Remove DNSSEC config management in bootstrap-debian.yml (#7408)
DNSSEC is off by default on ubuntu/bionic64 (18.04) as per resolved.conf(5). These tasks are artefacts of obsolete infra configuration, and no longer needed. Further removing these tasks resolves the issue that the tasks always reports 'changed' and bounces systemd-resolved unneccesarily, even if there was no actual modification of /etc/systemd/resolved.conf.
This commit is contained in:
parent
36a3a78952
commit
f72063e7c2
1 changed files with 0 additions and 24 deletions
|
@ -43,30 +43,6 @@
|
||||||
- need_https_proxy.rc != 0
|
- need_https_proxy.rc != 0
|
||||||
- not skip_http_proxy_on_os_packages
|
- not skip_http_proxy_on_os_packages
|
||||||
|
|
||||||
- name: Check Network Name Resolution configuration
|
|
||||||
raw: grep '^DNSSEC=allow-downgrade' /etc/systemd/resolved.conf
|
|
||||||
register: need_dnssec_allow_downgrade
|
|
||||||
failed_when: false
|
|
||||||
changed_when: false
|
|
||||||
# This command should always run, even in check mode
|
|
||||||
check_mode: false
|
|
||||||
when:
|
|
||||||
- '''UBUNTU_CODENAME=bionic'' in os_release.stdout_lines'
|
|
||||||
|
|
||||||
- name: Change Network Name Resolution configuration
|
|
||||||
raw: sed -i 's/^DNSSEC=yes/DNSSEC=allow-downgrade/g' /etc/systemd/resolved.conf
|
|
||||||
become: true
|
|
||||||
when:
|
|
||||||
- '''UBUNTU_CODENAME=bionic'' in os_release.stdout_lines'
|
|
||||||
- need_dnssec_allow_downgrade.rc
|
|
||||||
|
|
||||||
- name: Restart systemd-resolved service
|
|
||||||
raw: systemctl restart systemd-resolved
|
|
||||||
become: true
|
|
||||||
when:
|
|
||||||
- '''UBUNTU_CODENAME=bionic'' in os_release.stdout_lines'
|
|
||||||
- need_dnssec_allow_downgrade.rc
|
|
||||||
|
|
||||||
- name: Install python3
|
- name: Install python3
|
||||||
raw:
|
raw:
|
||||||
apt-get update && \
|
apt-get update && \
|
||||||
|
|
Loading…
Reference in a new issue