fix(security,common)!: moved sysctl and resolvconf tasks from common to security role to fix DNS resolution fail due to firewall rules

2024-08-08 00:00:00 +00:00 · 2024-08-08 00:00:00 +00:00 · 3701ea6276
commit 3701ea6276
parent b7ba39bce9
13 changed files with 57 additions and 55 deletions
--- a/collections/ansible_collections/nullified/infrastructure/roles/security/templates/system/debian/resolv.conf.j2
+++ b/collections/ansible_collections/nullified/infrastructure/roles/security/templates/system/debian/resolv.conf.j2
@ -0,0 +1,12 @@
+{% set dns4_servers = hostvars[inventory_hostname]["global_dns_{}_dns4".format(global_dns_type)] | default([]) %}
+{% set dns6_servers = hostvars[inventory_hostname]["global_dns_{}_dns6".format(global_dns_type)] | default([]) %}
+{% if dns4_servers is defined and dns4_servers | length > 0 -%}
+{% for server in dns4_servers -%}
+nameserver {{ server }}
+{% endfor %}
+{% endif %}
+{% if global_ip_dualstack | default(false) and dns6_servers is defined and dns6_servers | length > 0 -%}
+{% for server in dns6_servers -%}
+nameserver {{ server }}
+{% endfor %}
+{% endif %}
--- a/collections/ansible_collections/nullified/infrastructure/roles/security/templates/system/debian/sysctld.local.conf.j2
+++ b/collections/ansible_collections/nullified/infrastructure/roles/security/templates/system/debian/sysctld.local.conf.j2
@ -0,0 +1,3 @@
+{% for item in security_sysctl_configuration.keys() -%}
+    {{ item }} = {{ security_sysctl_configuration[item] }}
+{% endfor %}