] is defined else '1m' %}
 
+{% if not serial_auto or include %}
 {% if soa['ttl'] is defined %}
 $TTL {{ soa['ttl'] }}
 {% endif %}
 @ {{ zone_class }} SOA {{ zone_ns }} {{ zone_contact }} (
-    {{ zone_serial }} ; serial
+    {{ salt['dnsutil.serial'](zone) if serial_auto else zone_serial }} ; serial
     {{ zone_refresh }} ; refresh
     {{ zone_retry }} ; retry
     {{ zone_expiry }} ; expiry
     {{ zone_nxdomain }} ; nxdomain ttl
 );
+{%- endif %}
 
+{% if include %}
+$INCLUDE {{ include }}
+{% else %}
 {% for type, rrs in records.iteritems() %}
 ;
 ; {{ type }} RRs
@@ -36,3 +42,4 @@ $TTL {{ soa['ttl'] }}
 {%- endif %}
 {%- endfor %}
 {% endfor %}
+{%- endif %}

pillar.example

@@ -272,6 +272,7 @@ bind:
         ns: ns1.example.com                       # Required
         contact: hostmaster.example.com           # Required
         serial: 2017041001                        # Required
+#        serial: auto                             # Alternatively, autoupdate serial on each change
         class: IN                                 # Optional. Default: IN
         refresh: 8600                             # Optional. Default: 12h
         retry: 900                                # Optional. Default: 15m