Skip to content

Enable containerized bind and dhcpd on SLE15SP7 #250

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
nadvornik wants to merge 3 commits into
base: master
Choose a base branch
from
Open

Enable containerized bind and dhcpd on SLE15SP7 #250

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
e1f72ce
Handle missing conf files and dirs
nadvornik Nov 21, 2025
42a18f3
Enable containerized bind and dhcpd on SP7
nadvornik Nov 21, 2025
461ed87
bind-formula: Make sure the service is started after the config
nadvornik Nov 26, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions bind-formula/bind-formula.changes
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,7 @@
- Enable containerized bind on SLE15SP7
- Handle missing conf files or directories
- Make sure the service is started after the config

-------------------------------------------------------------------
Tue Oct 14 14:50:21 UTC 2025 - Ondrej Holecek <oholecek@suse.com>

Expand Down
100 changes: 94 additions & 6 deletions bind-formula/bind/init.sls
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,9 @@ bind_restart:
- name: {{ map.service }}
- reload: False
- watch:
{%- if not map.get("container", False) %}
- file: {{ map.chroot_dir }}{{ map.log_dir }}/query.log
{%- endif %}
- file: bind_key_directory
{%- endif %}

Expand All @@ -49,7 +51,7 @@ named_directory:
- user: {{ salt['pillar.get']('bind:config:user', map.user) }}
- group: {{ salt['pillar.get']('bind:config:group', map.group) }}
- mode: 775
- makedirs: True
- makedirs: true
- require:
- pkg: bind

Expand Down Expand Up @@ -82,20 +84,56 @@ named_directory:
- pkg: bind

{{ map.named_directory }}/127.0.0.zone:
file.touch:
file.managed:
- user: {{ salt['pillar.get']('bind:config:user', map.user) }}
- group: {{ salt['pillar.get']('bind:config:group', map.group) }}
- mode: {{ salt['pillar.get']('bind:config:mode', '644') }}
- makedirs: true
{%- if not grains.get('transactional') %}
- watch_in:
- service: bind
- require_in:
- service: bind
{%- endif %}

{{ map.named_directory }}/localhost.zone:
file.touch:
file.managed:
- user: {{ salt['pillar.get']('bind:config:user', map.user) }}
- group: {{ salt['pillar.get']('bind:config:group', map.group) }}
- mode: {{ salt['pillar.get']('bind:config:mode', '644') }}
- makedirs: true
{%- if not grains.get('transactional') %}
- watch_in:
- service: bind
- require_in:
- service: bind
{%- endif %}

{{ map.named_directory }}/named.root.key:
file.touch:
file.managed:
- user: {{ salt['pillar.get']('bind:config:user', map.user) }}
- group: {{ salt['pillar.get']('bind:config:group', map.group) }}
- mode: {{ salt['pillar.get']('bind:config:mode', '644') }}
- makedirs: true
{%- if not grains.get('transactional') %}
- watch_in:
- service: bind_restart
- require_in:
- service: bind
{%- endif %}

{{ map.named_directory }}/root.hint:
file.touch:
file.managed:
- user: {{ salt['pillar.get']('bind:config:user', map.user) }}
- group: {{ salt['pillar.get']('bind:config:group', map.group) }}
- mode: {{ salt['pillar.get']('bind:config:mode', '644') }}
- makedirs: true
{%- if not grains.get('transactional') %}
- watch_in:
- service: bind
- require_in:
- service: bind
{%- endif %}



Expand All @@ -107,10 +145,14 @@ bind_zones_directory:
- user: {{ salt['pillar.get']('bind:config:user', map.user) }}
- group: {{ salt['pillar.get']('bind:config:group', map.group) }}
- mode: 775
- makedirs: True
- makedirs: true
- require:
- pkg: bind
- file: named_directory
{%- if not grains.get('transactional') %}
- watch_in:
- service: bind_restart
{%- endif %}
{% endif %}

bind_config:
Expand All @@ -132,6 +174,8 @@ bind_config:
{%- if not grains.get('transactional') %}
- watch_in:
- service: bind
- require_in:
- service: bind
{%- endif %}

bind_local_config:
Expand All @@ -142,6 +186,7 @@ bind_local_config:
- user: {{ salt['pillar.get']('bind:config:user', map.user) }}
- group: {{ salt['pillar.get']('bind:config:group', map.group) }}
- mode: {{ salt['pillar.get']('bind:config:mode', '644') }}
- makedirs: true
- context:
map: {{ map }}
zones_directory: {{ container_zones_directory }}
Expand All @@ -153,6 +198,23 @@ bind_local_config:
{%- if not grains.get('transactional') %}
- watch_in:
- service: bind
- require_in:
- service: bind
{%- endif %}

{%- if map.get("container", False) %}
/etc/named.d/forwarders.conf:
file.managed:
- user: {{ salt['pillar.get']('bind:config:user', map.user) }}
- group: {{ salt['pillar.get']('bind:config:group', map.group) }}
- mode: {{ salt['pillar.get']('bind:config:mode', '644') }}
- makedirs: true
{%- if not grains.get('transactional') %}
- watch_in:
- service: bind
- require_in:
- service: bind
{%- endif %}
{%- endif %}

