Manage unbound on zuul workers in DIB

Currently, some parts of unbound are configured on zuul workers via puppet and other parts are configured via dib elements. As part of reducing the nodepool image builds' dependency on puppet, this patch moves the rest of what was done in the unbound puppet module to the nodepool-base DIB element. Note that while the puppet module explicitly calls for the defaults file to exist before the package is installed[1], this does not apply for an image built in a chroot where the service won't be started, so we can stick that file in with the rest of the configuration. [1] http://git.openstack.org/cgit/openstack-infra/puppet-unbound/tree/manifests/init.pp#n34 Change-Id: I3905be12acd85581a608d87ba5159cc883343a37
2017-04-03 22:50:53 +02:00 · 2017-04-03 22:50:53 +02:00 · 371263322e
parent e94c80b91e
commit 371263322e
3 changed files with 53 additions and 0 deletions
--- a/nodepool/elements/nodepool-base/element-deps
+++ b/nodepool/elements/nodepool-base/element-deps
@ -1,2 +1,3 @@
+package-installs
 puppet
 zuul-worker
--- a/nodepool/elements/nodepool-base/finalise.d/89-unbound
+++ b/nodepool/elements/nodepool-base/finalise.d/89-unbound
@ -86,3 +86,54 @@ EOF
 chmod a+x /etc/rc.local

 echo 'include: /etc/unbound/forwarding.conf' >> /etc/unbound/unbound.conf
+
+# This defaults file must be in place to work around this bug:
+# https://bugs.launchpad.net/ubuntu/+source/unbound/+bug/988513
+# The issue is fixed for Xenial so this is only required for Trusty.
+if [ "$DIB_RELEASE" == "trusty" ] ; then
+    cat > /etc/default/unbound <<EOF
+UNBOUND_ENABLE=true
+ROOT_TRUST_ANCHOR_UPDATE=true
+ROOT_TRUST_ANCHOR_FILE=/var/lib/unbound/root.key
+RESOLVCONF=true
+RESOLVCONF_FORWARDERS=false
+EOF
+fi
+
+# Tripleo uses dhcp
+dhcp_file=''
+if [[ "$DISTRO_NAME" =~ (centos|rhel7|fedora) ]] ; then
+    dhcp_file=/etc/dhcp/dhclient-eth0.conf
+elif [[ "$DISTRO_NAME" =~ (debian|ubuntu) ]] ; then
+    dhcp_file=/etc/dhcp/dhclient.conf
+fi
+if [ -n "$dhcp_file" ] ; then
+    cat > $dhcp_file <<EOF
+option rfc3442-classless-static-routes code 121 = array of unsigned integer 8;
+send host-name "<hostname>";
+request subnet-mask, broadcast-address, routers,
+    interface-mtu, rfc3442-classless-static-routes;
+supersede domain-name-servers 127.0.0.1;
+supersede domain-search "";
+supersede domain-name "";
+EOF
+fi
+
+case "$DIB_INIT_SYSTEM" in
+    upstart)
+        # nothing to do
+        ;;
+    systemd)
+        systemctl enable unbound.service
+        ;;
+    openrc)
+        # let dib-init-system's postinstall handle enabling init scripts
+        ;;
+    sysv)
+        # nothing to do
+        ;;
+    *)
+        echo "Unsupported init system $DIB_INIT_SYSTEM"
+        exit 1
+        ;;
+esac
--- a/nodepool/elements/nodepool-base/package-installs.yaml
+++ b/nodepool/elements/nodepool-base/package-installs.yaml
@ -0,0 +1 @@
+unbound: