2 ## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
3 ## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
9 [ 'denis.debian.org', 'ravel.debian.org' ],
10 [ 'denis.debian.org', 'senfl.debian.org' ],
11 [ 'denis.debian.org', 'diamond.debian.org' ],
12 [ 'denis.debian.org', 'orff.debian.org' ],
13 [ 'denis.debian.org', 'xfr0.easydns.com' ]
19 next unless pair.include?(fqdn)
21 keyname = "tsig-#{pair.join('-')}"
25 if other == 'xfr0.easydns.com'
26 remote_ip = ['64.68.200.91']
27 algorithm = "hmac-md5";
29 remote_ip = scope.lookupvar('site::allnodeinfo')[other]['ipHostNumber']
30 algorithm = "hmac-sha256";
33 key = scope.function_hkdf(['/etc/puppet/secret', "puppet-key-#{keyname}"])
34 lines << "key #{keyname} { algorithm #{algorithm}; secret \"#{key}\"; };"
36 lines << "server #{r} { keys { #{keyname}; }; };"