From efd6ed5be886198ef17ac236604b2ca29ad71062 Mon Sep 17 00:00:00 2001 From: "James E. Blair" Date: Thu, 22 Jul 2021 09:36:17 -0700 Subject: [PATCH] Add DNSSEC configuration for gating.dev Change-Id: I4d62968456ac72d4f84a63104932cc28d27feccb --- .../zuul/templates/group_vars/adns.yaml.j2 | 44 +++++++++++++++++++ testinfra/test_adns.py | 3 ++ 2 files changed, 47 insertions(+) diff --git a/playbooks/zuul/templates/group_vars/adns.yaml.j2 b/playbooks/zuul/templates/group_vars/adns.yaml.j2 index 54af601006..e1313632f8 100644 --- a/playbooks/zuul/templates/group_vars/adns.yaml.j2 +++ b/playbooks/zuul/templates/group_vars/adns.yaml.j2 @@ -178,3 +178,47 @@ dnssec_keys: Created: 20190326051559 Publish: 20190326051559 Activate: 20190326051559 + '56162': + zone: gating.dev + public: | + ; This is a key-signing key, keyid 56162, for gating.dev. + ; Created: 20210722163110 (Thu Jul 22 09:31:10 2021) + ; Publish: 20210722163110 (Thu Jul 22 09:31:10 2021) + ; Activate: 20210722163110 (Thu Jul 22 09:31:10 2021) + gating.dev. IN DNSKEY 257 3 8 AwEAAZ5ISxFxITSsRebaYtCVsM2eciLOPJa+Qv2JFUMS3UorODG05uul qGYCqaklZP0d1YjtPtP8EVsFs98ac54WjkpHckGcq6SKwRQEmX0SPwZs kcoZxMw0ODJu+bzDwCDz3JtJY9qclyh0b2pR8zHZXfM8/KTEEp0Kzhdo rcPqCUkL1Px+ELg6ZVq4nlOvXCWGCblzH22lwj0+imZVOMmAjqNahZMj SvIDvYsZcLMvv1PaI4b5I92B3Yrl6FtKfZAdaZYdyGgEDoWT36ZB5YNy 3wZPIcFCjkAKaD+TlAFEqa8Fj0/uT/58ICQY0gOcTSIUMQkZCLWe+tgq B9yHsvzmvdk= + private: | + Private-key-format: v1.3 + Algorithm: 8 (RSASHA256) + Modulus: nkhLEXEhNKxF5tpi0JWwzZ5yIs48lr5C/YkVQxLdSis4MbTm66WoZgKpqSVk/R3ViO0+0/wRWwWz3xpznhaOSkdyQZyrpIrBFASZfRI/BmyRyhnEzDQ4Mm75vMPAIPPcm0lj2pyXKHRvalHzMdld8zz8pMQSnQrOF2itw+oJSQvU/H4QuDplWrieU69cJYYJuXMfbaXCPT6KZlU4yYCOo1qFkyNK8gO9ixlwsy+/U9ojhvkj3YHdiuXoW0p9kB1plh3IaAQOhZPfpkHlg3LfBk8hwUKOQApoP5OUAUSprwWPT+5P/nwgJBjSA5xNIhQxCRkItZ762CoH3Iey/Oa92Q== + PublicExponent: AQAB + PrivateExponent: J86CopZTBY413kMaCt86oduxVLONZVPgQScSo9XAtYB9F3MpiCYXXeBZjuKKrWWtaExSOrnwG3YpsHhUj3OYwXGKeJnQSQdkW4Z0m5HVK+ZuG+ezKLARWg2y3RhV33O1DZC9fiNXmKL/yjtl8Cl8iUnTOBTfoYMwJY779IONZkMgKCYcChH1ZvPJDxJITPKc70oIh6YiZwdlJTvw/hf+/eSQUwNmixnktCOgR+aCsno8TbOX3Ce+/+WK38Tlfkrk6bVkFFWcjIMYky5afd8n9eyL+Dhs7KD0qWbU8Z3U59Gqlr7yHjjzq+BdKxz2ZUtp8WwprbEFp9Luj/Lap1HVAQ== + Prime1: 