modules/named/templates/named.conf.puppet-shared-keys.erb

   1 ##
   2 ## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
   3 ## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
   4 ##
   5
   6 <%=
   7
   8 pairs = [
   9         [ 'denis.debian.org', 'geo1.debian.org' ],
  10         [ 'denis.debian.org', 'geo2.debian.org' ],
  11         [ 'denis.debian.org', 'geo3.debian.org' ]
  12         ]
  13
  14 lines = []
  15
  16 pairs.each do |pair|
  17         next unless pair.include?(fqdn)
  18         pair.sort!
  19         keyname = "tsig-#{pair.join('-')}"
  20         pair.delete(fqdn)
  21         other = pair[0]
  22
  23         key = scope.function_hkdf(['/etc/puppet/secret', "puppet-key-#{keyname}"])
  24
  25         lines << "key #{keyname} { algorithm hmac-sha256; secret \"#{key}\"; };"
  26
  27         remote_ip = scope.lookupvar('site::allnodeinfo')[other]['ipHostNumber']
  28         remote_ip.each do |r|
  29                 lines << "server #{r} { keys { #{keyname}; }; };"
  30         end
  31         lines << ""
  32 end
  33 lines.join("\n")
  34 %>