ansible-tools/nsd
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

NSD: Implement TSIG keys

Browse Source
This commit is contained in:
Baptiste Jonglez 2016-03-26 18:20:38 +01:00
parent 328018fe7b
commit 3bfcbc9d91
3 changed files with 35 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
README
View File

@ -24,8 +24,9 @@ Put key-value pairs in host_vars, under the key "nsd_local_config".
If you want to pass multiple values for a key (e.g. ip-address), just use If you want to pass multiple values for a key (e.g. ip-address), just use
a list as value, it will automatically be expanded. a list as value, it will automatically be expanded.
The zones are configured in group_vars, see the example. The zone files The zones are configured in group_vars, see the example. It is possible
themselves for primary zones should be put in files/nsd. to optionally add a TSIG key to each slave/master, see again the example.
The zone files themselves for primary zones should be put in files/nsd.
The playbook is currently only tested with Debian wheezy. The playbook is currently only tested with Debian wheezy.

18
templates/primary_zone_config.j2
View File

@ -1,9 +1,23 @@
# Primary zone definition for {{ item.zone_name }} # Primary zone definition for {{ item.zone_name }}
{% for slave in item.slaves %}
{% if slave.tsig_secret is defined %}
key:
name: "{{ item.zone_name }}_{{ slave.ip }}"
algorithm: "{{ slave.tsig_algorithm }}"
secret: "{{ slave.tsig_secret }}"
{% endif %}
{% endfor %}
{%- macro tsigkey(slave) %}
{% if slave.tsig_secret is defined %}{{ item.zone_name }}_{{ slave.ip }}{% else %}NOKEY{% endif %}
{% endmacro -%}
zone: zone:
name: "{{ item.zone_name }}" name: "{{ item.zone_name }}"
zonefile: "{{ primary_zones_dir }}/{{ item.zone_filename }}" zonefile: "{{ primary_zones_dir }}/{{ item.zone_filename }}"
{% for slave in item.slaves %} {% for slave in item.slaves %}
notify: {{ slave.ip }} NOKEY notify: {{ slave.ip }} "{{ tsigkey(slave) }}"
provide-xfr: {{ slave.ip }} NOKEY provide-xfr: {{ slave.ip }} "{{ tsigkey(slave) }}"
{% endfor %} {% endfor %}

18
templates/secondary_zone_config.j2
View File

@ -1,9 +1,23 @@
# Secondary zone definition for {{ item.zone_name }} # Secondary zone definition for {{ item.zone_name }}
{% for master in item.masters %}
{% if master.tsig_secret is defined %}
key:
name: "{{ item.zone_name }}_{{ master.ip }}"
algorithm: "{{ master.tsig_algorithm }}"
secret: "{{ master.tsig_secret }}"
{% endif %}
{% endfor %}
{%- macro tsigkey(master) %}
{% if master.tsig_secret is defined %}{{ item.zone_name }}_{{ master.ip }}{% else %}NOKEY{% endif %}
{% endmacro -%}
zone: zone:
name: "{{ item.zone_name }}" name: "{{ item.zone_name }}"
zonefile: "{{ secondary_zones_dir }}/{{ item.zone_name }}" zonefile: "{{ secondary_zones_dir }}/{{ item.zone_name }}"
{% for master in item.masters %} {% for master in item.masters %}
allow-notify: {{ master.ip }} NOKEY allow-notify: {{ master.ip }} "{{ tsigkey(master) }}"
request-xfr: AXFR {{ master.ip }} NOKEY request-xfr: AXFR {{ master.ip }} "{{ tsigkey(master) }}"
{% endfor %} {% endfor %}