{% if grains['os_family'] not in ['Arch', 'FreeBSD', 'Gentoo'] %}
Expand All @@ -169,6 +231,8 @@ bind_default_config:
{%- if not grains.get('transactional') %}
- watch_in:
- service: bind_restart
- require_in:
- service: bind
{% endif %}
{% endif %}

Expand All @@ -188,6 +252,8 @@ bind_logging_config:
{%- if not grains.get('transactional') %}
- watch_in:
- service: bind
- require_in:
- service: bind
{%- endif %}
{%- endif %}

Expand All @@ -205,6 +271,8 @@ bind_key_config:
{%- if not grains.get('transactional') %}
- watch_in:
- service: bind
- require_in:
- service: bind
{%- endif %}

bind_options_config:
Expand All @@ -224,6 +292,8 @@ bind_options_config:
{%- if not grains.get('transactional') %}
- watch_in:
- service: bind
- require_in:
- service: bind
{%- endif %}

bind_default_zones:
Expand All @@ -239,6 +309,8 @@ bind_default_zones:
{%- if not grains.get('transactional') %}
- watch_in:
- service: bind
- require_in:
- service: bind
{%- endif %}

/etc/logrotate.d/{{ map.service }}:
Expand All @@ -263,6 +335,12 @@ bind_rndc_client_config:
map: {{ map }}
- require:
- pkg: bind
{%- if not grains.get('transactional') %}
- watch_in:
- service: bind
- require_in:
- service: bind
{%- endif %}
{%- endif %}
{% endif %}

Expand Down Expand Up @@ -310,6 +388,8 @@ zones{{ dash_view }}-{{ zone }}{{ '.include' if serial_auto else '' }}:
{%- if not grains.get('transactional') %}
- watch_in:
- service: bind
- require_in:
- service: bind
{%- endif %}
- require:
- file: named_directory
Expand All @@ -325,6 +405,12 @@ zones{{ dash_view }}-{{ zone }}:
- zone: zones{{ dash_view }}-{{ zone }}
- watch:
- file: {{ zones_directory }}/{{ file }}.include
{%- if not grains.get('transactional') %}
- watch_in:
- service: bind
- require_in:
- service: bind
{%- endif %}
file.managed:
- name: {{ zones_directory }}/{{ file }}
- require:
Expand All @@ -343,6 +429,8 @@ zones{{ dash_view }}-{{ zone }}:
{%- if not grains.get('transactional') %}
- watch_in:
- service: bind
- require_in:
- service: bind
{%- endif %}
- require:
- file: named_directory
Expand Down
5 changes: 4 additions & 1 deletion bind-formula/bind/install.sls
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,10 +12,13 @@ bind:
service.running:
- name: {{ map.service }}
- enable: True
{%- if not map.get("container", False) %}
- reload: True
{%- endif %}
{%- if map.get("container", False) %}
{%- endif %}
- require:
- file: bind_key_directory
{%- if map.get("container", False) %}
- file: /etc/systemd/system/{{ map.service }}.service

bind_service_config:
Expand Down
12 changes: 11 additions & 1 deletion bind-formula/bind/map.jinja
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -159,4 +159,14 @@
'container_named_directory': '/var/lib/named',
'group': '44',
},
}, grain='osfullname', merge=salt['pillar.get']('bind:lookup')))) %}
}, grain='osfullname', merge=salt['grains.filter_by']({
'SUSE Linux Enterprise Server 15 SP7': {
'pkgs': [],
'image': 'registry.opensuse.org/opensuse/bind:latest',
'service': 'bind-container',
'container': True,
'named_directory': '/var/lib/named',
'container_named_directory': '/var/lib/named',
'group': '44',
},
}, grain='oscodename', merge=salt['pillar.get']('bind:lookup'))))) %}
2 changes: 2 additions & 0 deletions dhcpd-formula/dhcpd-formula.changes
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,5 @@
- Enable containerized Kea on SLE15SP7

-------------------------------------------------------------------
Tue Oct 14 14:51:10 UTC 2025 - Ondrej Holecek <oholecek@suse.com>

Expand Down
11 changes: 10 additions & 1 deletion dhcpd-formula/dhcpd/map.jinja
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -44,4 +44,13 @@
'kea_3_0': True,
'container': True,
}
}, grain='osfullname', merge=salt['pillar.get']('dhcpd:lookup'))) %}
}, grain='osfullname', merge=salt['grains.filter_by']({
'SUSE Linux Enterprise Server 15 SP7': {
'server': 'kea',
'service': 'kea-container',
'config': '/etc/kea/kea-dhcp4.conf',
'image': 'registry.suse.com/suse/kea:2.6',
'kea_3_0': False,
'container': True,
},
}, grain='oscodename', merge=salt['pillar.get']('dhcpd:lookup')))) %}