0sBW2QngSYT6pmbffqyHzVoT9fR9NqPMeDMMBq9mJ38hTKSi3gWbOtxO5lN83frDeEcG7VzHQ0K4gWF9OlC268QOEAiO1UYb+8LBnYb+8d08BJpYfrYKZp1KssHJI0SMK7A7DmKrDFwenv26dRgZAvsSfTHyQ44YdXnj+FKq8FE= + Prime2: wEQSB1+aswqQVcG0geBUWPvzhwMyhCA8e49vvit71ZuEVQ0inla787Gc5pRnAyFoM0fmckY1yQoCbbJDuM6hnnWr+fQiy+5df/NsMBAvHzAmQEYQx6vUrs+tZfJ+UA8bAoLBcG9wv7VmgQCRdRh1xWL0E2QyHaH4nwu7JGef2wk= + Exponent1: JMaDYSQkCzA1PMw+u7AHkoHhcc3T+7DhgSgHNTNuM/4vJVylPvDjgYXoDrEK3QFhEp/ySYEjFE2UPJ9yZram9MUlXw7fPcAaKfh2KLLh0fq0+mikgJfrgLR50G+YVZskiosaAwycpG9+uGe2HbCyzJ5bP5VznO4yvm0iprZmNcE= + Exponent2: MrxDvape2kw5VkftaDBYUbr6wm/3jqIrE7gAFsDGxtFpFECJGBtvMZl2++nBXTQdmRqqFxGr88cuaOAXutbcE0KeBTGFVScriS4lKHG83ZAJKADVQLt5PkATU8mvx1SVHg5/GTpvGEe4KuaJe8remR3JpqxUBTnOr7mawrqNlnE= + Coefficient: uhmxPHFPWZAM496XQmlm76ncMmuRoylLdwiXAVd+LIzzkabOa3ZcJe3B+BQoajOkCgpCSGlq9FwySXNdpCERiSCzvWzQCBGVdyOtzKu5j5bRPo3FoDjKD9CN6NVCngTMADc0h/A5gpopn/MVzaiQEqCtLfzkYr7VFKFfhasn5eA= + Created: 20210722163110 + Publish: 20210722163110 + Activate: 20210722163110 + '62481': + zone: gating.dev + public: | + ; This is a zone-signing key, keyid 62481, for gating.dev. + ; Created: 20210722163107 (Thu Jul 22 09:31:07 2021) + ; Publish: 20210722163107 (Thu Jul 22 09:31:07 2021) + ; Activate: 20210722163107 (Thu Jul 22 09:31:07 2021) + gating.dev. IN DNSKEY 256 3 8 AwEAAZbTOUNGtlec4HF6ZKsOFUOCBBOIxHhNScfr3UKScSsCEeASjVjR GxSeeSLXVp+ttzT+U9f1Ab7yhSQtOHj99vQ/TxTp7M94c3qatb8DGjQi KYXvR1qxvxtplBEUZ0Fh8+dTSpAHFM219ZZ9AI4ssFqraVm53IN1ASMX asZ72BZ8tId8gEb3R+lG5bt/AYDTi/UxHnYO0sC8WuvsLwfnme4tyXOq u39aE8zklqMyX6i29Lhb9CiGMjnfhRSaO+zv5KuVhH98E8aSGNycqbq+ rbY1LWihSw6AVdv/JzsZGd3gU8XiiN+JJf9kKyoLDxqX3PX5et7Fuir/ wM6fxypqYAc= + private: | + Private-key-format: v1.3 + Algorithm: 8 (RSASHA256) + Modulus: ltM5Q0a2V5zgcXpkqw4VQ4IEE4jEeE1Jx+vdQpJxKwIR4BKNWNEbFJ55ItdWn623NP5T1/UBvvKFJC04eP329D9PFOnsz3hzepq1vwMaNCIphe9HWrG/G2mUERRnQWHz51NKkAcUzbX1ln0AjiywWqtpWbncg3UBIxdqxnvYFny0h3yARvdH6Ublu38BgNOL9TEedg7SwLxa6+wvB+eZ7i3Jc6q7f1oTzOSWozJfqLb0uFv0KIYyOd+FFJo77O/kq5WEf3wTxpIY3Jypur6ttjUtaKFLDoBV2/8nOxkZ3eBTxeKI34kl/2QrKgsPGpfc9fl63sW6Kv/Azp/HKmpgBw== + PublicExponent: