Merge "elements/ndoepool-base: only initially populate ipv4 nameservers"
This commit is contained in:
commit
2c30704192
|
@ -6,14 +6,26 @@ Tasks to deal with image metadata and other Nodepool cloud specific tweaks.
|
|||
|
||||
Environment variables:
|
||||
|
||||
`NODEPOOL_SCRIPTDIR` path to copy Nodepool scripts from. It is set
|
||||
``NODEPOOL_SCRIPTDIR`` path to copy Nodepool scripts from. It is set
|
||||
automatically by Nodepool. For local hacking override it to where your scripts
|
||||
are. Default:
|
||||
`$TMP_MOUNT_PATH/opt/git/openstack-infra/project-config/nodepool/scripts`.
|
||||
``$TMP_MOUNT_PATH/opt/git/openstack-infra/project-config/nodepool/scripts``.
|
||||
|
||||
Name resolution
|
||||
---------------
|
||||
|
||||
The image should have the unbound DNS resolver package installed, the
|
||||
nodepool-base element then configures it to forward DNS queries to:
|
||||
`NODEPOOL_STATIC_NAMESERVER_V6`, default: `2620:0:ccc::2`
|
||||
`NODEPOOL_STATIC_NAMESERVER_V4`, default: `208.67.222.222`
|
||||
`NODEPOOL_STATIC_NAMESERVER_V6_FALLBACK`, default: `2001:4860:4860::8888`
|
||||
`NODEPOOL_STATIC_NAMESERVER_V4_FALLBACK`, default: `8.8.8.8`.
|
||||
``nodepool-base`` element then configures it to forward DNS queries
|
||||
to:
|
||||
|
||||
``NODEPOOL_STATIC_NAMESERVER_V4``, default: ``208.67.222.222``
|
||||
``NODEPOOL_STATIC_NAMESERVER_V4_FALLBACK``, default: ``8.8.8.8``.
|
||||
|
||||
If ``NODEPOOL_STATIC_NAMESERVER_POPULATE_IPV6`` is set to ``1`` then
|
||||
the following two servers will be configured as forwarders too
|
||||
|
||||
``NODEPOOL_STATIC_NAMESERVER_V6``, default: ``2620:0:ccc::2``
|
||||
``NODEPOOL_STATIC_NAMESERVER_V6_FALLBACK``, default: ``2001:4860:4860::8888``
|
||||
|
||||
Note externally setting either of these values implies
|
||||
``NODEPOOL_STATIC_NAMESERVER_POPULATE_IPV6=1``
|
||||
|
|
|
@ -21,11 +21,29 @@ if [ ${DIB_DEBUG_TRACE:-0} -gt 0 ]; then
|
|||
fi
|
||||
set -e
|
||||
|
||||
NODEPOOL_STATIC_NAMESERVER_V6=${NODEPOOL_STATIC_NAMESERVER_V6:-2620:0:ccc::2}
|
||||
#
|
||||
# Note that in OpenStack infra, the configure-unbound role [1] that is
|
||||
# part of the base jobs will reconfigure unbound based on the host's
|
||||
# ipv6 support very early in the job setup. Thus the following
|
||||
# forwarder setup is only relevant to the initial boot and some parts
|
||||
# of the integration-tests before configure-unbound role is used.
|
||||
#
|
||||
# [1] http://git.openstack.org/cgit/openstack-infra/openstack-zuul-jobs/tree/roles/configure-unbound
|
||||
#
|
||||
|
||||
NODEPOOL_STATIC_NAMESERVER_V4=${NODEPOOL_STATIC_NAMESERVER_V4:-208.67.222.222}
|
||||
NODEPOOL_STATIC_NAMESERVER_V6_FALLBACK=${NODEPOOL_STATIC_NAMESERVER_V6_FALLBACK:-2001:4860:4860::8888}
|
||||
NODEPOOL_STATIC_NAMESERVER_V4_FALLBACK=${NODEPOOL_STATIC_NAMESERVER_V4_FALLBACK:-8.8.8.8}
|
||||
dd of=/tmp/forwarding.conf <<EOF
|
||||
|
||||
# Explicitly setting a v6 nameserver implies you want ipv6
|
||||
if [[ -n ${NODEPOOL_STATIC_NAMESERVER_V6:-} || -n ${NODEPOOL_STATIC_NAMESERVER_V6_FALLBACK} ]]; then
|
||||
NODEPOOL_STATIC_NAMESERVER_POPULATE_IPV6=1
|
||||
fi
|
||||
|
||||
if [[ ${NODEPOOL_STATIC_NAMESERVER_POPULATE_IPV6:-0} == 1 ]]; then
|
||||
NODEPOOL_STATIC_NAMESERVER_V6=${NODEPOOL_STATIC_NAMESERVER_V6:-2620:0:ccc::2}
|
||||
NODEPOOL_STATIC_NAMESERVER_V6_FALLBACK=${NODEPOOL_STATIC_NAMESERVER_V6_FALLBACK:-2001:4860:4860::8888}
|
||||
|
||||
dd of=/tmp/forwarding.conf <<EOF
|
||||
forward-zone:
|
||||
name: "."
|
||||
forward-addr: $NODEPOOL_STATIC_NAMESERVER_V6
|
||||
|
@ -33,6 +51,18 @@ forward-zone:
|
|||
forward-addr: $NODEPOOL_STATIC_NAMESERVER_V4
|
||||
forward-addr: $NODEPOOL_STATIC_NAMESERVER_V4_FALLBACK
|
||||
EOF
|
||||
else
|
||||
# Otherwise, only populate ipv4 nameservers here. We used to just
|
||||
# do both, but we found it unreliable on hosts/platforms without
|
||||
# ipv6 support (see
|
||||
# https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=4188).
|
||||
dd of=/tmp/forwarding.conf <<EOF
|
||||
forward-zone:
|
||||
name: "."
|
||||
forward-addr: $NODEPOOL_STATIC_NAMESERVER_V4
|
||||
forward-addr: $NODEPOOL_STATIC_NAMESERVER_V4_FALLBACK
|
||||
EOF
|
||||
fi
|
||||
|
||||
mv /tmp/forwarding.conf /etc/unbound/
|
||||
chown root:root /etc/unbound/forwarding.conf
|
||||
|
|
Loading…
Reference in New Issue