Apply pull request fooforge#2 from @wohali to the upstream:

Support SmartOS, lists in attributes

Author: Tatsuya Kawano

README.md

@@ -17,18 +17,19 @@ Platform:
 
 * Debian
 * Ubuntu
-* Centos
+* CentOS
+* SmartOS
 
 Attributes
 ==========
 
 * **node[:bind9][:enable_ipv6]**       - Enables BIND to listen on an IPv6 address. Default is: On
-* **node[:bind9][:allow_query]**       - Allow clients to query the nameserver. Default is: anyone
-* **node[:bind9][:allow_recursion]**   - Allow recursive name resolution. Default is: none (to prevent DNS cache poisoning)
-* **node[:bind9][:allow_update]**      - Allow dynamic DNS updates. Default is: none
-* **node[:bind9][:allow_transfer]**    - Allow zone transfers globally. Default is: none
+* **node[:bind9][:allow_query]**       - Array of clients allowed to query the nameserver. Default is: anyone
+* **node[:bind9][:allow_recursion]**   - Array of clients allowed to make recursive name resolution queries. Default is: none (to prevent DNS cache poisoning)
+* **node[:bind9][:allow_update]**      - Array of clients allowed to make dynamic DNS updates. Default is: none
+* **node[:bind9][:allow_transfer]**    - Array of clients allowed to make zone transfers. Default is: none
 * **node[:bind9][:enable_forwarding]** - Enables forwarding of requests. Default is: No forwarding
-* **node[:bind9][:forwarders]**        - Array for forwarding DNS. Default is: 4.4.4.4 and 8.8.8.8 (Google DNS)
+* **node[:bind9][:forwarders]**        - Array for forwarding DNS. Default is: 8.8.8.8 and 8.8.4.4 (Google DNS)
 
 Usage
 =====
@@ -40,7 +41,18 @@ Please note that the data bag's structure is mandatory except:
 * autodomain for the zone (if you include this, automatic records will be added for chef nodes whose "domain" matches this)
 
 
-Examples
+Example attributes for a caching-only setup
+=====
+
+    default[:bind9][:allow_query] = ["localnets", "localhost"]
+    default[:bind9][:allow_recursion] = ["localnets", "localhost"]
+    default[:bind9][:allow_transfer] = ["none"]
+    default[:bind9][:allow_update] = nil
+    default[:bind9][:enable_forwarding] = true
+    default[:bind9][:forwarders] = ["8.8.8.8", "8.8.4.4"]
+
+
+Example zone setup
 =====
 
     $ knife data bag create zones

attributes/default.rb

@@ -1,28 +1,38 @@
 default[:bind9][:enable_ipv6] = true
 
-# Allow all clients to query the nameserver, no recursion
-default[:bind9][:allow_query] = nil
-default[:bind9][:allow_recursion] = "none"
+# Allow only local clients to query the nameserver, with recursion
+default[:bind9][:allow_query] = ["localnets", "localhost"]
+default[:bind9][:allow_recursion] = ["localnets", "localhost"]
 
 # Don:t allow to mess with zone files by default
-default[:bind9][:allow_transfer] = "none"
+default[:bind9][:allow_transfer] = ["none"]
 default[:bind9][:allow_update] = nil
 
-default[:bind9][:enable_forwarding] = false
-default[:bind9][:forwarders] = [ "4.4.4.4", "8.8.8.8" ]
+# default forwarders @ Google
+default[:bind9][:enable_forwarding] = true
+default[:bind9][:forwarders] = ["8.8.8.8", "8.8.4.4"]
 
 case platform
 when "centos","redhat","fedora","scientific","amazon"
   default[:bind9][:config_path] = "/etc/named"
-	default[:bind9][:config_file] = "/etc/named.conf"
-	default[:bind9][:options_file] = "/etc/named/named.conf.options"
-	default[:bind9][:local_file] = "/etc/named/named.conf.local"
-	default[:bind9][:data_path] = "/var/named"
+  default[:bind9][:config_file] = "/etc/named.conf"
+  default[:bind9][:options_file] = "/etc/named/named.conf.options"
+  default[:bind9][:local_file] = "/etc/named/named.conf.local"
+  default[:bind9][:data_path] = "/var/named"
+  default[:bind9][:log_path] = "/var/log/bind"
   default[:bind9][:user] = "named"
+when "smartos"
+  default[:bind9][:config_path] = "/opt/local/etc"
+  default[:bind9][:options_file] = "/opt/local/etc/named.conf.options"
+  default[:bind9][:local_file] = "/opt/local/etc/named.conf.local"
+  default[:bind9][:data_path] = "/var/named"
+  default[:bind9][:log_path] = "/var/log/named"
+  default[:bind9][:user] = "root"
 else
   default[:bind9][:config_path] = "/etc/bind"
-	default[:bind9][:options_file] = "/etc/bind/named.conf.options"
-	default[:bind9][:local_file] = "/etc/bind/named.conf.local"
-	default[:bind9][:data_path] = "/var/cache/bind"
+  default[:bind9][:options_file] = "/etc/bind/named.conf.options"
+  default[:bind9][:local_file] = "/etc/bind/named.conf.local"
+  default[:bind9][:data_path] = "/var/cache/bind"
+  default[:bind9][:log_path] = "/var/log/named"
   default[:bind9][:user] = "bind"
 end

metadata.rb

@@ -5,6 +5,6 @@
 long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
 version          "0.1.9"
 
