Try to avoid reserved site keyword

[mirror/dsa-puppet.git] / modules / named / templates / named.conf.puppet-shared-keys.erb

diff --git a/modules/named/templates/named.conf.puppet-shared-keys.erb b/modules/named/templates/named.conf.puppet-shared-keys.erb
index c9e6836..7758780 100644 (file)
--- a/modules/named/templates/named.conf.puppet-shared-keys.erb
+++ b/modules/named/templates/named.conf.puppet-shared-keys.erb
@@ -6,32 +6,26 @@
 <%=
 
 pairs = [
-       [ 'denis.debian.org', 'ravel.debian.org' ],
-       [ 'denis.debian.org', 'senfl.debian.org' ],
-       [ 'denis.debian.org', 'diamond.debian.org' ],
-       [ 'denis.debian.org', 'orff.debian.org' ],
-       [ 'denis.debian.org', 'xfr0.easydns.com' ]
+       [ 'denis.debian.org', 'geo1.debian.org' ],
+       [ 'denis.debian.org', 'geo2.debian.org' ],
+       [ 'denis.debian.org', 'geo3.debian.org' ],
+       [ 'denis.debian.org', 'kaufmann.debian.org' ],
        ]
 
 lines = []
 
 pairs.each do |pair|
-       next unless pair.include?(fqdn)
+       next unless pair.include?(@fqdn)
        pair.sort!
        keyname = "tsig-#{pair.join('-')}"
-       pair.delete(fqdn)
+       pair.delete(@fqdn)
        other = pair[0]
 
-       if other == 'xfr0.easydns.com'
-               remote_ip = ['64.68.200.91']
-               algorithm = "hmac-md5";
-       else
-               remote_ip = scope.lookupvar('site::allnodeinfo')[other]['ipHostNumber']
-               algorithm = "hmac-sha256";
-       end
-
        key = scope.function_hkdf(['/etc/puppet/secret', "puppet-key-#{keyname}"])
-       lines << "key #{keyname} { algorithm #{algorithm}; secret \"#{key}\"; };"
+
+       lines << "key #{keyname} { algorithm hmac-sha256; secret \"#{key}\"; };"
+
+       remote_ip = scope.lookupvar('deprecated::allnodeinfo')[other]['ipHostNumber']
        remote_ip.each do |r|
                lines << "server #{r} { keys { #{keyname}; }; };"
        end