]> git.openstreetmap.org Git - chef.git/commitdiff
Use systemd-resolved stub resolver for nginx resolver
authorTom Hughes <tom@compton.nu>
Sun, 16 Feb 2020 17:56:27 +0000 (17:56 +0000)
committerTom Hughes <tom@compton.nu>
Sun, 16 Feb 2020 17:57:51 +0000 (17:57 +0000)
This ensures that nginx queries follow the same path as everything
else and are subject to DNSSEC validation as well as allowing us to
simplify the tests that use nginx.

.kitchen.yml
cookbooks/nginx/recipes/default.rb
cookbooks/nginx/templates/default/nginx.conf.erb

index e9350cc01b0f22c686a0abcbf2947a663af8b7b2..f46a4d1f8b3e7947187adaac124c50c25ab91c38 100644 (file)
@@ -123,10 +123,6 @@ suites:
   - name: nginx
     run_list:
       - recipe[nginx::default]
-    attributes:
-      networking:
-        nameservers:
-          - 127.0.0.1
   - name: nodejs
     run_list:
       - recipe[nodejs::default]
@@ -175,10 +171,6 @@ suites:
   - name: tilecache
     run_list:
       - recipe[tilecache::default]
-    attributes:
-      networking:
-        nameservers:
-          - 127.0.0.1
   - name: tools
     run_list:
       - recipe[tools::default]
index 94754546c257168b12a16a807d560a3066e21058..a55dc14bef92ed851f264b3689083ff668ec644e 100644 (file)
@@ -22,16 +22,11 @@ include_recipe "munin"
 
 package "nginx"
 
-resolvers = node[:networking][:nameservers].map do |resolver|
-  IPAddr.new(resolver).ipv6? ? "[#{resolver}]" : resolver
-end
-
 template "/etc/nginx/nginx.conf" do
   source "nginx.conf.erb"
   owner "root"
   group "root"
   mode 0o644
-  variables :resolvers => resolvers
 end
 
 directory node[:nginx][:cache][:fastcgi][:directory] do
index a3f6b241181d74bff40632564f228d204665ed65..5e09d846b049f2a93f0eed902c6ca49dc5fb682e 100644 (file)
@@ -47,7 +47,7 @@ http {
     ssl_trusted_certificate /etc/ssl/certs/ca-certificates.crt;
 
     ssl_dhparam /etc/ssl/certs/dhparam.pem;
-    resolver <%= @resolvers.join(" ") %>;
+    resolver 127.0.0.53;
     resolver_timeout 5s;
 
     <% if node['nginx']['cache']['fastcgi']['enable'] -%>