Create shared TSIG keys between denis and geo[123]

diff --git a/modules/named/files/common/named.conf.local b/modules/named/files/common/named.conf.local
index 5397f6d3d70ba3b656de20e7f745b97cb972e88d..df100682504de5f5a84be4f9db55787d8aa28f5f 100644 (file)
--- a/modules/named/files/common/named.conf.local
+++ b/modules/named/files/common/named.conf.local
@@ -5,3 +5,24 @@
 
 include "/etc/bind/named.conf.acl";
 include "/etc/bind/geodns/named.conf.geo";
+
+view "default" {
+  match-clients { any; };
+
+  zone "security.debian.org" {
+    type master;
+    file "/etc/bind/geodns/zonefiles/db.security.debian.org";
+    notify no;
+    allow-query { any; };
+    allow-transfer { };
+  };
+
+  zone "www.debian.org" {
+    type master;
+    file "/etc/bind/geodns/zonefiles/db.www.debian.org";
+    notify no;
+    allow-query { any; };
+    allow-transfer { };
+  };
+
+};

diff --git a/modules/named/manifests/authoritative.pp b/modules/named/manifests/authoritative.pp
index 5a3814107b8e34e572fc832543c25ca0452960f6..d33e406eea1a7f12c53df8cef6999faeeb93deeb 100644 (file)
--- a/modules/named/manifests/authoritative.pp
+++ b/modules/named/manifests/authoritative.pp
@@ -12,11 +12,4 @@ class named::authoritative inherits named {
                owner   => root,
                group   => bind,
        }
-       file { '/etc/bind/named.conf.puppet-shared-keys':
-               mode    => '0640',
-               content => template('named/named.conf.puppet-shared-keys.erb'),
-               owner   => root,
-               group   => bind,
-               notify  => Service['bind9'],
-       }
 }

diff --git a/modules/named/manifests/init.pp b/modules/named/manifests/init.pp
index 0fa51233111a8531d7b1acc480673071d9f2670a..33dc059291277abdfb92288d804fd47461f5c911 100644 (file)
--- a/modules/named/manifests/init.pp
+++ b/modules/named/manifests/init.pp
@@ -62,4 +62,12 @@ class named {
                group  => bind,
                mode   => '0775',
        }
+
+       file { '/etc/bind/named.conf.puppet-shared-keys':
+               mode    => '0640',
+               content => template('named/named.conf.puppet-shared-keys.erb'),
+               owner   => root,
+               group   => bind,
+               notify  => Service['bind9'],
+       }
 }

diff --git a/modules/named/templates/named.conf.options.erb b/modules/named/templates/named.conf.options.erb
index 203d2a51a4b024e801bb602b33c05d5a0f87af83..5c649bb89d5eeecc7def86b9314ff10e922fbe65 100644 (file)
--- a/modules/named/templates/named.conf.options.erb
+++ b/modules/named/templates/named.conf.options.erb
@@ -83,6 +83,4 @@ logging {
 
 };
 
-<% if classes.include?('named::authoritative') -%>
 include "/etc/bind/named.conf.puppet-shared-keys";
-<% end -%>

diff --git a/modules/named/templates/named.conf.puppet-shared-keys.erb b/modules/named/templates/named.conf.puppet-shared-keys.erb
index ab9c65d5885b9a34f76c104c2064d6ca40c40a9f..be4f011da27baf721d2e996eb8b062c1e6af0111 100644 (file)
--- a/modules/named/templates/named.conf.puppet-shared-keys.erb
+++ b/modules/named/templates/named.conf.puppet-shared-keys.erb
@@ -9,7 +9,10 @@ pairs = [
        [ 'denis.debian.org', 'ravel.debian.org' ],
        [ 'denis.debian.org', 'senfl.debian.org' ],
        [ 'denis.debian.org', 'diamond.debian.org' ],
-       [ 'denis.debian.org', 'orff.debian.org' ]
+       [ 'denis.debian.org', 'orff.debian.org' ],
+       [ 'denis.debian.org', 'geo1.debian.org' ],
+       [ 'denis.debian.org', 'geo2.debian.org' ],
+       [ 'denis.debian.org', 'geo3.debian.org' ]
        ]
 
 lines = []