Unbound: Make it work on Ubuntu bionic and systemd

2019-05-30 19:04:52 +02:00 · 2019-05-30 19:04:52 +02:00 · 6fab3bb2ef
parent ff7f2b6188
commit 6fab3bb2ef
3 changed files with 22 additions and 5 deletions
--- a/library/roles/unbound-resolver/defaults/main.yml
+++ b/library/roles/unbound-resolver/defaults/main.yml
@ -12,6 +12,7 @@ unbound_interfaces:
 unbound_allowed_clients:
  - { cidr: '0.0.0.0/0', policy: 'allow' }
  
+unbound_prefetch: 'yes'
 unbound_verbosity: 1
 unbound_threads: '{{ ansible_processor_count }}'

--- a/library/roles/unbound-resolver/tasks/main.yml
+++ b/library/roles/unbound-resolver/tasks/main.yml
@ -1,8 +1,7 @@
 ---
 - block:
  - name: Install the unbound resolver packages
-    apt: pkg={{ item }} state=latest cache_valid_time=1800 update_cache=yes
-    with_items: '{{ unbound_pkgs }}'
+    apt: pkg={{ unbound_pkgs }} state=latest cache_valid_time=1800 update_cache=yes

  - name: Install the unbound config files
    template: src={{ item }} dest=/etc/unbound/unbound.conf.d/{{ item }}
@ -11,7 +10,14 @@
      - unbound-remote-control.conf
    notify: Restart unbound
  
-  - name: Ensure that the unbound service is started and enabled
-    service: name=unbound state=started enabled=yes    
+  - name: On bionic, stop systemd-resolvd because it interferes
+    service: name=systemd-resolved state=stopped enabled=no
+    when:
+      - ansible_distribution == "Ubuntu"
+      - ansible_service_mgr == 'systemd'
+      - ansible_distribution_major_version >= '18'

-  tags: [ 'unbound' ]
+  - name: Ensure that the unbound service is started and enabled
+    service: name=unbound state=restarted enabled=yes    
+
+  tags: [ 'unbound' ]
--- a/library/roles/unbound-resolver/templates/unbound-server.conf
+++ b/library/roles/unbound-resolver/templates/unbound-server.conf
@ -2,12 +2,17 @@ server:
 {% for interface in unbound_interfaces %}
 	interface: {{ interface }}
 {% endfor %}
+{% if keepalived_install is defined and keepalived_install %}
+        ip-transparent: yes
+{% endif %}
+        interface-automatic: yes
 {% for net in unbound_allowed_clients %}
        access-control: {{ net.cidr }} {{ net.policy }}
 {% endfor %}
        verbosity: {{ unbound_verbosity }}
        # use all CPUs
        num-threads: {{ unbound_threads }}
+        prefetch: {{ unbound_prefetch }}
 	
        # power of 2 close to num-threads  
        msg-cache-slabs: {{ unbound_threads }}
@ -32,3 +37,8 @@ server:
        # with libevent
        outgoing-range: 8192
        num-queries-per-thread: 4096 
+{% if ansible_service_mgr == 'systemd' %}
+        use-systemd: yes
+        do-daemonize: no
+{% endif %}
+