Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[WIP] ipaclient: Configure DNS resolver #644

Closed
wants to merge 2 commits into from
Closed

[WIP] ipaclient: Configure DNS resolver #644

wants to merge 2 commits into from

Conversation

t-woerner
Copy link
Member

@t-woerner t-woerner commented Sep 23, 2021
edited

Optionally configure global DNS resolver NetworkManager, systemd-resolved
or /etc/resolv.conf within ipaclient_test.

The configuration of NetworkManager, systemd-resolved and /etc/resolv.conf
is done in the same way as on the initial master. For NetworkManager the
file '/etc/NetworkManager/conf.d/zzz-ipa.conf' will be generated, for
system-resolved '/etc/systemd/resolved.conf.d/zzz-ipa.conf'.

New functions in ansible_ipa_client:

  • configure_dns_resolver
    Configures global DNS resolver NetworkManager, systemd-resolved or
    /etc/resolv.conf

  • unconfigure_dns_resolver
    Reverts global DNS resolver configuration

New parameters for the role:

  • ipaclient_configure_dns_resolver
    The bool value defines if the DNS resolver will be configured.
    NetworkManager and systemd-resolved will be configured if enabled else
    /etc/resolv.conf will be adapted. ipaclient_configure_dns_resolver
    defaults to no

  • ipaclient_dns_servers
    List of DNS servers to use if ipaclient_configure_dns_resolver is
    enabled. If ipaclient_dns_servers is not defined, the list will be
    generated from ipaclient_servers or ipaservers group.

  • ipaclient_dns_domain_name
    List of DNS search domain names to use if
    ipaclient_configure_dns_resolver is enabled. if
    ipaclient_dns_domain_names the list will be generated using the domain
    name.

This PR depends on changes from PR #643 (ipaclient_setup_nss: Use proper nosssd_files list)

@t-woerner
ipaclient_setup_nss: Use proper nosssd_files list
60ff782 
ipaclient_setup_nss is using the nosssd_files dict if sssd is disabled
with no_sssd.

The nosssd_files dict is generated in ipaclient_test and used in
ipaclient_setup_nss. So far ipaclient_setup_nss was using nosssd_files
from ipaclient installer, which was always None.
@t-woerner
ipaclient: Configure DNS resolver
570b91a 
Optionally configure global DNS resolver NetworkManager, systemd-resolved
or /etc/resolv.conf within ipaclient_test.

The configuration of NetworkManager, systemd-resolved and /etc/resolv.conf
is done in the same way as on the initial master. For NetworkManager the
file '/etc/NetworkManager/conf.d/zzz-ipa.conf' will be generated, for
system-resolved '/etc/systemd/resolved.conf.d/zzz-ipa.conf'.

New functions in ansible_ipa_client:

configure_dns_resolver
  Configures global DNS resolver NetworkManager, systemd-resolved or
  /etc/resolv.conf
unconfigure_dns_resolver
  Reverts global DNS resolver configuration

New parameters for the role:

ipaclient_configure_dns_resolver
  The bool value defines if the DNS resolver will be configured.
  NetworkManager and systemd-resolved will be configured if enabled else
  /etc/resolv.conf will be adapted. `ipaclient_configure_dns_resolver`
  defaults to `no`
ipaclient_dns_servers
  List of DNS servers to use if `ipaclient_configure_dns_resolver` is
  enabled. If `ipaclient_dns_servers` is not defined, the list will be
  generated from `ipaclient_servers` or `ipaservers` group.
ipaclient_dns_domain_name
  List of DNS search domain names to use if
  `ipaclient_configure_dns_resolver` is enabled. if
  `ipaclient_dns_domain_names` the list will be generated using the domain
  name.
fcami
fcami reviewed Sep 23, 2021
View reviewed changes
Copy link

@fcami fcami left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think we should ever activate systemd-resolved for reasons detailed there.

On clients its performance is less than optimal.
On servers, this breaks IPA's DNS zone detection.

Plus, it is not clear when systemd-resolved will be supported in any enterprise distribution.

@t-woerner t-woerner changed the title ipaclient: Configure DNS resolver [WIP] ipaclient: Configure DNS resolver Sep 23, 2021
@rjeffman
Copy link
Member

Shouldn't this be carried out by something like Network Linux System Role?

Also, does this work with Ubuntu's netplan?

@t-woerner
Copy link
Member Author

t-woerner commented Sep 28, 2021
edited

The code for system-resolved needs to be kept in the ipaclient role even with a change in FreeIPA to deactivate systemd-resolved on servers and replicas.

@rjeffman rjeffman added the DRAFT label Jan 17, 2022
@rjeffman
Copy link
Member

rjeffman commented Jun 9, 2023

This PR has been replaced by #988, which was already merged.

@rjeffman rjeffman closed this Jun 9, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fcami fcami fcami left review comments

Assignees
No one assigned
Labels
DRAFT
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@t-woerner @rjeffman @fcami