Remove DNSSEC config management in bootstrap-debian.yml (#7408)

DNSSEC is off by default on ubuntu/bionic64 (18.04) as per resolved.conf(5).
These tasks are artefacts of obsolete infra configuration, and no longer needed.

Further removing these tasks resolves the issue that the tasks always reports
'changed' and bounces systemd-resolved unneccesarily, even if there was no
actual modification of /etc/systemd/resolved.conf.
This commit is contained in:
Terry 2021-03-29 17:30:45 +10:30 committed by GitHub
parent 36a3a78952
commit f72063e7c2
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -43,30 +43,6 @@
- need_https_proxy.rc != 0 - need_https_proxy.rc != 0
- not skip_http_proxy_on_os_packages - not skip_http_proxy_on_os_packages
- name: Check Network Name Resolution configuration
raw: grep '^DNSSEC=allow-downgrade' /etc/systemd/resolved.conf
register: need_dnssec_allow_downgrade
failed_when: false
changed_when: false
# This command should always run, even in check mode
check_mode: false
when:
- '''UBUNTU_CODENAME=bionic'' in os_release.stdout_lines'
- name: Change Network Name Resolution configuration
raw: sed -i 's/^DNSSEC=yes/DNSSEC=allow-downgrade/g' /etc/systemd/resolved.conf
become: true
when:
- '''UBUNTU_CODENAME=bionic'' in os_release.stdout_lines'
- need_dnssec_allow_downgrade.rc
- name: Restart systemd-resolved service
raw: systemctl restart systemd-resolved
become: true
when:
- '''UBUNTU_CODENAME=bionic'' in os_release.stdout_lines'
- need_dnssec_allow_downgrade.rc
- name: Install python3 - name: Install python3
raw: raw:
apt-get update && \ apt-get update && \