90 lines
2.8 KiB
YAML
90 lines
2.8 KiB
YAML
---
|
|
# Copyright 2021 Red Hat, Inc.
|
|
# All Rights Reserved.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
- name: Gather SELinux fact if needed
|
|
when:
|
|
- ansible_facts.selinux is undefined
|
|
setup:
|
|
gather_subset:
|
|
- "!all"
|
|
- "!min"
|
|
- "selinux"
|
|
|
|
- name: create fcontext entry for unbound config content
|
|
when:
|
|
- ansible_facts.selinux.status == "enabled"
|
|
sefcontext:
|
|
target: "{{ tripleo_unbound_config_basedir }}(/.*)?"
|
|
setype: container_file_t
|
|
selevel: s0
|
|
state: present
|
|
|
|
- name: If specified, configure Unbound to listen on a specific IP address
|
|
import_tasks: collocated_bind.yml
|
|
when:
|
|
- tripleo_unbound_listen_interfaces is defined
|
|
- tripleo_unbound_designate_integration|bool
|
|
- (tripleo_unbound_bind_network is defined) and (tripleo_unbound_bind_network|length > 0)
|
|
|
|
- name: create directory {{ tripleo_unbound_config_basedir }}
|
|
become: true
|
|
ansible.builtin.file:
|
|
path: "{{ tripleo_unbound_config_basedir }}"
|
|
recurse: true
|
|
state: directory
|
|
selevel: s0
|
|
setype: container_file_t
|
|
|
|
- name: Create the base TripleO Unbound configuration file
|
|
become: true
|
|
ansible.builtin.template:
|
|
src: tripleo-base-unbound.conf.j2
|
|
dest: "{{ tripleo_unbound_config_basedir }}/tripleo-base-unbound.conf"
|
|
mode: '0640'
|
|
selevel: s0
|
|
setype: container_file_t
|
|
register: _unbound_config_result
|
|
|
|
- name: Create the TripleO Unbound forwarders configuration file
|
|
become: true
|
|
ansible.builtin.template:
|
|
src: tripleo-forwarder-unbound.conf.j2
|
|
dest: "{{ tripleo_unbound_config_basedir }}/tripleo-forwarder-unbound.conf"
|
|
mode: '0640'
|
|
selevel: s0
|
|
setype: container_file_t
|
|
when:
|
|
- tripleo_unbound_forward_resolvers is defined and tripleo_unbound_forward_resolvers != ""
|
|
register: _unbound_fwd_config_result
|
|
|
|
- name: Restart Unbound
|
|
when:
|
|
- _unbound_config_result.changed or _unbound_fwd_config_result.changed
|
|
block:
|
|
- name: check if tripleo_unbound systemd service is active
|
|
become: true
|
|
shell: systemctl is-active --quiet tripleo_unbound
|
|
failed_when: false
|
|
register: unbound_active_service
|
|
|
|
- name: Restart the Unbound container
|
|
become: true
|
|
systemd:
|
|
name: tripleo_unbound
|
|
state: restarted
|
|
when:
|
|
- unbound_active_service.rc == 0
|