Commit f6abc91e authored by Matthew Smith's avatar Matthew Smith
Browse files

Merge branch 'sol1' into 'master'

Sol1

See merge request !2
parents ca615732 886baca5
......@@ -220,6 +220,16 @@ pdns_sqlite_databases_locations: []
Locations of the SQLite3 databases that have to be created if using the
`gsqlite3` backend.
```yaml
pdns_dynamic_dns_update_key: ddnskeyname
pdns_zones:
- name: example.net
dynamic_update: true
```
## Example Playbooks
Run as a master using the bind backend (when you already have a `named.conf` file):
......@@ -313,6 +323,8 @@ in the location specified by the `database_name` variable.
- "{{ database_name }}"
```
Configure tsig keys for dynamic dns updates to the PowerDNS Server and activate the key for a domain
## Changelog
A detailed changelog of all the changes applied to the role is available [here](./CHANGELOG.md).
......
......@@ -51,6 +51,9 @@
mode: 0755
when: "pdns_config['include-dir'] is defined"
- include: dynamic-dns-update.yml
when: pdns_dynamic_dns_update_key is defined
- name: Restart PowerDNS
service:
name: "{{ pdns_service_name }}"
......
---
- name: does the key already exist
command: pdnsutil list-tsig-keys
register: pdnsutil_list_tsig_keys
- name: debug pdnsutil_list_tsig_keys
debug:
msg: "{{ item }}"
with_items: "{{ pdnsutil_list_tsig_keys.stdout_lines }}"
- name: generate the keys
command:
cmd: dnssec-keygen -a hmac-md5 -b 128 -n USER {{ pdns_dynamic_dns_update_key }}
chdir: /root/
when:
- pdnsutil_list_tsig_keys.stdout is defined
- pdnsutil_list_tsig_keys.stdout is not search("{{ pdns_dynamic_dns_update_key }}. ")
register: dnssec_keygen
- name: debug dnssec_keygen
debug:
msg: "{{ dnssec_keygen }}"
when: dnssec_keygen is defined
- name: get the new secret
shell: cat "/root/{{ dnssec_keygen.stdout }}.key" | awk '{print $NF}'
register: dnssec_keygen_secret
when: dnssec_keygen.stdout is defined
- name: get the existing secret
set_fact:
dnssec_keygen_secret: "{{ dnssec_keygen_secret | default({}) | combine( {'stdout': item.split(' ')[-1]} ) }}"
with_items: "{{ pdnsutil_list_tsig_keys.stdout_lines }}"
when:
- dnssec_keygen.stdout is not defined
- pdnsutil_list_tsig_keys.stdout_lines is defined
- item is search("{{ pdns_dynamic_dns_update_key }}. ")
- name: debug dnssec_keygen
debug:
msg: "{{ dnssec_keygen_secret }}"
when: dnssec_keygen_secret is defined
- name: import tsig key
command: pdnsutil import-tsig-key {{ pdns_dynamic_dns_update_key }} hmac-md5 {{ dnssec_keygen_secret.stdout }}
when:
- dnssec_keygen_secret.stdout is defined
- pdnsutil_list_tsig_keys.stdout is not search("{{ pdns_dynamic_dns_update_key }}. ")
- name: activate tsig key
command: pdnsutil activate-tsig-key {{ item.name }} {{ pdns_dynamic_dns_update_key }} master
with_items: "{{ pdns_zones }}"
when:
- dnssec_keygen_secret.stdout is defined
- item.dynamic_update is defined and item.dynamic_update
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment