diff options
| author | Alex Auvolat <alex@adnab.me> | 2020-01-18 17:34:55 +0100 |
|---|---|---|
| committer | Alex Auvolat <alex@adnab.me> | 2020-06-30 17:31:35 +0200 |
| commit | 351e6f13d5bee3275f46fda4a1780c71d9f338d6 (patch) | |
| tree | 675a202635ed79730f9b3965782e0b28130de992 /ansible/roles/network/tasks/main.yml | |
| parent | 8fdebd74b37ae1766e03b39b8a3d6d84ef549a74 (diff) | |
| download | infrastructure-351e6f13d5bee3275f46fda4a1780c71d9f338d6.tar.gz infrastructure-351e6f13d5bee3275f46fda4a1780c71d9f338d6.zip | |
Network configuration:
- Remove nomad interface (unused)
- Deactivate systemd-resolved
- Add dns_server to production nodes variables
- Add recursors option to Consul so that it can resolve outside DNS
queries
- Use consul as a global DNS server for machines and containers, with
the outside DNS as a fallback (see roles/consul/templates/resolv.conf.j2)
Diffstat (limited to 'ansible/roles/network/tasks/main.yml')
| -rw-r--r-- | ansible/roles/network/tasks/main.yml | 33 |
1 files changed, 11 insertions, 22 deletions
diff --git a/ansible/roles/network/tasks/main.yml b/ansible/roles/network/tasks/main.yml index 7f95b0f..ee2f21e 100644 --- a/ansible/roles/network/tasks/main.yml +++ b/ansible/roles/network/tasks/main.yml @@ -1,9 +1,3 @@ -- name: "Add dummy interface to handle Nomad NAT restriction nomad#2770" - template: src=nomad-interface.j2 dest=/etc/network/interfaces.d/nomad.cfg - when: public_ip != private_ip - notify: - - reload nomad interface - - name: "Deploy iptablesv4 configuration" template: src=rules.v4.j2 dest=/etc/iptables/rules.v4 notify: @@ -20,23 +14,18 @@ value: 1 sysctl_set: yes -- name: "Create systemd-resolved override directory" - file: path=/etc/systemd/resolved.conf.d/ state=directory - -- name: "Prevent systemd-resolved from listening on port 53 (DNS)" - copy: src=systemd-resolve-no-listen.conf dest=/etc/systemd/resolved.conf.d/systemd-resolve-no-listen.conf - notify: reload systemd-resolved +- name: "Flush handlers" + meta: flush_handlers -- name: "Use systemd-resolved as a source for /etc/resolv.conf" - file: - src: "/run/systemd/resolve/resolv.conf" - dest: "/etc/resolv.conf" - state: link - force: yes - notify: reload systemd-resolved -- name: "Update nsswitch.conf to use systemd-resolved" +# These two lines are used to undo previous config, remove them once it is done +- name: "Update nsswitch.conf to not use systemd-resolved" copy: src=nsswitch.conf dest=/etc/nsswitch.conf -- name: "Flush handlers" - meta: flush_handlers +- name: "Disable systemd-resolved" + systemd: + name: systemd-resolved + state: stopped + enabled: false + + |