Fix resolvconf

Do not repeat options and nameservers in the dhclient hooks.
Do not prepend nameservers for dhclient but supersede and fail back
to the upstream_dns_resolvers then default_resolver. Fixes order of
nameservers placement, which is cluster DNS ip goes always first.

Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
This commit is contained in:
Bogdan Dobrelya 2016-12-13 15:43:05 +01:00
parent 45135ad3e4
commit 0515814e0c
5 changed files with 16 additions and 19 deletions

View file

@ -39,15 +39,17 @@ Later, the nameservers will be reconfigured to the DNS service IP that Kargo
configures for K8s cluster. configures for K8s cluster.
Also note, existing records will be purged from the `/etc/resolv.conf`, Also note, existing records will be purged from the `/etc/resolv.conf`,
including base/head/cloud-init config files and those that come from dhclient. including resolvconf's base/head/cloud-init config files and those that come from dhclient.
This is required for hostnet pods networking and for [kubelet to not exceed search domains This is required for hostnet pods networking and for [kubelet to not exceed search domains
limits](https://github.com/kubernetes/kubernetes/issues/9229). limits](https://github.com/kubernetes/kubernetes/issues/9229).
New search, nameserver records and options will be defined from the aforementioned vars: Instead, new domain, search, nameserver records and options will be defined from the
* Via resolvconf's head file, if resolvconf installed. aforementioned vars:
* Via dhclient's DNS update hook. * Superseded via dhclient's DNS update hook.
* Via cloud-init (CoreOS only). * Generated via cloud-init (CoreOS only).
* Statically in the `/etc/resolv.conf`, if none of above is applicable. * Statically defined in the `/etc/resolv.conf`, if none of above is applicable.
* Resolvconf's head/base files are disabled from populating anything into the
`/etc/resolv.conf`.
DNS configuration details DNS configuration details
------------------------- -------------------------

View file

@ -1,8 +1,8 @@
--- ---
- name: Configure dhclient to prepend nameservers and supersede search/domain - name: Configure dhclient to supersede search/domain/nameservers
blockinfile: blockinfile:
block: |- block: |-
{% for item in [ supersede_domain, supersede_search, prepend_nameserver ] -%} {% for item in [ supersede_domain, supersede_search, supersede_nameserver ] -%}
{{ item }} {{ item }}
{% endfor %} {% endfor %}
dest: "{{dhclientconffile}}" dest: "{{dhclientconffile}}"

View file

@ -64,18 +64,13 @@
supersede_domain: supersede_domain:
supersede domain-name "{{ dns_domain }}"; supersede domain-name "{{ dns_domain }}";
- name: decide on dns server IP
set_fact:
dns_server_real: >-
{%- if dns_early|bool -%}{{default_resolver}}{%- else -%}{{dns_server}}{%- endif -%}
- name: pick dnsmasq cluster IP or default resolver - name: pick dnsmasq cluster IP or default resolver
set_fact: set_fact:
dnsmasq_server: |- dnsmasq_server: |-
{%- if skip_dnsmasq|bool and not dns_early|bool -%} {%- if skip_dnsmasq|bool and not dns_early|bool -%}
{{ [ skydns_server ] + upstream_dns_servers|default([]) }} {{ [ skydns_server ] + upstream_dns_servers|default([]) }}
{%- elif dns_early|bool -%} {%- elif dns_early|bool -%}
{{ [ dns_server_real ] + upstream_dns_servers|default([]) }} {{ upstream_dns_servers|default([default_resolver]) }}
{%- else -%} {%- else -%}
{{ [ dns_server ] }} {{ [ dns_server ] }}
{%- endif -%} {%- endif -%}
@ -83,6 +78,6 @@
- name: generate nameservers to resolvconf - name: generate nameservers to resolvconf
set_fact: set_fact:
nameserverentries: nameserverentries:
nameserver {{( dnsmasq_server|default([]) + nameservers|default([])) | join(',nameserver ')}} nameserver {{( dnsmasq_server + nameservers|default([])) | join(',nameserver ')}}
prepend_nameserver: supersede_nameserver:
prepend domain-name-servers {{( dnsmasq_server|default([]) + nameservers|default([])) | join(', ') }}; supersede domain-name-servers {{( dnsmasq_server + nameservers|default([])) | join(', ') }};

View file

@ -5,7 +5,7 @@
# #
if [ $reason = "BOUND" ]; then if [ $reason = "BOUND" ]; then
if [ -n "$new_domain_search" -o -n "$new_domain_name_servers" ]; then if [ -n "$new_domain_search" -o -n "$new_domain_name_servers" ]; then
RESOLV_CONF=$(cat /etc/resolv.conf) RESOLV_CONF=$(cat /etc/resolv.conf | sed -r '/^options (timeout|attempts|ndots).*$/d')
OPTIONS="options timeout:2\noptions attempts:2\noptions ndots:{{ ndots }}" OPTIONS="options timeout:2\noptions attempts:2\noptions ndots:{{ ndots }}"
printf "%b\n" "$RESOLV_CONF\n$OPTIONS" > /etc/resolv.conf printf "%b\n" "$RESOLV_CONF\n$OPTIONS" > /etc/resolv.conf

View file

@ -5,7 +5,7 @@
# #
zdnsupdate_config() { zdnsupdate_config() {
if [ -n "$new_domain_search" -o -n "$new_domain_name_servers" ]; then if [ -n "$new_domain_search" -o -n "$new_domain_name_servers" ]; then
RESOLV_CONF=$(cat /etc/resolv.conf) RESOLV_CONF=$(cat /etc/resolv.conf | sed -r '/^options (timeout|attempts|ndots).*$/d')
OPTIONS="options timeout:2\noptions attempts:2\noptions ndots:{{ ndots }}" OPTIONS="options timeout:2\noptions attempts:2\noptions ndots:{{ ndots }}"
echo -e "$RESOLV_CONF\n$OPTIONS" > /etc/resolv.conf echo -e "$RESOLV_CONF\n$OPTIONS" > /etc/resolv.conf