Remove systemd-resolved and configure DNS consistently (#320)

simcod · web-flow · commit d73fcd5e9e96 · 2025-07-04T12:55:08.000+02:00
diff --git a/cmd/install.go b/cmd/install.go
@@ -166,10 +166,6 @@ func (i *installer) writeResolvConf() error {
 	const f = "/etc/resolv.conf"
 	i.log.Info("write configuration", "file", f)
 	// Must be written here because during docker build this file is synthetic
-	// FIXME enable systemd-resolved based approach again once we figured out why it does not work on the firewall
-	// most probably because the resolved must be running in the internet facing vrf.
-	// ln -sf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf
-	// in ignite this file is a symlink to /proc/net/pnp, to pass integration test, remove this first
 	err := i.fs.Remove(f)
 	if err != nil {
 		i.log.Info("config file not present", "file", f)
diff --git a/debian/Dockerfile b/debian/Dockerfile
@@ -76,6 +76,7 @@ RUN set -ex \
     socat \
     sudo \
     systemd \
+    systemd-resolved- \
     systemd-sysv \
     systemd-timesyncd \
     tcpdump \
diff --git a/debian/context/kernel-installation.sh b/debian/context/kernel-installation.sh
@@ -14,12 +14,9 @@ if [ "${ID}" = "ubuntu" ] ; then
         https://kernel.ubuntu.com/mainline/${UBUNTU_MAINLINE_KERNEL_VERSION}/amd64/
 
     apt-get install --yes \
-        systemd-resolved \
         /tmp/linux-image* \
         /tmp/linux-modules* \
         intel-microcode
-    # Ubuntu still requires it
-    systemctl enable systemd-resolved
 else
     echo "Debian - Install kernel"
 
diff --git a/test/inputs/firewall.yaml b/test/inputs/firewall.yaml
@@ -61,4 +61,6 @@ nics:
         name: null
         neighbors: []
 ntp_servers:
-  - address: 1.pool.ntp.org
+  - address: 1.pool.ntp.org
+dns_servers:
+  - ip: 8.8.4.4
diff --git a/test/inputs/goss.yaml b/test/inputs/goss.yaml
@@ -65,15 +65,11 @@ file:
     exists: true
     contents:
     - "NTP=1.pool.ntp.org"
-  "/etc/systemd/resolved.conf.d/dns.conf":
-    exists: true
-    contents:
-    - DNS=8.8.8.8
 {{ end }}
   "/etc/resolv.conf":
     exists: true
     contents:
-    - nameserver 8.8.8.8
+    - nameserver 8.8.4.4
 {{ end }}
 {{ if eq .Env.MACHINE_TYPE "firewall" }}
   "/etc/hostname":
@@ -93,6 +89,10 @@ file:
     exists: true
     contents:
     - pool 1.pool.ntp.org iburst
+  "/etc/resolv.conf":
+    exists: true
+    contents:
+    - nameserver 8.8.4.4
 {{ end }}
 service:
 {{ if eq .Env.OS "almalinux" }}
diff --git a/test/inputs/machine.yaml b/test/inputs/machine.yaml
@@ -36,4 +36,4 @@ nics:
 ntp_servers:
   - address: 1.pool.ntp.org
 dns_servers:
-  - ip: 8.8.8.8
+  - ip: 8.8.4.4
diff --git a/test/test.sh b/test/test.sh
@@ -3,12 +3,12 @@
 set -ex
 
 echo "copy input files and goss"
-scp -o StrictHostKeyChecking=no -i ./key ./inputs/* "root@${IP}":/
+scp -o StrictHostKeyChecking=no -o IdentitiesOnly=yes -i ./key ./inputs/* "root@${IP}":/
 
 echo "do machine test"
 
 # somehow chrony@vrf104009 needs a double restart to work
-ssh -o StrictHostKeyChecking=no -i ./key "root@${IP}" <<EOF
+ssh -o StrictHostKeyChecking=no -o IdentitiesOnly=yes -i ./key "root@${IP}" <<EOF
     set -e
     MACHINE_TYPE=${MACHINE_TYPE} /prepare.sh
     # install go fails in a vm because grub-install will always fail.
