Skip to content

Commit

Permalink
Merge pull request thias#49 from inkblot/parameterize-random-device
Browse files Browse the repository at this point in the history 
Parameterize the random device for dnssec-keygen
  • Loading branch information
@inkblot
inkblot committed Jul 3, 2015
2 parents 2cafc22 + e25dbfc commit aeffbe2
Show file tree
Hide file tree
Showing 4 changed files with 8 additions and 4 deletions.
1 change: 1 addition & 0 deletions data/common.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,5 +4,6 @@ bind::params::supported: false
bind::forwarders: ''
bind::dnssec: true
bind::version: ''
bind::random_device: '/dev/random'

bind::updater::keydir: '/etc/nsupdate-keys'
5 changes: 3 additions & 2 deletions files/dnssec-init
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,8 @@ CACHEDIR="$1"
NAME="$2"
DOMAIN="$3"
KEY_DIRECTORY="${4:-${CACHEDIR}/${NAME}}"
RANDOM_DEVICE="$5"
PATH=/bin:/sbin:/usr/bin:/usr/sbin
dnssec-keygen -K "${KEY_DIRECTORY}" "${DOMAIN}"
dnssec-keygen -f KSK -K "${KEY_DIRECTORY}" "${DOMAIN}"
dnssec-keygen -r "${RANDOM_DEVICE}" -K "${KEY_DIRECTORY}" "${DOMAIN}"
dnssec-keygen -r "${RANDOM_DEVICE}" -f KSK -K "${KEY_DIRECTORY}" "${DOMAIN}"
dnssec-signzone -S -d "${CACHEDIR}" -K "${KEY_DIRECTORY}" -o "${DOMAIN}" "${CACHEDIR}/${NAME}/${DOMAIN}"
3 changes: 2 additions & 1 deletion manifests/init.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,13 +2,14 @@

class bind (
$confdir = undef,
$namedconf = undef,
$namedconf = undef,
$cachedir = undef,
$forwarders = undef,
$dnssec = undef,
$version = undef,
$rndc = undef,
$statistics_port = undef,
$random_device = undef,
) {
include ::bind::params

Expand Down
3 changes: 2 additions & 1 deletion manifests/zone.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@
# where there is a zone, there is a server
include bind
$cachedir = $::bind::cachedir
$random_device = $::bind::random_device
$_domain = pick($domain, $name)

unless !($masters != '' and ! member(['slave', 'stub'], $zone_type)) {
Expand Down Expand Up @@ -109,7 +110,7 @@
if $dnssec {
exec { "dnssec-keygen-${name}":
command => "/usr/local/bin/dnssec-init '${cachedir}' '${name}'\
'${_domain}' '${key_directory}'",
'${_domain}' '${key_directory}' '${random_device}'",
cwd => $cachedir,
user => $::bind::params::bind_user,
creates => "${cachedir}/${name}/${_domain}.signed",
Expand Down

0 comments on commit aeffbe2

Please sign in to comment.