Remove configure-unbound role

This role now lives in opendev/base-jobs so to reduce confusion we clean it out of ozj. Depends-On: https://review.openstack.org/635900 Change-Id: I27971ad1bd3ef93ea04aaede76e51afe9d770b5b
2019-02-08 09:49:18 -08:00 · 2019-02-08 09:49:18 -08:00 · 10405004a5
commit 10405004a5
parent d770f34bfb
11 changed files with 0 additions and 225 deletions
--- a/roles/configure-unbound/README.rst
+++ b/roles/configure-unbound/README.rst
@ -1,48 +0,0 @@
 An ansible role to dynamically configure DNS forwarders for the
 ``unbound`` caching service.  IPv6 will be preferred when there is a
 usable IPv6 default route, otherwise IPv4.
 .. note:: This is not a standalone unbound configuration role.  Base
          setup is done during image builds in
          ``project-config:nodepool/elements/nodepool-base/finalise.d/89-unbound``;
          here we just do dynamic configuration of forwarders based on
          the interfaces available on the actual host.
 **Role Variables**
 .. zuul:rolevar:: unbound_primary_nameserver_v4
   :default: 208.67.222.222 (OpenDNS)
   The primary IPv4 nameserver for fowarding requests
 .. zuul:rolevar:: unbound_secondary_nameserver_v4
   :default: 8.8.8.8 (Google)
   The secondary IPv4 nameserver for fowarding requests
 .. zuul:rolevar:: unbound_primary_nameserver_v6
   :default: 2620:0:ccc::2 (OpenDNS)
   The primary IPv6 nameserver for fowarding requests
 .. zuul:rolevar:: unbound_secondary_nameserver_v6
   :default: 2001:4860:4860::8888 (Google)
   The seconary IPv6 nameserver for fowarding requests
 .. zuul:rolevar:: unbound_cache_max_ttl
   :default: 86400
   Maximum TTL in seconds to keep successful queries cached for.
   This TTL will have precedence if the DNS record TTL is higher.
   For example, a TTL of 90000 would be reduced to 86400.
 .. zuul:rolevar:: unbound_cache_min_ttl
   :default: 0
   Minimum TTL in seconds to keep queries cached for.
   Note that this is effective for both successful and failed queries.
   This TTL will have precedence if the DNS record TTL is lower.
   For example, a TTL of 60 would be raised to 900.
--- a/roles/configure-unbound/defaults/main.yaml
+++ b/roles/configure-unbound/defaults/main.yaml
@ -1,24 +0,0 @@
 # OpenDNS
 unbound_primary_nameserver_v6: "2620:0:ccc::2"
 unbound_primary_nameserver_v4: "208.67.222.222"
 # Google
 unbound_secondary_nameserver_v6: "2001:4860:4860::8888"
 unbound_secondary_nameserver_v4: "8.8.8.8"
 # Time to live maximum for  RRsets  and  messages  in  the  cache.
 # Default  is  86400  seconds  (1  day).  If the maximum kicks in,
 # responses to clients still get decrementing TTLs  based  on  the
 # original  (larger)  values.   When the internal TTL expires, the
 # cache item has expired.  Can be set lower to force the  resolver
 # to query for data often, and not trust (very large) TTL values.
 unbound_cache_max_ttl: 86400
 # Time  to  live  minimum  for  RRsets  and messages in the cache.
 # Default is 0.  If the minimum kicks in, the data is  cached  for
 # longer than the domain owner intended, and thus less queries are
 # made to look up the data.  Zero makes sure the data in the cache
 # is  as the domain owner intended, higher values, especially more
 # than an hour or so, can lead to trouble as the data in the cache
 # does not match up with the actual data any more.
 unbound_cache_min_ttl: 0
--- a/roles/configure-unbound/handlers/main.yaml
+++ b/roles/configure-unbound/handlers/main.yaml
@ -1,5 +0,0 @@
 - name: Restart unbound
  become: yes
  service:
    name: unbound
    state: restarted
--- a/roles/configure-unbound/tasks/main.yaml
+++ b/roles/configure-unbound/tasks/main.yaml
@ -1,84 +0,0 @@
 # This role assumes that Unbound is already installed, fail early if it isn't.
 - name: Check that Unbound is installed
  stat:
    path: /etc/unbound
  register: unbound_config
 - name: Ensure that Unbound is installed
  assert:
    that:
      - unbound_config.stat.exists
 # ansible_default_ipv6 can either be undefined (no ipv6) or blank (no
 # routable address).  We only want to use ipv6 if it's available &
 # routable; combine these checks into this fact.
 - name: Check for IPv6
  when:
    - hostvars[inventory_hostname]['ansible_default_ipv6'] is defined
    - hostvars[inventory_hostname]['ansible_default_ipv6']['address'] is defined
  set_fact:
    unbound_use_ipv6: True
 # Use *only* ipv6 resolvers if ipv6 is present and routable.  This
 # avoids traversing potential NAT when using ipv4 which can be
 # unreliable.
 - name: Set IPv6 nameservers
  when:
    - unbound_use_ipv6 is defined
  set_fact:
    unbound_primary_nameserver: '{{ unbound_primary_nameserver_v6 }}'
    unbound_secondary_nameserver: '{{ unbound_secondary_nameserver_v6 }}'
