opendev/system-config
Code Issues Proposed changes

Merge "Tighten permissions on zone keys"

Browse Source
This commit is contained in:
Zuul 2018-12-03 23:38:07 +00:00 committed by Gerrit Code Review
commit 41fb4a9248
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
playbooks/roles/master-nameserver/tasks/main.yaml
View File

@ -46,17 +46,26 @@
file:
path: "/etc/bind/keys/{{ item.name }}"
state: directory
owner: root
group: bind
mode: 0750
- name: Install dnssec public keys
loop: "{{ dnssec_keys | dict2items }}"
copy:
dest: "/etc/bind/keys/{{ item.value.zone }}/K{{ item.value.zone }}.+008+{{ item.key }}.key"
content: "{{ item.value.public }}"
owner: root
group: bind
mode: 0440
- name: Install dnssec private keys
no_log: true
loop: "{{ dnssec_keys | dict2items }}"
copy:
dest: "/etc/bind/keys/{{ item.value.zone }}/K{{ item.value.zone }}.+008+{{ item.key }}.private"
content: "{{ item.value.private }}"
owner: root
group: bind
mode: 0440
- name: Install bind config
template:
src: templates/named.conf.j2