Add role to generate dns keys for acme/cermgr
This commit is contained in:
parent
40efa84fcf
commit
06760bf9f7
4
roles/acme-dnskey-generate/defaults/main.yml
Normal file
4
roles/acme-dnskey-generate/defaults/main.yml
Normal file
@ -0,0 +1,4 @@
|
||||
---
|
||||
dnskey_file: "/etc/nsupdate.key"
|
||||
dnskey_algorithm: "hmac-sha512"
|
||||
dnskey_server: "neon.binary-kitchen.net"
|
39
roles/acme-dnskey-generate/tasks/main.yml
Normal file
39
roles/acme-dnskey-generate/tasks/main.yml
Normal file
@ -0,0 +1,39 @@
|
||||
---
|
||||
- name: Get nsupdate.key
|
||||
shell: "pdnsutil list-tsig-keys | grep '^acme-{{ inventory_hostname }}. {{ acme_dnskey_algorithm }}'"
|
||||
register: "pdns_key"
|
||||
failed_when: "False"
|
||||
changed_when: "False"
|
||||
delegate_to: "{{ acme_dnskey_server }}"
|
||||
|
||||
- name: Update updatepolicy.aliases
|
||||
lineinfile:
|
||||
path: "/etc/powerdns/updatepolicy.aliases"
|
||||
line: 'alias["{{ inventory_hostname }}."] = {}'
|
||||
delegate_to: "{{ acme_dnskey_server }}"
|
||||
|
||||
- name: Update updatepolicy.aliases
|
||||
lineinfile:
|
||||
path: "/etc/powerdns/updatepolicy.aliases"
|
||||
line: 'alias["{{ inventory_hostname }}."]["{{ item }}."] = "{{ item }}."'
|
||||
loop: "{{ acme_dnskey_san_domains }}"
|
||||
delegate_to: "{{ acme_dnskey_server }}"
|
||||
|
||||
- name: Generate nsupdate.key
|
||||
shell: "pdnsutil generate-tsig-key 'acme-{{ inventory_hostname }}.' '{{ acme_dnskey_algorithm }}'"
|
||||
register: "pdns_genkey"
|
||||
when: "pdns_key is defined and pdns_key.rc != 0"
|
||||
delegate_to: "{{ acme_dnskey_server }}"
|
||||
|
||||
- name: Get nsupdate.key again
|
||||
shell: "pdnsutil list-tsig-keys | grep '^acme-{{ inventory_hostname }}. {{ acme_dnskey_algorithm }}'"
|
||||
register: "pdns_key"
|
||||
when: "pdns_genkey is defined"
|
||||
changed_when: "False"
|
||||
delegate_to: "{{ acme_dnskey_server }}"
|
||||
|
||||
- name: Write nsupdate.key to file
|
||||
template:
|
||||
src: "nsupdate.key.j2"
|
||||
dest: "{{ acme_dnskey_file }}"
|
||||
when: "pdns_key is defined"
|
4
roles/acme-dnskey-generate/templates/nsupdate.key.j2
Normal file
4
roles/acme-dnskey-generate/templates/nsupdate.key.j2
Normal file
@ -0,0 +1,4 @@
|
||||
key acme-{{ inventory_hostname }}. {
|
||||
algorithm {{ acme_nsupdate_keyalgo }};
|
||||
secret "{{ pdns_nsupdate_key.stdout.split(' ')[2] }}";
|
||||
};
|
Loading…
Reference in New Issue
Block a user