Merge fe9bc6b45a into ca20bd6aa6

README.rst

@@ -727,6 +727,60 @@ Syndicated master with multiple master of masters:
         - host: master-of-master-host2
         timeout: 5
 
+Dynamic DNS configuration
+-------------------------
+
+Salt master can register minions in DNS server using DDNS (dynamic DNS)
+update mechanism via salt.runners.ddns module. DNS server with dynamic
+updates allowed is required. Authorization via {tsig-key} is available.
+Recommended is DNS server configured via salt-formula-bind.
+Mechanism uses event-reactor system.
+
+Master pillar:
+
+.. code-block:: yaml
+
+    salt:
+      master:
+        ddns:
+          enabled: True
+          keys:
+            key: <tsig-key>
+            name: <tsig-key-name>
+        reactor:
+          dns/node/register:
+          - salt://salt/reactor/ddns_node_register.sls
+          dns/static/records:
+          - salt://salt/reactor/ddns_static_records.sls
+
+Minion pillar:
+
+.. code-block:: yaml
+
+    salt:
+      minion:
+        ddns:
+          server: <dns-server-ip>
+          keyname: <tsig-key-name>
+          ttl: 300
+        dns_static:
+          zone.example.com:
+          - name: appname
+            type: CNAME
+            value: appserver01
+
+
+Manual calling:
+
+.. code-block:: bash
+
+    # Minion register
+    salt '*' state.apply salt.minion.dns_register
+    #
+    # Static DNS records
+    salt '*' state.apply salt.minion.dns_static
+
+
 Salt Minion
 -----------
 

metadata/service/minion/dns_register.yml

@@ -0,0 +1,2 @@
+applications:
+- salt.minion.dns_register

metadata/service/minion/dns_static.yml

@@ -0,0 +1,2 @@
+applications:
+- salt.minion.dns_static

salt/control/virt.sls

@@ -20,7 +20,7 @@ update-guestfs-appliance:
 
 {%- if cluster.engine == "virt" %}
 
-salt_libvirt_service:
+salt_libvirt_service_{{ cluster_name }}:
   service.running:
   - name: {{ control.virt_service }}
   - enable: true
@@ -108,7 +108,7 @@ salt_control_virt_{{ cluster_name }}_{{ node_name }}:
       {%- endif %}
   - unless: virsh list --all --name| grep -E "^{{ node_name }}.{{ cluster.domain }}$"
   - require:
-    - salt_libvirt_service
+    - salt_libvirt_service_{{ cluster_name }}
 
 {%- if node.get("autostart", True) %}
 

salt/files/ddns.keyring

@@ -0,0 +1,6 @@
+{%- from "salt/map.jinja" import master with context -%}
+{
+{%- for key in master.ddns.get('keys', []) %}
+"{{ key.name }}.": "{{ key.key }}"{{ "," if not loop.last else "" }}
+{%- endfor %}
+}

salt/map.jinja

@@ -30,9 +30,13 @@ default:
 Arch:
   pkgs:
   - salt
+  ddns_pkgs:
+  - python-dnspython
 Debian:
   pkgs:
   - salt-master
+  ddns_pkgs:
+  - python-dnspython
 Gentoo:
   pkgs:
   - app-admin/salt
@@ -42,6 +46,8 @@ MacOS:
 RedHat:
   pkgs:
   - salt-master
+  ddns_pkgs:
+  - python-dnspython
 {%- endload %}
 
 {%- if pillar.salt.master is defined %}

salt/master/ddns.sls

@@ -0,0 +1,14 @@
+{%- from "salt/map.jinja" import master with context %}
+{%- if master.get('ddns', {}).get('enabled', False) %}
+ddns_packages:
+  pkg.installed:
+  - names: {{ master.ddns_pkgs }}
+
+ddns_keys_file:
+  file.managed:
+  - name: /etc/salt/ddns.keyring
+  - source: salt://salt/files/ddns.keyring
+  - template: jinja
+  - mode: 600
+
+{%- endif %}

