fixes #10436 Don't configure dns_key if nsupdate_gss is used

Closes GH-171
theforeman · May 12, 2015 · 753b65c · 753b65c
1 parent 2ad3bff
commit 753b65c
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 2 deletions.
diff --git a/spec/classes/foreman_proxy__config__spec.rb b/spec/classes/foreman_proxy__config__spec.rb
@@ -99,9 +99,9 @@
         '---',
         ':enabled: false',
         ':dns_provider: nsupdate',
-        ':dns_key: /etc/rndc.key',
         ':dns_server: 127.0.0.1',
         ':dns_ttl: 86400',
+        ':dns_key: /etc/rndc.key',
       ])
     end
 

diff --git a/templates/dns.yml.erb b/templates/dns.yml.erb
@@ -7,7 +7,6 @@
 #   nsupdate_gss (for GSS-TSIG support)
 #   virsh (simple implementation for libvirt)
 :dns_provider: <%= scope.lookupvar("foreman_proxy::dns_provider") %>
-:dns_key: <%= scope.lookupvar("foreman_proxy::keyfile") %>
 # use this setting if you are managing a dns server which is not localhost though this proxy
 :dns_server: <%= scope.lookupvar("foreman_proxy::dns_server") %>
 # use this setting if you want to override default TTL setting (86400)
@@ -17,7 +16,10 @@
 <%if scope.lookupvar("foreman_proxy::dns_provider") == 'nsupdate_gss' -%>
 :dns_tsig_keytab: <%= scope.lookupvar("foreman_proxy::dns_tsig_keytab") %>
 :dns_tsig_principal: <%= scope.lookupvar("foreman_proxy::dns_tsig_principal") %>
+# dns_key must be disabled if nsupdate_gss is used
+#:dns_key: <%= scope.lookupvar("foreman_proxy::keyfile") %>
 <% else -%>
+:dns_key: <%= scope.lookupvar("foreman_proxy::keyfile") %>
 #:dns_tsig_keytab: /usr/share/foreman-proxy/dns.keytab
 #:dns_tsig_principal: DNS/host.example.com@EXAMPLE.COM
 <% end -%>