From d195bb2dba76da80df33b777a13d2d719e74b735 Mon Sep 17 00:00:00 2001
From: Scott Dodson <sdodson@redhat.com>
Date: Mon, 19 Jun 2017 16:15:42 -0400
Subject: Run dns on the node and use that for dnsmasq
---
inventory/byo/hosts.origin.example | 4 +++
inventory/byo/hosts.ose.example | 4 +++
playbooks/adhoc/uninstall.yml | 25 +++++++++++-------
.../upgrades/upgrade_control_plane.yml | 2 +-
.../openshift-cluster/upgrades/upgrade_nodes.yml | 2 +-
roles/openshift_node/defaults/main.yml | 1 +
roles/openshift_node/meta/main.yml | 1 +
roles/openshift_node/tasks/systemd_units.yml | 2 +-
.../templates/atomic-openshift-node.service.j2 | 22 ----------------
roles/openshift_node/templates/node.service.j2 | 30 ++++++++++++++++++++++
roles/openshift_node/templates/node.yaml.v1.j2 | 4 +++
.../templates/openshift.docker.node.service | 6 +++++
.../templates/origin-node.service.j2 | 21 ---------------
roles/openshift_node_dnsmasq/defaults/main.yml | 2 ++
.../files/networkmanager/99-origin-dns.sh | 11 +++++---
roles/openshift_node_dnsmasq/tasks/main.yml | 11 ++++++++
.../templates/node-dnsmasq.conf.j2 | 2 ++
.../templates/origin-dns.conf.j2 | 2 +-
roles/openshift_node_upgrade/README.md | 1 +
roles/openshift_node_upgrade/defaults/main.yml | 2 ++
roles/openshift_node_upgrade/tasks/rpm_upgrade.yml | 2 +-
.../templates/atomic-openshift-node.service.j2 | 1 -
.../templates/node.service.j2 | 30 ++++++++++++++++++++++
.../templates/openshift.docker.node.service | 10 +++++++-
.../templates/origin-node.service.j2 | 1 -
roles/openshift_sanitize_inventory/tasks/main.yml | 4 +++
.../tasks/unsupported.yml | 12 +++++++++
27 files changed, 152 insertions(+), 63 deletions(-)
delete mode 100644 roles/openshift_node/templates/atomic-openshift-node.service.j2
create mode 100644 roles/openshift_node/templates/node.service.j2
delete mode 100644 roles/openshift_node/templates/origin-node.service.j2
create mode 100644 roles/openshift_node_dnsmasq/defaults/main.yml
create mode 100644 roles/openshift_node_dnsmasq/templates/node-dnsmasq.conf.j2
create mode 100644 roles/openshift_node_upgrade/defaults/main.yml
delete mode 120000 roles/openshift_node_upgrade/templates/atomic-openshift-node.service.j2
create mode 100644 roles/openshift_node_upgrade/templates/node.service.j2
delete mode 120000 roles/openshift_node_upgrade/templates/origin-node.service.j2
create mode 100644 roles/openshift_sanitize_inventory/tasks/unsupported.yml
diff --git a/inventory/byo/hosts.origin.example b/inventory/byo/hosts.origin.example
index b38c6e6b6..e6bc6c829 100644
--- a/inventory/byo/hosts.origin.example
+++ b/inventory/byo/hosts.origin.example
@@ -10,6 +10,10 @@ nfs
# Set variables common for all OSEv3 hosts
[OSEv3:vars]
+# Enable unsupported configurations, things that will yield a partially
+# functioning cluster but would not be supported for production use
+#openshift_enable_unsupported_configurations=false
+
# SSH user, this user should allow ssh based auth without requiring a
# password. If using ssh key based auth, then the key should be managed by an
# ssh agent.
diff --git a/inventory/byo/hosts.ose.example b/inventory/byo/hosts.ose.example
index e5e9c7342..928da40fa 100644
--- a/inventory/byo/hosts.ose.example
+++ b/inventory/byo/hosts.ose.example
@@ -10,6 +10,10 @@ nfs
# Set variables common for all OSEv3 hosts
[OSEv3:vars]
