Gabriel Radureau
e6fc24c101
During the 2026-04-13 power cut recovery, DNS resolution failures blocked Longhorn reinstall. Root causes: - CoreDNS forwarded to a single hardcoded Pi-hole IP instead of both HA instances - CoreDNS main Corefile forwarded to /etc/resolv.conf which pointed to itself on pi3 - Pi-hole lacked explicit upstream DNS, relying on DHCP-provided config - dnsmasq system service conflicted with pihole-FTL on port 53 Changes: - k3s_dns: forward CoreDNS to both Pi-hole HA instances (pi1 + pi3) dynamically - k3s_dns: update main CoreDNS Corefile to forward to Pi-holes instead of resolv.conf - pihole defaults: add explicit upstream DNS servers (8.8.8.8, 1.1.1.1, 8.8.4.4) - pihole ha_setup: write /etc/dnsmasq.d/99-upstream.conf with explicit upstreams - rpi: add dnsmasq user to dip group and disable conflicting dnsmasq service on Pi-hole nodes See docs/adr/20260414-internal-dns-architecture.md for full rationale. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
27 lines
711 B
YAML
27 lines
711 B
YAML
- name: Raspberry pi general setup
|
|
hosts: raspberries:&local
|
|
gather_facts: yes
|
|
tags: never
|
|
become: yes
|
|
|
|
tasks:
|
|
|
|
- name: set hostname
|
|
ansible.builtin.hostname:
|
|
name: "{{ inventory_hostname }}"
|
|
become: yes
|
|
when: inventory_hostname != ansible_hostname
|
|
|
|
- name: Ensure dnsmasq user is in dip group for Pi-hole DNS
|
|
ansible.builtin.user:
|
|
name: dnsmasq
|
|
groups: dip
|
|
append: yes
|
|
when: "'pihole' in group_names"
|
|
|
|
- name: Disable dnsmasq service on Pi-hole nodes to avoid port 53 conflict with pihole-FTL
|
|
ansible.builtin.systemd:
|
|
name: dnsmasq
|
|
state: stopped
|
|
enabled: no
|
|
when: "'pihole' in group_names" |