dns/master: Adapted generate-keys to inline-signing (only gen KSK)

4 years ago · a41f4c1c3f
parent be6303576a
commit a41f4c1c3f
2 changed files with 12 additions and 28 deletions
--- a/roles/dns/master/tasks/generate_keys.yml
+++ b/roles/dns/master/tasks/generate_keys.yml
@ -1,26 +0,0 @@
---
-
-# TODO Change to makefile call
-
- name: Generate key signing key for zone {{ domain }}
-  command: >-
-    dnssec-keygen
-    -f KSK
-    -3
-    -a {{ dnssec_algorithm | quote }}
-    -b {{ dnssec_key_length | quote }}
-    -n ZONE {{ domain | quote }}
-  args:
-    chdir: "{{ keys_directory }}"
-
- name: Generate zone signing key for zone {{ domain }}
-  command: >-
-    dnssec-keygen
-    -3
-    -a {{ dnssec_algorithm | quote }}
-    -b {{ dnssec_key_length | quote }}
-    -n ZONE {{ domain | quote }}
-  args:
-    chdir: "{{ keys_directory }}"
-
-# TODO Copy public ZSK to localhost
--- a/roles/dns/master/tasks/main.yml
+++ b/roles/dns/master/tasks/main.yml
@ -39,10 +39,20 @@
    patterns: "K{{ domain }}.+*+*"
  register: keys_found

- name: Generate keys for zone {{ domain }}
-  include_tasks: generate_keys.yml
+- name: Generate key signing key for zone {{ domain }}
+  command: >-
+    dnssec-keygen
+    -f KSK
+    -3
+    -a {{ dnssec_algorithm | quote }}
+    -b {{ dnssec_key_length | quote }}
+    -n ZONE {{ domain | quote }}
+  args:
+    chdir: "{{ keys_directory }}"
  when: keys_found.matched < 2

+# TODO Copy public ZSK to localhost
+
 - name: Store main database of zone {{ domain }}
  template:
    src: zone.db