...
If you are hosting a DNS server the following keys are needed:
Key | Description | Example | Created by | Data-type | Used by: |
---|---|---|---|---|---|
profile::dns::forwarders |
...
Which DNS servers your DNS server should use to resolve domainnames where it is not an authorative DNS | - '<ip-addres-DNS1>' - '<ip-address-DNS2>' | N/A | List of strings | role::bootstrap, role::dns::master | |
profile::dns::key::transfer |
...
The TSIG keys used for zone-transfers | 'UvetjoX5zMiw/NbQr3biug==' | dnssec-keygen -a HMAC-MD5 -b 128 -n HOST <keyname> | String | role::bootstrap, role::dns::master, role::dns::slave | |
profile::dns::key::update |
...
The TSIG keys used for DNS updates | 'UvetjoX5zMiw/NbQr3biug==' |
...
dnssec-keygen -a HMAC-MD5 -b 128 -n HOST <keyname> | String | role::bootstrap, role::dns::master, role::dns:: |
...
slave | ||
profile::dns::slaves | A list over DNS slave-servers which replicates the zone-files from the main DNS server. The hash is structured as key=Servername and value=DNS-IPv4 | 'ns2.example.com': '192. |
...
0. |
...
2. |
...
130' |
...
N/A | List of Hashes | role::bootstrap, role::dns:: |
...
master, role:: |
...
dns:: |
...
slave |
profile::dns:: |
...
zones | A list over DNS zones managed by our DNS servers, or used by our dashboard. The hash is structured as key=DNS-zone and value=DNS-server-shortname. | 'zone.example.com': 'ns1' | N/A | List of Hashes | role::bootstrap, role::dashboard, role::dns::master, role::dns::slave |
I addition there are a set of keys which are needed for each DNS server managing a DNS zone used by us. Shortname is here the name used in "profile::dns::zones".
Key | Description | Example | Created by | Data-type | Used by: |
---|---|---|---|---|---|
profile::dns:: |
...
<shortname>:: |
...
ipv4 | The IPv4 address of a specific DNS server. | '192. |
...
0. |
...
2. |
...
129' |
...
N/A | String | role::bootstrap, role::dashboard, role::dns::master, role:: |
...
dns::slave |
profile::dns:: |
...
<shortname>::name |
...
The fqdn of a specific DNS server | 'ns1.example |
...
.com' |
...
N/A | String | role::bootstrap, role::dns::master, role::dns::slave |
Dashboard
The general configuration of the dashboard are based on the following keys:
Key | Description | Example | Created by | Data-type | Used by: |
---|---|---|---|---|---|
profile::dns::<shortname>::key | The TSIG key used for updates sent to this server. It can be useful to let this be a hiera-lookup for the zones managed by our own DNS servers. | 'UvetjoX5zMiw/NbQr3biug==' "%{hiera('profile::dns::key::update')}" | dnssec-keygen -a HMAC-MD5 -b 128 -n HOST <keyname> | String | role::dashboard |
profile::dashboard::api: 'http://%{hiera('profile::dashboard::name::v4only')}'
profile::dashboard::datadir: '/var/lib/machineadmin'
profile::dashboard::database::type: 'mysql'
profile::dashboard::database::name: '<mysql-database-name>'
profile::dashboard::database::user: '<mysql-database-user>'
profile::dashboard::database::pass: '<mysql-database-password>'
profile::dashboard::database::host: "%{hiera('profile::haproxy::management::ip')}"
profile::dashboard::database::grant: "%"
profile::dashboard::django::secret: '<pwgen -1 -y -s 50>'
profile::dashboard::ldap::url: 'ldaps://<ldaps-server>:636'
profile::dashboard::ldap::search_base: '<LDAP Search base>'
profile::dashboard::ldap::domain: '<LDAP domain>'
profile::dashboard::name: '<Main dashboard hostname (A and AAAA can be defined for this name)>'
profile::dashboard::name::v4only: '<v4-only dashboard hostname (Should only have an A record defined>'
...