Managing /etc/resolv.conf with Ansible

Latest response

Good Morning,

we would like to manage the /etc/resolv.conf with ansible. But currently the file is generated by NetworkManager.

[root@rhel-t2 ~]# cat /etc/resolv.conf
# Generated by NetworkManager
search sub.exampelcom example.com
nameserver <ip address 1>
nameserver <ip address 2>

My guess is that the NetworkManager generates this file because I use the DNS1 and DNS2 directives in the ifcfg-file and no PEERDNS=no (see How to make persistent changes to the /etc/resolv.conf?).

What would be the best way to get /etc/resolv.conf under the control of ansible? My first thought was to simply stop using the DNS1 and DNS2 directives in the ifcfg-file and to disable the NetworkManager.service. Without the NetworkManager running I should be able to deploy the /etc/resolv.conf from an ansible template.

What do you think about it? Do you have any other ideas on how to do this?

Best regards,
Joerg

Responses

Safe to assume that you're not using DHCP?

It seems to me that you answered your own question. Why not just remove your DNS entries from the ifcfg files and set 'PEERDNS=no' so that NetworkManager does not manage resolv.conf. I don't think you need to go so far as to disable NetworkManager.

Hello Jörg,

Did you test Ijkimmel's suggestion? Be aware that it only works under the condition as Tom Jones already states: No DCHP or the DCHP server might advertise DNS servers.

Another suggestion I found on the Fedora mailling list, chattr +i /etc/resolv.conf to avoid any process or user to change /etc/resolv.conf and only release and set the immune attribute in your Ansible playbook.

Regards,

Jan Gerrit

Yes, this article talks about the same : https://access.redhat.com/solutions/7412 ...Accordingly, either dhcp or DNS* entries in ifcfg-* files would lead to /etc/resolv.conf file modifications.

Good morning,

And thank your for your answers, so far.

Yes, it is safe to assume that I'm not using DHCP. When I remove the DNS1 and DNS2 directives from the ifcfg-file and set PEERDNS=no the /etc/resolv.conf is still managed by the NetworkManager.

On the ansible mailing list I got the hint to set dns=none in /etc/NetworkManager/NetworkManager.conf. In man NetworkManager.conf I found the following:

       dns
           Set the DNS (resolv.conf) processing mode.

           default: The default if the key is not specified. NetworkManager
           will update resolv.conf to reflect the nameservers provided by
           currently active connections.
[...]
           none: NetworkManager will not modify resolv.conf. This implies
           rc-manager unmanaged

That seems to be the best way to go. I don't have to disable the NetworkManager and could start managing /etc/resolv.conf with ansible. An alternative would be to set rc-managed=unmanaged. I'm not sure what's the difference, but they might work both.

Regards, Jörg

Bonjour,

I recently had to test the rewriting on the fly of /etc/resolv.conf when a particular event occurs. And the question was "what if NetworkManager is running ?"

With both 'dns=none' and 'rc-manager=unmanaged' in the [main] section of /etc/NetworkManager/NetworkManager.conf, file /etc/resolv.conf is no more modified by NM

In my case, it was the best choice because it is a general option that applies whatever ifcfg files contain.

HTH

Good Morning,

We are going to set the option dns=none as well using the ansible lineinfile module. Then the /etc/resolv.conf will be deployed with the template module of ansible.

Regards, Joerg

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.