d05b4fa33e
It turns out ansible_default_ipv6 can be undefined without ipv6. Combine the checks into a separte fact. Change-Id: I96b0fd98db01b183946403a744ff2e8d2ae422d8
55 lines
1.4 KiB
YAML
55 lines
1.4 KiB
YAML
- name: Ensure /etc/unbound exists
|
|
become: yes
|
|
file:
|
|
path: /etc/unbound
|
|
state: directory
|
|
owner: root
|
|
group: root
|
|
mode: 0755
|
|
|
|
# ansible_default_ipv6 can either be undefined (no ipv6) or blank (no
|
|
# routable address). We only want to use ipv6 if it's available &
|
|
# routable; combine these checks into this fact.
|
|
- name: Check for IPv6
|
|
when:
|
|
- ansible_default_ipv6 is defined
|
|
- ansible_default_ipv6.address is defined
|
|
set_fact:
|
|
unbound_use_ipv6: True
|
|
|
|
# Use *only* ipv6 resolvers if ipv6 is present and routable. This
|
|
# avoids traversing potential NAT when using ipv4 which can be
|
|
# unreliable.
|
|
- name: Set IPv6 nameservers
|
|
when:
|
|
- unbound_use_ipv6 is defined
|
|
set_fact:
|
|
primary_nameserver: '{{ primary_nameserver_v6 }}'
|
|
secondary_nameserver: '{{ secondary_nameserver_v6 }}'
|
|
|
|
|
|
# Fallback to default ipv4 if there is no ipv6 available as this
|
|
# causes timeouts and failovers that are unnecesary.
|
|
- name: Set IPv4 nameservers
|
|
when:
|
|
- unbound_use_ipv6 is not defined
|
|
set_fact:
|
|
primary_nameserver: '{{ primary_nameserver_v4 }}'
|
|
secondary_nameserver: '{{ secondary_nameserver_v4 }}'
|
|
|
|
- name: Configure unbound fowarding
|
|
become: yes
|
|
template:
|
|
dest: '/etc/unbound/forwarding.conf'
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
src: forwarding.conf.j2
|
|
|
|
- name: restart unbound
|
|
become: yes
|
|
service:
|
|
name: unbound
|
|
state: restarted
|
|
enabled: yes
|