kpfleming.powerdns_auth.cryptokey module – Manages a CryptoKey in a zone of PowerDNS Authoritative server
Note
This module is part of the kpfleming.powerdns_auth collection (version 25.2.0).
It is not included in ansible-core.
To check whether it is installed, run ansible-galaxy collection list.
To install it, use: ansible-galaxy collection install kpfleming.powerdns_auth.
You need further requirements to be able to use this module,
see Requirements for details.
To use it in a playbook, specify: kpfleming.powerdns_auth.cryptokey.
Synopsis
This module can create, delete, activate/deactivate, publish/unpublish a CryptoKey in a zone of PowerDNS Authoritative server.
Requirements
The below requirements are needed on the host that executes this module.
bravado
Parameters
Parameter |
Comments |
|---|---|
Whether the CryptoKey is active or not. Choices:
|
|
Algorithm for CryptoKey generation. |
|
Key (token) used to authenticate to the API endpoint in the server. |
|
Path of the OpenAPI (Swagger) API spec document in Default: |
|
URL of the API endpoint in the server. Default: |
|
Size of the CryptoKey in bits when Default: |
|
The DNSKEY record for the CryptoKey. Required alongside |
|
The CryptoKey id. |
|
The type of CryptoKey, either zone signing key (zsk), key signing key (ksk) or combined signing key (csk) Note that by default if only one CryptoKey is present it will be used as a csk regardless of the provided type. For the CryptoKey to assume its role another CryptoKey of the opposite type has to be present (zsk for ksk and vice-versa). Choices:
|
|
The privatekey in ISC format. Required if |
|
Whether the CryptoKey is published or not. Choices:
|
|
ID of the server instance which holds the key. Default: |
|
Name of the zone |
Examples
%YAML 1.2
---
- name: Generate key
kpfleming.powerdns_auth.cryptokey:
api_key: foo
zone_name: crypto.example.
state: present
keytype: csk
algorithm: ed25519
active: true
- name: Import key
kpfleming.powerdns_auth.cryptokey:
api_key: foo
zone_name: crypto.example.
state: present
keytype: zsk
dnskey: "257 3 15 lMu/7quhLeSueMcdlt3T0sxln32yhrhASCKKDB1xJOk="
privatekey: |
Private-key-format: v1.2
Algorithm: 15 (ED25519)
PrivateKey: Rnt2dv3mWMmP8bU/8koayZ4R5dWdI86zJmZ0nnjPe6Q=
active: true
- name: Delete key
kpfleming.powerdns_auth.cryptokey:
api_key: foo
zone_name: crypto.example.
state: absent
id: 1
- name: Activating key
kpfleming.powerdns_auth.cryptokey:
api_key: foo
zone_name: crypto.example.
state: present
id: 1
active: true
- name: Listing a specific key
kpfleming.powerdns_auth.cryptokey:
api_key: foo
zone_name: crypto.example.
state: exists
id: 1
- name: Listing all keys in the zone
kpfleming.powerdns_auth.cryptokey:
api_key: foo
zone_name: crypto.example.
state: exists
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
|---|---|
List of existing CryptoKeys after all the changes are made. Returned: always |
|
whether or not the CryptoKey is active Returned: success |
|
the CryptoKey algorithm Returned: success |
|
size in bits, used in dnskey record Returned: success |
|
the dnskey record Returned: success |
|
when keytype is ksk or csk, used to create the DS record on the parent zone Returned: success |
|
flags Returned: success |
|
the id of the CryptoKey Returned: success |
|
the type of the CryptoKey Returned: success |
|
whether or not the CryptoKey is published Returned: success |
|
always Cryptokey Returned: success |
|
If id is provided, whether a corresponding key exists Otherwise if there is any key in the zone Returned: when state is exists |
Authors
Mohamed Chamrouk (@mohamed-chamrouk)