From 04f8a67cd8d60bf9a66108a0cc400bb662216ae2 Mon Sep 17 00:00:00 2001 From: Michal Hrusecky Date: Sun, 7 Apr 2019 12:47:55 +0200 Subject: [PATCH 01/10] Use reasonable defaults on non-debian distros --- knot/map.jinja | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/knot/map.jinja b/knot/map.jinja index bc0d445..4b32d66 100644 --- a/knot/map.jinja +++ b/knot/map.jinja @@ -2,8 +2,12 @@ {%- load_yaml as base_defaults %} Debian: pkgs: - - knot - dnsutils + - knot + +'*': + pkgs: + - knot bind: ipv4: address: 0.0.0.0 @@ -16,4 +20,4 @@ Debian: config: /etc/knot/knot.conf {%- endload %} -{%- set server = salt['grains.filter_by'](base_defaults, merge=salt['pillar.get']('knot:server')) %} \ No newline at end of file +{%- set server = salt['grains.filter_by'](base_defaults, merge=salt['pillar.get']('knot:server')) %} From 0419624de49106cb51b01b956fdb0724e9844c45 Mon Sep 17 00:00:00 2001 From: Michal Hrusecky Date: Tue, 9 Apr 2019 06:39:32 +0200 Subject: [PATCH 02/10] Use items() instead of iteritems() Iteritems was droppped in Python 3 so making sure the code still works. --- knot/files/knot.conf | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/knot/files/knot.conf b/knot/files/knot.conf index 034276e..ba4fe48 100644 --- a/knot/files/knot.conf +++ b/knot/files/knot.conf @@ -11,9 +11,9 @@ log: {%- if server.key is defined %} key: -{%- for key_name, key in server.key.iteritems() %} +{%- for key_name, key in server.key.items() %} - id: {{ key_name }} - {%- for param_name, param_value in key.iteritems() %} + {%- for param_name, param_value in key.items() %} {{ param_name }}: {% if param_value is string %}"{{ param_value }}"{% else %}{{ param_value }}{% endif %} {%- endfor %} {%- endfor %} @@ -22,9 +22,9 @@ key: {%- if server.remote is defined %} remote: -{%- for remote_name, remote in server.remote.iteritems() %} +{%- for remote_name, remote in server.remote.items() %} - id: {{ remote_name }} - {%- for param_name, param_value in remote.iteritems() %} + {%- for param_name, param_value in remote.items() %} {{ param_name }}: {{ param_value }} {%- endfor %} {%- endfor %} @@ -33,9 +33,9 @@ remote: {%- if server.acl is defined %} acl: -{%- for acl_name, acl in server.acl.iteritems() %} +{%- for acl_name, acl in server.acl.items() %} - id: {{ acl_name }} - {%- for param_name, param_value in acl.iteritems() %} + {%- for param_name, param_value in acl.items() %} {{ param_name }}: {{ param_value }} {%- endfor %} {%- endfor %} @@ -44,9 +44,9 @@ acl: {%- if server.template is defined %} template: -{%- for template_name, template in server.template.iteritems() %} +{%- for template_name, template in server.template.items() %} - id: {{ template_name }} - {%- for param_name, param_value in template.iteritems() %} + {%- for param_name, param_value in template.items() %} {{ param_name }}: {% if param_value is string %}"{{ param_value }}"{% else %}{{ param_value }}{% endif %} {%- endfor %} {%- endfor %} @@ -55,9 +55,9 @@ template: {%- if server.zone is defined %} zone: -{%- for zone_name, zone in server.zone.iteritems() %} +{%- for zone_name, zone in server.zone.items() %} - domain: {{ zone_name }} - {%- for param_name, param_value in zone.iteritems() %} + {%- for param_name, param_value in zone.items() %} {%- if param_name != "records" %} {{ param_name }}: {% if param_value is string %}"{{ param_value }}"{% else %}{{ param_value }}{% endif %} {%- endif %} From 48fa3382a8ae1369342f05cc116c0b98565dfd40 Mon Sep 17 00:00:00 2001 From: Michal Hrusecky Date: Tue, 9 Apr 2019 06:41:01 +0200 Subject: [PATCH 03/10] Add possibility to manage zone files --- knot/files/knot.conf | 2 +- knot/files/zone | 16 ++++++++++++++++ knot/server.sls | 22 ++++++++++++++++++++++ 