From 7cf4e41399a082345793a8a14f2c4d2b427fb2ca Mon Sep 17 00:00:00 2001 From: "pulsar89.5" Date: Mon, 31 Mar 2025 22:37:18 +0200 Subject: [PATCH] feat: Disable systemd-resolved stub resolver --- defaults/main.yml | 6 ++++++ handlers/main.yml | 20 +++++++++++++------- tasks/configuration.yml | 27 +++++++++++++++++++++++++-- tasks/installation.yml | 2 +- tasks/records.yml | 2 +- templates/dnsmasq.conf.j2 | 3 +++ templates/stub-listener.conf.j2 | 4 ++++ 7 files changed, 53 insertions(+), 11 deletions(-) create mode 100644 templates/stub-listener.conf.j2 diff --git a/defaults/main.yml b/defaults/main.yml index a2e68cb..2656cdb 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,6 +1,9 @@ --- # defaults file for dnsmasq +# Directory to deploy override conf of systemd-resolved +dnsmasq_resolved_directory: /etc/systemd/resolved.conf.d + # Directory to deploy configuration dnsmasq_conf_directory: /etc/dnsmasq.d @@ -8,6 +11,9 @@ dnsmasq_conf_directory: /etc/dnsmasq.d dnsmasq_records_directory: "{{ dnsmasq_conf_directory }}/records" # Configuration +dnsmasq_listen_addresses: + - "{{ ansible_facts['default_ipv4']['address'] }}" + - "{{ ansible_facts['default_ipv6']['address'] }}" dnsmasq_domain: "" dnsmasq_servers: [] dnsmasq_rev_servers: [] diff --git a/handlers/main.yml b/handlers/main.yml index 8b3e164..a6389b5 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -8,18 +8,24 @@ - apply-live become: true -- name: Reload dnsmasq.service +- name: Restart systemd-resolved.service ansible.builtin.systemd_service: - name: dnsmasq.service - state: reloaded + name: systemd-resolved.service + state: restarted become: true - register: dnsmasq_reload -- name: Reload dnsmasq.service on dns servers +- name: Restart dnsmasq.service ansible.builtin.systemd_service: - state: reloaded name: dnsmasq.service - when: dnsmasq_reload is undefined + state: restarted + become: true + register: dnsmasq_restarted + +- name: Restart dnsmasq.service on dns servers + ansible.builtin.systemd_service: + name: dnsmasq.service + state: restarted + when: dnsmasq_restarted is undefined become: true loop: "{{ dnsmasq_hosts }}" delegate_to: "{{ item }}" diff --git a/tasks/configuration.yml b/tasks/configuration.yml index fd87136..26c7bc3 100644 --- a/tasks/configuration.yml +++ b/tasks/configuration.yml @@ -1,6 +1,29 @@ --- # tasks file for dnsmasq +- name: Create path to override systemd-resolved + ansible.builtin.file: + path: "{{ dnsmasq_resolved_directory }}" + state: directory + owner: root + group: root + mode: u=rwX,g=rX,o=rX + become: true + notify: Restart systemd-resolved.service + +- name: Disable stub resolver of systemd-resolved + ansible.builtin.template: + src: stub-listener.conf.j2 + dest: "{{ dnsmasq_resolved_directory }}/stub-listener.conf" + owner: root + group: root + mode: u=rw,g=r,o=r + become: true + notify: Restart systemd-resolved.service + +- name: Flush handlers + meta: flush_handlers + - name: Create records directory ansible.builtin.file: path: "{{ dnsmasq_records_directory }}" @@ -24,7 +47,7 @@ group: root mode: u=rw,g=r,o=r become: true - notify: Reload dnsmasq.service + notify: Restart dnsmasq.service - name: Deploy specific records ansible.builtin.template: @@ -35,4 +58,4 @@ mode: u=rw,g=r,o=r when: dnsmasq_specifics | length > 0 become: true - notify: Reload dnsmasq.service + notify: Restart dnsmasq.service diff --git a/tasks/installation.yml b/tasks/installation.yml index 8b1be32..fefda03 100644 --- a/tasks/installation.yml +++ b/tasks/installation.yml @@ -16,7 +16,7 @@ - --assumeyes - --idempotent - dnsmasq - creates: /sysroot/ostree/repo/refs/heads/rpmostree/pkg/dnsmasq + creates: /usr/sbin/dnsmasq when: ansible_facts['pkg_mgr'] == "atomic_container" become: true notify: Apply installation diff --git a/tasks/records.yml b/tasks/records.yml index 0f35188..6b010c8 100644 --- a/tasks/records.yml +++ b/tasks/records.yml @@ -15,4 +15,4 @@ loop_control: loop_var: dnsserver run_once: true - notify: Reload dnsmasq.service on dns servers + notify: Restart dnsmasq.service on dns servers diff --git a/templates/dnsmasq.conf.j2 b/templates/dnsmasq.conf.j2 index 1be1535..b722564 100644 --- a/templates/dnsmasq.conf.j2 +++ b/templates/dnsmasq.conf.j2 @@ -1,5 +1,8 @@ # {{ ansible_managed }} +# Listen addresses +listen-address={{ dnsmasq_listen_addresses | sort | join(',') }} + # Ne pas transmettre les requêtes avec un nom court (pas FQDN) domain-needed diff --git a/templates/stub-listener.conf.j2 b/templates/stub-listener.conf.j2 new file mode 100644 index 0000000..2590179 --- /dev/null +++ b/templates/stub-listener.conf.j2 @@ -0,0 +1,4 @@ +# {{ ansible_managed }} + +[Resolve] +DNSStubListener=no