485539f618
Our nsd setup relies on the distro provided nsd unit file which doesn't force nsd to wait for networking to be online before starting the service. This is fine if listening on ::1 or :: (or ipv4 equivalents) because those special addrs don't need network to be fully onling. However, we don't listen on those addrs because we have unbound performing local dns for us. Instead we listen on our public interfaces which does require networking to be online first. Thankfully freedesktop.org has a great faq page about this [0] and that basically describes the addition of wanting and aftering network-online.target. We do that through the unit config mechanism described here [1]. [0] https://www.freedesktop.org/wiki/Software/systemd/NetworkTarget/ [1] https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/system_administrators_guide/sect-Managing_Services_with_systemd-Unit_Files#brid-Managing_Services_with_systemd-Extending_Unit_Config Change-Id: Ieffe2e239048394e27bd0baf63387f819b17db9c
43 lines
1.0 KiB
YAML
43 lines
1.0 KiB
YAML
# Install the NSD config before installing the package because the
|
|
# default packaged config listens on all addresses therefore will
|
|
# not start.
|
|
- name: Ensure NSD config directory exists
|
|
file:
|
|
path: /etc/nsd
|
|
state: directory
|
|
- name: Install NSD config
|
|
template:
|
|
src: templates/nsd.conf.j2
|
|
dest: /etc/nsd/nsd.conf
|
|
owner: root
|
|
group: root
|
|
mode: 0444
|
|
notify: Reconfigure NSD
|
|
- name: Install packages
|
|
package:
|
|
name:
|
|
- nsd
|
|
- name: Create nsd unit file override dir
|
|
file:
|
|
path: /etc/systemd/system/nsd.service.d
|
|
state: directory
|
|
owner: root
|
|
group: root
|
|
mode: 0755
|
|
- name: Create nsd unit file override config
|
|
# This is necessary to force nsd to start after networking is up.
|
|
# Upstream package is broken when not listening on :: or ::1
|
|
copy:
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
dest: /etc/systemd/system/nsd.service.d/deps.conf
|
|
content: |
|
|
[Unit]
|
|
After=network-online.target
|
|
Wants=network-online.target
|
|
- name: Enable NSD
|
|
service:
|
|
name: nsd
|
|
enabled: true
|