I think the ferm
firewall system must be the culprit here. But for now, one workaround could be to update the resolv.conf file. Here’s how I’m doing that:
- In
trellis/dev.yml
, add a new ‘dns’ role, and add it before the ‘common’ role:
roles:
- { role: dns, tags: [dns] }
- { role: common, tags: [common] }
then set up that role with a task that updates the resolv.conf file:
mkdir -p trellis/roles/dns/tasks
cat > trellis/roles/dns/tasks/main.yml
---
- name: Add public nameserver to resolv.conf
shell: echo "nameserver 1.1.1.1" >> /etc/resolv.conf
Now if we run vagrant up --provision
(or , then vagrant ssh
then curl -I https://github.com
it should be able to resolve that name. Since I was doing this on a new box with lots of attempts, I used vagrant destroy
and then trellis up
to test it from a clean slate.
Note: Docker apparently tries to prevent against changes to the resolv.conf in the container (it should instead be done in the image), so Ansible’s lineinfile
module which internally copies a file over another file does not work - Docker throws an error if you try something like this instead of using the shell
command as I did above:
- name: Add public nameserver to resolv.conf
lineinfile:
path: /etc/resolv.conf
line: "nameserver 1.1.1.1"
^ does not work
I also tried this but it didn’t change the file either… perhaps something to do with the shell redirection not working via Ansible -
- name: Add public nameserver to resolv.conf
command: echo "nameserver 1.1.1.1" >> /etc/resolv.conf
Note also, 1.1.1.1 should work universally - it is Cloudflare’s DNS
https://www.cloudflare.com/en-gb/learning/dns/what-is-1.1.1.1/