-%w{ ubuntu debian centos }.each do |os|
+%w{ ubuntu debian centos smartos }.each do |os|
   supports os
 end

recipes/default.rb

@@ -19,27 +19,41 @@
 
 package "bind9" do
   case node[:platform]
-  when "centos", "redhat", "suse", "fedora"
+  when "centos", "redhat", "suse", "fedora", "smartos"
     package_name "bind"
   end
   action :install
 end
 
-directory "/var/log/bind/" do
+directory node[:bind9][:log_path] do
   owner node[:bind9][:user]
   group node[:bind9][:user]
-  mode 0755
+  mode 0775
+  recursive true
+  action :create
 end
 
 service "bind9" do
   case node[:platform]
   when "centos", "redhat"
     service_name "named"
+  when "smartos"
+    service_name "dns/server:default"
   end
   supports :status => true, :reload => true, :restart => true
   action [ :enable ]
 end
 
+if node[:platform] == "smartos"
+  template "#{node[:bind9][:config_path]}/named.conf" do
+    source "named.conf.erb"
+    owner "root"
+    group "root"
+    mode 0644
+    notifies :restart, resources(:service => "bind9")
+  end
+end
+
 template node[:bind9][:options_file] do
   source "named.conf.options.erb"
   owner "root"

templates/default/named.conf.erb

@@ -0,0 +1,3 @@
+include "<%= node[:bind9][:config_path] %>/named.conf.options";
+include "<%= node[:bind9][:config_path] %>/named.conf.local";
+// include "<%= node[:bind9][:config_path] %>/named.conf.default-zones";

templates/default/named.conf.local.erb

@@ -9,7 +9,7 @@
 <% @zonefiles.each do |conf| -%>
 zone "<%= conf["domain"] %>" IN {
   type <%= conf["type"] %>;
-  file "<%= node[:bind9][:config_path] %>/<%= conf["domain"] %>";
+  file "<%= conf["domain"] %>";
   allow-transfer {
   <% conf["allow_transfer"].each do |ip| -%>
     <%= ip %>;

templates/default/named.conf.options.erb

@@ -1,47 +1,59 @@
 options {
-  directory "<%= node[:bind9][:data_path] %>";
-
-  // If there is a firewall between you and nameservers you want
-  // to talk to, you may need to fix the firewall to allow multiple
-  // ports to talk.  See http://www.kb.cert.org/vuls/id/800113
-
-  <% if node[:bind9][:allow_query] %>
-    allow-query {
-      "<%= node[:bind9][:allow_query] %>";
-    };
-
-  <% end %>
-    allow-recursion {
-      <%= node[:bind9][:allow_recursion] %>;
-    };
-
-    allow-transfer {
-      "<%= node[:bind9][:allow_transfer] %>";
-    };
-
-  <% if node[:bind9][:allow_update] %>
-    allow-update {
-      "<%= node[:bind9][:allow_update] %>";
-    };
-
-  <% end %>
-  <% if node[:bind9][:enable_forwarding] %>
-    forwarders {
-  <% node[:bind9][:forwarders].each do |forwarder| -%>
-      <%= forwarder %>;
-  <% end %>
-    };
-
-  <% end %>
-    auth-nxdomain no;    # conform to RFC1035
-  <% if node[:bind9][:enable_ipv6] %>
-    listen-on-v6 { any; };
-  <% end %>
+    directory "<%= node[:bind9][:data_path] %>";
+
+    // If there is a firewall between you and nameservers you want
+    // to talk to, you may need to fix the firewall to allow multiple
+    // ports to talk.  See http://www.kb.cert.org/vuls/id/800113
+
+    <% if node[:bind9][:allow_query] %>
+      allow-query {
+    <% node[:bind9][:allow_query].each do |allow_query| -%>
+        <%= allow_query %>;
+    <% end %>
+      };
+
+    <% end %>
+    <% if node[:bind9][:allow_recursion] %>
+      allow-recursion {
+    <% node[:bind9][:allow_recursion].each do |allow_recursion| -%>
+        <%= allow_recursion %>;
+    <% end %>
+      };
+
+    <% end %>
+    <% if node[:bind9][:allow_transfer] %>
+      allow-transfer {
+    <% node[:bind9][:allow_transfer].each do |allow_transfer| -%>
+        <%= allow_transfer %>;
+    <% end %>
+      };
+
+    <% end %>
+    <% if node[:bind9][:allow_update] %>
+      allow-update {
+    <% node[:bind9][:allow_update].each do |allow_update| -%>
+        <%= allow_update %>;
+    <% end %>
+      };
+
+    <% end %>
+    <% if node[:bind9][:enable_forwarding] %>
+      forwarders {
+    <% node[:bind9][:forwarders].each do |forwarder| -%>
+        <%= forwarder %>;
+    <% end %>
+      };
+
+    <% end %>
+      auth-nxdomain no;    # conform to RFC1035
+    <% if node[:bind9][:enable_ipv6] %>
+      listen-on-v6 { any; };
+    <% end %>
 };
 
 logging {
   channel default_log {
-    file "/var/log/bind/bind.log" versions 5 size 128M;
+    file "<%= node[:bind9][:log_path] %>/named.log" versions 5 size 128M;
     print-time yes;
     print-severity yes;
     print-category yes;