Configure NetworkManager to use systemd-resolved

zzz-ipa.conf now enables NetworkManager's systemd-resolved plugin when
systemd-resolved is detected.

See: https://pagure.io/freeipa/issue/8275
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>

ipaplatform/base/tasks.py

@@ -309,11 +309,13 @@ class BaseTaskNamespace:
         """Tell systemd to reload config files"""
         raise NotImplementedError
 
-    def configure_dns_resolver(self, nameservers, searchdomains, fstore=None):
+    def configure_dns_resolver(self, nameservers, searchdomains, *,
+                               resolve1_enabled=False, fstore=None):
         """Configure global DNS resolver (e.g. /etc/resolv.conf)
 
         :param nameservers: list of IP addresses
         :param searchdomains: list of search domaons
+        :param resolve1_enabled: is systemd-resolved enabled?
         :param fstore: optional file store for backup
         """
         raise NotImplementedError

ipaplatform/redhat/tasks.py

@@ -44,6 +44,7 @@ from subprocess import CalledProcessError
 from pyasn1.error import PyAsn1Error
 
 from ipapython import directivesetter
+from ipapython import dnsutil
 from ipapython import ipautil
 import ipapython.errors
 
@@ -66,7 +67,7 @@ PKCS11_MODULES = [
 NM_IPA_CONF = textwrap.dedent("""
     # auto-generated by IPA installer
     [main]
-    dns=default
+    dns={dnsprocessing}
 
     [global-dns]
     searches={searches}
@@ -613,7 +614,8 @@ class RedHatTaskNamespace(BaseTaskNamespace):
                                       'TransferLog',
                                       'logs/access_log', False)
 
-    def configure_dns_resolver(self, nameservers, searchdomains, fstore=None):
+    def configure_dns_resolver(self, nameservers, searchdomains, *,
+                               resolve1_enabled=False, fstore=None):
         """Configure global DNS resolver (e.g. /etc/resolv.conf)
 
         :param nameservers: list of IP addresses
@@ -639,7 +641,15 @@ class RedHatTaskNamespace(BaseTaskNamespace):
             # a new resolv.conf. The file is prefixed with ``zzz`` to
             # make it the last file. Global dns options do not stack and last
             # man standing wins.
+            if resolve1_enabled:
+                # push DNS configuration to systemd-resolved
+                dnsprocessing = "systemd-resolved"
+            else:
+                # update /etc/resolv.conf
+                dnsprocessing = "default"
+
             cfg = NM_IPA_CONF.format(
+                dnsprocessing=dnsprocessing,
                 servers=','.join(nameservers),
                 searches=','.join(searchdomains)
             )

ipaserver/install/bindinstance.py

@@ -50,6 +50,7 @@ from ipapython.admintool import ScriptError
 import ipalib
 from ipalib import api, errors
 from ipalib.constants import IPA_CA_RECORD
+from ipalib.install import dnsforwarders
 from ipaplatform import services
 from ipaplatform.tasks import tasks
 from ipaplatform.constants import constants
@@ -1118,6 +1119,7 @@ class BindInstance(service.Service):
     def __setup_resolv_conf(self):
         searchdomains = [self.domain]
         nameservers = []
+        resolve1_enabled = dnsforwarders.detect_resolve1_resolv_conf()
 
         for ip_address in self.ip_addresses:
             if ip_address.version == 4:
@@ -1127,7 +1129,8 @@ class BindInstance(service.Service):
 
         try:
             tasks.configure_dns_resolver(
-                nameservers, searchdomains, fstore=self.fstore
+                nameservers, searchdomains,
+                resolve1_enabled=resolve1_enabled, fstore=self.fstore
             )
         except IOError as e:
             logger.error('Could not update DNS config: %s', e)