fix the dns role

* no localhost -> introduce internal_ip and use it for rndc communication * create the rndc config file (since we use a non-standard address) * create the rndc key in a non-default location (prevents annoying warnings)
buildbot · Dec 16, 2014 · 3afb82c · 3afb82c
1 parent 224f0fe
commit 3afb82c
Show file tree

Hide file tree

Showing 5 changed files with 16 additions and 4 deletions.
diff --git a/group_vars/ns1 b/group_vars/ns1
@@ -0,0 +1 @@
+internal_ip: 192.168.80.236
diff --git a/roles/dns/tasks/main.yml b/roles/dns/tasks/main.yml
@@ -6,9 +6,9 @@
     state: present
 
 - name: create rndc key
-  shell: "rndc-confgen -a -A hmac-sha256 -u bind"
+  shell: "rndc-confgen -a -A hmac-sha256 -u bind -k {{ namedb_dir }}/{{ rndc_key }}"
   args:
-    creates: "/usr/local/etc/namedb/rndc.key"
+    creates: "{{ namedb_dir }}/{{ rndc_key }}"
 
 - name: make sure necessary directories exist
   file:
@@ -44,6 +44,7 @@
     src: "{{ item }}"
     dest: "{{ namedb_dir }}/{{ item }}"
   with_items:
+  - rndc.conf
   - named.conf
   - named.conf.options
   - named.conf.zones

diff --git a/roles/dns/templates/named.conf b/roles/dns/templates/named.conf
@@ -19,10 +19,10 @@ options {
 
 include "{{ namedb_dir }}/named.conf.rfcs";
 
-include "{{ namedb_dir }}/rndc.key";
+include "{{ namedb_dir }}/{{ rndc_key }}";
 
 controls {
-    inet 127.0.0.1 allow { 127.0.0.1; } keys { "rndc-key"; };
+    inet {{ internal_ip }} port 953 allow { {{ internal_ip }}; } keys { "rndc-key"; };
 };
 
 include "{{ namedb_dir }}/named.conf.zones";
diff --git a/roles/dns/templates/rndc.conf b/roles/dns/templates/rndc.conf
@@ -0,0 +1,7 @@
+include "{{ namedb_dir }}/{{ rndc_key }}";
+
+options {
+    default-key "rndc-key";
+    default-server {{ internal_ip }};
+    default-port 953;
+};
diff --git a/roles/dns/vars/main.yml b/roles/dns/vars/main.yml
@@ -9,3 +9,6 @@ secondaries:
 - ns3.he.net.
 - ns4.he.net.
 - ns5.he.net.
+# We do not want it to match the default one since 'rndc' produces annoying
+# warnings.
+rndc_key: "rndc-key"