Adoptable Cookbooks List

Looking for a cookbook to adopt? You can now see a list of cookbooks available for adoption!
List of Adoptable Cookbooks

Supermarket Belongs to the Community

Supermarket belongs to the community. While Chef has the responsibility to keep it running and be stewards of its functionality, what it does and how it works is driven by the community. The chef/supermarket repository will continue to be where development of the Supermarket application takes place. Come be part of shaping the direction of Supermarket by opening issues and pull requests or by joining us on the Chef Mailing List.

Select Badges

Select Supported Platforms

Select Status

RSS

bind (40) Versions 0.0.0

Installs/Configures ISC BIND

Policyfile
Berkshelf
Knife
cookbook 'bind', '= 0.0.0', :supermarket
cookbook 'bind', '= 0.0.0'
knife supermarket install bind
knife supermarket download bind
README
Dependencies
Changelog
Quality 50%
# Bind [![Build Status](https://secure.travis-ci.org/atomic-penguin/cookbook-bind.png?branch=master)](http://travis-ci.org/atomic-penguin/cookbook-bind) ## Description A cookbook to manage bind DNS servers, and zones. ## Requirements Included ldap2zone recipe depends on Chef 0.10.10 features, such as `chef_gem`. The net-ldap v0.2.2 Ruby gem is required for the ldap2zone recipe. ## Attributes ### Attributes which probably require tuning * `bind['masters']` - Array of authoritative servers which you transfer zones from. - Default empty * `bind['ipv6_listen']` - Boolean, whether BIND should listen on ipv6 - Default is false * `bind['acl-role']` - Search key for pulling split-domain ACLs out of `data_bags` - Defaults to internal-acl, and has no effect if you do not need ACLs. * `bind['acl']` - An array node attribute which `data_bag` ACLs are pushed on to, and then passed to named.options template. - Default is an empty array. * `bind['zones']['attribute']` - An array attribute where zone names may be set from role attributes. The dynamic source attributes `bind['zones']['ldap']` and `bind['zones']['databag']` will be combined with zone names set via role attributes before the named.conf template is rendered. * `bind['zones']['ldap']` - An array attribute where zone names may be set from an ldap source. * `bind['zones']['databag']` - An array attribute where zone names may be set from a databag source. * `bind['zonetype']` - The zone type, master, or slave for configuring the named.conf template. - Defaults to slave * `bind['zonesource']` - The external zone data source, included examples are databag or ldap - Defaults to databag. Should have no effect if no zone names exist in the bind `data_bag`. * `bind['options']` - Free form options for named.conf template - Defaults to an empty array. * `bind['allow_solo_search']` - Boolean true/false, enabling chef-solo search - Defaults to false * `bind['enable_log']` - Boolean, toggle bind query logging. Note this applies only to a dedicated log, such as a query log. i.e. bind may still log to the messages/kernel log if configured to do so with syslog. - Default to false * `bind['log_file']` - Absolute path to bind log file, assuming directory exists. Again, this has no effect on syslog configuration. - Default to `/var/log/bind9/query.log` * `bind['statistics-channel'] - Boolean to enable a statistics-channel on a TCP port. - Default, platform-specific * `bind['statistics-port'] - Integer for statistics-channel TCP port. - Default, 8080 ### Attributes which should not require tuning * `bind['packages']` - packages to install - Platform specific defaults * `bind['sysconfdir']` - etc directory for named - Platform specific defaults * `bind['conf_file']` - Full path to named.conf - Platform specific defaults * `bind['options_file']` - Full path to named.options - Platform specific defaults * `bind['vardir']` - var directory for named to write state data, such as zone files. - Platform specific defaults * `bind['included_files']` - Files to be included in named.conf, relative to sysconf (/etc/named, /etc/bind) directory. You could, for example, drop off other static files or templates in your sysconf directory. Then include them in your named.conf by overriding this attribute. - Defaults to named.rfc1912.zones, and named.options * `bind['var_cookbook_files']` - static cookbook files to drop off in var directory - defaults to named.empty, named.ca, named.loopback, and named.localhost * `bind['rndc_keygen']` - command to generate rndc key - default depends on hardware/hypervisor platform * `bind['log_options']` - Array listing all specific bind logging options - default is empty * `bind['rndc-key']` - Location which rndc.key gets created by rndc-confgen ### ldap2zone recipe specific attributes We store our zone names on Active Directory, and use Ruby to pull these into Chef and configure our Linux BIND servers. If you already have Active Directory, chances are you have an authoritative data source for