salt/master/init.sls

@@ -3,6 +3,9 @@ include:
 {%- if pillar.salt.master.reactor is defined %}
 - salt.master.reactor
 {%- endif %}
+{%- if pillar.salt.master.ddns is defined %}
+- salt.master.ddns
+{%- endif %}
 - salt.master.env
 - salt.master.pillar
 - salt.master.minion

salt/minion/dns_register.sls

@@ -0,0 +1,5 @@
+send_dns_register_event:
+  event.send:
+  - name: dns/node/register
+  - net_info: {{ pillar.linux.network.get('host', {}) }}
+  - ddns: {{ pillar.salt.minion.get('ddns', {}) }}

salt/minion/dns_static.sls

@@ -0,0 +1,5 @@
+send_dns_static_event:
+  event.send:
+  - name: dns/static/records
+  - records: {{ pillar.salt.minion.get('dns_static', {}) }}
+  - ddns: {{ pillar.salt.minion.get('ddns', {}) }}

salt/minion/init.sls

@@ -14,3 +14,9 @@ include:
 {%- if pillar.salt.minion.env_vars is defined %}
 - salt.minion.env_vars
 {%- endif %}
+{%- if pillar.salt.minion.ddns is defined %}
+- salt.minion.dns_register
+{%-   if pillar.salt.minion.dns_static is defined %}
+- salt.minion.dns_static
+{%-   endif %}
+{%- endif %}

salt/reactor/ddns_node_register.sls

@@ -0,0 +1,19 @@
+{%- set ddns = data.data.get('ddns', {}) %}
+{%- for rec_name, record in data.data.get('net_info', {}).iteritems() %}
+{%- for name in record.get('names', []) if '.' in name %}
+{%- set hostname, domain = name.split('.',1) %}
+
+ddns_node_register_{{ name }}_{{ loop.index }}:
+  runner.ddns.add_host:
+  - args:
+    - zone: {{ domain }}
+    - name: {{ hostname }}
+    - ttl: {{ ddns.get('ttl', 300) }}
+    - ip: {{ record.get('address', '127.0.0.127') }}
+    - keyname: {{ ddns.get('keyname', 'salt-updates') }}
+    - keyfile: /etc/salt/ddns.keyring
+    - nameserver: {{ ddns.get('server', '127.0.0.1') }}
+    - keyalgorithm: 'HMAC-MD5.SIG-ALG.REG.INT'
+    - timeout: 10
+{%- endfor %}
+{%- endfor %}

salt/reactor/ddns_static_records.sls

@@ -0,0 +1,19 @@
+{%- set ddns = data.data.get('ddns', {}) %}
+{%- for zone_name, zone in data.data.get('records', {}).iteritems() %}
+{%- for record in zone %}
+
+ddns_record_{{ zone_name }}_{{ loop.index }}:
+  runner.ddns.create:
+  - args:
+    - zone: {{ zone_name }}
+    - name: {{ record['name'] }}
+    - ttl: {{ ddns.get('ttl', 300) }}
+    - rdtype: {{ record['type'] }}
+    - data: {{ record['value'] }}
+    - keyname: {{ ddns.get('keyname', 'salt-updates') }}
+    - keyfile: /etc/salt/ddns.keyring
+    - nameserver: {{ ddns.get('server', '127.0.0.1') }}
+    - timeout: 10
+    - keyalgorithm: 'HMAC-MD5.SIG-ALG.REG.INT'
+{%- endfor %}
+{%- endfor %}

tests/pillar/master_dns.sls

@@ -0,0 +1,26 @@
+git:
+  client:
+    enabled: true
+linux:
+  system:
+    enabled: true
+salt:
+  master:
+    enabled: true
+    command_timeout: 5
+    worker_threads: 2
+    reactor_worker_threads: 2
+    source:
+      engine: pkg
+    pillar:
+      engine: salt
+      source:
+        engine: local
+    ddns:
+      enabled: True
+      keys:
+        key: 'yEdG9/x8Sb+efi27GyeXNg=='
+        name: salt-updates
+    reactor:
+      dns/node/register:
+      - salt://salt/reactor/node_ddns_register.sls