From 6fab3bb2ef55bbe587b8c5c91b87701c27f60ce3 Mon Sep 17 00:00:00 2001
From: Andrea Dell'Amico <andrea.dellamico@isti.cnr.it>
Date: Thu, 30 May 2019 19:04:52 +0200
Subject: [PATCH] Unbound: Make it work on Ubuntu bionic and systemd

---
 library/roles/unbound-resolver/defaults/main.yml |  1 +
 library/roles/unbound-resolver/tasks/main.yml    | 16 +++++++++++-----
 .../templates/unbound-server.conf                | 10 ++++++++++
 3 files changed, 22 insertions(+), 5 deletions(-)

diff --git a/library/roles/unbound-resolver/defaults/main.yml b/library/roles/unbound-resolver/defaults/main.yml
index 33d8ac36..8bbe8970 100644
--- a/library/roles/unbound-resolver/defaults/main.yml
+++ b/library/roles/unbound-resolver/defaults/main.yml
@@ -12,6 +12,7 @@ unbound_interfaces:
 unbound_allowed_clients:
   - { cidr: '0.0.0.0/0', policy: 'allow' }
   
+unbound_prefetch: 'yes'
 unbound_verbosity: 1
 unbound_threads: '{{ ansible_processor_count }}'
 
diff --git a/library/roles/unbound-resolver/tasks/main.yml b/library/roles/unbound-resolver/tasks/main.yml
index 822bafe7..d41a2b1f 100644
--- a/library/roles/unbound-resolver/tasks/main.yml
+++ b/library/roles/unbound-resolver/tasks/main.yml
@@ -1,8 +1,7 @@
 ---
 - block:
   - name: Install the unbound resolver packages
-    apt: pkg={{ item }} state=latest cache_valid_time=1800 update_cache=yes
-    with_items: '{{ unbound_pkgs }}'
+    apt: pkg={{ unbound_pkgs }} state=latest cache_valid_time=1800 update_cache=yes
 
   - name: Install the unbound config files
     template: src={{ item }} dest=/etc/unbound/unbound.conf.d/{{ item }}
@@ -11,7 +10,14 @@
       - unbound-remote-control.conf
     notify: Restart unbound
   
-  - name: Ensure that the unbound service is started and enabled
-    service: name=unbound state=started enabled=yes    
+  - name: On bionic, stop systemd-resolvd because it interferes
+    service: name=systemd-resolved state=stopped enabled=no
+    when:
+      - ansible_distribution == "Ubuntu"
+      - ansible_service_mgr == 'systemd'
+      - ansible_distribution_major_version >= '18'
 
-  tags: [ 'unbound' ]
\ No newline at end of file
+  - name: Ensure that the unbound service is started and enabled
+    service: name=unbound state=restarted enabled=yes    
+
+  tags: [ 'unbound' ]
diff --git a/library/roles/unbound-resolver/templates/unbound-server.conf b/library/roles/unbound-resolver/templates/unbound-server.conf
index c59cfcef..07f09e3e 100644
--- a/library/roles/unbound-resolver/templates/unbound-server.conf
+++ b/library/roles/unbound-resolver/templates/unbound-server.conf
@@ -2,12 +2,17 @@ server:
 {% for interface in unbound_interfaces %}
 	interface: {{ interface }}
 {% endfor %}
+{% if keepalived_install is defined and keepalived_install %}
+        ip-transparent: yes
+{% endif %}
+        interface-automatic: yes
 {% for net in unbound_allowed_clients %}
         access-control: {{ net.cidr }} {{ net.policy }}
 {% endfor %}
         verbosity: {{ unbound_verbosity }}
         # use all CPUs
         num-threads: {{ unbound_threads }}
+        prefetch: {{ unbound_prefetch }}
 	
         # power of 2 close to num-threads  
         msg-cache-slabs: {{ unbound_threads }}
@@ -32,3 +37,8 @@ server:
         # with libevent
         outgoing-range: 8192
         num-queries-per-thread: 4096 
+{% if ansible_service_mgr == 'systemd' %}
+        use-systemd: yes
+        do-daemonize: no
+{% endif %}
+