unbound-control: no certificates for local use

This commit is contained in:
Yohaï-Eliel BERREBY 2020-05-02 16:37:21 +02:00
parent 3695a3d771
commit b94c62d710
2 changed files with 3 additions and 27 deletions

View file

@ -19,22 +19,6 @@
state: present state: present
register: unbound_install register: unbound_install
- name: check if unbound-control certificate exists
stat:
path: /etc/unbound/unbound_control.pem
register: ubc_control_pem
- name: check if unbound server certificate exists
stat:
path: /etc/unbound/unbound_server.pem
register: ubc_server_pem
- name: run unbound-control-setup if a certificate is missing
command: unbound-control-setup
become: yes
when: ubc_control_pem.stat.exists == False or ubc_server_pem.stat.exists == False
- name: add unbound-control configuration - name: add unbound-control configuration
template: template:
src: unbound-control.conf.j2 src: unbound-control.conf.j2

View file

@ -10,14 +10,6 @@ remote-control:
# port number for remote control operations. # port number for remote control operations.
control-port: 8953 control-port: 8953
# unbound server key file. # Disable the use of certificates for unbound-control.
server-key-file: "/etc/unbound/unbound_server.key" # It's only listening locally, there's no need for the added complexity.
control-use-cert: "no"
# unbound server certificate file.
server-cert-file: "/etc/unbound/unbound_server.pem"
# unbound-control key file.
control-key-file: "/etc/unbound/unbound_control.key"
# unbound-control certificate file.
control-cert-file: "/etc/unbound/unbound_control.pem"