diff --git a/cookbooks/consul/dnsmasq.rb b/cookbooks/consul/dnsmasq.rb index c8c8334..710ef6b 100644 --- a/cookbooks/consul/dnsmasq.rb +++ b/cookbooks/consul/dnsmasq.rb @@ -8,16 +8,33 @@ end case run_command('grep VERSION_ID /etc/os-release | awk -F\" \'{print $2}\'').stdout.chomp when "24.04" - remote_file '/etc/systemd/resolved.conf' do + execute "change link to /etc/resolv.conf" do + command "ln -fs /run/systemd/resolve/resolv.conf /etc/resolv.conf" + end + + directory "/etc/systemd/resolved.conf.d/" do + mode "0755" + owner "root" + group "root" + end + + template '/etc/systemd/resolved.conf.d/partial.conf' do owner 'root' group 'root' mode '644' - source 'files/etc/systemd/resolved.conf.2404' + source 'templates/etc/systemd/resolved.conf.d/partial.conf.erb' + variables(dns: node['consul']['dns']) notifies :restart, 'service[systemd-resolved]', :immediately end + remote_file "/etc/default/dnsmasq" do + mode "0644" + owner "root" + group "root" + end + remote_file '/etc/dnsmasq.conf' do owner 'root' group 'root' diff --git a/cookbooks/consul/files/etc/default/dnsmasq b/cookbooks/consul/files/etc/default/dnsmasq new file mode 100644 index 0000000..e281cc0 --- /dev/null +++ b/cookbooks/consul/files/etc/default/dnsmasq @@ -0,0 +1,42 @@ +# This file has six functions: +# 1) to completely disable starting this dnsmasq instance +# 2) to set DOMAIN_SUFFIX by running `dnsdomainname` +# 3) to select an alternative config file +# by setting DNSMASQ_OPTS to --conf-file= +# 4) to tell dnsmasq to read the files in /etc/dnsmasq.d for +# more configuration variables. +# 5) to stop the resolvconf package from controlling dnsmasq's +# idea of which upstream nameservers to use. +# 6) to avoid using this dnsmasq instance as the system's default resolver +# by setting DNSMASQ_EXCEPT="lo" +# For upgraders from very old versions, all the shell variables set +# here in previous versions are still honored by the init script +# so if you just keep your old version of this file nothing will break. + +#DOMAIN_SUFFIX=`dnsdomainname` +#DNSMASQ_OPTS="--conf-file=/etc/dnsmasq.alt" + +# The dnsmasq daemon is run by default conforming to the Debian Policy. +# To disable the service, +# for SYSV init, use "update-rc.d dnsmasq disable", +# for systemd, use "systemctl disable dnsmasq". + +# By default search this drop directory for configuration options. +# Libvirt leaves a file here to make the system dnsmasq play nice. +# Comment out this line if you don't want this. The dpkg-* are file +# endings which cause dnsmasq to skip that file. This avoids pulling +# in backups made by dpkg. +CONFIG_DIR=/etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new + +# If the resolvconf package is installed, dnsmasq will use its output +# rather than the contents of /etc/resolv.conf to find upstream +# nameservers. Uncommenting this line inhibits this behaviour. +# Note that including a "resolv-file=" line in +# /etc/dnsmasq.conf is not enough to override resolvconf if it is +# installed: the line below must be uncommented. +IGNORE_RESOLVCONF=yes + +# If the resolvconf package is installed, dnsmasq will tell resolvconf +# to use dnsmasq under 127.0.0.1 as the system's default resolver. +# Uncommenting this line inhibits this behaviour. +#DNSMASQ_EXCEPT="lo" diff --git a/cookbooks/consul/templates/etc/systemd/resolved.conf.d/partial.conf.erb b/cookbooks/consul/templates/etc/systemd/resolved.conf.d/partial.conf.erb new file mode 100644 index 0000000..d2122db --- /dev/null +++ b/cookbooks/consul/templates/etc/systemd/resolved.conf.d/partial.conf.erb @@ -0,0 +1,3 @@ +[Resolve] +DNS=127.0.0.1 +DNSStubListener=no