And maintain the geodnssync authkeys file on the primary in puppet too

diff --git a/modules/roles/manifests/dns_geodns.pp b/modules/roles/manifests/dns_geodns.pp
index f2197c5..80ac29a 100644 (file)
--- a/modules/roles/manifests/dns_geodns.pp
+++ b/modules/roles/manifests/dns_geodns.pp
@@ -3,6 +3,12 @@ class roles::dns_geodns {
   include named::geodns
 
   ssh::keygen { 'geodnssync': }
   include named::geodns
 
   ssh::keygen { 'geodnssync': }

+  ssh::authorized_key_add { 'dns_geodns::pull-from-primary':
+    target_user => 'geodnssync',
+    command     => '/usr/bin/rsync --server --sender -logDtprze.iL . zonefiles/',
+    key         => $facts['geodnssync_key'],
+    collect_tag => 'dns_primary',
+  }

 
   ssh::authorized_key_collect { 'geodnssync-node':
     target_user => 'geodnssync',
 
   ssh::authorized_key_collect { 'geodnssync-node':
     target_user => 'geodnssync',

diff --git a/modules/roles/manifests/dns_primary.pp b/modules/roles/manifests/dns_primary.pp
index 193cf61..7e4327a 100644 (file)
--- a/modules/roles/manifests/dns_primary.pp
+++ b/modules/roles/manifests/dns_primary.pp
@@ -10,8 +10,12 @@ class roles::dns_primary {
     target_user => 'letsencrypt',
     collect_tag => 'dns_primary',
   }
     target_user => 'letsencrypt',
     collect_tag => 'dns_primary',
   }

-  ssh::keygen {'dnsadm': }
+  ssh::authorized_key_collect { 'dns_primary-geodnssync':
+    target_user => 'geodnssync',
+    collect_tag => 'dns_primary',
+  }

 
 

+  ssh::keygen {'dnsadm': }

   ssh::authorized_key_add { 'dns_primary::geodns':
     target_user => 'geodnssync',
     command     => '/etc/bind/geodns/trigger',
   ssh::authorized_key_add { 'dns_primary::geodns':
     target_user => 'geodnssync',
     command     => '/etc/bind/geodns/trigger',