feat(zones): define and compile zone files

kitchen.yml

@@ -321,6 +321,7 @@ suites:
       state_top:
         base:
           '*':
+            - nsd._test_dependencies
             - nsd._mapdata
             - nsd
       pillars:

nsd/_test_dependencies.sls

@@ -0,0 +1,11 @@
+{%- if grains['os_family'] == 'RedHat' or grains['os_family'] == 'Suse' %}
+{%-   set package = 'bind-utils' %}
+{%- elif grains['os_family'] == 'Arch' %}
+{%-   set package = 'bind-tools' %}
+{%- else %}
+{%    set package = 'dnsutils' %}
+{%- endif %}
+  
+nsd-_test_dependencies--package--installed:
+  pkg.installed:
+    - name: {{ package }}

nsd/config/config_files.sls

@@ -6,29 +6,8 @@
 {%- set sls_package_install = tplroot ~ '.package.install' %}
 {%- from tplroot ~ "/map.jinja" import mapdata as nsd with context %}
 {%- from tplroot ~ "/libtofs.jinja" import files_switch with context %}
+{%- from tplroot ~ "/macros.jinja" import config_file with context %}
 
 {%- for name, template in nsd.get('config_files', {}).items() %}
-
+{{    config_file(name, template) }}
-{%-   set identifier = 'nsd-config-config_files-file-managed-'+name %}
+{%  endfor %}
-
-"{{ identifier }}":
-  file.managed:
-    - name: "{{ nsd.config_include_dir }}/{{ name }}.conf"
-    - source: {{ files_switch([template+'.conf', template+'.conf.jinja'],
-                              lookup=identifier
-                 )
-              }}
-    - mode: 644
-    - user: root
-    - group: {{ nsd.rootgroup }}
-    - makedirs: True
-    - template: jinja
-    - require:
-      - file: nsd-config-include-file-directory
-    - require_in:
-      - file: nsd-config-file-file-managed
-    - context:
-        nsd: {{ nsd | json }}
-    - check_cmd: nsd-checkconf
-
-{%- endfor %}

nsd/config/init.sls

@@ -5,3 +5,4 @@ include:
   - .include
   - .config_files
   - .file
+  - .zones

nsd/config/zones.sls

@@ -0,0 +1,51 @@
+# -*- coding: utf-8 -*-
+# vim: ft=sls
+
+{#- Get the `tplroot` from `tpldir` #}
+{%- set tplroot = tpldir.split('/')[0] %}
+{%- set sls_package_install = tplroot ~ '.package.install' %}
+{%- from tplroot ~ "/map.jinja" import mapdata as nsd with context %}
+{%- from tplroot ~ "/libtofs.jinja" import files_switch with context %}
+{%- from tplroot ~ "/macros.jinja" import config_file with context %}
+{%- from tplroot ~ "/macros.jinja" import zonefile_name with context %}
+
+{%- set zones = nsd.get('zones', {}) %}
+
+{%- if zones | length > 0 %}
+
+{{    config_file('90-generated-zones', 'generated-zones') }}
+
+nsd-config-zones-file-directory:
+  file.directory:
+    - name: {{ nsd.zones_dir }}
+    - makedirs: True
+
+{%-   for name, config in zones.items() %}
+
+{%-     set identifier = 'nsd-config-zones-file-managed-'+name %}
+{%-     set template = 'zones/'+name+'.zone' %}
+
+"{{ identifier }}":
+  file.managed:
+    - name: "{{ nsd.zones_dir }}/{{ zonefile_name(name, config) }}"
+    - source: {{ files_switch([template, template+'.jinja'],
+                              lookup=identifier
+                 )
+              }}
+    - mode: 644
+    - user: root
+    - group: {{ nsd.rootgroup }}
+    - makedirs: True
+    - template: jinja
+    - context:
+        nsd: {{ nsd | json }}
+    - check_cmd: nsd-checkzone "{{ name }}"
+    - require:
+      - file: nsd-config-zones-file-directory
+    - require_in:
+      - service: nsd-service-running-service-running
+    - onchanges_in:
+      - cmd: nsd-service-control-reload-zones
+
+{%-   endfor %}
+{%- endif %}

