Create shared TSIG keys between denis and geo[123]

diff --git a/modules/named/files/common/named.conf.local b/modules/named/files/common/named.conf.local
index 5397f6d..df10068 100644 (file)
--- a/modules/named/files/common/named.conf.local
+++ b/modules/named/files/common/named.conf.local
@@ -5,3 +5,24 @@
 
 include "/etc/bind/named.conf.acl";
 include "/etc/bind/geodns/named.conf.geo";
+
+view "default" {
+  match-clients { any; };
+
+  zone "security.debian.org" {
+    type master;
+    file "/etc/bind/geodns/zonefiles/db.security.debian.org";
+    notify no;
+    allow-query { any; };
+    allow-transfer { };
+  };
+
+  zone "www.debian.org" {
+    type master;
+    file "/etc/bind/geodns/zonefiles/db.www.debian.org";
+    notify no;
+    allow-query { any; };
+    allow-transfer { };
+  };
+
+};

diff --git a/modules/named/manifests/authoritative.pp b/modules/named/manifests/authoritative.pp
index 5a38141..d33e406 100644 (file)
--- a/modules/named/manifests/authoritative.pp
+++ b/modules/named/manifests/authoritative.pp
@@ -12,11 +12,4 @@ class named::authoritative inherits named {
                owner   => root,
                group   => bind,
        }
-       file { '/etc/bind/named.conf.puppet-shared-keys':
-               mode    => '0640',
-               content => template('named/named.conf.puppet-shared-keys.erb'),
-               owner   => root,
-               group   => bind,
-               notify  => Service['bind9'],
-       }
 }

diff --git a/modules/named/manifests/init.pp b/modules/named/manifests/init.pp
index 0fa5123..33dc059 100644 (file)
--- a/modules/named/manifests/init.pp
+++ b/modules/named/manifests/init.pp
@@ -62,4 +62,12 @@ class named {
                group  => bind,
                mode   => '0775',
        }
+
+       file { '/etc/bind/named.conf.puppet-shared-keys':
+               mode    => '0640',
+               content => template('named/named.conf.puppet-shared-keys.erb'),
+               owner   => root,
+               group   => bind,
+               notify  => Service['bind9'],
+       }
 }

diff --git a/modules/named/templates/named.conf.options.erb b/modules/named/templates/named.conf.options.erb
index 203d2a5..5c649bb 100644 (file)
--- a/modules/named/templates/named.conf.options.erb
+++ b/modules/named/templates/named.conf.options.erb
@@ -83,6 +83,4 @@ logging {
 
 };
 
-<% if classes.include?('named::authoritative') -%>
 include "/etc/bind/named.conf.puppet-shared-keys";
-<% end -%>

diff --git a/modules/named/templates/named.conf.puppet-shared-keys.erb b/modules/named/templates/named.conf.puppet-shared-keys.erb
index ab9c65d..be4f011 100644 (file)
--- a/modules/named/templates/named.conf.puppet-shared-keys.erb
+++ b/modules/named/templates/named.conf.puppet-shared-keys.erb
@@ -9,7 +9,10 @@ pairs = [
        [ 'denis.debian.org', 'ravel.debian.org' ],
        [ 'denis.debian.org', 'senfl.debian.org' ],
        [ 'denis.debian.org', 'diamond.debian.org' ],
-       [ 'denis.debian.org', 'orff.debian.org' ]
+       [ 'denis.debian.org', 'orff.debian.org' ],
+       [ 'denis.debian.org', 'geo1.debian.org' ],
+       [ 'denis.debian.org', 'geo2.debian.org' ],
+       [ 'denis.debian.org', 'geo3.debian.org' ]
        ]
 
 lines = []