+# Enable unsupported configurations, things that will yield a partially
+# functioning cluster but would not be supported for production use
+#openshift_enable_unsupported_configurations=false
+
# SSH user, this user should allow ssh based auth without requiring a
# password. If using ssh key based auth, then the key should be managed by an
# ssh agent.
diff --git a/playbooks/adhoc/uninstall.yml b/playbooks/adhoc/uninstall.yml
index ddd2ecebd..a1f541712 100644
--- a/playbooks/adhoc/uninstall.yml
+++ b/playbooks/adhoc/uninstall.yml
@@ -26,6 +26,20 @@
- hosts: nodes
become: yes
tasks:
+ - name: Remove dnsmasq dispatcher
+ file:
+ path: "{{ item }}"
+ state: absent
+ with_items:
+ - /etc/dnsmasq.d/origin-dns.conf
+ - /etc/dnsmasq.d/origin-upstream-dns.conf
+ - /etc/dnsmasq.d/openshift-ansible.conf
+ - /etc/NetworkManager/dispatcher.d/99-origin-dns.sh
+ when: openshift_use_dnsmasq | default(true) | bool
+ - service:
+ name: NetworkManager
+ state: restarted
+ when: openshift_use_dnsmasq | default(true) | bool
- name: Stop services
service: name={{ item }} state=stopped
with_items:
@@ -279,9 +293,6 @@
with_items:
- /etc/ansible/facts.d/openshift.fact
- /etc/atomic-enterprise
- - /etc/dnsmasq.d/origin-dns.conf
- - /etc/dnsmasq.d/origin-upstream-dns.conf
- - /etc/NetworkManager/dispatcher.d/99-origin-dns.sh
- /etc/openshift
- /etc/openshift-sdn
- /etc/sysconfig/atomic-enterprise-node
@@ -307,18 +318,14 @@
- name: restart container-engine
service: name=container-engine state=restarted
- ignore_errors: true
+ failed_when: false
register: container_engine
- name: restart docker
service: name=docker state=restarted
- ignore_errors: true
+ failed_when: false
when: not (container_engine | changed)
- - name: restart NetworkManager
- service: name=NetworkManager state=restarted
- when: openshift_use_dnsmasq | default(true) | bool
-
- hosts: masters
become: yes
vars:
diff --git a/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml b/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml
index 6738ce11f..e7fc10af8 100644
--- a/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml
+++ b/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml
@@ -295,8 +295,8 @@
- lib_openshift
- openshift_facts
- docker
- - openshift_node_upgrade
- openshift_node_dnsmasq
+ - openshift_node_upgrade
post_tasks:
- name: Set node schedulability
diff --git a/playbooks/common/openshift-cluster/upgrades/upgrade_nodes.yml b/playbooks/common/openshift-cluster/upgrades/upgrade_nodes.yml
index 35a50cf4e..1d1e440d4 100644
--- a/playbooks/common/openshift-cluster/upgrades/upgrade_nodes.yml
+++ b/playbooks/common/openshift-cluster/upgrades/upgrade_nodes.yml
@@ -33,8 +33,8 @@
- lib_openshift
- openshift_facts
- docker
- - openshift_node_upgrade
- openshift_node_dnsmasq
+ - openshift_node_upgrade
- role: openshift_excluder
r_openshift_excluder_action: enable
r_openshift_excluder_service_type: "{{ openshift.common.service_type }}"
diff --git a/roles/openshift_node/defaults/main.yml b/roles/openshift_node/defaults/main.yml
index 5904ca9bc..80049fdd1 100644
--- a/roles/openshift_node/defaults/main.yml
+++ b/roles/openshift_node/defaults/main.yml
@@ -12,3 +12,4 @@ os_firewall_allow:
- service: Calico BGP Port
port: 179/tcp
when: openshift.common.use_calico | bool
+r_openshift_node_dns_port: "{{ openshift_node_dns_port | default(8054) }}"
diff --git a/roles/openshift_node/meta/main.yml b/roles/openshift_node/meta/main.yml
index 3b7e8126a..508bb751d 100644
--- a/roles/openshift_node/meta/main.yml
+++ b/roles/openshift_node/meta/main.yml
@@ -45,4 +45,5 @@ dependencies:
port: "{{ openshift_node_port_range | default('') }}/udp"
when: openshift_node_port_range is defined
- role: openshift_node_dnsmasq
+ r_openshift_node_dnsmasq_port: "{{ r_openshift_node_dns_port }}"
when: openshift.common.use_dnsmasq | bool
diff --git a/roles/openshift_node/tasks/systemd_units.yml b/roles/openshift_node/tasks/systemd_units.yml
