Add support for on-secondary signing

This commit is contained in:
s3lph 2023-04-04 20:54:24 +02:00
parent b1795f2e76
commit 88996a3700

View file

@ -68,7 +68,7 @@ acl:
key: {{ hostvars[remote].knot_tsig_key.name }} key: {{ hostvars[remote].knot_tsig_key.name }}
{% endif %} {% endif %}
{% for address in hostvars[remote].knot_dns_addresses %} {% for address in hostvars[remote].knot_dns_addresses %}
address: "{{ address }}" address: "{{ address.split('@')[0] }}"
{% endfor %} {% endfor %}
{% endfor %} {% endfor %}
@ -86,7 +86,7 @@ acl:
submission: submission:
{% for zone in zones %} {% for zone in zones %}
{% if inventory_hostname in zone.masters %} {% if inventory_hostname in zone.masters or (inventory_hostname in zone.replicas and zone.sign_on_secondary | default(false)) %}
- id: submission-{{ zone.name }} - id: submission-{{ zone.name }}
check-interval: {{ knot_dnssec_submission_check_interval }} check-interval: {{ knot_dnssec_submission_check_interval }}