zone names in LDAP and can use this recipe to query this data, just by setting a few attributes in a role. * `bind['ldap']['binddn']` - The binddn username for connecting to LDAP - Default nil * `bind['ldap']['bindpw']` - The binddn password for connecting to LDAP - Default nil * `bind['ldap']['filter']` - The LDAP object filter for zone names - Defaults to dnsZone class, excluding Root DNS Servers * `bind['ldap'][server']` - The authoritative directory server for your domain - Defaults to nil * `bind['ldap']['domainzones']` - The LDAP tree where your domain zones are located - Defaults to the Active Directory zone tree for example.com. ## Usage ### Notes on the zonesource recipes The databag2zone and ldap2zone is optional code to fetch DNS zones from a data bag, or Active Directory integrated domain controllers. If you have a proper IP address management (IPAM) solution, you could drop in your own code to query an API on your IPAM server. Any query should use the `<<` operator to push results on to the `bind['zones']` array. Drop your query code in a recipe named `query2zone.rb`, for example. Then include the API query by overriding the attribute `bind['zonesource']` set to the string `query`. Alternatively, you can just use an `override['bind']['zones']` in a role or environment instead. Or even a mix of both override attributes, and an API query to populate zones. ### Example role for internal recursing DNS An example wrapper cookbook for an internal split-horizon BIND server for example.com, might look like so: ```ruby # Configure and install Bind to function as an internal DNS server." # attributes/default.rb include_attribute 'bind' default['bind']['acl-role'] = 'internal-acl' default['bind']['masters'] = %w(192.0.2.10 192.0.2.11 192.0.2.12) default['bind']['ipv6_listen'] = true default['bind']['zonetype'] = 'slave' default['bind']['zonesource'] = 'ldap' default['bind']['zones']['attribute'] = %w(example.com example.org) default['bind']['ldap'] = { server: 'example.com', binddn: 'cn=chef-ldap,ou=Service Accounts,dc=example,dc=com', bindpw: 'ServiceAccountPassword', domainzones: 'cn=MicrosoftDNS,dc=DomainDnsZones,dc=example,dc=com' } default['bind']['options'] = [ 'check-names slave ignore;', 'multi-master yes;', 'provide-ixfr yes;', 'recursive-clients 10000;', 'request-ixfr yes;', 'allow-notify { acl-dns-masters; acl-dns-slaves; };', 'allow-query { example-lan; localhost; };', 'allow-query-cache { example-lan; localhost; };', 'allow-recursion { example-lan; localhost; };', 'allow-transfer { acl-dns-masters; acl-dns-slaves; };', 'allow-update-forwarding { any; };', ] # recipes/default.rb include_recipe 'bind' ``` ### Example role for authoritative only external DNS An example wrapper cookbook for an external split-horizon authoritative only BIND server for example.com, might look like so: ```ruby # Configure and install Bind to function as an external DNS server." # attributes/default.rb include_attribute 'bind' default['bind']['acl-role'] = 'external-acl' default['bind']['masters'] = %w(192.0.2.5 192.0.2.6) default['bind']['ipv6_listen'] = true default['bind']['zonetype'] = 'master' default['bind']['zones']['attribute'] = %w(example.com example.org) default['bind']['options'] = [ 'recursion no;', 'allow-query { any; };', 'allow-transfer { external-private-interfaces; external-dns; };', 'allow-notify { external-private-interfaces; external-dns; localhost; };', 'listen-on-v6 { any; };' ] # recipes/default.rb include_recipe 'bind' ``` ### Example BIND Access Controls from data bag In order to include an external ACL for the private interfaces of your external nameservers, you can create a data bag like so. * data_bag name: bind - id: ACL entry name - role: search key for bind data_bag - hosts: array of CIDR addresses, or IP addresses ```json { "id": "external-private-interfaces", "role": "external-acl", "hosts": [ "192.0.2.15", "192.0.2.16", "192.0.2.17" ] } ``` In order to include an internal ACL for the query addresses of your LAN, you might create a data bag like so. * data_bag name: bind - id: ACL entry name - role: search key for bind data_bag - hosts: array of CIDR addresses, or IP addresses ```json { "id": "example-lan", "role": "internal-acl", "hosts": [ "192.0.2.18", "192.0.2.19", "192.0.2.20" ] } ``` ### Example to load zone names from data bag If you have a few number of zones, you can split these up into individual data bag objects if you prefer. * data_bag name: bind - zone: string representation of individual zone name. ```json { "id": "example", "zone": "example.com" } ``` If you wish to group a number of zones together, you can use the following format to include a number of zones at once. * data_bag name: bind - zones: array representation of several zone names. ```json { "id": "example", "zones": [ "example.com", "example.org" ] } ``` ## License and Author Copyright: 2011 Eric G. Wolfe Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

