From db50b11f29ee95fa6128257141bba9c39fe36de3 Mon Sep 17 00:00:00 2001 From: Michael Gugino Date: Wed, 25 Oct 2017 17:01:26 -0400 Subject: Change dnsmasq to bind-interfaces + except-interfaces Currently, we have to set the listen ip for dnsmasq via ansible during installation. This commit enables dnsmasq to bind-interfaces + exclude interfaces to ensure dnsmasq doesn't listen on lo interface. --- roles/openshift_node_dnsmasq/defaults/main.yml | 5 +++++ roles/openshift_node_dnsmasq/templates/origin-dns.conf.j2 | 5 ++++- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/roles/openshift_node_dnsmasq/defaults/main.yml b/roles/openshift_node_dnsmasq/defaults/main.yml index eae832fcf..ebcff46b5 100644 --- a/roles/openshift_node_dnsmasq/defaults/main.yml +++ b/roles/openshift_node_dnsmasq/defaults/main.yml @@ -1,2 +1,7 @@ --- openshift_node_dnsmasq_install_network_manager_hook: true + +# lo must always be present in this list or dnsmasq will conflict with +# the node's dns service. +openshift_node_dnsmasq_except_interfaces: +- lo diff --git a/roles/openshift_node_dnsmasq/templates/origin-dns.conf.j2 b/roles/openshift_node_dnsmasq/templates/origin-dns.conf.j2 index ef3ba2880..5c9601277 100644 --- a/roles/openshift_node_dnsmasq/templates/origin-dns.conf.j2 +++ b/roles/openshift_node_dnsmasq/templates/origin-dns.conf.j2 @@ -4,4 +4,7 @@ no-negcache max-cache-ttl=1 enable-dbus bind-interfaces -listen-address={{ openshift.node.dns_ip }} +{% for interface in openshift_node_dnsmasq_except_interfaces %} +except-interface={{ interface }} +{% endfor %} +# End of config -- cgit v1.2.3