index e3ce5df3d..2ccc28461 100644
--- a/roles/openshift_node/tasks/systemd_units.yml
+++ b/roles/openshift_node/tasks/systemd_units.yml
@@ -34,7 +34,7 @@
- name: Install Node service file
template:
dest: "/etc/systemd/system/{{ openshift.common.service_type }}-node.service"
- src: "{{ openshift.common.service_type }}-node.service.j2"
+ src: "node.service.j2"
register: install_node_result
when: not openshift.common.is_containerized | bool
notify:
diff --git a/roles/openshift_node/templates/atomic-openshift-node.service.j2 b/roles/openshift_node/templates/atomic-openshift-node.service.j2
deleted file mode 100644
index 80232094a..000000000
--- a/roles/openshift_node/templates/atomic-openshift-node.service.j2
+++ /dev/null
@@ -1,22 +0,0 @@
-[Unit]
-Description=Atomic OpenShift Node
-After={{ openshift.docker.service_name }}.service
-After=openvswitch.service
-Wants={{ openshift.docker.service_name }}.service
-Documentation=https://github.com/openshift/origin
-
-[Service]
-Type=notify
-EnvironmentFile=/etc/sysconfig/atomic-openshift-node
-Environment=GOTRACEBACK=crash
-ExecStart=/usr/bin/openshift start node --config=${CONFIG_FILE} $OPTIONS
-LimitNOFILE=65536
-LimitCORE=infinity
-WorkingDirectory=/var/lib/origin/
-SyslogIdentifier=atomic-openshift-node
-Restart=always
-RestartSec=5s
-OOMScoreAdjust=-999
-
-[Install]
-WantedBy=multi-user.target
diff --git a/roles/openshift_node/templates/node.service.j2 b/roles/openshift_node/templates/node.service.j2
new file mode 100644
index 000000000..fed8e21f5
--- /dev/null
+++ b/roles/openshift_node/templates/node.service.j2
@@ -0,0 +1,30 @@
+[Unit]
+Description=OpenShift Node
+After={{ openshift.docker.service_name }}.service
+Wants=openvswitch.service
+After=ovsdb-server.service
+After=ovs-vswitchd.service
+Wants={{ openshift.docker.service_name }}.service
+Documentation=https://github.com/openshift/origin
+Requires=dnsmasq.service
+After=dnsmasq.service
+
+[Service]
+Type=notify
+EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-node
+Environment=GOTRACEBACK=crash
+ExecStartPre=/usr/bin/cp /etc/origin/node/node-dnsmasq.conf /etc/dnsmasq.d/
+ExecStartPre=/usr/bin/dbus-send --system --dest=uk.org.thekelleys.dnsmasq /uk/org/thekelleys/dnsmasq uk.org.thekelleys.SetDomainServers array:string:/in-addr.arpa/127.0.0.1#{{ r_openshift_node_dns_port}},/{{ openshift.common.dns_domain }}/127.0.0.1#{{ r_openshift_node_dns_port}}
+ExecStopPost=/usr/bin/rm /etc/dnsmasq.d/node-dnsmasq.conf
+ExecStopPost=/usr/bin/dbus-send --system --dest=uk.org.thekelleys.dnsmasq /uk/org/thekelleys/dnsmasq uk.org.thekelleys.SetDomainServers array:string:
+ExecStart=/usr/bin/openshift start node --config=${CONFIG_FILE} $OPTIONS
+LimitNOFILE=65536
+LimitCORE=infinity
+WorkingDirectory=/var/lib/origin/
+SyslogIdentifier={{ openshift.common.service_type }}-node
+Restart=always
+RestartSec=5s
+OOMScoreAdjust=-999
+
+[Install]
+WantedBy=multi-user.target
diff --git a/roles/openshift_node/templates/node.yaml.v1.j2 b/roles/openshift_node/templates/node.yaml.v1.j2
index f2f929232..8e6b3e070 100644
--- a/roles/openshift_node/templates/node.yaml.v1.j2
+++ b/roles/openshift_node/templates/node.yaml.v1.j2
@@ -1,5 +1,9 @@
allowDisabledDocker: false
apiVersion: v1
+{% if openshift.common.version_gte_3_6 %}
+dnsBindAddress: 0.0.0.0:{{ r_openshift_node_dns_port }}
+dnsRecursiveResolvConf: /etc/origin/node/resolv.conf
+{% endif %}
dnsDomain: {{ openshift.common.dns_domain }}
{% if 'dns_ip' in openshift.node %}
dnsIP: {{ openshift.node.dns_ip }}
diff --git a/roles/openshift_node/templates/openshift.docker.node.service b/roles/openshift_node/templates/openshift.docker.node.service
index cd0a1a60b..9649fec38 100644
--- a/roles/openshift_node/templates/openshift.docker.node.service
+++ b/roles/openshift_node/templates/openshift.docker.node.service
@@ -12,14 +12,20 @@ After=ovs-vswitchd.service
Wants={{ openshift.common.service_type }}-master.service
