Parameterize the random device for dnssec-keygen

`dnssec-keygen` uses `/dev/random` by default, but this is slow in some
scenarios where `/dev/urandom` is both faster and provides sufficient utility.
Allow override via the `bind::random_device` hiera key.
This commit is contained in:
Nate Riffe
2015-07-03 08:59:59 -05:00
parent 2cafc226f0
commit e25dbfc529
4 changed files with 8 additions and 4 deletions
+2 -1
View File
@@ -2,13 +2,14 @@
class bind (
$confdir = undef,
$namedconf = undef,
$namedconf = undef,
$cachedir = undef,
$forwarders = undef,
$dnssec = undef,
$version = undef,
$rndc = undef,
$statistics_port = undef,
$random_device = undef,
) {
include ::bind::params
+2 -1
View File
@@ -21,6 +21,7 @@ define bind::zone (
# where there is a zone, there is a server
include bind
$cachedir = $::bind::cachedir
$random_device = $::bind::random_device
$_domain = pick($domain, $name)
unless !($masters != '' and ! member(['slave', 'stub'], $zone_type)) {
@@ -109,7 +110,7 @@ define bind::zone (
if $dnssec {
exec { "dnssec-keygen-${name}":
command => "/usr/local/bin/dnssec-init '${cachedir}' '${name}'\
'${_domain}' '${key_directory}'",
'${_domain}' '${key_directory}' '${random_device}'",
cwd => $cachedir,
user => $::bind::params::bind_user,
creates => "${cachedir}/${name}/${_domain}.signed",