100 lines
2.5 KiB
YAML
100 lines
2.5 KiB
YAML
|
- name: check if key has been generated
|
||
|
stat:
|
||
|
path: '/etc/bind/keys/{{ item.key }}-ksk.key'
|
||
|
with_dict: '{{ bind_zones }}'
|
||
|
when: item.value.dnssec is defined and item.value.dnssec
|
||
|
register: st
|
||
|
tags: bind
|
||
|
|
||
|
- name: generated keys for dnssec 1/2
|
||
|
shell: 'dnssec-keygen -a RSASHA256 -b 2048 -r /dev/urandom -n ZONE {{ item.item.key }}'
|
||
|
args:
|
||
|
chdir: /tmp
|
||
|
with_items: '{{ st.results }}'
|
||
|
when: item.stat is defined and not item.stat.exists
|
||
|
register: stdout
|
||
|
tags: bind
|
||
|
|
||
|
- name: move key file 1/2
|
||
|
copy:
|
||
|
remote_src: true
|
||
|
src: '/tmp/{{ item[0].stdout }}.{{ item[1] }}'
|
||
|
dest: '/etc/bind/keys/{{ item[0].stdout }}.{{ item[1] }}'
|
||
|
owner: root
|
||
|
group: bind
|
||
|
mode: 0640
|
||
|
with_nested:
|
||
|
- '{{ stdout.results }}'
|
||
|
- ['key', 'private']
|
||
|
when: not item[0].skipped is defined
|
||
|
tags: bind
|
||
|
|
||
|
- name: link key file 1/2
|
||
|
file:
|
||
|
src: '/etc/bind/keys/{{ item[0].stdout }}.{{ item[1] }}'
|
||
|
dest: '/etc/bind/keys/{{ item[0].item.item.key }}.{{ item[1] }}'
|
||
|
owner: root
|
||
|
group: root
|
||
|
state: link
|
||
|
with_nested:
|
||
|
- '{{ stdout.results }}'
|
||
|
- ['key', 'private']
|
||
|
when: not item[0].skipped is defined
|
||
|
tags: bind
|
||
|
|
||
|
- name: remove old key file 1/2
|
||
|
file:
|
||
|
path: '{{ item[0].stdout }}.{{ item[1] }}'
|
||
|
state: absent
|
||
|
with_nested:
|
||
|
- '{{ stdout.results }}'
|
||
|
- ['key', 'private']
|
||
|
when: not item[0].skipped is defined
|
||
|
tags: bind
|
||
|
|
||
|
- name: generated keys for dnssec 2/2
|
||
|
shell: 'dnssec-keygen -f KSK -a RSASHA256 -b 4096 -r /dev/urandom -n ZONE {{ item.item.key }}'
|
||
|
args:
|
||
|
chdir: /tmp
|
||
|
with_items: '{{ st.results }}'
|
||
|
when: item.stat is defined and not item.stat.exists
|
||
|
register: stdout
|
||
|
tags: bind
|
||
|
|
||
|
- name: move key file 2/2
|
||
|
copy:
|
||
|
remote_src: true
|
||
|
src: '/tmp/{{ item[0].stdout }}.{{ item[1] }}'
|
||
|
dest: '/etc/bind/keys/{{ item[0].stdout }}.{{ item[1] }}'
|
||
|
owner: root
|
||
|
group: bind
|
||
|
mode: 0640
|
||
|
with_nested:
|
||
|
- '{{ stdout.results }}'
|
||
|
- ['key', 'private']
|
||
|
when: not item[0].skipped is defined
|
||
|
tags: bind
|
||
|
|
||
|
- name: link key file 2/2
|
||
|
file:
|
||
|
src: '/etc/bind/keys/{{ item[0].stdout }}.{{ item[1] }}'
|
||
|
dest: '/etc/bind/keys/{{ item[0].item.item.key }}-ksk.{{ item[1] }}'
|
||
|
owner: root
|
||
|
group: root
|
||
|
state: link
|
||
|
with_nested:
|
||
|
- '{{ stdout.results }}'
|
||
|
- ['key', 'private']
|
||
|
when: not item[0].skipped is defined
|
||
|
tags: bind
|
||
|
|
||
|
- name: remove old key file 2/2
|
||
|
file:
|
||
|
path: '{{ item[0].stdout }}.{{ item[1] }}'
|
||
|
state: absent
|
||
|
with_nested:
|
||
|
- '{{ stdout.results }}'
|
||
|
- ['key', 'private']
|
||
|
when: not item[0].skipped is defined
|
||
|
tags: bind
|