Role that installs and configure the unbound resolver.

2018-05-04 19:47:14 +02:00 · 2018-05-04 19:47:14 +02:00 · f3ad3c6bab
parent 7fac63e071
commit f3ad3c6bab
6 changed files with 75 additions and 0 deletions
--- a/ubuntu-deb-general/templates/resolv.conf
+++ b/ubuntu-deb-general/templates/resolv.conf
--- a/unbound-resolver/defaults/main.yml
+++ b/unbound-resolver/defaults/main.yml
@ -0,0 +1,18 @@
 ---
 unbound_pkgs:
  - unbound
  - unbound-anchor
  - unbound-host
  - dig
 unbound_interfaces:
  - '0.0.0.0'
  - '::0'
 unbound_allowed_clients:
  - { cidr: '0.0.0.0/0', policy: 'allow' }
 unbound_verbosity: 1
 unbound_threads: '{{ ansible_processor_count }}'
 unbound_remote_control: 'no'
--- a/unbound-resolver/handlers/main.yml
+++ b/unbound-resolver/handlers/main.yml
@ -0,0 +1,4 @@
 ---
 - name: Restart unbound
  service: name=unbound state=restarted
--- a/unbound-resolver/tasks/main.yml
+++ b/unbound-resolver/tasks/main.yml
@ -0,0 +1,17 @@
 ---
 - block:
  - name: Install the unbound resolver packages
    apt: pkg={{ item }} state=latest cache_valid_time=1800 update_cache=yes
    with_items: '{{ unbound_pkgs }}'
  - name: Install the unbound config files
    template: src={{ item }} dest=/etc/unbound/unbound.conf.d/{{ item }}
    with_items:
      - unbound-server.conf
      - unbound-remote-control.conf
    notify: Restart unbound
  - name: Ensure that the unbound service is started and enabled
    service: name=unbound state=started enabled=yes    
  tags: [ 'unbound' ]
--- a/unbound-resolver/templates/unbound-remote-control.conf
+++ b/unbound-resolver/templates/unbound-remote-control.conf
@ -0,0 +1,2 @@
 remote-control:
        control-enable: {{ unbound_remote_control }}
--- a/unbound-resolver/templates/unbound-server.conf
+++ b/unbound-resolver/templates/unbound-server.conf
@ -0,0 +1,34 @@
 server:
 {% for interface in unbound_interfaces %}
 	interface: {{ interface }}
 {% endfor %}
 {% for net in unbound_allowed_clients %}
        access-control: {{ net.cidr }} {{ net.policy }}
 {% endfor %}
        verbosity: {{ unbound_verbosity }}
        # use all CPUs
        num-threads: {{ unbound_threads }}
        # power of 2 close to num-threads  
        msg-cache-slabs: {{ unbound_threads }}
        rrset-cache-slabs: {{ unbound_threads }}
        infra-cache-slabs: {{ unbound_threads }}
        key-cache-slabs: {{ unbound_threads }}
        # more cache memory, rrset=msg*2
        rrset-cache-size: 100m
        msg-cache-size: 50m
        # more outgoing connections
        # depends on number of cores: 1024/cores - 50 
        outgoing-range: {{ 1024 / unbound_threads - 50 }}
        # Larger socket buffer.  OS may need config.
        so-rcvbuf: 4m
        so-sndbuf: 4m
        # Faster UDP with multithreading (only on Linux).
 	so-reuseport: yes
        # with libevent
        outgoing-range: 8192
        num-queries-per-thread: 4096
		`@ -0,0 +1,2 @@`
							`remote-control:`
							`control-enable: {{ unbound_remote_control }}`