search

freeipa / ansible-freeipa

Ansible roles and modules for FreeIPA
GNU General Public License v3.0
480 stars 231 forks source link

ipaclient: Configure DNS resolver always reports as changed #1217

Closed Nihlus closed 3 months ago

Nihlus commented 4 months ago

When using ipaclient on a Debian 12 system, the step "Configure DNS resolver" is always reported as changed even when no apparent change is made to the system.

This occurs when using systemd-resolved with /etc/resolv.conf linked to /run/systemd/resolve/resolv.conf. Two DNS servers are explicitly configured (the main IPA server and a replica).

zzz-ipa.conf is created in /etc/resolved.conf.d with the following contents (missing one blank line at the start due to github's markdown stripping it out, IPs and domain name redacted):


# auto-generated by IPA client installer
[Resolve]
# use DNS servers
DNS=192.168.0.100 192.168.0.101
# make default DNS server, add search suffixes
Domains=~. mydomain.net

The file's modification times are not updates after the role reports the step as changed.

Nihlus commented 3 months ago

Looking into the source code, the DNS configurator unconditionally reports itself as changed no matter what. That seems like a bit of an oversight, but should not be too complex to resolve.

https://github.com/freeipa/ansible-freeipa/blob/master/roles/ipaclient/library/ipaclient_configure_dns_resolver.py#L315