6565b3c140
We are seeing a problem on Fedora where it appears on hosts without configured ipv6 unbound chooses to send queries via the ipv6 forwarders and then returns DNS failures. An upstream issue has been filed [1], but it remains unclear exactly why this happens on Fedora but not other platforms. However, having ipv6 forwarders is not always correct. Not all our platforms have glean support for ipv6 configuration, nor do all our providers provide ipv6 transit. Therefore, ipv4 is the lowest common denominator across all platforms. Even those who are "ipv6 only" still provide ipv4 via NAT -- originally it was the unreliability of this NAT transit that lead to unbound being used in the first place. It should be noted that in most all jobs, the configure-unbound role [2] called from the base-job will re-write the forwarding information and configure ipv4/6 correctly during the base job depending on the node & provider support. Thus this only really affects some of the openstack-zuul-jobs/system-config integration jobs, where we start out without unbound configured because we're actually *testing* the unbound configuration role. An additional complication is that we want to keep backwards compatability and populate the settings if NODEPOOL_STATIC_NAMESERVER_V6 is explicitly set -- this is sometimes required if you building infra-style images and are within a corporate network that disallows outbound DNS queries for example. Thus by default only populate ipv4 forwarders, unless explicitly asked to add ipv6 with the new variable or the static v6 nameservers are explicitly specified. [1] https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=4188 [2] http://git.openstack.org/cgit/openstack-infra/openstack-zuul-jobs/tree/roles/configure-unbound Change-Id: If060455e163266b2c3e72b4a2ac2838a61859496 |
||
|---|---|---|
| accessbot | ||
| dev/gerrit | ||
| docs-site | ||
| gerrit | ||
| gerritbot | ||
| grafana | ||
| nodepool | ||
| playbooks | ||
| roles | ||
| specs | ||
| tests | ||
| tools | ||
| zuul | ||
| zuul.d | ||
| .gitignore | ||
| .gitreview | ||
| CONTRIBUTING.rst | ||
| LICENSE | ||
| README.rst | ||
| REVIEWING.rst | ||
| bindep.txt | ||
| test-requirements.txt | ||
| tox.ini | ||
README.rst
OpenStack Infra Config Files
This repo contains a set of config files that are consumed by the openstack-infra/system-config puppet modules in order to deploy and configure the OpenStack Infrastructure. You should edit these files to make configuration changes to the OpenStack Infrastructure.
accessbot
This dir contains the IRC access bot channel config. This config file is used to specify which channels are managed by the infra team and the permissions assigned to nicks in those channels.
gerrit
This dir contains the main project registry in projects.yaml along with all of the gerrit project ACLs in the acls subdir. You will need to edit these files to add new projects to Gerrit.
See the Creator's Guide in the Infra Manual for info on adding projects.
gerritbot
This dir contains the gerritbot channel config file. Edit this file to add the gerritbot to your IRC channels for gerrit event messages.
grafana
This dir contains dashboards to display at http://grafana.openstack.org/. Add new files to create additional dashboards or edit the existing ones to enhance the dashboards.
nodepool
This dir contains the nodepool scripts and nodepool disk image builder elements that are used to build the images we boot build nodes off of. Edit these files if you need to modify the base images that Nodepool creates for Zuul to run content on.
specs
This dir contains the index.html file for the http://specs.openstack.org site. Edit this file if you are adding and removing projects from that site.
Static Web Hosting Documentation
zuul
This dir contains the zuul main.yaml file which defines the Zuul tenants and the system-variables.yaml file which contains some global variables. Edit these files to add, remove or rename a project from Zuul.
dev
This dir contains config files for the development deployments of the above services.