base-jobs

History

Clark Boylan 2ba7af7a34 Stop using OpenDNS Ianw noticed problems on fedora29 with unbound. That resulted in a bug filed upstream, https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=4226. In this bug the helpful unbound maintainers point out that OpenDNS servers are having trouble with RRSIG records which leads to not validating dnssec which we require in our unbound config. Address this by switching to CloudFlare DNS which is suppsoed to be super localized (aka responsive), and not record queries against it. Also if we want to we can update our config to do dns over tls against these servers. Change-Id: I8137239c2f53381afd87d420a5fe44064c669f87		2019-02-08 09:37:45 -08:00
..
defaults	Stop using OpenDNS	2019-02-08 09:37:45 -08:00
handlers	Initial pass at global opendev base job set	2019-01-28 13:59:24 -08:00
tasks	Initial pass at global opendev base job set	2019-01-28 13:59:24 -08:00
templates	Initial pass at global opendev base job set	2019-01-28 13:59:24 -08:00
vars	Initial pass at global opendev base job set	2019-01-28 13:59:24 -08:00
README.rst	Stop using OpenDNS	2019-02-08 09:37:45 -08:00

README.rst

An ansible role to dynamically configure DNS forwarders for the unbound caching service. IPv6 will be preferred when there is a usable IPv6 default route, otherwise IPv4.

Note

This is not a standalone unbound configuration role. Base setup is done during image builds in project-config:nodepool/elements/nodepool-base/finalise.d/89-unbound; here we just do dynamic configuration of forwarders based on the interfaces available on the actual host.

Role Variables