Remove configure-unbound role

This role now lives in opendev/base-jobs so to reduce confusion we clean it out of ozj. Depends-On: https://review.openstack.org/635900 Change-Id: I27971ad1bd3ef93ea04aaede76e51afe9d770b5b
2019-02-08 09:49:18 -08:00 · 2019-02-08 09:49:18 -08:00 · 10405004a5
parent d770f34bfb
commit 10405004a5
11 changed files with 0 additions and 225 deletions
--- a/roles/configure-unbound/README.rst
+++ b/roles/configure-unbound/README.rst
@ -1,48 +0,0 @@
-An ansible role to dynamically configure DNS forwarders for the
-``unbound`` caching service.  IPv6 will be preferred when there is a
-usable IPv6 default route, otherwise IPv4.
-
-.. note:: This is not a standalone unbound configuration role.  Base
-          setup is done during image builds in
-          ``project-config:nodepool/elements/nodepool-base/finalise.d/89-unbound``;
-          here we just do dynamic configuration of forwarders based on
-          the interfaces available on the actual host.
-
-**Role Variables**
-
-.. zuul:rolevar:: unbound_primary_nameserver_v4
-   :default: 208.67.222.222 (OpenDNS)
-
-   The primary IPv4 nameserver for fowarding requests
-
-.. zuul:rolevar:: unbound_secondary_nameserver_v4
-   :default: 8.8.8.8 (Google)
-
-   The secondary IPv4 nameserver for fowarding requests
-
-.. zuul:rolevar:: unbound_primary_nameserver_v6
-   :default: 2620:0:ccc::2 (OpenDNS)
-
-   The primary IPv6 nameserver for fowarding requests
-
-.. zuul:rolevar:: unbound_secondary_nameserver_v6
-   :default: 2001:4860:4860::8888 (Google)
-
-   The seconary IPv6 nameserver for fowarding requests
-
-.. zuul:rolevar:: unbound_cache_max_ttl
-   :default: 86400
-
-   Maximum TTL in seconds to keep successful queries cached for.
-
-   This TTL will have precedence if the DNS record TTL is higher.
-   For example, a TTL of 90000 would be reduced to 86400.
-
-.. zuul:rolevar:: unbound_cache_min_ttl
-   :default: 0
-
-   Minimum TTL in seconds to keep queries cached for.
-   Note that this is effective for both successful and failed queries.
-
-   This TTL will have precedence if the DNS record TTL is lower.
-   For example, a TTL of 60 would be raised to 900.
--- a/roles/configure-unbound/defaults/main.yaml
+++ b/roles/configure-unbound/defaults/main.yaml
@ -1,24 +0,0 @@
-# OpenDNS
-unbound_primary_nameserver_v6: "2620:0:ccc::2"
-unbound_primary_nameserver_v4: "208.67.222.222"
-
-# Google
-unbound_secondary_nameserver_v6: "2001:4860:4860::8888"
-unbound_secondary_nameserver_v4: "8.8.8.8"
-
-# Time to live maximum for  RRsets  and  messages  in  the  cache.
-# Default  is  86400  seconds  (1  day).  If the maximum kicks in,
-# responses to clients still get decrementing TTLs  based  on  the
-# original  (larger)  values.   When the internal TTL expires, the
-# cache item has expired.  Can be set lower to force the  resolver
-# to query for data often, and not trust (very large) TTL values.
-unbound_cache_max_ttl: 86400
-
-# Time  to  live  minimum  for  RRsets  and messages in the cache.
-# Default is 0.  If the minimum kicks in, the data is  cached  for
-# longer than the domain owner intended, and thus less queries are
-# made to look up the data.  Zero makes sure the data in the cache
-# is  as the domain owner intended, higher values, especially more
-# than an hour or so, can lead to trouble as the data in the cache
-# does not match up with the actual data any more.
-unbound_cache_min_ttl: 0
--- a/roles/configure-unbound/handlers/main.yaml
+++ b/roles/configure-unbound/handlers/main.yaml
@ -1,5 +0,0 @@
- name: Restart unbound
-  become: yes
-  service:
-    name: unbound
-    state: restarted
--- a/roles/configure-unbound/tasks/main.yaml
+++ b/roles/configure-unbound/tasks/main.yaml
@ -1,84 +0,0 @@
-# This role assumes that Unbound is already installed, fail early if it isn't.
- name: Check that Unbound is installed
-  stat:
-    path: /etc/unbound
-  register: unbound_config
-
- name: Ensure that Unbound is installed
-  assert:
-    that:
-      - unbound_config.stat.exists
-
-# ansible_default_ipv6 can either be undefined (no ipv6) or blank (no
-# routable address).  We only want to use ipv6 if it's available &
-# routable; combine these checks into this fact.
- name: Check for IPv6
-  when:
-    - hostvars[inventory_hostname]['ansible_default_ipv6'] is defined
-    - hostvars[inventory_hostname]['ansible_default_ipv6']['address'] is defined
-  set_fact:
-    unbound_use_ipv6: True
-
-# Use *only* ipv6 resolvers if ipv6 is present and routable.  This
-# avoids traversing potential NAT when using ipv4 which can be
-# unreliable.
- name: Set IPv6 nameservers
-  when:
-    - unbound_use_ipv6 is defined
-  set_fact:
-    unbound_primary_nameserver: '{{ unbound_primary_nameserver_v6 }}'
-    unbound_secondary_nameserver: '{{ unbound_secondary_nameserver_v6 }}'
-
-# Fallback to default ipv4 if there is no ipv6 available as this
-# causes timeouts and failovers that are unnecesary.
