system-config/playbooks/roles/nameserver/tasks/main.yaml
Clark Boylan 485539f618 Update nsd systemd unit deps
Our nsd setup relies on the distro provided nsd unit file which doesn't
force nsd to wait for networking to be online before starting the
service. This is fine if listening on ::1 or :: (or ipv4 equivalents)
because those special addrs don't need network to be fully onling.

However, we don't listen on those addrs because we have unbound
performing local dns for us. Instead we listen on our public interfaces
which does require networking to be online first.

Thankfully freedesktop.org has a great faq page about this [0] and that
basically describes the addition of wanting and aftering
network-online.target. We do that through the unit config mechanism
described here [1].

[0] https://www.freedesktop.org/wiki/Software/systemd/NetworkTarget/
[1] https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/system_administrators_guide/sect-Managing_Services_with_systemd-Unit_Files#brid-Managing_Services_with_systemd-Extending_Unit_Config

Change-Id: Ieffe2e239048394e27bd0baf63387f819b17db9c
2018-12-10 11:44:15 -08:00

43 lines
1.0 KiB
YAML

# Install the NSD config before installing the package because the
# default packaged config listens on all addresses therefore will
# not start.
- name: Ensure NSD config directory exists
file:
path: /etc/nsd
state: directory
- name: Install NSD config
template:
src: templates/nsd.conf.j2
dest: /etc/nsd/nsd.conf
owner: root
group: root
mode: 0444
notify: Reconfigure NSD
- name: Install packages
package:
name:
- nsd
- name: Create nsd unit file override dir
file:
path: /etc/systemd/system/nsd.service.d
state: directory
owner: root
group: root
mode: 0755
- name: Create nsd unit file override config
# This is necessary to force nsd to start after networking is up.
# Upstream package is broken when not listening on :: or ::1
copy:
owner: root
group: root
mode: 0644
dest: /etc/systemd/system/nsd.service.d/deps.conf
content: |
[Unit]
After=network-online.target
Wants=network-online.target
- name: Enable NSD
service:
name: nsd
enabled: true