nsd/files/default/generated-zones.conf.jinja

@@ -0,0 +1,11 @@
+{%- from "nsd/macros.jinja" import zonefile_name with context -%}
+########################################################################
+# File managed by Salt at <{{ source }}>.
+# Your changes will be overwritten.
+########################################################################
+
+{%- for name, config in nsd.get('zones').items() %}
+zone:
+  name: "{{ name }}"
+  zonefile: "{{ nsd.zones_dir }}/{{ zonefile_name(name, config) }}"
+{%- endfor %}

nsd/files/default/local-nsd-for-unbound.conf.jinja

@@ -15,4 +15,5 @@ server:
   port: 53530
 
 remote-control:
+  control-enable: yes
   control-interface: 127.0.0.1

nsd/files/default/zones/168.192.in-addr.arpa.zone

@@ -0,0 +1,20 @@
+$ORIGIN 168.192.in-addr.arpa.
+$TTL 1800
+@       IN      SOA     ns1.example.test.      admin.example.test. (
+                        2021040101              ; serial number
+                        3600                    ; refresh
+                        900                     ; retry
+                        1209600                 ; expire
+                        1800                    ; ttl
+                        )
+; Name servers
+                    IN      NS      ns1.example.test.
+                    IN      NS      ns2.example.test.
+
+; PTR records for name servers
+1.0                 IN      PTR     ns1.example.test.
+2.0                 IN      PTR     ns2.example.test.
+
+; Additional PTR records
+10.0                IN      PTR     example.test.
+11.0                IN      PTR     mail.example.test.

nsd/files/default/zones/example.test.zone

@@ -0,0 +1,21 @@
+$ORIGIN example.test.
+$TTL 1800
+@       IN      SOA     ns1.example.test.      admin.example.test. (
+                        2021040101              ; serial number
+                        3600                    ; refresh
+                        900                     ; retry
+                        1209600                 ; expire
+                        1800                    ; ttl
+                        )
+; Name servers
+                    IN      NS      ns1.example.test.
+                    IN      NS      ns2.example.test.
+
+; A records for name servers
+ns1                 IN      A       192.168.0.1
+ns2                 IN      A       192.168.0.2
+
+; Additional A records
+@                   IN      A       192.168.0.10
+www                 IN      CNAME   example.test.
+mail                IN      A       192.168.0.11

nsd/macros.jinja

@@ -0,0 +1,35 @@
+# -*- coding: utf-8 -*-
+# vim: ft=sls
+
+{%- set tplroot = 'nsd' %}
+{%- from tplroot ~ "/map.jinja" import mapdata as nsd with context %}
+{%- from tplroot ~ "/libtofs.jinja" import files_switch with context %}
+
+{%- macro config_file(name, template) %}
+{%-   set identifier = 'nsd-config-config_file-file-managed-'+name %}
+"{{ identifier }}":
+  file.managed:
+    - name: "{{ nsd.config_include_dir }}/{{ name }}.conf"
+    - source: {{ files_switch([template+'.conf', template+'.conf.jinja'],
+                              lookup=identifier
+                 )
+              }}
+    - mode: 644
+    - user: root
+    - group: {{ nsd.rootgroup }}
+    - makedirs: True
+    - template: jinja
+    - require:
+      - file: nsd-config-include-file-directory
+    - require_in:
+      - file: nsd-config-file-file-managed
+    - context:
+        nsd: {{ nsd | json }}
+    - check_cmd: nsd-checkconf
+    - watch_in:
+      - service: nsd-service-running-service-running
+{%- endmacro %}
+
+{%- macro zonefile_name(zone_name, zone_config) -%}
+{{ zone_config.get('zonefile', zone_name+'.zone') }}
+{%- endmacro %}

nsd/map.jinja

@@ -1,8 +1,7 @@
 # -*- coding: utf-8 -*-
 # vim: ft=jinja
 
-{#- Get the `tplroot` from `tpldir` #}
+{%- set tplroot = 'nsd' %}
-{%- set tplroot = tpldir.split("/")[0] %}
 {%- from tplroot ~ "/libmapstack.jinja" import mapstack %}
 