3 files changed, 39 insertions(+), 1 deletion(-) create mode 100644 knot/files/zone diff --git a/knot/files/knot.conf b/knot/files/knot.conf index ba4fe48..b2b5b8f 100644 --- a/knot/files/knot.conf +++ b/knot/files/knot.conf @@ -58,7 +58,7 @@ zone: {%- for zone_name, zone in server.zone.items() %} - domain: {{ zone_name }} {%- for param_name, param_value in zone.items() %} - {%- if param_name != "records" %} + {%- if param_name != "records" and param_name != "soa" %} {{ param_name }}: {% if param_value is string %}"{{ param_value }}"{% else %}{{ param_value }}{% endif %} {%- endif %} {%- endfor %} diff --git a/knot/files/zone b/knot/files/zone new file mode 100644 index 0000000..6431cfe --- /dev/null +++ b/knot/files/zone @@ -0,0 +1,16 @@ +; This file is managed by Salt +; Do not edit manually! + +$ORIGIN {{ zone_name }}. +$TTL {{ ttl|default('3600') }} + +@ SOA {{ soa['master'] }}. {{ soa['email'] }}. ( + {{ soa.serial }} ; serial + {{ soa.refresh|default('6h') }} ; refresh + {{ soa.retry|default('1h') }} ; retry + {{ soa.expire|default('6h') }} ; expire + {{ soa.minimum|default('6h') }}) ; minimum + +{%- for rec in records %} +{{ rec.name }} {{ rec.ttl|default('') }} {{ rec.type }} {{ rec.content }} +{%- endfor %} diff --git a/knot/server.sls b/knot/server.sls index 1bbeae6..4039843 100644 --- a/knot/server.sls +++ b/knot/server.sls @@ -16,6 +16,28 @@ knot_config: - require: - pkg: knot_packages +{%- if server.zone is defined %} +{%- for zone_name, zone in server.zone.items() %} +{%- if zone.records is defined %} + +{{ zone_name }}_zone: + file.managed: + - name: {{ zone.storage|default('/var/lib/knot') }}/{{ zone_file|default(zone_name + ".zone") }} + - template: jinja + - source: salt://knot/files/zone + - user: knot + - group: knot + - mode: 0600 + - require: + - file: knot_config + - context: + zone_name: {{ zone_name }} + soa: {{ zone.soa }} + records: {{ zone.records }} +{%- endif %} +{%- endfor %} +{%- endif %} + knot_service: service.running: - name: {{ server.service }} From 2e4923a6ca39e6657f27ab308448c89a3832a6ba Mon Sep 17 00:00:00 2001 From: Michal Hrusecky Date: Tue, 9 Apr 2019 06:52:42 +0200 Subject: [PATCH 04/10] Document records management --- README.rst | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/README.rst b/README.rst index aaa855b..e9cd6c3 100644 --- a/README.rst +++ b/README.rst @@ -43,7 +43,17 @@ Server dns zones example2.com: semantic-checks: False template: default - + soa: + email: admin@example1.com + serial: 20190409001 + master: ns.example2.com + records: + - name: mail + type: A + content: 192.168.1.1 + - name: '@' + type: MX + content: '10 mail' Read more ========= From 8b882bb2ef02d2f369233a836d9e6979aef75e85 Mon Sep 17 00:00:00 2001 From: Michal Hrusecky Date: Tue, 9 Apr 2019 20:21:23 +0200 Subject: [PATCH 05/10] Support policy configuration --- knot/files/knot.conf | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/knot/files/knot.conf b/knot/files/knot.conf index b2b5b8f..783cb92 100644 --- a/knot/files/knot.conf +++ b/knot/files/knot.conf @@ -42,6 +42,17 @@ acl: {%- endif %} +{%- if server.policy is defined %} +policy: +{%- for policy_name, policy in server.policy.items() %} + - id: {{ policy_name }} + {%- for param_name, param_value in policy.items() %} + {{ param_name }}: {% if param_value is string %}"{{ param_value }}"{% else %}{{ param_value }}{% endif %} + {%- endfor %} +{%- endfor %} +{%- endif %} + + {%- if server.template is defined %} template: {%- for template_name, template in server.template.items() %} From b377dc76f45dce5a4faca184be89d28a7fb18c9a Mon Sep 17 00:00:00 2001 From: Michal Hrusecky Date: Mon, 8 Jan 2024 15:13:45 +0100 Subject: [PATCH 06/10] Make user