add capability to disable systemd-resolved to base_config role
This commit is contained in:
parent
d9fc1ef401
commit
58ced1a85e
SSH key fingerprint:
SHA256:y9T5GFw2A20WVklhetIxG1+kcg/Ce0shnQmbu1LQ37g
9 changed files with 131 additions and 0 deletions
|
|
@ -2,3 +2,4 @@
|
|||
dependencies:
|
||||
- role: deploy_ssh_server_config
|
||||
- role: deploy_systemd_journal_config
|
||||
- role: deploy_systemd_resolved_config
|
||||
|
|
|
|||
9
roles/deploy_systemd_resolved_config/defaults/main.yaml
Normal file
9
roles/deploy_systemd_resolved_config/defaults/main.yaml
Normal file
|
|
@ -0,0 +1,9 @@
|
|||
---
|
||||
deploy_systemd_resolved_config__enable: true
|
||||
deploy_systemd_resolved_config__mode: "stub"
|
||||
deploy_systemd_resolved_config__dns: [ ]
|
||||
deploy_systemd_resolved_config__fallback_dns:
|
||||
- "9.9.9.9"
|
||||
- "149.112.112.112"
|
||||
- "2620:fe::fe"
|
||||
- "2620:fe::9"
|
||||
7
roles/deploy_systemd_resolved_config/handlers/main.yaml
Normal file
7
roles/deploy_systemd_resolved_config/handlers/main.yaml
Normal file
|
|
@ -0,0 +1,7 @@
|
|||
---
|
||||
- name: "reload systemd-resolved"
|
||||
tags: [ "deploy_systemd_resolved_config" ]
|
||||
become: true
|
||||
ansible.builtin.systemd:
|
||||
name: "systemd-resolved.service"
|
||||
state: "restarted"
|
||||
|
|
@ -0,0 +1,21 @@
|
|||
---
|
||||
argument_specs:
|
||||
main:
|
||||
options:
|
||||
deploy_systemd_resolved_config__enable:
|
||||
description: "Whether systemd-resolved should be enabled or disabled"
|
||||
type: bool
|
||||
required: false
|
||||
deploy_systemd_resolved_config__mode:
|
||||
description: "Which /etc/resolv.conf compatibility mode should be configured"
|
||||
type: str
|
||||
required: false
|
||||
choices: [ "stub", "static-stub", "passthru", "extern" ]
|
||||
deploy_systemd_resolved_config__dns:
|
||||
description: "A list of DNS servers that will be configured as default dns servers"
|
||||
type: list
|
||||
required: false
|
||||
deploy_systemd_resolved_config__fallback_dns:
|
||||
description: "A list of fallback DNS servers that will be configured"
|
||||
type: list
|
||||
required: false
|
||||
25
roles/deploy_systemd_resolved_config/tasks/disable.yaml
Normal file
25
roles/deploy_systemd_resolved_config/tasks/disable.yaml
Normal file
|
|
@ -0,0 +1,25 @@
|
|||
---
|
||||
- name: Ensure /etc/resolv.conf is a plain file
|
||||
tags: [ "deploy_systemd_resolved_config" ]
|
||||
become: true
|
||||
ansible.builtin.file:
|
||||
path: "/etc/resolv.conf"
|
||||
state: file
|
||||
|
||||
- name: Write nameserver config directly into /etc/resolv.conf
|
||||
tags: [ "deploy_systemd_resolved_config" ]
|
||||
become: true
|
||||
ansible.builtin.template:
|
||||
src: "resolv.conf.j2"
|
||||
dest: "/etc/resolv.conf"
|
||||
owner: root
|
||||
group: root
|
||||
mode: u=rw,g=r,o=r
|
||||
|
||||
- name: Disable systemd-resolved
|
||||
tags: [ "deploy_systemd_resolved_config" ]
|
||||
become: true