 {#- Where to lookup parameters source files #}

nsd/parameters/defaults.yaml

@@ -10,6 +10,7 @@ values:
   config: '/etc/nsd/nsd.conf'
   config_include_dir: '/etc/nsd/nsd.conf.d'
   config_include_glob: '*.conf'
+  zones_dir: '/etc/nsd/zones'
   service:
     name: nsd
   # Just here for testing

nsd/parameters/os_family/FreeBSD.yaml

@@ -15,4 +15,5 @@ values:
   rootgroup: wheel
   config: '/usr/local/etc/nsd/nsd.conf'
   config_include_dir: '/usr/local/etc/nsd/nsd.conf.d'
+  zones_dir: '/usr/local/etc/nsd/zones'
 ...

nsd/service/control-reload.sls

@@ -0,0 +1,23 @@
+# -*- coding: utf-8 -*-
+# vim: ft=sls
+
+{#- Get the `tplroot` from `tpldir` #}
+{%- set tplroot = tpldir.split('/')[0] %}
+{%- set sls_config_file = tplroot ~ '.config.file' %}
+{%- set sls_service_running = tplroot ~ '.service.running' %}
+{%- from tplroot ~ "/map.jinja" import mapdata as nsd with context %}
+
+{%- set config_dir = salt.file.dirname(nsd.config) %}
+
+include:
+  - {{ sls_config_file }}
+  - {{ sls_service_running }}
+
+nsd-service-control-reload-zones:
+  cmd.run:
+    - name: nsd-control reload
+    - onchanges:
+      - service: nsd-service-running-service-running
+    - require:
+      - service: nsd-service-running-service-running
+      - cmd: nsd-service-control-setup-control

nsd/service/control-setup.sls

@@ -0,0 +1,17 @@
+# -*- coding: utf-8 -*-
+# vim: ft=sls
+
+{#- Get the `tplroot` from `tpldir` #}
+{%- set tplroot = tpldir.split('/')[0] %}
+{%- set sls_config_file = tplroot ~ '.config.file' %}
+{%- from tplroot ~ "/map.jinja" import mapdata as nsd with context %}
+
+{%- set config_dir = salt.file.dirname(nsd.config) %}
+
+include:
+  - {{ sls_config_file }}
+
+nsd-service-control-setup-control:
+  cmd.run:
+    - name: nsd-control-setup
+    - creates: {{ config_dir }}/nsd_server.pem

nsd/service/init.sls

@@ -2,4 +2,6 @@
 # vim: ft=sls
 
 include:
+  - .control-setup
   - .running
+  - .control-reload

nsd/service/running.sls

@@ -13,5 +13,5 @@ nsd-service-running-service-running:
   service.running:
     - name: {{ nsd.service.name }}
     - enable: True
-    - watch:
+    - require:
-      - sls: {{ sls_config_file }}
+      - cmd: nsd-service-control-setup-control

pillar.example

@@ -19,6 +19,17 @@ nsd:
   # Configuration is separated into several files which have their own templates
   config_files:
     10-server: local-nsd-for-unbound
+    # 90-generated-zones is reserved for zones generated by this formula
+
+  # If this section is present in your Pillar data,
+  # nsd.conf.d/90-generated-zones will be created and managed.
+  zones:
+    example.test:
+      # Just for testing purpuses
+      multi-master-check: no
+    "168.192.in-addr.arpa": {}
+    # NSD's include-pattern directive may be a better way to share configuration
+    # across zones than using YAML anchors.
 
