Add support for on-secondary signing
This commit is contained in:
parent
a3545b1646
commit
3809b6c2c3
1 changed files with 8 additions and 2 deletions
|
@ -48,7 +48,7 @@ remote:
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
|
||||||
acl:
|
acl:
|
||||||
{% for remote in ( ( zones | map(attribute='replicas') ) + (zones | map(attribute='replicate', default={}) | map(attribute=inventory_hostname, default=[]) ) ) | flatten | unique %}
|
{% for remote in ( zones | map(attribute='replicas') ) | flatten | unique %}
|
||||||
|
|
||||||
- id: acl-xfr-{{ remote }}
|
- id: acl-xfr-{{ remote }}
|
||||||
action: transfer
|
action: transfer
|
||||||
|
@ -137,7 +137,7 @@ zone:
|
||||||
acl: acl-update-{{ updater }}
|
acl: acl-update-{{ updater }}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% for replica in zone.replicas + ( (zone.replicate | default({}) ).get(inventory_hostname, []) ) %}
|
{% for replica in zone.replicas %}
|
||||||
notify: remote-{{ replica }}
|
notify: remote-{{ replica }}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
@ -158,9 +158,15 @@ zone:
|
||||||
{% for master in zone.masters %}
|
{% for master in zone.masters %}
|
||||||
acl: acl-notify-{{ master }}
|
acl: acl-notify-{{ master }}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
{% for xfer in (zone.replicate | default({})).get(inventory_hostname, []) %}
|
||||||
|
acl: acl-transfer-{{ xfer }}
|
||||||
|
{% endfor %}
|
||||||
{% for master in zone.masters %}
|
{% for master in zone.masters %}
|
||||||
master: remote-{{ master }}
|
master: remote-{{ master }}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
{% for notify in (zone.replicate | default({})).get(inventory_hostname, []) %}
|
||||||
|
notify: remote-{{ notify }}
|
||||||
|
{% endfor %}
|
||||||
{% if zone.sign_on_secondary | default(false) %}
|
{% if zone.sign_on_secondary | default(false) %}
|
||||||
dnssec-signing: {{ knot_zone_dnssec_signing }}
|
dnssec-signing: {{ knot_zone_dnssec_signing }}
|
||||||
dnssec-policy: dnssec-{{ zone.name }}
|
dnssec-policy: dnssec-{{ zone.name }}
|
||||||
|
|
Loading…
Reference in a new issue