X-Git-Url: https://git.donarmstrong.com/?a=blobdiff_plain;f=modules%2Fnamed%2Ftemplates%2Fnamed.conf.puppet-shared-keys.erb;fp=modules%2Fnamed%2Ftemplates%2Fnamed.conf.puppet-shared-keys.erb;h=07172b1f64d39d680db3131d601abf069beecf4c;hb=7e22696fbb4b41c03143532a9676aae6749329e0;hp=0000000000000000000000000000000000000000;hpb=3b185458a2bc3edbed15fe871424af4710ab3bc1;p=dsa-puppet.git

diff --git a/modules/named/templates/named.conf.puppet-shared-keys.erb b/modules/named/templates/named.conf.puppet-shared-keys.erb
new file mode 100644
index 00000000..07172b1f
--- /dev/null
+++ b/modules/named/templates/named.conf.puppet-shared-keys.erb
@@ -0,0 +1,35 @@
+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+##
+
+<%=
+
+pairs = [
+	[ 'denis.debian.org', 'ravel.debian.org' ],
+	[ 'denis.debian.org', 'senfl.debian.org' ],
+	[ 'denis.debian.org', 'diamond.debian.org' ],
+	[ 'denis.debian.org', 'orff.debian.org' ]
+	]
+
+lines = []
+
+pairs.each do |pair|
+	next unless pair.include?(fqdn)
+	pair.sort!
+	keyname = "tsig-#{pair.join('-')}"
+	pair.delete(fqdn)
+	other = pair[0]
+
+	key = hkdf('/etc/puppet/secret', "puppet-key-#{keyname}")
+
+	lines << "key #{keyname} { algorithm hmac-md5; secret \"#{key}\"; };\n"
+
+	remote_ip = scope.lookupvar('site::allnodeinfo')[other]['ipHostNumber']
+	remote_ip.each do |r|
+		lines << "server #{r} { keys { #{keyname}; }; };\n"
+	end
+	lines << ""
+end
+lines.join("\n")
+%>