   tofs:
     # The files_switch key serves as a selector for alternative

test/integration/default/controls/services.rb

@@ -20,4 +20,40 @@ control 'nsd.service.running' do
     it { should be_enabled }
     it { should be_running }
   end
+
+  describe command('nslookup -port=53530 ns1.example.test 127.0.0.1') do
+    its('stdout') { should match "192.168.0.1" }
+  end
+
+  describe command('nslookup -port=53530 ns2.example.test 127.0.0.1') do
+    its('stdout') { should match "192.168.0.2" }
+  end
+
+  describe command('nslookup -port=53530 example.test 127.0.0.1') do
+    its('stdout') { should match "192.168.0.10" }
+  end
+
+  describe command('nslookup -port=53530 www.example.test 127.0.0.1') do
+    its('stdout') { should match "192.168.0.10" }
+  end
+
+  describe command('nslookup -port=53530 mail.example.test 127.0.0.1') do
+    its('stdout') { should match "192.168.0.11" }
+  end
+
+  describe command('nslookup -port=53530 192.168.0.1 127.0.0.1') do
+    its('stdout') { should match "ns1.example.test" }
+  end
+
+  describe command('nslookup -port=53530 192.168.0.2 127.0.0.1') do
+    its('stdout') { should match "ns2.example.test" }
+  end
+
+  describe command('nslookup -port=53530 192.168.0.10 127.0.0.1') do
+    its('stdout') { should match "example.test" }
+  end
+
+  describe command('nslookup -port=53530 192.168.0.11 127.0.0.1') do
+    its('stdout') { should match "mail.example.test" }
+  end
 end

test/integration/default/files/_mapdata/amazonlinux-1.yaml

@@ -42,3 +42,9 @@ values:
       nsd-config-file-file-managed:
       - nsd.conf.jinja
   winner: pillar
+  zones:
+    168.192.in-addr.arpa: {}
+    example.test:
+      multi-master-check: false
+  zones_dir: "/etc/nsd/zones"
+

test/integration/default/files/_mapdata/amazonlinux-2.yaml

@@ -42,3 +42,9 @@ values:
       nsd-config-file-file-managed:
       - nsd.conf.jinja
   winner: pillar
+  zones:
+    168.192.in-addr.arpa: {}
+    example.test:
+      multi-master-check: false
+  zones_dir: "/etc/nsd/zones"
+

test/integration/default/files/_mapdata/arch-base-latest.yaml

@@ -42,3 +42,9 @@ values:
       nsd-config-file-file-managed:
       - nsd.conf.jinja
   winner: pillar
+  zones:
+    168.192.in-addr.arpa: {}
+    example.test:
+      multi-master-check: false
+  zones_dir: "/etc/nsd/zones"
+

test/integration/default/files/_mapdata/centos-6.yaml

@@ -42,3 +42,9 @@ values:
       nsd-config-file-file-managed:
       - nsd.conf.jinja
   winner: pillar
+  zones:
+    168.192.in-addr.arpa: {}
+    example.test:
+      multi-master-check: false
+  zones_dir: "/etc/nsd/zones"
+

test/integration/default/files/_mapdata/centos-7.yaml

@@ -42,3 +42,9 @@ values:
       nsd-config-file-file-managed:
       - nsd.conf.jinja
   winner: pillar
+  zones:
+    168.192.in-addr.arpa: {}
+    example.test:
+      multi-master-check: false
+  zones_dir: "/etc/nsd/zones"
+

test/integration/default/files/_mapdata/centos-8.yaml

@@ -42,3 +42,9 @@ values:
       nsd-config-file-file-managed:
       - nsd.conf.jinja
   winner: pillar
+  zones:
+    168.192.in-addr.arpa: {}
+    example.test:
+      multi-master-check: false
+  zones_dir: "/etc/nsd/zones"
+

test/integration/default/files/_mapdata/debian-10.yaml

@@ -42,3 +42,9 @@ values:
       nsd-config-file-file-managed:
       - nsd.conf.jinja
   winner: pillar
+  zones:
+    168.192.in-addr.arpa: {}
+    example.test:
+      multi-master-check: false
+  zones_dir: "/etc/nsd/zones"
+

test/integration/default/files/_mapdata/debian-9.yaml

@@ -42,3 +42,9 @@ values:
       nsd-config-file-file-managed:
       - nsd.conf.jinja
   winner: pillar
+  zones:
+    168.192.in-addr.arpa: {}
+    example.test:
+      multi-master-check: false
+  zones_dir: "/etc/nsd/zones"
+

test/integration/default/files/_mapdata/fedora-31.yaml

@@ -42,3 +42,9 @@ values:
       nsd-config-file-file-managed:
       - nsd.conf.jinja
   winner: pillar
+  zones:
+    168.192.in-addr.arpa: {}
+    example.test:
+      multi-master-check: false
+  zones_dir: "/etc/nsd/zones"
+

