Unbound: remove incorrect config of forwarding
Configuring forwarders is only valid if tripleo_unbound_forward_resolvers is defined and should also never be set to bind servers that are meant to be authoritative. The intention is that the forwarder configuration only be generated if tripleo_unbound_forward_resolvers is configured with actual values. This patch includes a fix to the conditional to skip creating the file and also removes it in case it the deployment parameters no longer include tripleo_unbound_forward_resolvers on redeploy. Change-Id: I116253b60df1dc41237e06db9f6938c2bd3edd2e
This commit is contained in:
parent
e816c747d8
commit
e858bbdd8d
|
@ -60,7 +60,16 @@
|
||||||
selevel: s0
|
selevel: s0
|
||||||
setype: container_file_t
|
setype: container_file_t
|
||||||
when:
|
when:
|
||||||
- tripleo_unbound_forward_resolvers is defined and tripleo_unbound_forward_resolvers != ""
|
- tripleo_unbound_forward_resolvers is defined and ( tripleo_unbound_forward_resolvers | length ) > 0
|
||||||
|
register: _unbound_fwd_config_result
|
||||||
|
|
||||||
|
- name: Remove the TripleO Unbound forwarders configuration if no forwarders are configured
|
||||||
|
become: true
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: "{{ tripleo_unbound_config_basedir }}/tripleo-forwarder-unbound.conf"
|
||||||
|
state: absent
|
||||||
|
when:
|
||||||
|
- tripleo_unbound_forward_resolvers is not defined or ( tripleo_unbound_forward_resolvers | length ) == 0
|
||||||
register: _unbound_fwd_config_result
|
register: _unbound_fwd_config_result
|
||||||
|
|
||||||
- name: Restart Unbound
|
- name: Restart Unbound
|
||||||
|
|
|
@ -19,16 +19,6 @@ forward-zone:
|
||||||
{% for forwarder in tripleo_unbound_forward_resolvers %}
|
{% for forwarder in tripleo_unbound_forward_resolvers %}
|
||||||
forward-addr: {{ forwarder }}
|
forward-addr: {{ forwarder }}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{% if tripleo_unbound_forward_resolvers|length == 0 %}
|
|
||||||
{% if groups.designate_bind is defined %}
|
|
||||||
{% for server in groups.designate_bind %}
|
|
||||||
forward-addr: {{ hostvars[server].tripleo_dns_listen_interfaces[0] }}
|
|
||||||
{% endfor %}
|
|
||||||
{% endif %}
|
|
||||||
{% for server in tripleo_external_bind_servers %}
|
|
||||||
forward-addr: {{ server.host }}
|
|
||||||
{% endfor %}
|
|
||||||
{% endif %}
|
|
||||||
{% if tripleo_unbound_forward_fallback and tripleo_unbound_allow_recursion %}
|
{% if tripleo_unbound_forward_fallback and tripleo_unbound_allow_recursion %}
|
||||||
forward-first: yes
|
forward-first: yes
|
||||||
{% else %}
|
{% else %}
|
||||||
|
|
Loading…
Reference in New Issue