From: Peter Palfrader <peter@palfrader.org>
Date: Sat, 7 Sep 2019 21:52:16 +0000 (+0200)
Subject: And maintain the geodnssync authkeys file on the primary in puppet too
X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=41789475e67ec05e5aaeca4d2e299328db42ab32;p=mirror%2Fdsa-puppet.git

And maintain the geodnssync authkeys file on the primary in puppet too
---

diff --git a/modules/roles/manifests/dns_geodns.pp b/modules/roles/manifests/dns_geodns.pp
index f2197c56c..80ac29adc 100644
--- a/modules/roles/manifests/dns_geodns.pp
+++ b/modules/roles/manifests/dns_geodns.pp
@@ -3,6 +3,12 @@ class roles::dns_geodns {
   include named::geodns
 
   ssh::keygen { 'geodnssync': }
+  ssh::authorized_key_add { 'dns_geodns::pull-from-primary':
+    target_user => 'geodnssync',
+    command     => '/usr/bin/rsync --server --sender -logDtprze.iL . zonefiles/',
+    key         => $facts['geodnssync_key'],
+    collect_tag => 'dns_primary',
+  }
 
   ssh::authorized_key_collect { 'geodnssync-node':
     target_user => 'geodnssync',
diff --git a/modules/roles/manifests/dns_primary.pp b/modules/roles/manifests/dns_primary.pp
index 193cf6169..7e4327ab5 100644
--- a/modules/roles/manifests/dns_primary.pp
+++ b/modules/roles/manifests/dns_primary.pp
@@ -10,8 +10,12 @@ class roles::dns_primary {
     target_user => 'letsencrypt',
     collect_tag => 'dns_primary',
   }
-  ssh::keygen {'dnsadm': }
+  ssh::authorized_key_collect { 'dns_primary-geodnssync':
+    target_user => 'geodnssync',
+    collect_tag => 'dns_primary',
+  }
 
+  ssh::keygen {'dnsadm': }
   ssh::authorized_key_add { 'dns_primary::geodns':
     target_user => 'geodnssync',
     command     => '/etc/bind/geodns/trigger',