openstack
/
tripleo-ansible
Code Issues Proposed changes

Unbound: remove incorrect config of forwarding 

Configuring forwarders is only valid if
tripleo_unbound_forward_resolvers is defined and should also never be
set to bind servers that are meant to be authoritative.

The intention is that the forwarder configuration only be generated if
tripleo_unbound_forward_resolvers is configured with actual values.
This patch includes a fix to the conditional to skip creating the file
and also removes it in case it the deployment parameters no longer
include tripleo_unbound_forward_resolvers on redeploy.

Change-Id: I116253b60df1dc41237e06db9f6938c2bd3edd2e
This commit is contained in:
Brent Eagles 2022-08-15 13:31:28 -02:30
parent e816c747d8
commit e858bbdd8d
2 changed files with 10 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
tripleo_ansible/roles/tripleo_unbound/tasks/main.yml
View File

@ -60,7 +60,16 @@
selevel: s0
setype: container_file_t
when:
- tripleo_unbound_forward_resolvers is defined and tripleo_unbound_forward_resolvers != ""
- tripleo_unbound_forward_resolvers is defined and ( tripleo_unbound_forward_resolvers | length ) > 0
register: _unbound_fwd_config_result
- name: Remove the TripleO Unbound forwarders configuration if no forwarders are configured
become: true
ansible.builtin.file:
path: "{{ tripleo_unbound_config_basedir }}/tripleo-forwarder-unbound.conf"
state: absent
when:
- tripleo_unbound_forward_resolvers is not defined or ( tripleo_unbound_forward_resolvers | length ) == 0
register: _unbound_fwd_config_result
- name: Restart Unbound

10
tripleo_ansible/roles/tripleo_unbound/templates/tripleo-forwarder-unbound.conf.j2
View File

@ -19,16 +19,6 @@ forward-zone:
{% for forwarder in tripleo_unbound_forward_resolvers %}
forward-addr: {{ forwarder }}
{% endfor %}
{% if tripleo_unbound_forward_resolvers|length == 0 %}
{% if groups.designate_bind is defined %}
{% for server in groups.designate_bind %}
forward-addr: {{ hostvars[server].tripleo_dns_listen_interfaces[0] }}
{% endfor %}
{% endif %}
{% for server in tripleo_external_bind_servers %}
forward-addr: {{ server.host }}
{% endfor %}
{% endif %}
{% if tripleo_unbound_forward_fallback and tripleo_unbound_allow_recursion %}
forward-first: yes
{% else %}