From d195bb2dba76da80df33b777a13d2d719e74b735 Mon Sep 17 00:00:00 2001
From: Scott Dodson <sdodson@redhat.com>
Date: Mon, 19 Jun 2017 16:15:42 -0400
Subject: Run dns on the node and use that for dnsmasq

---
 roles/openshift_node_dnsmasq/defaults/main.yml                |  2 ++
 .../files/networkmanager/99-origin-dns.sh                     | 11 ++++++++---
 roles/openshift_node_dnsmasq/tasks/main.yml                   | 11 +++++++++++
 roles/openshift_node_dnsmasq/templates/node-dnsmasq.conf.j2   |  2 ++
 roles/openshift_node_dnsmasq/templates/origin-dns.conf.j2     |  2 +-
 5 files changed, 24 insertions(+), 4 deletions(-)
 create mode 100644 roles/openshift_node_dnsmasq/defaults/main.yml
 create mode 100644 roles/openshift_node_dnsmasq/templates/node-dnsmasq.conf.j2

(limited to 'roles/openshift_node_dnsmasq')

diff --git a/roles/openshift_node_dnsmasq/defaults/main.yml b/roles/openshift_node_dnsmasq/defaults/main.yml
new file mode 100644
index 000000000..06b2c4123
--- /dev/null
+++ b/roles/openshift_node_dnsmasq/defaults/main.yml
@@ -0,0 +1,2 @@
+---
+r_openshift_node_dnsmasq_port: 8054
diff --git a/roles/openshift_node_dnsmasq/files/networkmanager/99-origin-dns.sh b/roles/openshift_node_dnsmasq/files/networkmanager/99-origin-dns.sh
index c68073a10..2c466e4f0 100755
--- a/roles/openshift_node_dnsmasq/files/networkmanager/99-origin-dns.sh
+++ b/roles/openshift_node_dnsmasq/files/networkmanager/99-origin-dns.sh
@@ -52,6 +52,7 @@ no-resolv
 domain-needed
 server=/cluster.local/172.30.0.1
 server=/30.172.in-addr.arpa/172.30.0.1
+enable-dbus
 EOF
       # New config file, must restart
       NEEDS_RESTART=1
@@ -89,13 +90,17 @@ EOF
       systemctl restart dnsmasq
     fi
 
-    # Only if dnsmasq is running properly make it our only nameserver
+    # Only if dnsmasq is running properly make it our only nameserver, copy
+    # original resolv.conf to /etc/origin/node/resolv.conf for node service to
+    # bypass dnsmasq
     if `systemctl -q is-active dnsmasq.service`; then
-      sed -e '/^nameserver.*$/d' /etc/resolv.conf > ${NEW_RESOLV_CONF}
-      echo "nameserver "${def_route_ip}"" >> ${NEW_RESOLV_CONF}
       if ! grep -q '99-origin-dns.sh' ${NEW_RESOLV_CONF}; then
           echo "# nameserver updated by /etc/NetworkManager/dispatcher.d/99-origin-dns.sh" >> ${NEW_RESOLV_CONF}
+          cp /etc/resolv.conf /etc/origin/node/resolv.conf
       fi
+      sed -e '/^nameserver.*$/d' /etc/resolv.conf > ${NEW_RESOLV_CONF}
+      echo "nameserver "${def_route_ip}"" >> ${NEW_RESOLV_CONF}
+
       if ! grep -q 'search.*cluster.local' ${NEW_RESOLV_CONF}; then
         sed -i '/^search/ s/$/ cluster.local/' ${NEW_RESOLV_CONF}
       fi
diff --git a/roles/openshift_node_dnsmasq/tasks/main.yml b/roles/openshift_node_dnsmasq/tasks/main.yml
index 3311f7006..d0221a94b 100644
--- a/roles/openshift_node_dnsmasq/tasks/main.yml
+++ b/roles/openshift_node_dnsmasq/tasks/main.yml
@@ -14,6 +14,17 @@
   package: name=dnsmasq state=installed
   when: not openshift.common.is_atomic | bool
 
+# this file is copied to /etc/dnsmasq.d/ when the node starts and is removed
+# when the node stops. A dbus-message is sent to dnsmasq to add the same entries
+# so that dnsmasq doesn't need to be restarted. Once we can use dnsmasq 2.77 or
+# newer we can use --server-file option to update the servers dynamically and
+# reload them by sending dnsmasq a SIGHUP. We write the file in case someone else
+# triggers a restart of dnsmasq but not a node restart.
+- name: Install node-dnsmasq.conf
+  template:
+    src: node-dnsmasq.conf.j2
+    dest: /etc/origin/node/node-dnsmasq.conf
+
 - name: Install dnsmasq configuration
   template:
     src: origin-dns.conf.j2
diff --git a/roles/openshift_node_dnsmasq/templates/node-dnsmasq.conf.j2 b/roles/openshift_node_dnsmasq/templates/node-dnsmasq.conf.j2
new file mode 100644
index 000000000..4377403df
--- /dev/null
+++ b/roles/openshift_node_dnsmasq/templates/node-dnsmasq.conf.j2
@@ -0,0 +1,2 @@
+server=/in-addr.arpa/127.0.0.1#{{ r_openshift_node_dnsmasq_port }}
+server=/{{ openshift.common.dns_domain }}/127.0.0.1#{{ r_openshift_node_dnsmasq_port }}
diff --git a/roles/openshift_node_dnsmasq/templates/origin-dns.conf.j2 b/roles/openshift_node_dnsmasq/templates/origin-dns.conf.j2
index 8bae9aaac..eac18cb4b 100644
--- a/roles/openshift_node_dnsmasq/templates/origin-dns.conf.j2
+++ b/roles/openshift_node_dnsmasq/templates/origin-dns.conf.j2
@@ -1,5 +1,5 @@
 no-resolv
 domain-needed
-server=/{{ openshift.common.dns_domain }}/{{ openshift.common.kube_svc_ip }}
 no-negcache
 max-cache-ttl=1
+enable-dbus
-- 
cgit v1.2.3