dustin
/
configpolicy
1
1
Fork 0
Code Issues Releases Activity

roles/named: Support managing TSIG keys 

To support signing of updates, TSIG keys can be defined using the
`named_keys` variable. This variable takes a list of objects with the
following properties:

* `name`: The name of the key
* `algorithm`: The signature algorithm (default: `hmac-md5`)
* `secret`: The base64-encoded key material
jenkins-master
Dustin 2018-02-20 16:12:23 -06:00
parent 0629a063bc
commit eca967c8b3
3 changed files with 19 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
roles/named/tasks/main.yml
View File

@ -13,6 +13,16 @@
tags: tags:
- install - install
- name: ensure named keys are configured
template:
src: named.secrets.j2
dest: /etc/named.secrets
mode: '0440'
owner: root
group: named
validate: named-checkconf %s
notify: reload named
- name: ensure zones are configured - name: ensure zones are configured
template: template:
src: named.zones.j2 src: named.zones.j2

1
roles/named/templates/named.conf.j2
View File

@ -65,6 +65,7 @@ zone "." IN {
include "/etc/named.rfc1912.zones"; include "/etc/named.rfc1912.zones";
include "/etc/named.root.key"; include "/etc/named.root.key";
include "/etc/named.secrets";
include "/etc/named.zones"; include "/etc/named.zones";
{% for path in named_global_include %} {% for path in named_global_include %}
include "{{ path }}"; include "{{ path }}";

8
roles/named/templates/named.secrets.j2 Normal file
View File

@ -0,0 +1,8 @@
// DNSSEC key configuration for ISC BIND
{% for key in named_keys %}
key {{ key.name }} {
algorithm {{ key.algorithm|d('hmac-md5') }};
secret "{{ key.secret }}";
};
{% endfor %}