summaryrefslogtreecommitdiff
path: root/puppet/modules/site_openvpn/manifests/resolver.pp
AgeCommit message (Collapse)Author
2014-05-22Implement #2328: unbound.conf: content changed on every puppetrunMicah Anderson
This is done by using the include glob capability that is in the wheezy-backports and newer unbound to include the /etc/unbound/unbound.conf.d/* config files. To do this, we need to transition from our /etc/unbound/conf.d directory structure to use the one that the debian package uses. This allows us to clean up the rather ugly way we were configuring the resolver before. Change-Id: I68347922f265bbd0ddf11d59d8574a612a7bd82c
2013-10-02only add vpn_(un)?limited_udp_resolver and vpn_(un)?limited_tcp_resolver ↵Micah Anderson
lines to unbound.conf if the openvpn package is installed (#3868) Change-Id: I65852660a606ccea7569b2207bd535bd8aa3867c
2013-07-09use file_line from stdlib instead of line, now both ↵varac
vpn_unlimited_tcp_resolver and vpn_unlimited_udp_resolver are included
2013-03-17added support for "limited" service levels (although vpn is not yet actually ↵elijah
rate limited).
2013-02-26require that the package unbound be installed before trying to write to itsMicah Anderson
configuration file, this addresses issue #1853 - [vpn1] err: /Stage[main]/Site_openvpn::Resolver/Line[add_tcp_resolver]/Exec[echo 'server: include: /etc/unbound/conf.d/vpn_tcp_resolver' >> '/etc/unbound/unbound.conf']/returns: change from notrun to 0 failed: echo 'server: include: /etc/unbound/conf.d/vpn_tcp_resolver' >> '/etc/unbound/unbound.conf' returned 2 instead of one of [0] at /srv/leap/puppet/modules/common/manifests/defines/line.pp:45
2013-02-21lintedvarac
2013-01-17notify unbound when these configuration files changeMicah Anderson
2013-01-17fix typo in cidr variable nameMicah Anderson
2013-01-17change to using the CIDR notation for unbound access listMicah Anderson
2013-01-17fully qualify the variables that are used in the vpn gateway resolverMicah Anderson
2013-01-17unfortunately the version of unbound that is in wheezy does not support wildcardMicah Anderson
include directives, so this commit works around this by doing something less elegant than before. When we have the newer unbound available, we should switch to that method instead.
2013-01-17fix unbound access controlMicah Anderson
2013-01-16setup openvpn gateway resolver to listen on the udp/tcp virtual network ips soMicah Anderson
that queries can be made from clients on the vpn
2013-01-16update unbound submodule to fix infinite service restart problemMicah Anderson
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-03 00:24:04 +0000