8679f10f71
* For Debian/RedHat OS families (with NetworkManager/dhclient/resolvconf optionally enabled) prepend /etc/resolv.conf with required nameservers, options, and supersede domain and search domains via the dhclient/resolvconf hooks. * Drop (z)nodnsupdate dhclient hook and re-implement it to complement the resolvconf -u command, which is distro/cloud provider specific. Update docs as well. * Enable network restart to apply and persist changes and simplify handlers to rely on network restart only. This fixes DNS resolve for hostnet K8s pods for Red Hat OS family. Skip network restart for canal/calico plugins, unless https://github.com/projectcalico/felix/issues/1185 fixed. * Replace linefiles line plus with_items to block mode as it's faster. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com> Co-authored-by: Matthew Mosesohn <mmosesohn@mirantis.com>
88 lines
3 KiB
YAML
88 lines
3 KiB
YAML
---
|
|
- name: check resolvconf
|
|
shell: which resolvconf
|
|
register: resolvconf
|
|
ignore_errors: yes
|
|
changed_when: false
|
|
|
|
- set_fact:
|
|
resolvconf: >-
|
|
{%- if resolvconf.rc == 0 -%}true{%- else -%}false{%- endif -%}
|
|
|
|
- set_fact:
|
|
private_domains: |-
|
|
{% for d in [ 'default.svc.' + dns_domain, 'svc.' + dns_domain ] + searchdomains|default([]) -%}
|
|
{{dns_domain}}.{{d}}./{{d}}.{{d}}./com.{{d}}./
|
|
{%- endfor %}
|
|
default_resolver: >-
|
|
{%- if cloud_provider is defined and cloud_provider == 'gce' -%}169.254.169.254{%- else -%}8.8.8.8{%- endif -%}
|
|
|
|
- name: check kubelet
|
|
stat:
|
|
path: "{{ bin_dir }}/kubelet"
|
|
register: kubelet
|
|
changed_when: false
|
|
|
|
- name: check if early DNS configuration stage
|
|
set_fact:
|
|
dns_early: >-
|
|
{%- if kubelet.stat.exists -%}false{%- else -%}true{%- endif -%}
|
|
|
|
- name: target resolv.conf files
|
|
set_fact:
|
|
resolvconffile: /etc/resolv.conf
|
|
base: >-
|
|
{%- if resolvconf|bool -%}/etc/resolvconf/resolv.conf.d/base{%- endif -%}
|
|
head: >-
|
|
{%- if resolvconf|bool -%}/etc/resolvconf/resolv.conf.d/head{%- endif -%}
|
|
when: ansible_os_family != "CoreOS"
|
|
|
|
- name: target temporary resolvconf cloud init file (CoreOS)
|
|
set_fact: resolvconffile=/tmp/resolveconf_cloud_init_conf
|
|
when: ansible_os_family == "CoreOS"
|
|
|
|
- name: target dhclient conf/hook files for Red Hat family
|
|
set_fact:
|
|
dhclientconffile: /etc/dhclient.conf
|
|
dhclienthookfile: /etc/dhcp/dhclient.d/zdnsupdate.sh
|
|
when: ansible_os_family == "RedHat"
|
|
|
|
- name: target dhclient conf/hook files for Debian family
|
|
set_fact:
|
|
dhclientconffile: /etc/dhcp/dhclient.conf
|
|
dhclienthookfile: /etc/dhcp/dhclient-exit-hooks.d/zdnsupdate
|
|
when: ansible_os_family == "Debian"
|
|
|
|
- name: generate search domains to resolvconf
|
|
set_fact:
|
|
searchentries:
|
|
search {{ ([ 'default.svc.' + dns_domain, 'svc.' + dns_domain ] + searchdomains|default([])) | join(' ') }}
|
|
domainentry:
|
|
domain {{ dns_domain }}
|
|
supersede_search:
|
|
supersede domain-search "{{ ([ 'default.svc.' + dns_domain, 'svc.' + dns_domain ] + searchdomains|default([])) | join('", "') }}";
|
|
supersede_domain:
|
|
supersede domain-name "{{ dns_domain }}";
|
|
|
|
- name: decide on dns server IP
|
|
set_fact:
|
|
dns_server_real: >-
|
|
{%- if dns_early|bool -%}{{default_resolver}}{%- else -%}{{dns_server}}{%- endif -%}
|
|
|
|
- name: pick dnsmasq cluster IP or default resolver
|
|
set_fact:
|
|
dnsmasq_server: |-
|
|
{%- if skip_dnsmasq|bool and not dns_early|bool -%}
|
|
{{ [ skydns_server ] + upstream_dns_servers|default([]) }}
|
|
{%- elif dns_early|bool -%}
|
|
{{ [ dns_server_real ] + upstream_dns_servers|default([]) }}
|
|
{%- else -%}
|
|
{{ [ dns_server ] }}
|
|
{%- endif -%}
|
|
|
|
- name: generate nameservers to resolvconf
|
|
set_fact:
|
|
nameserverentries:
|
|
nameserver {{( dnsmasq_server|default([]) + nameservers|default([])) | join(',nameserver ')}}
|
|
prepend_nameserver:
|
|
prepend domain-name-servers {{( dnsmasq_server|default([]) + nameservers|default([])) | join(', ') }};
|