Open ikeji opened 10 years ago
I have just lost the whole reply.. Damn it!
The rndc reload was working with my cookbook two months ago. I see the dyne.org just updated gitzone itself - so might be some introduced bug. Will retest it soon.
Well I use the same bind cookbook. It creates the key but do not use it (load in in any configuration file). I assume you have an option to add rndc-key cfg options in databag or to attribute. Like extend default["bind"]["options"]
with
default-key "rndc-key";
default-server 127.0.0.1;
default-port 953;
The attribute default["bind"]["include_files"]
might serve to load rndc key config. However there was no way from cookbook-bind to configure "controls".
I assume folowing solution:
rndc.conf
in /etc/named. Gitzone will just create rndc.conf if it not exist yet - I suppose this is the bind cookbook role to manage it and subject of features in bind cookbook. Example config:key "rndc-key" {
algorithm hmac-md5;
secret "<SECRET HASH>";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
default["bind"]["include_files"]
attribute.default-key "rndc-key";
statement to named.options
file.Note: I have had some other issues wiht reloading, so the install.rb
recipe also in last few lines fixes /usr/bin/gitzone (removes some class definitions - which forces to reload all zones)
I was forced to re-do it bit. First I am not sure I got the full usage of rndc. As I already wrote - I have had modified gitzone to use "su - bind" to run the reload (as a temporary workaround). I suppose configuration of rndc.key usage is up to bind cookbook or user attribute settings. Since it's not implemented/possible in full scale I creats own gitzone-rndc.config to load it.
Some found obstackles:
default["bind"]["options"]
-- do not extend named.conf
as bind cookbook documentations says but named.options
the options section.
default-key "rndc-key";
if appears in named.options in the "options" section is not recognized as proper key/value.
If rndc.conf
- named prints warnings that rndc.key
exist but using rndc.conf
. If rndc.conf
contains the "controls" section then named-chckconfig fails. Solution was to create independent .config that is included directly in named.conf
(gitzone-rndc.config).
Please retest at your environment and provide feedback if possible. If you can suggest any other solution it's welcome.
This is feature request.
I use this gitzone recipe with bind recipe. https://github.com/atomic-penguin/cookbook-bind This recipe creates rndc key but it's not enabled.
How about to enable it or create another rndc key for gitzone? Currently this recipe creates error by default.