AQAB + PrivateExponent: lVAmsGOgwLudtrnkTzNx+ZMNVglf93kMQc9PDEjNoDY8XAgBxpu8o3z/j25/YzUm2l+twW3cfJy7EkVyUtWZVdQXBi1PM1WbfRUMOD1qA5KOaPmpOjAdcZXj78SzNBc0zx22Az//aGdq6cB2fEnhjOGFOj61/64logfcvQJ9ukPVo0bnXOIMWnKBo3gFGQrMO7+YiAmFnQapJdm/oyqh/AQbjKUApPBD5SUT81bfSCcbOTusJzUPT4yfI7+HSogl7uE7cwo5K6dDUxgH8LTXkbXfvN/4NFY+m7nNZfXxzv8P+S7yiXDgOX+vOcvAW3NYkeZxsjQ9GVAlq+nyytF2gQ== + Prime1: xctRlZKQlUbDRnOgxM2cQo8vsVjDiYxjRHjTR0Rb/5vo7OJdjqrh5dKY6HxNGIbGGpABR5y5uMXd2gXzPp5bXanuG+pTiUEX2y8dmBoZ9tnX8xgTG8Y+aQcpdUjGt+cIsic0vES10iqIBk+kQ9BKXPh85b8g0a1Y1E7/g54EOUM= + Prime2: wzWFV8gf08r8eN95EOHe8b7ZQebt7E/DD9WiguQk3ejQiu9dqcq+WPMAAyhOEQhIt/BUNpqxbaEZSOK3vTA3R5gh1/5gfa6zcUdeAd+JF847kqAaUUsaxY44VZXiKqQi01XUM0mPrM575X6Qe/fWevtoPWYzx0sH9ixbRAjg3+0= + Exponent1: DVb9FZ1g6vBu0x2RRjSnyUVm7gsShQBW4ZNUjIXrvn2BZBiQPsL/oURm06cue+z7B2eW7oF/dRrDL6UfFqYPe22uhWt0XtlpBntS/6MjBScEDX0eLM1eAC9feG2EGXsXdwx13gy0RoxfyC0u4vP1T/fiVIxjZkDOsOLzEKljl4k= + Exponent2: YDxheW4yqqIWp6xcLgN8eqeAyemEAA0ud/71OBwrRK9DKEtrXIqUHpvltKjJG8J+vxefHLBUqlxSb8k9lepQRl5syOQiQ7O9ySnK4ZeHKZJFcjq13r/s+dnsUd0re6QhexiEHai1SRceo3wq1MLRHR4WPLbG7ghCa41gjQDng90= + Coefficient: PZ8Fr1K4rbnw7n54xi4cejUq61ASGdmymH+CubTyBgrIB26TqrMgcE71GAN/05rlldF7SFgdawRK7CxZlWJbv5AcVb+bfQ7nf/CztWsael9dcIasecNjf6pr5Z9kPegQrW5Rr5CdOMS6xvR0yKnq/lG39+mjyZcBHEL2RjHzyes= + Created: 20210722163107 + Publish: 20210722163107 + Activate: 20210722163107 diff --git a/testinfra/test_adns.py b/testinfra/test_adns.py index 1f24b85b0a..dfd9db5684 100644 --- a/testinfra/test_adns.py +++ b/testinfra/test_adns.py @@ -33,6 +33,9 @@ def test_zone_files(host): zuulci_zone = host.file('/var/lib/bind/zones/zuulci.org') assert zuulci_zone.exists + gating_dev_zone = host.file('/var/lib/bind/zones/gating.dev') + assert gating_dev_zone.exists + bind_config = host.file('/etc/bind/named.conf') assert b'zone opendev.org {' in bind_config.content assert b'zone acme.opendev.org {' in bind_config.content