dns/server_entries: Use relative domain suffix instead of absolute

4 years ago · 027e5cec0b
parent 5106142cc1
commit 027e5cec0b
2 changed files with 4 additions and 6 deletions
--- a/public_keys/ssh_dns_fp.py
+++ b/public_keys/ssh_dns_fp.py
@ -19,7 +19,7 @@ def main():
    parser.add_argument('--domain', default=None)
    parser.add_argument('--host', required=True)
    args = parser.parse_args()
-    args.domain = (args.domain or args.host) + "."
+    args.domain = (args.domain + ".") if args.domain else "@"
    print(gen_sshfp_rr(ssh_hosts_keys, args.host, args.domain))
 if __name__ == "__main__":
--- a/roles/dns/server_entries/defaults/main.yml
+++ b/roles/dns/server_entries/defaults/main.yml
@ -5,11 +5,9 @@ service_system_domain: "{{ inventory_hostname }}" # domain of server running the
 entries: "{{ ip_entries + sshfp_entries + custom_entries }}"
 ip_entries:
-  - domain: "{{ domain }}."
+  - type: "A"
    type: "A"
    data: "{{ hostvars[service_system_domain].ansible_default_ipv4.address }}"
-  - domain: "{{ domain }}."
+  - type: "AAAA"
    type: "AAAA"
    data: "{{ hostvars[service_system_domain].ansible_default_ipv6.address }}"
-sshfp_entries: "{{ (lookup('pipe', global_public_key_directory|quote + '/ssh_dns_fp.py --host ' + service_system_domain|quote + ' --domain ' + domain|quote)).split('\n') }}"
+sshfp_entries: "{{ (lookup('pipe', global_public_key_directory|quote + '/ssh_dns_fp.py --host ' + service_system_domain|quote)).split('\n') }}"
 custom_entries: []