tpiccioli
/
ansible-roles
forked from ISTI-ansible-roles/ansible-roles
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Unbound: Make it work on Ubuntu bionic and systemd

This commit is contained in:
Andrea Dell'Amico 2019-05-30 19:04:52 +02:00
parent ff7f2b6188
commit 6fab3bb2ef
3 changed files with 22 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
library/roles/unbound-resolver/defaults/main.yml
View File

@ -12,6 +12,7 @@ unbound_interfaces:
unbound_allowed_clients: unbound_allowed_clients:
- { cidr: '0.0.0.0/0', policy: 'allow' } - { cidr: '0.0.0.0/0', policy: 'allow' }
unbound_prefetch: 'yes'
unbound_verbosity: 1 unbound_verbosity: 1
unbound_threads: '{{ ansible_processor_count }}' unbound_threads: '{{ ansible_processor_count }}'

12
library/roles/unbound-resolver/tasks/main.yml
View File

@ -1,8 +1,7 @@
--- ---
- block: - block:
- name: Install the unbound resolver packages - name: Install the unbound resolver packages
apt: pkg={{ item }} state=latest cache_valid_time=1800 update_cache=yes apt: pkg={{ unbound_pkgs }} state=latest cache_valid_time=1800 update_cache=yes
with_items: '{{ unbound_pkgs }}'
- name: Install the unbound config files - name: Install the unbound config files
template: src={{ item }} dest=/etc/unbound/unbound.conf.d/{{ item }} template: src={{ item }} dest=/etc/unbound/unbound.conf.d/{{ item }}
@ -11,7 +10,14 @@
- unbound-remote-control.conf - unbound-remote-control.conf
notify: Restart unbound notify: Restart unbound
- name: On bionic, stop systemd-resolvd because it interferes
service: name=systemd-resolved state=stopped enabled=no
when:
- ansible_distribution == "Ubuntu"
- ansible_service_mgr == 'systemd'
- ansible_distribution_major_version >= '18'
- name: Ensure that the unbound service is started and enabled - name: Ensure that the unbound service is started and enabled
service: name=unbound state=started enabled=yes service: name=unbound state=restarted enabled=yes
tags: [ 'unbound' ] tags: [ 'unbound' ]

10
library/roles/unbound-resolver/templates/unbound-server.conf
View File

@ -2,12 +2,17 @@ server:
{% for interface in unbound_interfaces %} {% for interface in unbound_interfaces %}
interface: {{ interface }} interface: {{ interface }}
{% endfor %} {% endfor %}
{% if keepalived_install is defined and keepalived_install %}
ip-transparent: yes
{% endif %}
interface-automatic: yes
{% for net in unbound_allowed_clients %} {% for net in unbound_allowed_clients %}
access-control: {{ net.cidr }} {{ net.policy }} access-control: {{ net.cidr }} {{ net.policy }}
{% endfor %} {% endfor %}
verbosity: {{ unbound_verbosity }} verbosity: {{ unbound_verbosity }}
# use all CPUs # use all CPUs
num-threads: {{ unbound_threads }} num-threads: {{ unbound_threads }}
prefetch: {{ unbound_prefetch }}
# power of 2 close to num-threads # power of 2 close to num-threads
msg-cache-slabs: {{ unbound_threads }} msg-cache-slabs: {{ unbound_threads }}
@ -32,3 +37,8 @@ server:
# with libevent # with libevent
outgoing-range: 8192 outgoing-range: 8192
num-queries-per-thread: 4096 num-queries-per-thread: 4096
{% if ansible_service_mgr == 'systemd' %}
use-systemd: yes
do-daemonize: no
{% endif %}