From: Peter Palfrader <peter@palfrader.org>
Date: Mon, 19 May 2014 20:29:03 +0000 (+0200)
Subject: Create shared TSIG keys between denis and geo[123]
X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=9262b789ae47161d50dd2b44c6159756f9763f88;p=mirror%2Fdsa-puppet.git

Create shared TSIG keys between denis and geo[123]
---

diff --git a/modules/named/files/common/named.conf.local b/modules/named/files/common/named.conf.local
index 5397f6d3d..df1006825 100644
--- a/modules/named/files/common/named.conf.local
+++ b/modules/named/files/common/named.conf.local
@@ -5,3 +5,24 @@
 
 include "/etc/bind/named.conf.acl";
 include "/etc/bind/geodns/named.conf.geo";
+
+view "default" {
+  match-clients { any; };
+
+  zone "security.debian.org" {
+    type master;
+    file "/etc/bind/geodns/zonefiles/db.security.debian.org";
+    notify no;
+    allow-query { any; };
+    allow-transfer { };
+  };
+
+  zone "www.debian.org" {
+    type master;
+    file "/etc/bind/geodns/zonefiles/db.www.debian.org";
+    notify no;
+    allow-query { any; };
+    allow-transfer { };
+  };
+
+};
diff --git a/modules/named/manifests/authoritative.pp b/modules/named/manifests/authoritative.pp
index 5a3814107..d33e406ee 100644
--- a/modules/named/manifests/authoritative.pp
+++ b/modules/named/manifests/authoritative.pp
@@ -12,11 +12,4 @@ class named::authoritative inherits named {
 		owner   => root,
 		group   => bind,
 	}
-	file { '/etc/bind/named.conf.puppet-shared-keys':
-		mode    => '0640',
-		content => template('named/named.conf.puppet-shared-keys.erb'),
-		owner   => root,
-		group   => bind,
-		notify  => Service['bind9'],
-	}
 }
diff --git a/modules/named/manifests/init.pp b/modules/named/manifests/init.pp
index 0fa512331..33dc05929 100644
--- a/modules/named/manifests/init.pp
+++ b/modules/named/manifests/init.pp
@@ -62,4 +62,12 @@ class named {
 		group  => bind,
 		mode   => '0775',
 	}
+
+	file { '/etc/bind/named.conf.puppet-shared-keys':
+		mode    => '0640',
+		content => template('named/named.conf.puppet-shared-keys.erb'),
+		owner   => root,
+		group   => bind,
+		notify  => Service['bind9'],
+	}
 }
diff --git a/modules/named/templates/named.conf.options.erb b/modules/named/templates/named.conf.options.erb
index 203d2a51a..5c649bb89 100644
--- a/modules/named/templates/named.conf.options.erb
+++ b/modules/named/templates/named.conf.options.erb
@@ -83,6 +83,4 @@ logging {
 
 };
 
-<% if classes.include?('named::authoritative') -%>
 include "/etc/bind/named.conf.puppet-shared-keys";
-<% end -%>
diff --git a/modules/named/templates/named.conf.puppet-shared-keys.erb b/modules/named/templates/named.conf.puppet-shared-keys.erb
index ab9c65d58..be4f011da 100644
--- a/modules/named/templates/named.conf.puppet-shared-keys.erb
+++ b/modules/named/templates/named.conf.puppet-shared-keys.erb
@@ -9,7 +9,10 @@ pairs = [
 	[ 'denis.debian.org', 'ravel.debian.org' ],
 	[ 'denis.debian.org', 'senfl.debian.org' ],
 	[ 'denis.debian.org', 'diamond.debian.org' ],
-	[ 'denis.debian.org', 'orff.debian.org' ]
+	[ 'denis.debian.org', 'orff.debian.org' ],
+	[ 'denis.debian.org', 'geo1.debian.org' ],
+	[ 'denis.debian.org', 'geo2.debian.org' ],
+	[ 'denis.debian.org', 'geo3.debian.org' ]
 	]
 
 lines = []