 # Fallback to default ipv4 if there is no ipv6 available as this
 # causes timeouts and failovers that are unnecesary.
 - name: Set IPv4 nameservers
  when:
    - unbound_use_ipv6 is not defined
  set_fact:
    unbound_primary_nameserver: '{{ unbound_primary_nameserver_v4 }}'
    unbound_secondary_nameserver: '{{ unbound_secondary_nameserver_v4 }}'
 - name: Include OS-specific variables
  include_vars: "{{ item }}"
  with_first_found:
    - "{{ ansible_distribution }}.yaml"
    - "{{ ansible_os_family }}.yaml"
    - "default.yaml"
 - name: Ensure Unbound conf.d directory exists
  become: yes
  file:
    path: "{{ unbound_confd }}"
    state: directory
 # TODO: Move this to /etc/unbound/conf.d ?
 - name: Configure unbound forwarding
  become: yes
  template:
    dest: /etc/unbound/forwarding.conf
    owner: root
    group: root
    mode: 0644
    src: forwarding.conf.j2
  register: forwarding_config
  notify:
    - Restart unbound
 - name: Configure unbound TTL
  become: yes
  template:
    dest: "{{ unbound_confd }}/ttl.conf"
    owner: root
    group: root
    mode: 0644
    src: ttl.conf.j2
  register: ttl_config
  notify:
    - Restart unbound
 - name: Start unbound
  become: yes
  service:
    name: unbound
    state: started
    enabled: yes
--- a/roles/configure-unbound/templates/forwarding.conf.j2
+++ b/roles/configure-unbound/templates/forwarding.conf.j2
@ -1,6 +0,0 @@
 # {{ ansible_managed }}
 forward-zone:
  name: "."
  forward-addr: {{ unbound_primary_nameserver }}
  forward-addr: {{ unbound_secondary_nameserver }}
--- a/roles/configure-unbound/templates/ttl.conf.j2
+++ b/roles/configure-unbound/templates/ttl.conf.j2
@ -1,5 +0,0 @@
 # {{ ansible_managed }}
 server:
    cache-min-ttl: {{ unbound_cache_min_ttl }}
    cache-max-ttl: {{ unbound_cache_max_ttl }}
--- a/roles/configure-unbound/vars/Debian.yaml
+++ b/roles/configure-unbound/vars/Debian.yaml
@ -1 +0,0 @@
 unbound_confd: /etc/unbound/unbound.conf.d
--- a/roles/configure-unbound/vars/default.yaml
+++ b/roles/configure-unbound/vars/default.yaml
@ -1 +0,0 @@
 unbound_confd: /etc/unbound/conf.d
--- a/tests/base.yaml
+++ b/tests/base.yaml
@ -6,7 +6,6 @@
 # Note: set-zuul-log-path-fact is tested by emit-job-header.yaml
 - include: emit-job-header.yaml
 - include: ensure-output-dirs.yaml
 - include: configure-unbound.yaml
 - include: use-cached-repos.yaml
 - include: mirror-info.yaml
 - include: configure-mirrors.yaml
--- a/tests/configure-unbound.yaml
+++ b/tests/configure-unbound.yaml
@ -1,48 +0,0 @@
 - name: Test the configure-unbound role
  hosts: all
  roles:
    - role: configure-unbound
  post_tasks:
    - name: Check that unbound is started
      become: yes
      service:
        name: unbound
        state: started
      register: unbound_service
    - name: Ensure that unbound is started
      assert:
        that:
          - unbound_service is not changed
    # Until nodepool no longer embeds a forwarding.conf in the image, it is
    # safe to assume that we'll be changing the forwarding configuration
    # because the role has logic to use v6 *or* v4 nameservers while nodepool
    # puts all four nameservers.
    - name: Ensure that configuration was installed
      assert:
        that:
          - forwarding_config is changed
          - ttl_config is changed
    - name: Check if /etc/unbound/forwarding.conf exists
      stat:
        path: /etc/unbound/forwarding.conf
      register: forwarding_file
    - name: Check if /etc/unbound/conf.d/ttl.conf exists
      stat:
        path: "{{ unbound_confd }}/ttl.conf"
      register: ttl_file
    - name: Ensure that configuration files exist
      assert:
        that:
          - forwarding_file.stat.exists
          - ttl_file.stat.exists
    # This is self-tested, no need to assert
    - name: Do a host lookup (sanity check)
      command: host openstack.org
      changed_when: false
--- a/zuul.d/jobs.yaml
+++ b/zuul.d/jobs.yaml
@ -20,7 +20,6 @@
    run: tests/base.yaml
    files:
      - ^roles/configure-mirrors/.*
      - ^roles/configure-unbound/.*
      - ^roles/emit-job-header/.*
      - ^roles/ensure-output-dirs/.*
      - ^roles/fetch-zuul-cloner/.*
@ -100,7 +99,6 @@
    run: tests/multinode.yaml
    files:
      - ^roles/configure-mirrors/.*
      - ^roles/configure-unbound/.*
      - ^roles/emit-job-header/.*
      - ^roles/ensure-output-dirs/.*
      - ^roles/fetch-zuul-cloner/.*