Adding dyn-dns-updater key

diff --git a/bind/dyndnsupdater.sls b/bind/dyndnsupdater.sls
new file mode 100644 (file)
index 0000000..5086ad7
--- /dev/null
+++ b/bind/dyndnsupdater.sls
@@ -0,0 +1,29 @@
+{%- set dnssec = salt['pillar.get']('bind:dnssec', {})  -%}
+{%- set etc_dir = salt['pillar.get']('bind:etc-dir', '/etc/bind') -%}
+
+dyndnsupdater-keyfile-public:
+  file.managed:
+    - name: {{ etc_dir }}/dnssec/K{{ dnssec.dyndnsupdater.name }}.+{{ dnssec.dyndnsupdater.algo_nr }}+{{ dnssec.dyndnsupdater.footprint }}.key
+    - source: salt://bind/files/dyndnsupdater.public
+    - user: root
+    - group: root
+    - mode: 600
+    - template: jinja
+    - backup: minion
+    - require:
+      - pkg: bind
+      - file: bind-dnssec-dir
+
+dyndnsupdater-keyfile-private:
+  file.managed:
+    - name: {{ etc_dir }}/dnssec/K{{ dnssec.dyndnsupdater.name }}.+{{ dnssec.dyndnsupdater.algo_nr }}+{{ dnssec.dyndnsupdater.footprint }}.private
+    - source: salt://bind/files/dyndnsupdater.private
+    - user: root
+    - group: root
+    - mode: 600
+    - template: jinja
+    - backup: minion
+    - require:
+      - pkg: bind
+      - file: bind-dnssec-dir
+

diff --git a/bind/files/dyndnsupdater.private b/bind/files/dyndnsupdater.private
new file mode 100644 (file)
index 0000000..f93a991
--- /dev/null
+++ b/bind/files/dyndnsupdater.private
@@ -0,0 +1,5 @@
+{%- set dnssec = salt['pillar.get']('bind:dnssec', {})  -%}
+Private-key-format: v1.2
+Algorithm: {{ dnssec.dyndnsupdater.algo_nr }} ({{ dnssec.dyndnsupdater.algo_name }})
+Key: {{ dnssec.dyndnsupdater.key }}
+Bits: {{ dnssec.dyndnsupdater.bits }}

diff --git a/bind/files/dyndnsupdater.public b/bind/files/dyndnsupdater.public
new file mode 100644 (file)
index 0000000..d978456
--- /dev/null
+++ b/bind/files/dyndnsupdater.public
@@ -0,0 +1,2 @@
+{%- set dnssec = salt['pillar.get']('bind:dnssec', {})  -%}
+{{ dnssec.dyndnsupdater.name }}. IN KEY {{ dnssec.dyndnsupdater.bits_num }} 3 {{ dnssec.dyndnsupdater.algo_nr }} {{ dnssec.dyndnsupdater.key }}

diff --git a/bind/files/named.conf.options b/bind/files/named.conf.options
index 8fae13048ab4faf941dd3fc057503d0ec6d24ccf..38188140a44e82ab63006a71a8767ba599cbdfbc 100644 (file)
--- a/bind/files/named.conf.options
+++ b/bind/files/named.conf.options
@@ -1,5 +1,6 @@
 {%- set home_dir = salt['pillar.get']('bind:home-dir', '/var/cache/bind') -%}
 {%- set etc_dir = salt['pillar.get']('bind:etc-dir', '/etc/bind') -%}
+{%- set dnssec = salt['pillar.get']('bind:dnssec', {})  -%}
 //###############################################################
 //# Bind9-Konfigurationsdatei for general options
 //# /etc/bind/named.conf.options
@@ -69,6 +70,11 @@ options {
 // Managed Keys
 include "{{ etc_dir }}/bind.keys";
 
+key "{{ dnssec.dyndnsupdater.name }}" {
+       algorithm {{ dnssec.dyndnsupdater.algo_name|lower|replace('_', '-') }};
+       secret "{{ dnssec.dyndnsupdater.key }}";
+};
+
 //###############################################################
 //# Kontrollkanäle für RNDC
 

diff --git a/bind/init.sls b/bind/init.sls
index 36bf9e16abc0e6c02a0f715517959fb8b714f0a5..6d756656e0e9e948a8458612f20873295259ad21 100644 (file)
--- a/bind/init.sls
+++ b/bind/init.sls
@@ -12,6 +12,7 @@ include:
   - bind.user
   - bind.dirs
   - bind.rndc
+  - bind.dyndnsupdater
   - bind.default_zones
   - bind.conf