|
---
|
|
# DNS management
|
|
:enabled: <%= scope.lookupvar("foreman_proxy::dns") %>
|
|
# valid providers:
|
|
# dnscmd (Microsoft Windows native implementation)
|
|
# nsupdate
|
|
# nsupdate_gss (for GSS-TSIG support)
|
|
# virsh (simple implementation for libvirt)
|
|
:dns_provider: <%= scope.lookupvar("foreman_proxy::dns_provider") %>
|
|
:dns_key: <%= scope.lookupvar("foreman_proxy::keyfile") %>
|
|
# use this setting if you are managing a dns server which is not localhost though this proxy
|
|
:dns_server: <%= scope.lookupvar("foreman_proxy::dns_server") %>
|
|
# use this setting if you want to override default TTL setting (86400)
|
|
:dns_ttl: <%= scope.lookupvar("foreman_proxy::dns_ttl") %>
|
|
# use dns_tsig_* for GSS-TSIG updates using Kerberos. Required for Windows MS DNS with
|
|
# Secure Dynamic Updates, or BIND as used in FreeIPA. Set dns_provider to nsupdate_gss.
|
|
<%if scope.lookupvar("foreman_proxy::dns_provider") == 'nsupdate_gss' -%>
|
|
:dns_tsig_keytab: <%= scope.lookupvar("foreman_proxy::dns_tsig_keytab") %>
|
|
:dns_tsig_principal: <%= scope.lookupvar("foreman_proxy::dns_tsig_principal") %>
|
|
<% else -%>
|
|
#:dns_tsig_keytab: /usr/share/foreman-proxy/dns.keytab
|
|
#:dns_tsig_principal: DNS/host.example.com@EXAMPLE.COM
|
|
<% end -%>
|