test/integration/default/files/_mapdata/fedora-32.yaml

@@ -42,3 +42,9 @@ values:
       nsd-config-file-file-managed:
       - nsd.conf.jinja
   winner: pillar
+  zones:
+    168.192.in-addr.arpa: {}
+    example.test:
+      multi-master-check: false
+  zones_dir: "/etc/nsd/zones"
+

test/integration/default/files/_mapdata/fedora-33.yaml

@@ -42,3 +42,9 @@ values:
       nsd-config-file-file-managed:
       - nsd.conf.jinja
   winner: pillar
+  zones:
+    168.192.in-addr.arpa: {}
+    example.test:
+      multi-master-check: false
+  zones_dir: "/etc/nsd/zones"
+

test/integration/default/files/_mapdata/gentoo-2-sysd.yaml

@@ -42,3 +42,9 @@ values:
       nsd-config-file-file-managed:
       - nsd.conf.jinja
   winner: pillar
+  zones:
+    168.192.in-addr.arpa: {}
+    example.test:
+      multi-master-check: false
+  zones_dir: "/etc/nsd/zones"
+

test/integration/default/files/_mapdata/gentoo-2-sysv.yaml

@@ -42,3 +42,9 @@ values:
       nsd-config-file-file-managed:
       - nsd.conf.jinja
   winner: pillar
+  zones:
+    168.192.in-addr.arpa: {}
+    example.test:
+      multi-master-check: false
+  zones_dir: "/etc/nsd/zones"
+

test/integration/default/files/_mapdata/opensuse-15.yaml

@@ -42,3 +42,9 @@ values:
       nsd-config-file-file-managed:
       - nsd.conf.jinja
   winner: pillar
+  zones:
+    168.192.in-addr.arpa: {}
+    example.test:
+      multi-master-check: false
+  zones_dir: "/etc/nsd/zones"
+

test/integration/default/files/_mapdata/opensuse-tumbleweed.yaml

@@ -42,3 +42,9 @@ values:
       nsd-config-file-file-managed:
       - nsd.conf.jinja
   winner: pillar
+  zones:
+    168.192.in-addr.arpa: {}
+    example.test:
+      multi-master-check: false
+  zones_dir: "/etc/nsd/zones"
+

test/integration/default/files/_mapdata/oraclelinux-7.yaml

@@ -42,3 +42,9 @@ values:
       nsd-config-file-file-managed:
       - nsd.conf.jinja
   winner: pillar
+  zones:
+    168.192.in-addr.arpa: {}
+    example.test:
+      multi-master-check: false
+  zones_dir: "/etc/nsd/zones"
+

test/integration/default/files/_mapdata/oraclelinux-8.yaml

@@ -42,3 +42,9 @@ values:
       nsd-config-file-file-managed:
       - nsd.conf.jinja
   winner: pillar
+  zones:
+    168.192.in-addr.arpa: {}
+    example.test:
+      multi-master-check: false
+  zones_dir: "/etc/nsd/zones"
+

test/integration/default/files/_mapdata/ubuntu-16.yaml

@@ -42,3 +42,9 @@ values:
       nsd-config-file-file-managed:
       - nsd.conf.jinja
   winner: pillar
+  zones:
+    168.192.in-addr.arpa: {}
+    example.test:
+      multi-master-check: false
+  zones_dir: "/etc/nsd/zones"
+

test/integration/default/files/_mapdata/ubuntu-18.yaml

@@ -42,3 +42,9 @@ values:
       nsd-config-file-file-managed:
       - nsd.conf.jinja
   winner: pillar
+  zones:
+    168.192.in-addr.arpa: {}
+    example.test:
+      multi-master-check: false
+  zones_dir: "/etc/nsd/zones"
+

test/integration/default/files/_mapdata/ubuntu-20.yaml

@@ -42,3 +42,9 @@ values:
       nsd-config-file-file-managed:
       - nsd.conf.jinja
   winner: pillar
+  zones:
+    168.192.in-addr.arpa: {}
+    example.test:
+      multi-master-check: false
+  zones_dir: "/etc/nsd/zones"
+