6 files changed, 60 insertions, 27 deletions

diff --git a/roles/openshift_node_dnsmasq/defaults/main.yml b/roles/openshift_node_dnsmasq/defaults/main.yml
new file mode 100644
index 000000000..ed97d539c
--- /dev/null
+++ b/roles/openshift_node_dnsmasq/defaults/main.yml
@@ -0,0 +1 @@
+---
diff --git a/roles/openshift_node_dnsmasq/files/networkmanager/99-origin-dns.sh b/roles/openshift_node_dnsmasq/files/networkmanager/99-origin-dns.sh
index c68073a10..61d2a5b51 100755
--- a/roles/openshift_node_dnsmasq/files/networkmanager/99-origin-dns.sh
+++ b/roles/openshift_node_dnsmasq/files/networkmanager/99-origin-dns.sh
@@ -37,6 +37,8 @@ if [[ $2 =~ ^(up|dhcp4-change|dhcp6-change)$ ]]; then
   UPSTREAM_DNS_TMP_SORTED=`mktemp`
   CURRENT_UPSTREAM_DNS_SORTED=`mktemp`
   NEW_RESOLV_CONF=`mktemp`
+  NEW_NODE_RESOLV_CONF=`mktemp`
+
 
   ######################################################################
   # couldn't find an existing method to determine if the interface owns the
@@ -44,40 +46,53 @@ if [[ $2 =~ ^(up|dhcp4-change|dhcp6-change)$ ]]; then
   def_route=$(/sbin/ip route list match 0.0.0.0/0 | awk '{print $3 }')
   def_route_int=$(/sbin/ip route get to ${def_route} | awk '{print $3}')
   def_route_ip=$(/sbin/ip route get to ${def_route} | awk '{print $5}')
-  if [[ ${DEVICE_IFACE} == ${def_route_int} && \
-       -n "${IP4_NAMESERVERS}" ]]; then
+  if [[ ${DEVICE_IFACE} == ${def_route_int} ]]; then
     if [ ! -f /etc/dnsmasq.d/origin-dns.conf ]; then
       cat << EOF > /etc/dnsmasq.d/origin-dns.conf
 no-resolv
 domain-needed
 server=/cluster.local/172.30.0.1
 server=/30.172.in-addr.arpa/172.30.0.1
+enable-dbus
 EOF
       # New config file, must restart
       NEEDS_RESTART=1
     fi
 
-    ######################################################################
-    # Generate a new origin dns config file
-    for ns in ${IP4_NAMESERVERS}; do
-      if [[ ! -z $ns ]]; then
-        echo "server=${ns}"
+    # If network manager doesn't know about the nameservers then the best
+    # we can do is grab them from /etc/resolv.conf but only if we've got no
+    # watermark
+    if ! grep -q '99-origin-dns.sh' /etc/resolv.conf; then
+      if [[ -z "${IP4_NAMESERVERS}" || "${IP4_NAMESERVERS}" == "${def_route_ip}" ]]; then
+            IP4_NAMESERVERS=`grep '^nameserver ' /etc/resolv.conf | awk '{ print $2 }'`
+      fi
+      ######################################################################
+      # Write out default nameservers for /etc/dnsmasq.d/origin-upstream-dns.conf
+      # and /etc/origin/node/resolv.conf in their respective formats
+      for ns in ${IP4_NAMESERVERS}; do
+        if [[ ! -z $ns ]]; then
+          echo "server=${ns}" >> $UPSTREAM_DNS_TMP
+          echo "nameserver ${ns}" >> $NEW_NODE_RESOLV_CONF
+        fi
+      done
+      # Sort it in case DNS servers arrived in a different order
+      sort $UPSTREAM_DNS_TMP > $UPSTREAM_DNS_TMP_SORTED
+      sort $UPSTREAM_DNS > $CURRENT_UPSTREAM_DNS_SORTED
+      # Compare to the current config file (sorted)
+      NEW_DNS_SUM=`md5sum ${UPSTREAM_DNS_TMP_SORTED} | awk '{print $1}'`
+      CURRENT_DNS_SUM=`md5sum ${CURRENT_UPSTREAM_DNS_SORTED} | awk '{print $1}'`
+      if [ "${NEW_DNS_SUM}" != "${CURRENT_DNS_SUM}" ]; then
+        # DNS has changed, copy the temp file to the proper location (-Z
+        # sets default selinux context) and set the restart flag
+        cp -Z $UPSTREAM_DNS_TMP $UPSTREAM_DNS
+        NEEDS_RESTART=1
+      fi
+      # compare /etc/origin/node/resolv.conf checksum and replace it if different
+      NEW_NODE_RESOLV_CONF_MD5=`md5sum ${NEW_NODE_RESOLV_CONF}`
+      OLD_NODE_RESOLV_CONF_MD5=`md5sum /etc/origin/node/resolv.conf`
+      if [ "${NEW_NODE_RESOLV_CONF_MD5}" != "${OLD_NODE_RESOLV_CONF_MD5}" ]; then
+        cp -Z $NEW_NODE_RESOLV_CONF /etc/origin/node/resolv.conf
       fi
-    done > $UPSTREAM_DNS_TMP
-
-    # Sort it in case DNS servers arrived in a different order
-    sort $UPSTREAM_DNS_TMP > $UPSTREAM_DNS_TMP_SORTED
-    sort $UPSTREAM_DNS > $CURRENT_UPSTREAM_DNS_SORTED
-
-    # Compare to the current config file (sorted)
-    NEW_DNS_SUM=`md5sum ${UPSTREAM_DNS_TMP_SORTED} | awk '{print $1}'`
-    CURRENT_DNS_SUM=`md5sum ${CURRENT_UPSTREAM_DNS_SORTED} | awk '{print $1}'`
-
-    if [ "${NEW_DNS_SUM}" != "${CURRENT_DNS_SUM}" ]; then
-      # DNS has changed, copy the temp file to the proper location (-Z
-      # sets default selinux context) and set the restart flag
-      cp -Z $UPSTREAM_DNS_TMP $UPSTREAM_DNS
-      NEEDS_RESTART=1
     fi
 
