From 371263322e0615499af2a6527b02444ca3975f21 Mon Sep 17 00:00:00 2001
From: Colleen Murphy <colleen@gazlene.net>
Date: Mon, 3 Apr 2017 22:50:53 +0200
Subject: [PATCH] Manage unbound on zuul workers in DIB

Currently, some parts of unbound are configured on zuul workers via
puppet and other parts are configured via dib elements.  As part of
reducing the nodepool image builds' dependency on puppet, this patch
moves the rest of what was done in the unbound puppet module to the
nodepool-base DIB element.

Note that while the puppet module explicitly calls for the defaults file
to exist before the package is installed[1], this does not apply for an
image built in a chroot where the service won't be started, so we can
stick that file in with the rest of the configuration.

[1] http://git.openstack.org/cgit/openstack-infra/puppet-unbound/tree/manifests/init.pp#n34

Change-Id: I3905be12acd85581a608d87ba5159cc883343a37
---
 nodepool/elements/nodepool-base/element-deps  |  1 +
 .../nodepool-base/finalise.d/89-unbound       | 51 +++++++++++++++++++
 .../nodepool-base/package-installs.yaml       |  1 +
 3 files changed, 53 insertions(+)
 create mode 100644 nodepool/elements/nodepool-base/package-installs.yaml

diff --git a/nodepool/elements/nodepool-base/element-deps b/nodepool/elements/nodepool-base/element-deps
index 636fddb8ab..05e395689a 100644
--- a/nodepool/elements/nodepool-base/element-deps
+++ b/nodepool/elements/nodepool-base/element-deps
@@ -1,2 +1,3 @@
+package-installs
 puppet
 zuul-worker
diff --git a/nodepool/elements/nodepool-base/finalise.d/89-unbound b/nodepool/elements/nodepool-base/finalise.d/89-unbound
index b9397fd0bf..7623a7dda4 100755
--- a/nodepool/elements/nodepool-base/finalise.d/89-unbound
+++ b/nodepool/elements/nodepool-base/finalise.d/89-unbound
@@ -86,3 +86,54 @@ EOF
 chmod a+x /etc/rc.local
 
 echo 'include: /etc/unbound/forwarding.conf' >> /etc/unbound/unbound.conf
+
+# This defaults file must be in place to work around this bug:
+# https://bugs.launchpad.net/ubuntu/+source/unbound/+bug/988513
+# The issue is fixed for Xenial so this is only required for Trusty.
+if [ "$DIB_RELEASE" == "trusty" ] ; then
+    cat > /etc/default/unbound <<EOF
+UNBOUND_ENABLE=true
+ROOT_TRUST_ANCHOR_UPDATE=true
+ROOT_TRUST_ANCHOR_FILE=/var/lib/unbound/root.key
+RESOLVCONF=true
+RESOLVCONF_FORWARDERS=false
+EOF
+fi
+
+# Tripleo uses dhcp
+dhcp_file=''
+if [[ "$DISTRO_NAME" =~ (centos|rhel7|fedora) ]] ; then
+    dhcp_file=/etc/dhcp/dhclient-eth0.conf
+elif [[ "$DISTRO_NAME" =~ (debian|ubuntu) ]] ; then
+    dhcp_file=/etc/dhcp/dhclient.conf
+fi
+if [ -n "$dhcp_file" ] ; then
+    cat > $dhcp_file <<EOF
+option rfc3442-classless-static-routes code 121 = array of unsigned integer 8;
+send host-name "<hostname>";
+request subnet-mask, broadcast-address, routers,
+    interface-mtu, rfc3442-classless-static-routes;
+supersede domain-name-servers 127.0.0.1;
+supersede domain-search "";
+supersede domain-name "";
+EOF
+fi
+
+case "$DIB_INIT_SYSTEM" in
+    upstart)
+        # nothing to do
+        ;;
+    systemd)
+        systemctl enable unbound.service
+        ;;
+    openrc)
+        # let dib-init-system's postinstall handle enabling init scripts
+        ;;
+    sysv)
+        # nothing to do
+        ;;
+    *)
+        echo "Unsupported init system $DIB_INIT_SYSTEM"
+        exit 1
+        ;;
+esac
diff --git a/nodepool/elements/nodepool-base/package-installs.yaml b/nodepool/elements/nodepool-base/package-installs.yaml
new file mode 100644
index 0000000000..94895cb3c4
--- /dev/null
+++ b/nodepool/elements/nodepool-base/package-installs.yaml
@@ -0,0 +1 @@
+unbound: