A custom Ansible lookup plugin solves the problem of generating TSIG keys for DNS servers. Standard Ansible lookups like random_string get re-evaluated due to lazy evaluation, making them unsuitable for reuse. The plugin generates BIND-compatible TSIG key files and returns components as a dictionary, ensuring idempotency. Generated files include a comment with colon-separated algorithm, key name, and secret for easy extraction and use with dig's -y option.
Sort: