From d195bb2dba76da80df33b777a13d2d719e74b735 Mon Sep 17 00:00:00 2001 From: Scott Dodson Date: Mon, 19 Jun 2017 16:15:42 -0400 Subject: Run dns on the node and use that for dnsmasq --- roles/openshift_node_dnsmasq/defaults/main.yml | 2 ++ .../files/networkmanager/99-origin-dns.sh | 11 ++++++++--- roles/openshift_node_dnsmasq/tasks/main.yml | 11 +++++++++++ roles/openshift_node_dnsmasq/templates/node-dnsmasq.conf.j2 | 2 ++ roles/openshift_node_dnsmasq/templates/origin-dns.conf.j2 | 2 +- 5 files changed, 24 insertions(+), 4 deletions(-) create mode 100644 roles/openshift_node_dnsmasq/defaults/main.yml create mode 100644 roles/openshift_node_dnsmasq/templates/node-dnsmasq.conf.j2 (limited to 'roles/openshift_node_dnsmasq') diff --git a/roles/openshift_node_dnsmasq/defaults/main.yml b/roles/openshift_node_dnsmasq/defaults/main.yml new file mode 100644 index 000000000..06b2c4123 --- /dev/null +++ b/roles/openshift_node_dnsmasq/defaults/main.yml @@ -0,0 +1,2 @@ +--- +r_openshift_node_dnsmasq_port: 8054 diff --git a/roles/openshift_node_dnsmasq/files/networkmanager/99-origin-dns.sh b/roles/openshift_node_dnsmasq/files/networkmanager/99-origin-dns.sh index c68073a10..2c466e4f0 100755 --- a/roles/openshift_node_dnsmasq/files/networkmanager/99-origin-dns.sh +++ b/roles/openshift_node_dnsmasq/files/networkmanager/99-origin-dns.sh @@ -52,6 +52,7 @@ no-resolv domain-needed server=/cluster.local/172.30.0.1 server=/30.172.in-addr.arpa/172.30.0.1 +enable-dbus EOF # New config file, must restart NEEDS_RESTART=1 @@ -89,13 +90,17 @@ EOF systemctl restart dnsmasq fi - # Only if dnsmasq is running properly make it our only nameserver + # Only if dnsmasq is running properly make it our only nameserver, copy + # original resolv.conf to /etc/origin/node/resolv.conf for node service to + # bypass dnsmasq if `systemctl -q is-active dnsmasq.service`; then - sed -e '/^nameserver.*$/d' /etc/resolv.conf > ${NEW_RESOLV_CONF} - echo "nameserver "${def_route_ip}"" >> ${NEW_RESOLV_CONF} if ! grep -q '99-origin-dns.sh' ${NEW_RESOLV_CONF}; then echo "# nameserver updated by /etc/NetworkManager/dispatcher.d/99-origin-dns.sh" >> ${NEW_RESOLV_CONF} + cp /etc/resolv.conf /etc/origin/node/resolv.conf fi + sed -e '/^nameserver.*$/d' /etc/resolv.conf > ${NEW_RESOLV_CONF} + echo "nameserver "${def_route_ip}"" >> ${NEW_RESOLV_CONF} + if ! grep -q 'search.*cluster.local' ${NEW_RESOLV_CONF}; then sed -i '/^search/ s/$/ cluster.local/' ${NEW_RESOLV_CONF} fi diff --git a/roles/openshift_node_dnsmasq/tasks/main.yml b/roles/openshift_node_dnsmasq/tasks/main.yml index 3311f7006..d0221a94b 100644 --- a/roles/openshift_node_dnsmasq/tasks/main.yml +++ b/roles/openshift_node_dnsmasq/tasks/main.yml @@ -14,6 +14,17 @@ package: name=dnsmasq state=installed when: not openshift.common.is_atomic | bool +# this file is copied to /etc/dnsmasq.d/ when the node starts and is removed +# when the node stops. A dbus-message is sent to dnsmasq to add the same entries +# so that dnsmasq doesn't need to be restarted. Once we can use dnsmasq 2.77 or +# newer we can use --server-file option to update the servers dynamically and +# reload them by sending dnsmasq a SIGHUP. We write the file in case someone else +# triggers a restart of dnsmasq but not a node restart. +- name: Install node-dnsmasq.conf + template: + src: node-dnsmasq.conf.j2 + dest: /etc/origin/node/node-dnsmasq.conf + - name: Install dnsmasq configuration template: src: origin-dns.conf.j2 diff --git a/roles/openshift_node_dnsmasq/templates/node-dnsmasq.conf.j2 b/roles/openshift_node_dnsmasq/templates/node-dnsmasq.conf.j2 new file mode 100644 index 000000000..4377403df --- /dev/null +++ b/roles/openshift_node_dnsmasq/templates/node-dnsmasq.conf.j2 @@ -0,0 +1,2 @@ +server=/in-addr.arpa/127.0.0.1#{{ r_openshift_node_dnsmasq_port }} +server=/{{ openshift.common.dns_domain }}/127.0.0.1#{{ r_openshift_node_dnsmasq_port }} diff --git a/roles/openshift_node_dnsmasq/templates/origin-dns.conf.j2 b/roles/openshift_node_dnsmasq/templates/origin-dns.conf.j2 index 8bae9aaac..eac18cb4b 100644 --- a/roles/openshift_node_dnsmasq/templates/origin-dns.conf.j2 +++ b/roles/openshift_node_dnsmasq/templates/origin-dns.conf.j2 @@ -1,5 +1,5 @@ no-resolv domain-needed -server=/{{ openshift.common.dns_domain }}/{{ openshift.common.kube_svc_ip }} no-negcache max-cache-ttl=1 +enable-dbus -- cgit v1.2.3