diff options
Diffstat (limited to 'roles/openshift_node_dnsmasq')
7 files changed, 140 insertions, 0 deletions
diff --git a/roles/openshift_node_dnsmasq/files/networkmanager/99-origin-dns.sh b/roles/openshift_node_dnsmasq/files/networkmanager/99-origin-dns.sh new file mode 100755 index 000000000..5a187710b --- /dev/null +++ b/roles/openshift_node_dnsmasq/files/networkmanager/99-origin-dns.sh @@ -0,0 +1,62 @@ +#!/bin/bash -x + +# This NetworkManager dispatcher script replicates the functionality of +# NetworkManager's dns=dnsmasq however, rather than hardcoding the listening +# address and /etc/resolv.conf to 127.0.0.1 it pulls the IP address from the +# interface that owns the default route. This enables us to then configure pods +# to use this IP address as their only resolver, where as using 127.0.0.1 inside +# a pod would fail. +# +# To use this, +# - If this host is also a master, reconfigure master dnsConfig to listen on +# 8053 to avoid conflicts on port 53 and open port 8053 in the firewall +# - Drop this script in /etc/NetworkManager/dispatcher.d/ +# - systemctl restart NetworkManager +# - Configure node-config.yaml to set dnsIP: to the ip address of this +# node +# +# Test it: +# host kubernetes.default.svc.cluster.local +# host google.com +# +# TODO: I think this would be easy to add as a config option in NetworkManager +# natively, look at hacking that up + +cd /etc/sysconfig/network-scripts +. ./network-functions + +[ -f ../network ] && . ../network + +if [[ $2 =~ ^(up|dhcp4-change)$ ]]; then + # couldn't find an existing method to determine if the interface owns the + # default route + def_route=$(/sbin/ip route list match 0.0.0.0/0 | awk '{print $3 }') + def_route_int=$(/sbin/ip route get to ${def_route} | awk '{print $3}') + def_route_ip=$(/sbin/ip route get to ${def_route} | awk '{print $5}') + if [[ ${DEVICE_IFACE} == ${def_route_int} && \ + -n "${IP4_NAMESERVERS}" ]]; then + if [ ! -f /etc/dnsmasq.d/origin-dns.conf ]; then + cat << EOF > /etc/dnsmasq.d/origin-dns.conf +strict-order +no-resolv +domain-needed +server=/cluster.local/172.30.0.1 +server=/30.172.in-addr.arpa/172.30.0.1 +EOF + fi + # zero out our upstream servers list and feed it into dnsmasq + echo -n > /etc/dnsmasq.d/origin-upstream-dns.conf + for ns in ${IP4_NAMESERVERS}; do + if [[ ! -z $ns ]]; then + echo "server=${ns}" >> /etc/dnsmasq.d/origin-upstream-dns.conf + fi + done + systemctl restart dnsmasq + + sed -i '0,/^nameserver/ s/^nameserver.*$/nameserver '"${def_route_ip}"'/g' /etc/resolv.conf + + if ! grep -q '99-origin-dns.sh' /etc/resolv.conf; then + echo "# nameserver updated by /etc/NetworkManager/dispatcher.d/99-origin-dns.sh" >> /etc/resolv.conf + fi + fi +fi diff --git a/roles/openshift_node_dnsmasq/handlers/main.yml b/roles/openshift_node_dnsmasq/handlers/main.yml new file mode 100644 index 000000000..7d43b6106 --- /dev/null +++ b/roles/openshift_node_dnsmasq/handlers/main.yml @@ -0,0 +1,10 @@ +--- +- name: restart NetworkManager + service: + name: NetworkManager + state: restarted + +- name: restart dnsmasq + service: + name: dnsmasq + state: restarted diff --git a/roles/openshift_node_dnsmasq/meta/main.yml b/roles/openshift_node_dnsmasq/meta/main.yml new file mode 100644 index 000000000..c83d64ae4 --- /dev/null +++ b/roles/openshift_node_dnsmasq/meta/main.yml @@ -0,0 +1,15 @@ +--- +galaxy_info: + author: Scott Dodson + description: OpenShift Node DNSMasq support + company: Red Hat, Inc. + license: Apache License, Version 2.0 + min_ansible_version: 1.7 + platforms: + - name: EL + versions: + - 7 + categories: + - cloud +dependencies: +- role: openshift_common diff --git a/roles/openshift_node_dnsmasq/tasks/main.yml b/roles/openshift_node_dnsmasq/tasks/main.yml new file mode 100644 index 000000000..bd9a0ffb6 --- /dev/null +++ b/roles/openshift_node_dnsmasq/tasks/main.yml @@ -0,0 +1,38 @@ +--- +- name: Check for NetworkManager service + command: > + systemctl show NetworkManager + register: nm_show + changed_when: false + +- name: Set fact using_network_manager + set_fact: + network_manager_active: "{{ True if 'ActiveState=active' in nm_show.stdout else False }}" + +- name: Install dnsmasq + action: "{{ ansible_pkg_mgr }} name=dnsmasq state=installed" + when: not openshift.common.is_atomic | bool + +- name: Install dnsmasq configuration + template: + src: origin-dns.conf.j2 + dest: /etc/dnsmasq.d/origin-dns.conf + notify: restart dnsmasq + +- name: Deploy additional dnsmasq.conf + template: + src: "{{ openshift_node_dnsmasq_additional_config_file }}" + dest: /etc/dnsmasq.d/openshift-ansible.conf + owner: root + group: root + mode: 0644 + when: openshift_node_dnsmasq_additional_config_file is defined + notify: restart dnsmasq + +# Dynamic NetworkManager based dispatcher +- include: ./network-manager.yml + when: network_manager_active | bool + +# Relies on ansible in order to configure static config +- include: ./no-network-manager.yml + when: not network_manager_active | bool diff --git a/roles/openshift_node_dnsmasq/tasks/network-manager.yml b/roles/openshift_node_dnsmasq/tasks/network-manager.yml new file mode 100644 index 000000000..dddcfc9da --- /dev/null +++ b/roles/openshift_node_dnsmasq/tasks/network-manager.yml @@ -0,0 +1,9 @@ +--- +- name: Install network manager dispatch script + copy: + src: networkmanager/99-origin-dns.sh + dest: /etc/NetworkManager/dispatcher.d/ + mode: 0755 + notify: restart NetworkManager + +- meta: flush_handlers diff --git a/roles/openshift_node_dnsmasq/tasks/no-network-manager.yml b/roles/openshift_node_dnsmasq/tasks/no-network-manager.yml new file mode 100644 index 000000000..4d1bd3794 --- /dev/null +++ b/roles/openshift_node_dnsmasq/tasks/no-network-manager.yml @@ -0,0 +1,2 @@ +--- +- fail: msg="Currently, NetworkManager must be installed and enabled prior to installation."
\ No newline at end of file diff --git a/roles/openshift_node_dnsmasq/templates/origin-dns.conf.j2 b/roles/openshift_node_dnsmasq/templates/origin-dns.conf.j2 new file mode 100644 index 000000000..1753bb821 --- /dev/null +++ b/roles/openshift_node_dnsmasq/templates/origin-dns.conf.j2 @@ -0,0 +1,4 @@ +strict-order +no-resolv +domain-needed +server=/{{ openshift.common.dns_domain }}/{{ openshift.common.kube_svc_ip }} |