Allow specifying an rndc key

This is necessary in ha because if we let the puppet module generate
the rndc key it will be different on all controllers and they won't
be able to talk to each other.

Change-Id: I4f030cd419511be43e9e4189dbc4418d5a6c6c61

manifests/profile/base/designate/worker.pp

@@ -23,11 +23,21 @@
 #   for more details.
 #   Defaults to hiera('step')
 #
+# [*rndc_key*]
+#   (Optional) The base64-encoded key secret for /etc/rndc.key.
+#   Defaults to hiera('designate_rndc_key')
+#
 class tripleo::profile::base::designate::worker (
   $step = Integer(hiera('step')),
+  $rndc_key = hiera('designate_rndc_key'),
 ) {
   include ::tripleo::profile::base::designate
+
   if $step >= 4 {
+    file { 'designate rndc key':
+      path    => '/etc/rndc.key',
+      content => template('tripleo/designate/rndc.key.erb')
+    }
     include ::designate::worker
   }
 }

templates/designate/rndc.key.erb

@@ -0,0 +1,4 @@
+key "rndc-key" {
+        algorithm hmac-sha256;
+        secret "<%= @rndc_key %>";
+};