bind changelog

v1.1.4

  • restore previous default for querylog size and amount
  • correct quoting for log file rotation
  • minor rubocop corrections

v1.1.3

  • Added log_file_size attribute.

v1.1.1

  • Added array for domainzones attribute

v1.1.0

  • Add named-checkconf sanity checking
  • Add thor/scmversion
  • Update specs

v1.0.3

  • Update documentation

v1.0.2

  • Stub file for service tests

v1.0.1

  • Add delayed timing to service reload
  • Fix a minor issue with rndc.key on CentOS 6.x

v1.0.0

Clearing out backlog of issues.

  • Add standalone logging support, to named.options file. #4
  • Revert incorrect /etc/named.conf location for EL6.
  • Graceful handling for lack of data_bags. #7
  • Added documentation for standalone logging support. #8
  • Added statistics-channel support. #9
  • Updated kitchen and build files.
  • Added bats tests.
  • Removed minitests/Added chefspec

BREAKING CHANGE

  • Removed etc_cookbook_files and etc_template_files in favor of simpler bind['included_files'] attribute

Explanation:

You could, for examplem, drop off other static files or templates in your sysconf
directory. Then include these files in your named.conf by overriding this attribute.

v0.2.0

This is the first cookbook, I have validated with @fnichol re-write
of test-kitchen. It took
about 3-4 minutes to validate this cookbook across 4 platforms.

I identified two RHEL 5, and one Ubuntu, recipe bugs which nobody
including myself has caught. I cannot overstate, how much time this
has saved me. If you have not tried the test-kitchen re-write,
do yourself the favor and start working with it now.

  • Add test-kitchen/Berkshelf skeleton files
  • Platform-specific fixes
    • Correct location of /etc/named.conf on RHEL 5
    • Added conf_file and options_file are attributes
    • Refactor service actions, and config file rendering
    • Enabled usage of search also on chef-solo via @fabn
    • Various Ubuntu platform fixes via @fabn
    • Added apt recipe to pass test-kitchen

v0.1.1

  • Pass zone array to template with uniq and sort

v0.1.0

  • Add bind zones attributes for "role (attribute)", "ldap", and "databag" sources.

v0.0.9

ldap host incorrectly being scoped as node.default

v0.0.8

Change node scope to node.default for Chef 11

v0.0.7

Update root nameserver D

v0.0.6

Move masters keyword to slave block

v0.0.4

Clean up and public release

v0.0.2

Initial prototype for internal use

Foodcritic Metric
            

0.0.0 failed this metric

FC064: Ensure issues_url is set in metadata: bind/metadata.rb:1
FC065: Ensure source_url is set in metadata: bind/metadata.rb:1
FC066: Ensure chef_version is set in metadata: bind/metadata.rb:1
FC067: Ensure at least one platform supported in metadata: bind/metadata.rb:1
FC069: Ensure standardized license defined in metadata: bind/metadata.rb:1
Run with Foodcritic Version 10.3.1 with tags metadata,correctness ~FC031 ~FC045 and failure tags any

License Metric
            

0.0.0 passed this metric

No Binaries Metric
            

0.0.0 passed this metric

Version Tag Metric
            

0.0.0 failed this metric

Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of http://github.com/user/repo, and your repo must include a tag that matches this cookbook version number