opendev/system-config
Code Issues Proposed changes

Add unbound role

Browse Source 
Add it to the base playbook and add a testinfra test for it.

Change-Id: Id5098f33aac213e6add6f061684d0214dc99ab5b
This commit is contained in:
James E. Blair 2018-08-27 13:04:57 -07:00
parent 4dfd604936
commit 3d166f99f6
10 changed files with 80 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
modules.env
View File

@ -146,7 +146,6 @@ INTEGRATION_MODULES["$OPENSTACK_GIT_ROOT/openstack-infra/puppet-sudoers"]="origi
INTEGRATION_MODULES["$OPENSTACK_GIT_ROOT/openstack-infra/puppet-tmpreaper"]="origin/master" INTEGRATION_MODULES["$OPENSTACK_GIT_ROOT/openstack-infra/puppet-tmpreaper"]="origin/master"
INTEGRATION_MODULES["$OPENSTACK_GIT_ROOT/openstack-infra/puppet-ulimit"]="origin/master" INTEGRATION_MODULES["$OPENSTACK_GIT_ROOT/openstack-infra/puppet-ulimit"]="origin/master"
INTEGRATION_MODULES["$OPENSTACK_GIT_ROOT/openstack-infra/puppet-unattended_upgrades"]="origin/master" INTEGRATION_MODULES["$OPENSTACK_GIT_ROOT/openstack-infra/puppet-unattended_upgrades"]="origin/master"
INTEGRATION_MODULES["$OPENSTACK_GIT_ROOT/openstack-infra/puppet-unbound"]="origin/master"
INTEGRATION_MODULES["$OPENSTACK_GIT_ROOT/openstack-infra/puppet-user"]="origin/master" INTEGRATION_MODULES["$OPENSTACK_GIT_ROOT/openstack-infra/puppet-user"]="origin/master"
INTEGRATION_MODULES["$OPENSTACK_GIT_ROOT/openstack-infra/puppet-zanata"]="origin/master" INTEGRATION_MODULES["$OPENSTACK_GIT_ROOT/openstack-infra/puppet-zanata"]="origin/master"
INTEGRATION_MODULES["$OPENSTACK_GIT_ROOT/openstack-infra/puppet-zuul"]="origin/master" INTEGRATION_MODULES["$OPENSTACK_GIT_ROOT/openstack-infra/puppet-zuul"]="origin/master"

7
modules/openstack_project/manifests/server.pp
View File

@ -4,7 +4,6 @@
class openstack_project::server ( class openstack_project::server (
$pin_puppet = '3.', $pin_puppet = '3.',
$ca_server = undef, $ca_server = undef,
$enable_unbound = true,
$afs = false, $afs = false,
$afs_cache_size = 500000, $afs_cache_size = 500000,
$pypi_index_url = 'https://pypi.python.org/simple', $pypi_index_url = 'https://pypi.python.org/simple',
@ -18,12 +17,6 @@ class openstack_project::server (
########################################################### ###########################################################
# Process if ( $high_level_directive ) blocks # Process if ( $high_level_directive ) blocks
if ($enable_unbound) {
class { 'unbound':
install_resolv_conf => $install_resolv_conf
}
}
if $afs { if $afs {
class { 'openafs::client': class { 'openafs::client':
cell => 'openstack.org', cell => 'openstack.org',

1
playbooks/base.yaml
View File

@ -9,6 +9,7 @@
roles: roles:
- base-server - base-server
- timezone - timezone
- unbound
- hosts: "puppet:!disabled" - hosts: "puppet:!disabled"
roles: roles:

1
playbooks/roles/unbound/README.rst Normal file
View File

@ -0,0 +1 @@
Installs and configures the unbound DNS resolver

7
playbooks/roles/unbound/files/dhclient.conf Normal file
View File

@ -0,0 +1,7 @@
option rfc3442-classless-static-routes code 121 = array of unsigned integer 8;
send host-name "<hostname>";
request subnet-mask, broadcast-address, routers,
interface-mtu, rfc3442-classless-static-routes;
supersede domain-name-servers 127.0.0.1;
supersede domain-search "";
supersede domain-name "";

1
playbooks/roles/unbound/files/resolv.conf Normal file
View File

@ -0,0 +1 @@
nameserver 127.0.0.1

18
playbooks/roles/unbound/files/unbound.default Normal file
View File

@ -0,0 +1,18 @@
# If set, the unbound daemon will be started and stopped by the init script.
UNBOUND_ENABLE=true
# Whether to automatically update the root trust anchor file.
ROOT_TRUST_ANCHOR_UPDATE=true
# File in which to store the root trust anchor.
ROOT_TRUST_ANCHOR_FILE=/var/lib/unbound/root.key
# If set, the unbound init script will provide unbound's listening
# IP addresses as nameservers to resolvconf.
RESOLVCONF=true
# If set, resolvconf nameservers will be configured as forwarders
# to be used by unbound.
RESOLVCONF_FORWARDERS=false
#DAEMON_OPTS="-c /etc/unbound/unbound.conf"

13
playbooks/roles/unbound/tasks/Debian.yaml Normal file
View File

@ -0,0 +1,13 @@
# We require the defaults file be in place before installing the
# package to work around this bug:
# https://bugs.launchpad.net/ubuntu/+source/unbound/+bug/988513
# where we could end up briefly forwarding to a provider's broken
# DNS.
# This file differs from that in the package only by setting
# RESOLVCONF_FORWARDERS to false.
- name: Install unbound defaults file
copy:
src: unbound.default
dest: /etc/default/unbound
mode: 0444

34
playbooks/roles/unbound/tasks/main.yaml Normal file
View File

@ -0,0 +1,34 @@
- name: Include OS-specific tasks
include_tasks: "{{ item }}"
vars:
params:
files: "{{ distro_lookup_path }}"
skip: true
loop: "{{ query('first_found', params) }}"
- name: Install unbound
package:
state: present
name: unbound
- name: Write dhclient config file
copy:
src: dhclient.conf
dest: "{{ item }}"
mode: 0444
when: item is file
loop:
- /etc/dhcp/dhclient.conf
- /etc/dhcp/dhclient-eth0.conf
- name: Write resolv.conf
copy:
src: resolv.conf
dest: /etc/resolv.conf
mode: 0444
- name: Enable unbound
service:
name: unbound
enabled: true
state: started

5
testinfra/test_base.py
View File

@ -91,3 +91,8 @@ def test_snmp(host):
def test_timezone(host): def test_timezone(host):
tz = host.check_output('date +%Z') tz = host.check_output('date +%Z')
assert tz == "UTC" assert tz == "UTC"
def test_unbound(host):
output = host.check_output('host git.openstack.org')
assert 'has address' in output