setting optional Under normal circumstances, you don't need to specify user, as the provided service file specifies the user. --- knot/files/knot.conf | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/knot/files/knot.conf b/knot/files/knot.conf index 783cb92..6422dac 100644 --- a/knot/files/knot.conf +++ b/knot/files/knot.conf @@ -3,7 +3,9 @@ server: listen: {{ server.bind.ipv4.address }}@{{ server.bind.ipv4.port }} listen: {{ server.bind.ipv6.address }}@{{ server.bind.ipv6.port }} - user: "knot:knot" +{%- if server.user is defined %} + user: "{{ server.user }}" +{%- endif %} log: - target: syslog From 8f71dc083d2d0131111be1653318e8ce16ee91c0 Mon Sep 17 00:00:00 2001 From: Michal Hrusecky Date: Mon, 8 Jan 2024 15:19:19 +0100 Subject: [PATCH 07/10] Make log entries optional The defaults copy the default behaviour. No need to explicitly specify it. --- knot/files/knot.conf | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/knot/files/knot.conf b/knot/files/knot.conf index 6422dac..520b2ca 100644 --- a/knot/files/knot.conf +++ b/knot/files/knot.conf @@ -7,9 +7,15 @@ server: user: "{{ server.user }}" {%- endif %} +{%- if server.log is defined %} log: - - target: syslog - any: info +{%- for target_name, target in server.log.items() %} + - target: {{ target }} + {%- for param_name, param_value in target.items() %} + {{ param_name }}: {% if param_value is string %}"{{ param_value }}"{% else %}{{ param_value }}{% endif %} + {%- endfor %} +{%- endfor %} +{%- endif %} {%- if server.key is defined %} key: From fec7be68f26a13227f0c7a311939969a241c4ca9 Mon Sep 17 00:00:00 2001 From: Michal Hrusecky Date: Mon, 8 Jan 2024 15:31:37 +0100 Subject: [PATCH 08/10] Allow any generic knot server options to be passed This make passing just an user setting obsolete. There is much more to be set. --- knot/files/knot.conf | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/knot/files/knot.conf b/knot/files/knot.conf index 520b2ca..7069a73 100644 --- a/knot/files/knot.conf +++ b/knot/files/knot.conf @@ -3,8 +3,10 @@ server: listen: {{ server.bind.ipv4.address }}@{{ server.bind.ipv4.port }} listen: {{ server.bind.ipv6.address }}@{{ server.bind.ipv6.port }} -{%- if server.user is defined %} - user: "{{ server.user }}" +{%- if server.options is defined %} + {%- for param_name, param_value in server.options.items() %} + {{ param_name }}: {% if param_value is string %}"{{ param_value }}"{% else %}{{ param_value }}{% endif %} + {%- endfor %} {%- endif %} {%- if server.log is defined %} From 618ad5eb78ab808a818e1192e18996bf51c35d00 Mon Sep 17 00:00:00 2001 From: Michal Hrusecky Date: Mon, 8 Jan 2024 15:38:54 +0100 Subject: [PATCH 09/10] Add automatic zone check and reload Whenever zone file changes, knot should check the zone and reload it. --- knot/server.sls | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/knot/server.sls b/knot/server.sls index 4039843..07ff6a5 100644 --- a/knot/server.sls +++ b/knot/server.sls @@ -34,6 +34,13 @@ knot_config: zone_name: {{ zone_name }} soa: {{ zone.soa }} records: {{ zone.records }} + +{{ zone_name }}_zone_reload: + cmd.run: + - name: knotc zone-check {{ zone_name }} && knotc zone-reload {{ zone_name }} + - watch: + - file: {{ zone_name }}_zone + {%- endif %} {%- endfor %} {%- endif %} From 0ffa4b0e6f7e69c4ead608975b3d02a7138085dd Mon Sep 17 00:00:00 2001 From: Michal Hrusecky Date: Tue, 20 Feb 2024 11:12:43 +0000 Subject: [PATCH 10/10] Better parsing of passed values Important feature for knot.conf - allow arays without quites. In pillar you specify address: '[ 192.168.1.1, 192.168.1.2]' And in resulting knot.conf, you will end up with address: [ 192.168.1.1, 192.168.1.2] If you use in pillar intuitive