From a41f4c1c3f30eae25b0a0d31cf43a6d4ae47d1d9 Mon Sep 17 00:00:00 2001 From: Felix Stupp Date: Fri, 12 Jun 2020 17:47:28 +0200 Subject: [PATCH] dns/master: Adapted generate-keys to inline-signing (only gen KSK) --- roles/dns/master/tasks/generate_keys.yml | 26 ------------------------ roles/dns/master/tasks/main.yml | 14 +++++++++++-- 2 files changed, 12 insertions(+), 28 deletions(-) delete mode 100644 roles/dns/master/tasks/generate_keys.yml diff --git a/roles/dns/master/tasks/generate_keys.yml b/roles/dns/master/tasks/generate_keys.yml deleted file mode 100644 index 47b5884..0000000 --- a/roles/dns/master/tasks/generate_keys.yml +++ /dev/null @@ -1,26 +0,0 @@ ---- - -# TODO Change to makefile call - -- name: Generate key signing key for zone {{ domain }} - command: >- - dnssec-keygen - -f KSK - -3 - -a {{ dnssec_algorithm | quote }} - -b {{ dnssec_key_length | quote }} - -n ZONE {{ domain | quote }} - args: - chdir: "{{ keys_directory }}" - -- name: Generate zone signing key for zone {{ domain }} - command: >- - dnssec-keygen - -3 - -a {{ dnssec_algorithm | quote }} - -b {{ dnssec_key_length | quote }} - -n ZONE {{ domain | quote }} - args: - chdir: "{{ keys_directory }}" - -# TODO Copy public ZSK to localhost diff --git a/roles/dns/master/tasks/main.yml b/roles/dns/master/tasks/main.yml index 9b0be28..8573dad 100644 --- a/roles/dns/master/tasks/main.yml +++ b/roles/dns/master/tasks/main.yml @@ -39,10 +39,20 @@ patterns: "K{{ domain }}.+*+*" register: keys_found -- name: Generate keys for zone {{ domain }} - include_tasks: generate_keys.yml +- name: Generate key signing key for zone {{ domain }} + command: >- + dnssec-keygen + -f KSK + -3 + -a {{ dnssec_algorithm | quote }} + -b {{ dnssec_key_length | quote }} + -n ZONE {{ domain | quote }} + args: + chdir: "{{ keys_directory }}" when: keys_found.matched < 2 +# TODO Copy public ZSK to localhost + - name: Store main database of zone {{ domain }} template: src: zone.db