commit ba6da1324dc2f88acc51ff64d91208c0a5c0eb42
parent b10d8f89744f2f03d64900135c3e1cff9e86e6cc
Author: Andreas Gruhler <andreas.gruhler@adfinis-sygroup.ch>
Date: Sun, 15 Sep 2019 22:45:29 +0200
resolve hostname to public ip
Diffstat:
4 files changed, 50 insertions(+), 7 deletions(-)
diff --git a/ansible/defaults/all.yml b/ansible/defaults/all.yml
@@ -14,7 +14,6 @@ ssh_include_config: '~/.ssh/config'
# allow sudo/wheel users to execute any command without password
ssh_passwordless_login: no
-
# example of adding additional users
# additional_users:
# - name: user1
@@ -27,3 +26,22 @@ ssh_passwordless_login: no
# #ssh_key: '{{ ssh_identity_file }}'
# # adds this key as authorized key
# sauthorized_key: '~/.ssh/id_rsa.pub'
+
+# The cloud-init config template has manage_etc_hosts enabled by default.
+# This will overwrite the state of /etc/hosts at each reboot. The default
+# cloud-init configuratin resolves {{ ansible_hostname }} to 127.0.0.1.
+# This is not desirable in all cases, since sometimes you want it to resolve
+# the public IP (not localhost).
+#
+# There is an option cicustom which could be used to change this behavior
+# at an earlier stage (e.g. with Terraform):
+# https://pve.proxmox.com/wiki/Cloud-Init_Support#_custom_cloud_init_configuration
+#
+# However, this parameter is not yet included in Telmate/terraform-provider-proxmox.
+# Also, tests showed that reading the 'user' config as described in the above
+# link did not really change the behavior of manage_etc_hosts (/etc/hosts was
+# still modified at each reboot). Thus, this option will disable the line that
+# resolves {{ ansible_hostname }} to 127.0.0.1 in all relevant files. The file
+# /etc/hosts will still be overwritten at each reboot, but without the line resolving
+# {{ ansible_hostname }} to 127.0.0.1. Choose 'yes' to enable this temporary fix.
+cloud_init_disable_localhost_resolver: no
diff --git a/ansible/playbook.yml b/ansible/playbook.yml
@@ -108,4 +108,20 @@
line: '%{{ sudo_group }} ALL=(ALL) NOPASSWD: ALL'
validate: 'visudo -cf %s'
when: ssh_passwordless_login
- become: yes
-\ No newline at end of file
+ become: yes
+
+ - block:
+ - name: disable ipv4 localhost resolver
+ replace:
+ path: '{{ item.file }}'
+ regexp: '^127\.0\.0\.1 {{ item.fqdn }}(.*)$'
+ replace: '#127.0.0.1 {{ item.fqdn }}\1'
+ loop: '{{ host_files }}'
+
+ - name: disable ipv6 localhost resolver
+ replace:
+ path: '{{ item.file }}'
+ regexp: '^::1 {{ item.fqdn }}(.*)$'
+ replace: '#::1 {{ item.fqdn }}\1'
+ loop: '{{ host_files }}'
+ when: cloud_init_disable_localhost_resolver
diff --git a/ansible/vars/Debian.yml b/ansible/vars/Debian.yml
@@ -1,4 +1,10 @@
---
# group of sudo users
-sudo_group: sudo
-\ No newline at end of file
+sudo_group: sudo
+
+host_files:
+ - file: '/etc/cloud/templates/hosts.debian.tmpl'
+ fqdn: '\{\{fqdn\}\}'
+ - file: '/etc/hosts'
+ fqdn: '{{ ansible_hostname }}'
diff --git a/ansible/vars/RedHat.yml b/ansible/vars/RedHat.yml
@@ -1,4 +1,10 @@
---
# group of sudo users
-sudo_group: wheel
-\ No newline at end of file
+sudo_group: wheel
+
+host_files:
+ - file: '/etc/cloud/templates/hosts.redhat.tmpl'
+ fqdn: '\{\{fqdn\}\}'
+ - file: '/etc/hosts'
+ fqdn: '{{ ansible_hostname }}'
