From e858bbdd8d237da72bf8bd1c3794dc7c11df1827 Mon Sep 17 00:00:00 2001
From: Brent Eagles <beagles@redhat.com>
Date: Mon, 15 Aug 2022 13:31:28 -0230
Subject: [PATCH] Unbound: remove incorrect config of forwarding

Configuring forwarders is only valid if
tripleo_unbound_forward_resolvers is defined and should also never be
set to bind servers that are meant to be authoritative.

The intention is that the forwarder configuration only be generated if
tripleo_unbound_forward_resolvers is configured with actual values.
This patch includes a fix to the conditional to skip creating the file
and also removes it in case it the deployment parameters no longer
include tripleo_unbound_forward_resolvers on redeploy.

Change-Id: I116253b60df1dc41237e06db9f6938c2bd3edd2e
---
 tripleo_ansible/roles/tripleo_unbound/tasks/main.yml  | 11 ++++++++++-
 .../templates/tripleo-forwarder-unbound.conf.j2       | 10 ----------
 2 files changed, 10 insertions(+), 11 deletions(-)

diff --git a/tripleo_ansible/roles/tripleo_unbound/tasks/main.yml b/tripleo_ansible/roles/tripleo_unbound/tasks/main.yml
index 6a3fe72be..83d924e11 100644
--- a/tripleo_ansible/roles/tripleo_unbound/tasks/main.yml
+++ b/tripleo_ansible/roles/tripleo_unbound/tasks/main.yml
@@ -60,7 +60,16 @@
     selevel: s0
     setype: container_file_t
   when:
-    - tripleo_unbound_forward_resolvers is defined and tripleo_unbound_forward_resolvers != ""
+    - tripleo_unbound_forward_resolvers is defined and ( tripleo_unbound_forward_resolvers | length ) > 0
+  register: _unbound_fwd_config_result
+
+- name: Remove the TripleO Unbound forwarders configuration if no forwarders are configured
+  become: true
+  ansible.builtin.file:
+    path: "{{ tripleo_unbound_config_basedir }}/tripleo-forwarder-unbound.conf"
+    state: absent
+  when:
+    - tripleo_unbound_forward_resolvers is not defined or ( tripleo_unbound_forward_resolvers | length ) == 0
   register: _unbound_fwd_config_result
 
 - name: Restart Unbound
diff --git a/tripleo_ansible/roles/tripleo_unbound/templates/tripleo-forwarder-unbound.conf.j2 b/tripleo_ansible/roles/tripleo_unbound/templates/tripleo-forwarder-unbound.conf.j2
index ceb6277ea..824cda4ff 100644
--- a/tripleo_ansible/roles/tripleo_unbound/templates/tripleo-forwarder-unbound.conf.j2
+++ b/tripleo_ansible/roles/tripleo_unbound/templates/tripleo-forwarder-unbound.conf.j2
@@ -19,16 +19,6 @@ forward-zone:
 {% for forwarder in tripleo_unbound_forward_resolvers %}
     forward-addr: {{ forwarder }}
 {% endfor %}
-{% if tripleo_unbound_forward_resolvers|length == 0 %}
-{% if groups.designate_bind is defined %}
-{% for server in groups.designate_bind %}
-    forward-addr: {{ hostvars[server].tripleo_dns_listen_interfaces[0] }}
-{% endfor %}
-{% endif %}
-{% for server in tripleo_external_bind_servers %}
-    forward-addr: {{ server.host }}
-{% endfor %}
-{% endif %}
 {% if tripleo_unbound_forward_fallback and tripleo_unbound_allow_recursion %}
     forward-first: yes
 {% else %}