Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

First commits for an Ansible role to install and configure systemd-resolved #1

Merged
merged 19 commits into from
May 8, 2024
Merged

First commits for an Ansible role to install and configure systemd-resolved #1

merged 19 commits into from
May 8, 2024

Conversation

jsf9k
Copy link
Member

@jsf9k jsf9k commented Apr 30, 2024
edited
Loading

🗣 Description

This PR creates an Ansible role to install and configure systemd-resolved.

💭 Motivation and context

This PR contributes to the resolution of cisagov/cool-system-internal#140 since, once this role is applied to our COOL AMIs, they will use the systemd-resolved stub DNS resolver.

🧪 Testing

All automated tests pass.

✅ Pre-approval checklist

  • This PR has an informative and human-readable title.
  • Changes are limited to a single goal - eschew scope creep!
  • All relevant type-of-change labels have been added.
  • I have read the CONTRIBUTING document.
  • These code changes follow cisagov code standards.
  • All relevant repo and/or project documentation has been updated to reflect the changes in this PR.
  • Tests have been added and/or modified to cover the changes in this PR.
  • All new and existing tests pass.

@jsf9k jsf9k self-assigned this Apr 30, 2024
@jsf9k jsf9k force-pushed the first-commits branch 2 times, most recently from 3868f95 to 7b185bd Compare April 30, 2024 19:41
@jsf9k jsf9k mentioned this pull request Apr 30, 2024
Merged
10 tasks
@jsf9k jsf9k marked this pull request as ready for review May 1, 2024 16:08
@jsf9k jsf9k requested a review from a team May 1, 2024 16:08
dav3r
dav3r approved these changes May 1, 2024
View reviewed changes
Copy link
Member

@dav3r dav3r left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good stuff! 🚀
I noted naught but two small thangs.

.pre-commit-config.yaml Outdated Show resolved Hide resolved
molecule/default/tests/test_default.py Outdated Show resolved Hide resolved
@jsf9k jsf9k requested a review from dav3r May 1, 2024 20:24
mcdonnnj
mcdonnnj reviewed May 1, 2024
View reviewed changes
Copy link
Member

@mcdonnnj mcdonnnj left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks pretty solid. I do have some feedback for your consideration.

.pre-commit-config.yaml Show resolved Hide resolved
meta/requirements.yml Outdated Show resolved Hide resolved
tasks/main.yml Outdated Show resolved Hide resolved
molecule/default/unmount.yml Show resolved Hide resolved
molecule/default/tests/test_default.py Show resolved Hide resolved
@jsf9k jsf9k force-pushed the first-commits branch 6 times, most recently from 165b5b5 to df1e703 Compare May 3, 2024 15:03
@jsf9k jsf9k requested a review from mcdonnnj May 3, 2024 15:06
@jsf9k jsf9k force-pushed the first-commits branch 4 times, most recently from bb8a55d to 8314ef7 Compare May 3, 2024 18:26
jsf9k and others added 16 commits May 3, 2024 14:38
@jsf9k
Update tasks and Molecule tests to add/test functionality
d66b1e1
@jsf9k
Remove support for Debian Buster and Bullseye as well as Ubuntu Focal…
449d1ee 
… and Jammy

These platforms do not provide systemd-resolved.
@jsf9k
Add code to unmount /etc/resolv.conf in Molecule prepare stage
0906cb6 
Docker bind mounts a file from the host to /etc/resolv.conf.  This is
inconvenient for us, since we need to create a symlink at
/etc/resolv.conf.  At the same time, we don't want to break DNS.  The
playbook being imported contains a workaround for this situation.
@jsf9k
Enable and start systemd-resolved sooner
d1decf5 
We must start the service to populate the files in
/run/systemd/resolve/, before we can create the /etc/resolv.conf.
@jsf9k
Comment out call to Service.exists
1b662af 
This functionality from pytest-testinfra is currently broken.  See
pytest-dev/pytest-testinfra#757 for more details.  Once
pytest-dev/pytest-testinfra#754 has been merged and a new release of
pytest-testinfra is created the Service.exists line can be restored.
@jsf9k
Preserve user, group, and mode when copying around resolv.conf
2c76623
@jsf9k
Do not change the owner, group, or mode of the target when creating t…
69ab2cd 
…he symlink
@jsf9k
Use a different symlink target for AmazonLinux2023
c3d2e0f 
/run/systemd/resolve/stub-resolv.conf is a symlink to
/run/systemd/resolve/resolv.conf in AL2023, so in this case the
/etc/resolv.conf symlink resolves to the former not the latter.
@jsf9k
Add ansible as a dependency for the ansible-lint pre-commit hook
53a6447 
For some reason ansible-lint does not know about the existence of
ansible.posix.mount unless ansible itself is added as an extra
dependency.  I believe this is because ansible is not installed when
ansible-lint is installed.
@jsf9k @dav3r
Add a comment
c4af931 
The comment explains why ansible must be added as an additional
dependency for the ansible-lint linter.

Co-authored-by: dav3r <[email protected]>
@jsf9k @dav3r
Create and reference issue for uncommenting of assertion in test code
9a69c22 
Co-authored-by: dav3r <[email protected]>
@jsf9k
Verify the systemd-resolved stub resolver is being used by default
626d43f 
Note that this entails installing dnsutils in the Molecule prepare
stage so that dig is available when the Molecule tests are run.
@jsf9k @mcdonnnj
Separate tasks with a blank line
9a51c3a 
Co-authored-by: Nick <[email protected]>
@jsf9k @mcdonnnj
Expand comment describing why we use follow=false
32e1a61 
Co-authored-by: Nick <[email protected]>
@jsf9k @mcdonnnj
Pull in the same version of ansible as is used in requirements-test.txt
a68a9b5 
Co-authored-by: Nick <[email protected]>
@jsf9k
Uncomment Dependabot ignore directives from cisagov/skeleton-ansible-…
f3c1b2f 
…role
dav3r
dav3r approved these changes May 6, 2024
View reviewed changes
Copy link
Member

@dav3r dav3r left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍 👍

mcdonnnj
mcdonnnj approved these changes May 8, 2024
View reviewed changes
Copy link
Member

@mcdonnnj mcdonnnj left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM ✔ Two minor feedback items for your consideration.

meta/main.yml Show resolved Hide resolved
molecule/default/tests/test_default.py Outdated Show resolved Hide resolved
molecule/default/tests/test_default.py Show resolved Hide resolved
@jsf9k @mcdonnnj
Correct comment
a3eeb16 
Co-authored-by: Nick <[email protected]>
@jsf9k jsf9k merged commit 122f3c2 into develop May 8, 2024
11 checks passed
@jsf9k jsf9k deleted the first-commits branch May 8, 2024 17:21
jsf9k added a commit to cisagov/skeleton-packer that referenced this pull request May 8, 2024
@jsf9k
Revert to using the default branch of cisagov/ansible-role-systemd-re…
3fec4e5 
…solved

We can do this now that cisagov/ansible-role-systemd-resolved#1 has
been approved and merged.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mcdonnnj mcdonnnj mcdonnnj approved these changes

@dav3r dav3r dav3r approved these changes

@felddy felddy Awaiting requested review from felddy felddy is a code owner

@jasonodoom jasonodoom Awaiting requested review from jasonodoom

Assignees

@jsf9k jsf9k

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jsf9k @dav3r @mcdonnnj