From dba1d2a5e127556bd523490e2f33628da47c9631 Mon Sep 17 00:00:00 2001
From: Ben Nemec <bnemec@redhat.com>
Date: Mon, 16 Jul 2018 14:50:07 +0000
Subject: [PATCH] Allow specifying an rndc key

This is necessary in ha because if we let the puppet module generate
the rndc key it will be different on all controllers and they won't
be able to talk to each other.

Change-Id: I4f030cd419511be43e9e4189dbc4418d5a6c6c61
---
 manifests/profile/base/designate/worker.pp | 10 ++++++++++
 templates/designate/rndc.key.erb           |  4 ++++
 2 files changed, 14 insertions(+)
 create mode 100644 templates/designate/rndc.key.erb

diff --git a/manifests/profile/base/designate/worker.pp b/manifests/profile/base/designate/worker.pp
index aafcad2bd..a0835967d 100644
--- a/manifests/profile/base/designate/worker.pp
+++ b/manifests/profile/base/designate/worker.pp
@@ -23,11 +23,21 @@
 #   for more details.
 #   Defaults to hiera('step')
 #
+# [*rndc_key*]
+#   (Optional) The base64-encoded key secret for /etc/rndc.key.
+#   Defaults to hiera('designate_rndc_key')
+#
 class tripleo::profile::base::designate::worker (
   $step = Integer(hiera('step')),
+  $rndc_key = hiera('designate_rndc_key'),
 ) {
   include ::tripleo::profile::base::designate
+
   if $step >= 4 {
+    file { 'designate rndc key':
+      path    => '/etc/rndc.key',
+      content => template('tripleo/designate/rndc.key.erb')
+    }
     include ::designate::worker
   }
 }
diff --git a/templates/designate/rndc.key.erb b/templates/designate/rndc.key.erb
new file mode 100644
index 000000000..ef6da7324
--- /dev/null
+++ b/templates/designate/rndc.key.erb
@@ -0,0 +1,4 @@
+key "rndc-key" {
+        algorithm hmac-sha256;
+        secret "<%= @rndc_key %>";
+};