diff --git a/ansible/group_vars/all/dns b/ansible/group_vars/all/dns index 0c26c6278..aa7b47532 100644 --- a/ansible/group_vars/all/dns +++ b/ansible/group_vars/all/dns @@ -2,6 +2,9 @@ ############################################################################### # DNS. +# Whether kayobe should configure resolv.conf. +resolv_is_managed: true + # List of DNS nameservers. resolv_nameservers: - 8.8.8.8 diff --git a/ansible/network.yml b/ansible/network.yml index e6be3fb09..1b5aeec9b 100644 --- a/ansible/network.yml +++ b/ansible/network.yml @@ -50,6 +50,7 @@ roles: - role: ahuffman.resolv + when: resolv_is_managed | bool become: True - role: MichaelRigart.interfaces diff --git a/doc/source/configuration/network.rst b/doc/source/configuration/network.rst index 0607c3c0d..27f6b9d8b 100644 --- a/doc/source/configuration/network.rst +++ b/doc/source/configuration/network.rst @@ -368,6 +368,25 @@ VLAN to be forwarded by the bridge, whereas adding a VLAN interface to an Ethernet or bond interface that is a bridge member port will prevent tagged traffic for that VLAN being forwarded by the bridge. +Domain Name Service (DNS) Resolver Configuration +================================================ + +Kayobe supports configuration of hosts' DNS resolver via ``resolv.conf``. DNS +configuration should be added to ``dns.yml``. For example: + +.. code-block:: yaml + :caption: ``dns.yml`` + + resolv_nameservers: + - 8.8.8.8 + - 8.8.4.4 + resolv_domain: example.com + resolv_search: + - kayobe.example.com + +It is also possible to prevent kayobe from modifying ``resolv.conf`` by setting +``resolv_is_managed`` to ``false``. + Network Role Configuration ========================== diff --git a/etc/kayobe/dns.yml b/etc/kayobe/dns.yml index 46c48fb83..2b91aa941 100644 --- a/etc/kayobe/dns.yml +++ b/etc/kayobe/dns.yml @@ -2,6 +2,9 @@ ############################################################################### # DNS. +# Whether kayobe should configure resolv.conf. +#resolv_is_managed: + # List of DNS nameservers. #resolv_nameservers: diff --git a/releasenotes/notes/prevent-resolv.conf-4a09d50f60f3fe28.yaml b/releasenotes/notes/prevent-resolv.conf-4a09d50f60f3fe28.yaml new file mode 100644 index 000000000..bb8ad6c32 --- /dev/null +++ b/releasenotes/notes/prevent-resolv.conf-4a09d50f60f3fe28.yaml @@ -0,0 +1,4 @@ +--- +features: + - Adds the ability to prevent configuration of the DNS resolver. This can be + done by setting ``resolv_is_managed`` to ``false``.