Remove DNSSEC config management in bootstrap-debian.yml (#7408)

DNSSEC is off by default on ubuntu/bionic64 (18.04) as per resolved.conf(5). These tasks are artefacts of obsolete infra configuration, and no longer needed. Further removing these tasks resolves the issue that the tasks always reports 'changed' and bounces systemd-resolved unneccesarily, even if there was no actual modification of /etc/systemd/resolved.conf.
3 years ago · f72063e7c2
1 changed files with 0 additions and 24 deletions
--- a/roles/bootstrap-os/tasks/bootstrap-debian.yml
+++ b/roles/bootstrap-os/tasks/bootstrap-debian.yml
@ -43,30 +43,6 @@
    - need_https_proxy.rc != 0
    - not skip_http_proxy_on_os_packages

- name: Check Network Name Resolution configuration
-  raw: grep '^DNSSEC=allow-downgrade' /etc/systemd/resolved.conf
-  register: need_dnssec_allow_downgrade
-  failed_when: false
-  changed_when: false
-  # This command should always run, even in check mode
-  check_mode: false
-  when:
-    - '''UBUNTU_CODENAME=bionic'' in os_release.stdout_lines'
-
- name: Change Network Name Resolution configuration
-  raw: sed -i 's/^DNSSEC=yes/DNSSEC=allow-downgrade/g' /etc/systemd/resolved.conf
-  become: true
-  when:
-    - '''UBUNTU_CODENAME=bionic'' in os_release.stdout_lines'
-    - need_dnssec_allow_downgrade.rc
-
- name: Restart systemd-resolved service
-  raw: systemctl restart systemd-resolved
-  become: true
-  when:
-    - '''UBUNTU_CODENAME=bionic'' in os_release.stdout_lines'
-    - need_dnssec_allow_downgrade.rc
-
 - name: Install python3
  raw:
    apt-get update && \