From a005d19f6ff1a9aba3a3994f41c9e5c86bc5f102 Mon Sep 17 00:00:00 2001 From: Matthew Mosesohn Date: Wed, 6 Nov 2019 14:33:52 +0300 Subject: [PATCH] Enable systemd-resolved DNS resolution mode (#5318) Change-Id: If3e253a40782e03cde7fc4a91493517ae31fda17 --- roles/kubernetes/preinstall/handlers/main.yml | 5 +++++ .../kubernetes/preinstall/tasks/0040-set_facts.yml | 7 +++++++ .../preinstall/tasks/0061-systemd-resolved.yml | 9 +++++++++ roles/kubernetes/preinstall/tasks/main.yml | 10 ++++++++++ .../preinstall/templates/resolved.conf.j2 | 13 +++++++++++++ 5 files changed, 44 insertions(+) create mode 100644 roles/kubernetes/preinstall/tasks/0061-systemd-resolved.yml create mode 100644 roles/kubernetes/preinstall/templates/resolved.conf.j2 diff --git a/roles/kubernetes/preinstall/handlers/main.yml b/roles/kubernetes/preinstall/handlers/main.yml index 3fd097577..81d13d412 100644 --- a/roles/kubernetes/preinstall/handlers/main.yml +++ b/roles/kubernetes/preinstall/handlers/main.yml @@ -95,3 +95,8 @@ - inventory_hostname in groups['kube-master'] - dns_mode != 'none' - resolvconf_mode == 'host_resolvconf' + +- name: Preinstall | Restart systemd-resolved + service: + name: systemd-resolved + state: restarted diff --git a/roles/kubernetes/preinstall/tasks/0040-set_facts.yml b/roles/kubernetes/preinstall/tasks/0040-set_facts.yml index 4a6318cc9..73b751589 100644 --- a/roles/kubernetes/preinstall/tasks/0040-set_facts.yml +++ b/roles/kubernetes/preinstall/tasks/0040-set_facts.yml @@ -43,6 +43,13 @@ changed_when: false check_mode: no +- name: check systemd-resolved + command: systemctl is-active systemd-resolved + register: systemd_resolved_enabled + failed_when: false + changed_when: false + check_mode: no + - name: set dns facts set_fact: resolvconf: >- diff --git a/roles/kubernetes/preinstall/tasks/0061-systemd-resolved.yml b/roles/kubernetes/preinstall/tasks/0061-systemd-resolved.yml new file mode 100644 index 000000000..381135862 --- /dev/null +++ b/roles/kubernetes/preinstall/tasks/0061-systemd-resolved.yml @@ -0,0 +1,9 @@ +--- +- name: Write resolved.conf + template: + src: resolved.conf.j2 + dest: /etc/systemd/resolved.conf + owner: root + group: root + mode: 0644 + notify: Preinstall | Restart systemd-resolved diff --git a/roles/kubernetes/preinstall/tasks/main.yml b/roles/kubernetes/preinstall/tasks/main.yml index 63d20a923..9ae44f4a6 100644 --- a/roles/kubernetes/preinstall/tasks/main.yml +++ b/roles/kubernetes/preinstall/tasks/main.yml @@ -32,6 +32,16 @@ when: - dns_mode != 'none' - resolvconf_mode == 'host_resolvconf' + - systemd_resolved_enabled.rc != 0 + tags: + - bootstrap-os + - resolvconf + +- import_tasks: 0061-systemd-resolved.yml + when: + - dns_mode != 'none' + - resolvconf_mode == 'host_resolvconf' + - systemd_resolved_enabled.rc == 0 tags: - bootstrap-os - resolvconf diff --git a/roles/kubernetes/preinstall/templates/resolved.conf.j2 b/roles/kubernetes/preinstall/templates/resolved.conf.j2 new file mode 100644 index 000000000..6aac1a640 --- /dev/null +++ b/roles/kubernetes/preinstall/templates/resolved.conf.j2 @@ -0,0 +1,13 @@ +[Resolve] +{% if dns_late %} +DNS={{ ( coredns_server + nameservers|d([]) + cloud_resolver|d([])) | unique | join(' ') }} +{% else %} +DNS={{ ( nameservers|d([]) + cloud_resolver|d([])) | unique | join(' ') }} +{% endif %} +#FallbackDNS= +Domains={{ ([ 'default.svc.' + dns_domain, 'svc.' + dns_domain ] + searchdomains|default([])) | join(' ') }} +#LLMNR=no +#MulticastDNS=no +DNSSEC=no +Cache=no-negative +#DNSStubListener=yes