|
||||
ansible.builtin.systemd:
|
||||
name: "systemd-resolved.service"
|
||||
state: stopped
|
||||
enabled: false
|
||||
36
roles/deploy_systemd_resolved_config/tasks/enable.yaml
Normal file
36
roles/deploy_systemd_resolved_config/tasks/enable.yaml
Normal file
|
|
@ -0,0 +1,36 @@
|
|||
---
|
||||
- name: Deploy systemd-resolved config
|
||||
tags: [ "deploy_systemd_resolved_config" ]
|
||||
become: true
|
||||
notify: "reload systemd-resolved"
|
||||
ansible.builtin.template:
|
||||
src: resolved.conf.j2
|
||||
dest: /etc/systemd/resolved.conf
|
||||
owner: root
|
||||
group: root
|
||||
mode: u=rw,g=r,o=r
|
||||
|
||||
- name: Make /etc/resolv.conf points to systemd-resolved
|
||||
tags: [ "deploy_systemd_resolved_config" ]
|
||||
become: true
|
||||
when: deploy_systemd_resolved_config__mode != "extern"
|
||||
ansible.builtin.file: # noqa: jinja
|
||||
path: /etc/resolv.conf
|
||||
state: link
|
||||
force: true
|
||||
src: >-
|
||||
{%- if deploy_systemd_resolved_config__mode == "stub" -%}
|
||||
/run/systemd/resolve/stub-resolv.conf
|
||||
{%- elif deploy_systemd_resolved_config__mode == "static-stub" -%}
|
||||
/usr/lib/systemd/resolv.conf
|
||||
{%- elif deploy_systemd_resolved_config__mode == "passthru" -%}
|
||||
/run/systemd/resolve/resolv.conf
|
||||
{%- endif -%}
|
||||
|
||||
- name: Ensure systemd-resolved is running and enabled
|
||||
tags: [ "deploy_systemd_resolved_config" ]
|
||||
become: true
|
||||
ansible.builtin.systemd:
|
||||
name: systemd-resolved.service
|
||||
state: started
|
||||
enabled: true
|
||||
10
roles/deploy_systemd_resolved_config/tasks/main.yaml
Normal file
10
roles/deploy_systemd_resolved_config/tasks/main.yaml
Normal file
|
|
@ -0,0 +1,10 @@
|
|||
---
|
||||
- name: Include enable.yaml
|
||||
tags: [ "deploy_systemd_resolved_config" ]
|
||||
ansible.builtin.include_tasks: enable.yaml
|
||||
when: deploy_systemd_resolved_config__enable
|
||||
|
||||
- name: Include disable.yaml
|
||||
tags: [ "deploy_systemd_resolved_config" ]
|
||||
ansible.builtin.include_tasks: disable.yaml
|
||||
when: not deploy_systemd_resolved_config__enable
|
||||
|
|
@ -0,0 +1,11 @@
|
|||
# {{ ansible_managed }}
|
||||
|
||||
{% for i in deploy_systemd_resolved_config__dns %}
|
||||
nameserver {{ i }}
|
||||
{% endfor %}
|
||||
|
||||
{% for i in deploy_systemd_resolved_config__fallback_dns %}
|
||||
nameserver {{ i }}
|
||||
{% endfor %}
|
||||
|
||||
options edns0
|
||||
|
|
@ -0,0 +1,11 @@
|
|||
# {{ ansible_managed }}
|
||||
|
||||
# Since the config supports drop-in files,
|
||||
# use 'systemd-analyze cat-config systemd/resolved.conf' to display the full config.'
|
||||
#
|
||||
# See resolved.conf(5) for details
|
||||
|
||||
[Resolve]
|
||||
DNS={{ deploy_systemd_resolved_config__dns | join(" ") }}
|
||||
FallbackDNS={{ deploy_systemd_resolved_config__fallback_dns | join(" ") }}
|
||||
|
||||
Loading…
Add table
Add a link
Reference in a new issue