Manage unbound on zuul workers in DIB

Currently, some parts of unbound are configured on zuul workers via
puppet and other parts are configured via dib elements.  As part of
reducing the nodepool image builds' dependency on puppet, this patch
moves the rest of what was done in the unbound puppet module to the
nodepool-base DIB element.

Note that while the puppet module explicitly calls for the defaults file
to exist before the package is installed[1], this does not apply for an
image built in a chroot where the service won't be started, so we can
stick that file in with the rest of the configuration.

[1] http://git.openstack.org/cgit/openstack-infra/puppet-unbound/tree/manifests/init.pp#n34

Change-Id: I3905be12acd85581a608d87ba5159cc883343a37
This commit is contained in:
Colleen Murphy 2017-04-03 22:50:53 +02:00 committed by Colleen Murphy
parent e94c80b91e
commit 371263322e
3 changed files with 53 additions and 0 deletions

View File

@ -1,2 +1,3 @@
package-installs
puppet
zuul-worker

View File

@ -86,3 +86,54 @@ EOF
chmod a+x /etc/rc.local
echo 'include: /etc/unbound/forwarding.conf' >> /etc/unbound/unbound.conf
# This defaults file must be in place to work around this bug:
# https://bugs.launchpad.net/ubuntu/+source/unbound/+bug/988513
# The issue is fixed for Xenial so this is only required for Trusty.
if [ "$DIB_RELEASE" == "trusty" ] ; then
cat > /etc/default/unbound <<EOF
UNBOUND_ENABLE=true
ROOT_TRUST_ANCHOR_UPDATE=true
ROOT_TRUST_ANCHOR_FILE=/var/lib/unbound/root.key
RESOLVCONF=true
RESOLVCONF_FORWARDERS=false
EOF
fi
# Tripleo uses dhcp
dhcp_file=''
if [[ "$DISTRO_NAME" =~ (centos|rhel7|fedora) ]] ; then
dhcp_file=/etc/dhcp/dhclient-eth0.conf
elif [[ "$DISTRO_NAME" =~ (debian|ubuntu) ]] ; then
dhcp_file=/etc/dhcp/dhclient.conf
fi
if [ -n "$dhcp_file" ] ; then
cat > $dhcp_file <<EOF
option rfc3442-classless-static-routes code 121 = array of unsigned integer 8;
send host-name "<hostname>";
request subnet-mask, broadcast-address, routers,
interface-mtu, rfc3442-classless-static-routes;
supersede domain-name-servers 127.0.0.1;
supersede domain-search "";
supersede domain-name "";
EOF
fi
case "$DIB_INIT_SYSTEM" in
upstart)
# nothing to do
;;
systemd)
systemctl enable unbound.service
;;
openrc)
# let dib-init-system's postinstall handle enabling init scripts
;;
sysv)
# nothing to do
;;
*)
echo "Unsupported init system $DIB_INIT_SYSTEM"
exit 1
;;
esac

View File

@ -0,0 +1 @@
unbound: