879caaa9fa
The Cloudflare DNS we are using in the disable-unbound CI environment for OpenShift works fine in CI, but my ISP seems to block it. This makes reproducing that job locally difficult. I had success with the secondary DNS from Cloudflare, so this patch just adds that to the resolv.conf. If we were going to keep this disable-unbound solution for a long time it would probably be better to have this be a template and allow user configuration. However, my understanding is that this is a temporary solution, so investing in complicated patches to wire in a configuration option that will go away seems like wasted effort. Change-Id: I7b93efcd76b651807dff3c18885b8d291feffd3e
61 lines
1.5 KiB
YAML
61 lines
1.5 KiB
YAML
heat_template_version: rocky
|
|
|
|
description: >
|
|
Disable Unbound Service
|
|
|
|
parameters:
|
|
RoleNetIpMap:
|
|
default: {}
|
|
type: json
|
|
ServiceData:
|
|
default: {}
|
|
description: Dictionary packing service data
|
|
type: json
|
|
ServiceNetMap:
|
|
default: {}
|
|
description: Mapping of service_name -> network name. Typically set
|
|
via parameter_defaults in the resource registry. This
|
|
mapping overrides those in ServiceNetMapDefaults.
|
|
type: json
|
|
DefaultPasswords:
|
|
default: {}
|
|
type: json
|
|
RoleName:
|
|
default: ''
|
|
description: Role name on which the service is applied
|
|
type: string
|
|
RoleParameters:
|
|
default: {}
|
|
description: Parameters specific to the role
|
|
type: json
|
|
EndpointMap:
|
|
default: {}
|
|
description: Mapping of service endpoint -> protocol. Typically set
|
|
via parameter_defaults in the resource registry.
|
|
type: json
|
|
Debug:
|
|
type: boolean
|
|
default: false
|
|
description: Set to True to enable debugging on all services.
|
|
|
|
resources:
|
|
|
|
outputs:
|
|
role_data:
|
|
description: Role data for the multinode firewall configuration
|
|
value:
|
|
service_name: disable_unbound
|
|
host_prep_tasks:
|
|
- name: Disable unbound
|
|
service:
|
|
name: unbound
|
|
state: stopped
|
|
enabled: false
|
|
ignore_errors: true
|
|
- name: Set resolv.conf
|
|
copy:
|
|
content: "nameserver 1.1.1.1\nnameserver 1.0.0.1"
|
|
dest: /etc/resolv.conf
|
|
force: yes
|
|
mode: '0644'
|