     if ! `systemctl -q is-active dnsmasq.service`; then
@@ -89,13 +104,14 @@ EOF
       systemctl restart dnsmasq
     fi
 
-    # Only if dnsmasq is running properly make it our only nameserver
+    # Only if dnsmasq is running properly make it our only nameserver and place
+    # a watermark on /etc/resolv.conf
     if `systemctl -q is-active dnsmasq.service`; then
-      sed -e '/^nameserver.*$/d' /etc/resolv.conf > ${NEW_RESOLV_CONF}
-      echo "nameserver "${def_route_ip}"" >> ${NEW_RESOLV_CONF}
-      if ! grep -q '99-origin-dns.sh' ${NEW_RESOLV_CONF}; then
+      if ! grep -q '99-origin-dns.sh' /etc/resolv.conf; then
           echo "# nameserver updated by /etc/NetworkManager/dispatcher.d/99-origin-dns.sh" >> ${NEW_RESOLV_CONF}
       fi
+      sed -e '/^nameserver.*$/d' /etc/resolv.conf >> ${NEW_RESOLV_CONF}
+      echo "nameserver "${def_route_ip}"" >> ${NEW_RESOLV_CONF}
       if ! grep -q 'search.*cluster.local' ${NEW_RESOLV_CONF}; then
         sed -i '/^search/ s/$/ cluster.local/' ${NEW_RESOLV_CONF}
       fi
diff --git a/roles/openshift_node_dnsmasq/meta/main.yml b/roles/openshift_node_dnsmasq/meta/main.yml
index 18e04e06d..84035b88c 100644
--- a/roles/openshift_node_dnsmasq/meta/main.yml
+++ b/roles/openshift_node_dnsmasq/meta/main.yml
@@ -13,3 +13,4 @@ galaxy_info:
   - cloud
 dependencies:
 - role: openshift_common
+- role: openshift_node_facts
diff --git a/roles/openshift_node_dnsmasq/tasks/main.yml b/roles/openshift_node_dnsmasq/tasks/main.yml
index 3311f7006..d0221a94b 100644
--- a/roles/openshift_node_dnsmasq/tasks/main.yml
+++ b/roles/openshift_node_dnsmasq/tasks/main.yml
@@ -14,6 +14,17 @@
   package: name=dnsmasq state=installed
   when: not openshift.common.is_atomic | bool
 
+# this file is copied to /etc/dnsmasq.d/ when the node starts and is removed
+# when the node stops. A dbus-message is sent to dnsmasq to add the same entries
+# so that dnsmasq doesn't need to be restarted. Once we can use dnsmasq 2.77 or
+# newer we can use --server-file option to update the servers dynamically and
+# reload them by sending dnsmasq a SIGHUP. We write the file in case someone else
+# triggers a restart of dnsmasq but not a node restart.
+- name: Install node-dnsmasq.conf
+  template:
+    src: node-dnsmasq.conf.j2
+    dest: /etc/origin/node/node-dnsmasq.conf
+
 - name: Install dnsmasq configuration
   template:
     src: origin-dns.conf.j2
diff --git a/roles/openshift_node_dnsmasq/templates/node-dnsmasq.conf.j2 b/roles/openshift_node_dnsmasq/templates/node-dnsmasq.conf.j2
new file mode 100644
index 000000000..3caa3bd4a
--- /dev/null
+++ b/roles/openshift_node_dnsmasq/templates/node-dnsmasq.conf.j2
@@ -0,0 +1,2 @@
+server=/in-addr.arpa/127.0.0.1
+server=/{{ openshift.common.dns_domain }}/127.0.0.1
diff --git a/roles/openshift_node_dnsmasq/templates/origin-dns.conf.j2 b/roles/openshift_node_dnsmasq/templates/origin-dns.conf.j2
index 8bae9aaac..ef3ba2880 100644
--- a/roles/openshift_node_dnsmasq/templates/origin-dns.conf.j2
+++ b/roles/openshift_node_dnsmasq/templates/origin-dns.conf.j2
@@ -1,5 +1,7 @@
 no-resolv
 domain-needed
-server=/{{ openshift.common.dns_domain }}/{{ openshift.common.kube_svc_ip }}
 no-negcache
 max-cache-ttl=1
+enable-dbus
+bind-interfaces
+listen-address={{ openshift.node.dns_ip }}