do not hardcode dns primary ssh key for syncing to secondaries

[mirror/dsa-puppet.git] / modules / roles / manifests / dns_primary.pp

diff --git a/modules/roles/manifests/dns_primary.pp b/modules/roles/manifests/dns_primary.pp
index 0038e63..193cf61 100644 (file)
--- a/modules/roles/manifests/dns_primary.pp
+++ b/modules/roles/manifests/dns_primary.pp
@@ -11,4 +11,11 @@ class roles::dns_primary {
     collect_tag => 'dns_primary',
   }
   ssh::keygen {'dnsadm': }
+
+  ssh::authorized_key_add { 'dns_primary::geodns':
+    target_user => 'geodnssync',
+    command     => '/etc/bind/geodns/trigger',
+    key         => $facts['dnsadm_key'],
+    collect_tag => 'geodnssync-node',
+  }
 }