From a005d19f6ff1a9aba3a3994f41c9e5c86bc5f102 Mon Sep 17 00:00:00 2001
From: Matthew Mosesohn <matthew.mosesohn@gmail.com>
Date: Wed, 6 Nov 2019 14:33:52 +0300
Subject: [PATCH] Enable systemd-resolved DNS resolution mode (#5318)

Change-Id: If3e253a40782e03cde7fc4a91493517ae31fda17
---
 roles/kubernetes/preinstall/handlers/main.yml       |  5 +++++
 .../kubernetes/preinstall/tasks/0040-set_facts.yml  |  7 +++++++
 .../preinstall/tasks/0061-systemd-resolved.yml      |  9 +++++++++
 roles/kubernetes/preinstall/tasks/main.yml          | 10 ++++++++++
 .../preinstall/templates/resolved.conf.j2           | 13 +++++++++++++
 5 files changed, 44 insertions(+)
 create mode 100644 roles/kubernetes/preinstall/tasks/0061-systemd-resolved.yml
 create mode 100644 roles/kubernetes/preinstall/templates/resolved.conf.j2

diff --git a/roles/kubernetes/preinstall/handlers/main.yml b/roles/kubernetes/preinstall/handlers/main.yml
index 3fd097577..81d13d412 100644
--- a/roles/kubernetes/preinstall/handlers/main.yml
+++ b/roles/kubernetes/preinstall/handlers/main.yml
@@ -95,3 +95,8 @@
     - inventory_hostname in groups['kube-master']
     - dns_mode != 'none'
     - resolvconf_mode == 'host_resolvconf'
+
+- name: Preinstall | Restart systemd-resolved
+  service:
+    name: systemd-resolved
+    state: restarted
diff --git a/roles/kubernetes/preinstall/tasks/0040-set_facts.yml b/roles/kubernetes/preinstall/tasks/0040-set_facts.yml
index 4a6318cc9..73b751589 100644
--- a/roles/kubernetes/preinstall/tasks/0040-set_facts.yml
+++ b/roles/kubernetes/preinstall/tasks/0040-set_facts.yml
@@ -43,6 +43,13 @@
   changed_when: false
   check_mode: no
 
+- name: check systemd-resolved
+  command: systemctl is-active systemd-resolved
+  register: systemd_resolved_enabled
+  failed_when: false
+  changed_when: false
+  check_mode: no
+
 - name: set dns facts
   set_fact:
     resolvconf: >-
diff --git a/roles/kubernetes/preinstall/tasks/0061-systemd-resolved.yml b/roles/kubernetes/preinstall/tasks/0061-systemd-resolved.yml
new file mode 100644
index 000000000..381135862
--- /dev/null
+++ b/roles/kubernetes/preinstall/tasks/0061-systemd-resolved.yml
@@ -0,0 +1,9 @@
+---
+- name: Write resolved.conf
+  template:
+    src: resolved.conf.j2
+    dest: /etc/systemd/resolved.conf
+    owner: root
+    group: root
+    mode: 0644
+  notify: Preinstall | Restart systemd-resolved
diff --git a/roles/kubernetes/preinstall/tasks/main.yml b/roles/kubernetes/preinstall/tasks/main.yml
index 63d20a923..9ae44f4a6 100644
--- a/roles/kubernetes/preinstall/tasks/main.yml
+++ b/roles/kubernetes/preinstall/tasks/main.yml
@@ -32,6 +32,16 @@
   when:
     - dns_mode != 'none'
     - resolvconf_mode == 'host_resolvconf'
+    - systemd_resolved_enabled.rc != 0
+  tags:
+    - bootstrap-os
+    - resolvconf
+
+- import_tasks: 0061-systemd-resolved.yml
+  when:
+    - dns_mode != 'none'
+    - resolvconf_mode == 'host_resolvconf'
+    - systemd_resolved_enabled.rc == 0
   tags:
     - bootstrap-os
     - resolvconf
diff --git a/roles/kubernetes/preinstall/templates/resolved.conf.j2 b/roles/kubernetes/preinstall/templates/resolved.conf.j2
new file mode 100644
index 000000000..6aac1a640
--- /dev/null
+++ b/roles/kubernetes/preinstall/templates/resolved.conf.j2
@@ -0,0 +1,13 @@
+[Resolve]
+{% if dns_late %}
+DNS={{ ( coredns_server + nameservers|d([]) + cloud_resolver|d([])) | unique | join(' ') }}
+{% else %}
+DNS={{ ( nameservers|d([]) + cloud_resolver|d([])) | unique | join(' ') }}
+{% endif %}
+#FallbackDNS=
+Domains={{ ([ 'default.svc.' + dns_domain, 'svc.' + dns_domain ] + searchdomains|default([])) | join(' ') }}
+#LLMNR=no
+#MulticastDNS=no
+DNSSEC=no
+Cache=no-negative
+#DNSStubListener=yes
-- 
GitLab