- name: Set IPv4 nameservers
-  when:
-    - unbound_use_ipv6 is not defined
-  set_fact:
-    unbound_primary_nameserver: '{{ unbound_primary_nameserver_v4 }}'
-    unbound_secondary_nameserver: '{{ unbound_secondary_nameserver_v4 }}'
-
- name: Include OS-specific variables
-  include_vars: "{{ item }}"
-  with_first_found:
-    - "{{ ansible_distribution }}.yaml"
-    - "{{ ansible_os_family }}.yaml"
-    - "default.yaml"
-
- name: Ensure Unbound conf.d directory exists
-  become: yes
-  file:
-    path: "{{ unbound_confd }}"
-    state: directory
-
-# TODO: Move this to /etc/unbound/conf.d ?
- name: Configure unbound forwarding
-  become: yes
-  template:
-    dest: /etc/unbound/forwarding.conf
-    owner: root
-    group: root
-    mode: 0644
-    src: forwarding.conf.j2
-  register: forwarding_config
-  notify:
-    - Restart unbound
-
- name: Configure unbound TTL
-  become: yes
-  template:
-    dest: "{{ unbound_confd }}/ttl.conf"
-    owner: root
-    group: root
-    mode: 0644
-    src: ttl.conf.j2
-  register: ttl_config
-  notify:
-    - Restart unbound
-
- name: Start unbound
-  become: yes
-  service:
-    name: unbound
-    state: started
-    enabled: yes
--- a/roles/configure-unbound/templates/forwarding.conf.j2
+++ b/roles/configure-unbound/templates/forwarding.conf.j2
@ -1,6 +0,0 @@
-# {{ ansible_managed }}
-
-forward-zone:
-  name: "."
-  forward-addr: {{ unbound_primary_nameserver }}
-  forward-addr: {{ unbound_secondary_nameserver }}
--- a/roles/configure-unbound/templates/ttl.conf.j2
+++ b/roles/configure-unbound/templates/ttl.conf.j2
@ -1,5 +0,0 @@
-# {{ ansible_managed }}
-
-server:
-    cache-min-ttl: {{ unbound_cache_min_ttl }}
-    cache-max-ttl: {{ unbound_cache_max_ttl }}
--- a/roles/configure-unbound/vars/Debian.yaml
+++ b/roles/configure-unbound/vars/Debian.yaml
@ -1 +0,0 @@
-unbound_confd: /etc/unbound/unbound.conf.d
--- a/roles/configure-unbound/vars/default.yaml
+++ b/roles/configure-unbound/vars/default.yaml
@ -1 +0,0 @@
-unbound_confd: /etc/unbound/conf.d
--- a/tests/base.yaml
+++ b/tests/base.yaml
@ -6,7 +6,6 @@
 # Note: set-zuul-log-path-fact is tested by emit-job-header.yaml
 - include: emit-job-header.yaml
 - include: ensure-output-dirs.yaml
- include: configure-unbound.yaml
 - include: use-cached-repos.yaml
 - include: mirror-info.yaml
 - include: configure-mirrors.yaml
--- a/tests/configure-unbound.yaml
+++ b/tests/configure-unbound.yaml
@ -1,48 +0,0 @@
- name: Test the configure-unbound role
-  hosts: all
-  roles:
-    - role: configure-unbound
-  post_tasks:
-    - name: Check that unbound is started
-      become: yes
-      service:
-        name: unbound
-        state: started
-      register: unbound_service
-
-    - name: Ensure that unbound is started
-      assert:
-        that:
-          - unbound_service is not changed
-
-    # Until nodepool no longer embeds a forwarding.conf in the image, it is
-    # safe to assume that we'll be changing the forwarding configuration
-    # because the role has logic to use v6 *or* v4 nameservers while nodepool
-    # puts all four nameservers.
-    - name: Ensure that configuration was installed
-      assert:
-        that:
-          - forwarding_config is changed
-          - ttl_config is changed
-
-    - name: Check if /etc/unbound/forwarding.conf exists
-      stat:
-        path: /etc/unbound/forwarding.conf
-      register: forwarding_file
-
-    - name: Check if /etc/unbound/conf.d/ttl.conf exists
-      stat:
-        path: "{{ unbound_confd }}/ttl.conf"
-      register: ttl_file
-
-    - name: Ensure that configuration files exist
-      assert:
-        that:
-          - forwarding_file.stat.exists
-          - ttl_file.stat.exists
-
-    # This is self-tested, no need to assert
-    - name: Do a host lookup (sanity check)
-      command: host openstack.org
-      changed_when: false
-
--- a/zuul.d/jobs.yaml
+++ b/zuul.d/jobs.yaml
@ -20,7 +20,6 @@
    run: tests/base.yaml
    files:
      - ^roles/configure-mirrors/.*
-      - ^roles/configure-unbound/.*
      - ^roles/emit-job-header/.*
      - ^roles/ensure-output-dirs/.*
      - ^roles/fetch-zuul-cloner/.*
@ -100,7 +99,6 @@
    run: tests/multinode.yaml
    files:
      - ^roles/configure-mirrors/.*
-      - ^roles/configure-unbound/.*
      - ^roles/emit-job-header/.*
      - ^roles/ensure-output-dirs/.*
      - ^roles/fetch-zuul-cloner/.*