construction like this address: [ 192.168.1.1, 192.168.1.2] The end result is invalid address: [ '192.168.1.1', '192.168.1.2'] --- knot/files/knot.conf | 20 ++++++++++++-------- knot/files/zone | 2 +- 2 files changed, 13 insertions(+), 9 deletions(-) diff --git a/knot/files/knot.conf b/knot/files/knot.conf index 7069a73..dbf309f 100644 --- a/knot/files/knot.conf +++ b/knot/files/knot.conf @@ -1,11 +1,15 @@ {%- from "knot/map.jinja" import server with context %} +{% macro val(name,value) -%} + {{ name }}: {% if value is string and value[0] != '[' %}"{{ value }}"{% else %}{{ value }}{% endif %} +{%- endmacro %} + server: listen: {{ server.bind.ipv4.address }}@{{ server.bind.ipv4.port }} listen: {{ server.bind.ipv6.address }}@{{ server.bind.ipv6.port }} {%- if server.options is defined %} {%- for param_name, param_value in server.options.items() %} - {{ param_name }}: {% if param_value is string %}"{{ param_value }}"{% else %}{{ param_value }}{% endif %} + {{ val(param_name, param_value) }} {%- endfor %} {%- endif %} @@ -14,7 +18,7 @@ log: {%- for target_name, target in server.log.items() %} - target: {{ target }} {%- for param_name, param_value in target.items() %} - {{ param_name }}: {% if param_value is string %}"{{ param_value }}"{% else %}{{ param_value }}{% endif %} + {{ val(param_name, param_value) }} {%- endfor %} {%- endfor %} {%- endif %} @@ -24,7 +28,7 @@ key: {%- for key_name, key in server.key.items() %} - id: {{ key_name }} {%- for param_name, param_value in key.items() %} - {{ param_name }}: {% if param_value is string %}"{{ param_value }}"{% else %}{{ param_value }}{% endif %} + {{ val(param_name, param_value) }} {%- endfor %} {%- endfor %} {%- endif %} @@ -35,7 +39,7 @@ remote: {%- for remote_name, remote in server.remote.items() %} - id: {{ remote_name }} {%- for param_name, param_value in remote.items() %} - {{ param_name }}: {{ param_value }} + {{ val(param_name, param_value) }} {%- endfor %} {%- endfor %} {%- endif %} @@ -46,7 +50,7 @@ acl: {%- for acl_name, acl in server.acl.items() %} - id: {{ acl_name }} {%- for param_name, param_value in acl.items() %} - {{ param_name }}: {{ param_value }} + {{ val(param_name, param_value) }} {%- endfor %} {%- endfor %} {%- endif %} @@ -57,7 +61,7 @@ policy: {%- for policy_name, policy in server.policy.items() %} - id: {{ policy_name }} {%- for param_name, param_value in policy.items() %} - {{ param_name }}: {% if param_value is string %}"{{ param_value }}"{% else %}{{ param_value }}{% endif %} + {{ val(param_name, param_value) }} {%- endfor %} {%- endfor %} {%- endif %} @@ -68,7 +72,7 @@ template: {%- for template_name, template in server.template.items() %} - id: {{ template_name }} {%- for param_name, param_value in template.items() %} - {{ param_name }}: {% if param_value is string %}"{{ param_value }}"{% else %}{{ param_value }}{% endif %} + {{ val(param_name, param_value) }} {%- endfor %} {%- endfor %} {%- endif %} @@ -80,7 +84,7 @@ zone: - domain: {{ zone_name }} {%- for param_name, param_value in zone.items() %} {%- if param_name != "records" and param_name != "soa" %} - {{ param_name }}: {% if param_value is string %}"{{ param_value }}"{% else %}{{ param_value }}{% endif %} + {{ val(param_name, param_value) }} {%- endif %} {%- endfor %} {%- endfor %} diff --git a/knot/files/zone b/knot/files/zone index 6431cfe..8afeada 100644 --- a/knot/files/zone +++ b/knot/files/zone @@ -5,7 +5,7 @@ $ORIGIN {{ zone_name }}. $TTL {{ ttl|default('3600') }} @ SOA {{ soa['master'] }}. {{ soa['email'] }}. ( - {{ soa.serial }} ; serial + {{ soa.serial|default(1) }} ; serial {{ soa.refresh|default('6h') }} ; refresh {{ soa.retry|default('1h') }} ; retry {{ soa.expire|default('6h') }} ; expire