Requires={{ openshift.common.service_type }}-node-dep.service
After={{ openshift.common.service_type }}-node-dep.service
+Requires=dnsmasq.service
+After=dnsmasq.service
[Service]
EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-node
EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-node-dep
ExecStartPre=-/usr/bin/docker rm -f {{ openshift.common.service_type }}-node
+ExecStartPre=/usr/bin/cp /etc/origin/node/node-dnsmasq.conf /etc/dnsmasq.d/
+ExecStartPre=/usr/bin/dbus-send --system --dest=uk.org.thekelleys.dnsmasq /uk/org/thekelleys/dnsmasq uk.org.thekelleys.SetDomainServers array:string:/in-addr.arpa/127.0.0.1#{{ r_openshift_node_dns_port}},/{{ openshift.common.dns_domain }}/127.0.0.1#{{ r_openshift_node_dns_port}}
ExecStart=/usr/bin/docker run --name {{ openshift.common.service_type }}-node --rm --privileged --net=host --pid=host --env-file=/etc/sysconfig/{{ openshift.common.service_type }}-node -v /:/rootfs:ro,rslave -e CONFIG_FILE=${CONFIG_FILE} -e OPTIONS=${OPTIONS} -e HOST=/rootfs -e HOST_ETC=/host-etc -v {{ openshift.common.data_dir }}:{{ openshift.common.data_dir }}{{ ':rslave' if openshift.docker.gte_1_10 | default(False) | bool else '' }} -v {{ openshift.common.config_base }}/node:{{ openshift.common.config_base }}/node {% if openshift_cloudprovider_kind | default('') != '' -%} -v {{ openshift.common.config_base }}/cloudprovider:{{ openshift.common.config_base}}/cloudprovider {% endif -%} -v /etc/localtime:/etc/localtime:ro -v /etc/machine-id:/etc/machine-id:ro -v /run:/run -v /sys:/sys:rw -v /sys/fs/cgroup:/sys/fs/cgroup:rw -v /usr/bin/docker:/usr/bin/docker:ro -v /var/lib/docker:/var/lib/docker -v /lib/modules:/lib/modules -v /etc/origin/openvswitch:/etc/openvswitch -v /etc/origin/sdn:/etc/openshift-sdn -v /var/lib/cni:/var/lib/cni -v /etc/systemd/system:/host-etc/systemd/system -v /var/log:/var/log -v /dev:/dev $DOCKER_ADDTL_BIND_MOUNTS -v /etc/pki:/etc/pki:ro {{ openshift.node.node_image }}:${IMAGE_VERSION}
ExecStartPost=/usr/bin/sleep 10
ExecStop=/usr/bin/docker stop {{ openshift.common.service_type }}-node
+ExecStopPost=/usr/bin/rm /etc/dnsmasq.d/node-dnsmasq.conf
+ExecStopPost=/usr/bin/dbus-send --system --dest=uk.org.thekelleys.dnsmasq /uk/org/thekelleys/dnsmasq uk.org.thekelleys.SetDomainServers array:string:
SyslogIdentifier={{ openshift.common.service_type }}-node
Restart=always
RestartSec=5s
diff --git a/roles/openshift_node/templates/origin-node.service.j2 b/roles/openshift_node/templates/origin-node.service.j2
deleted file mode 100644
index 8047301e6..000000000
--- a/roles/openshift_node/templates/origin-node.service.j2
+++ /dev/null
@@ -1,21 +0,0 @@
-[Unit]
-Description=Origin Node
-After={{ openshift.docker.service_name }}.service
-Wants={{ openshift.docker.service_name }}.service
-Documentation=https://github.com/openshift/origin
-
-[Service]
-Type=notify
-EnvironmentFile=/etc/sysconfig/origin-node
-Environment=GOTRACEBACK=crash
-ExecStart=/usr/bin/openshift start node --config=${CONFIG_FILE} $OPTIONS
-LimitNOFILE=65536
-LimitCORE=infinity
-WorkingDirectory=/var/lib/origin/
-SyslogIdentifier=origin-node
-Restart=always
-RestartSec=5s
-OOMScoreAdjust=-999
-
-[Install]
-WantedBy=multi-user.target
diff --git a/roles/openshift_node_dnsmasq/defaults/main.yml b/roles/openshift_node_dnsmasq/defaults/main.yml
new file mode 100644
index 000000000..06b2c4123
--- /dev/null
+++ b/roles/openshift_node_dnsmasq/defaults/main.yml
@@ -0,0 +1,2 @@
+---
+r_openshift_node_dnsmasq_port: 8054
diff --git a/roles/openshift_node_dnsmasq/files/networkmanager/99-origin-dns.sh b/roles/openshift_node_dnsmasq/files/networkmanager/99-origin-dns.sh
index c68073a10..2c466e4f0 100755
--- a/roles/openshift_node_dnsmasq/files/networkmanager/99-origin-dns.sh
+++ b/roles/openshift_node_dnsmasq/files/networkmanager/99-origin-dns.sh
@@ -52,6 +52,7 @@ no-resolv
domain-needed
server=/cluster.local/172.30.0.1
server=/30.172.in-addr.arpa/172.30.0.1
+enable-dbus
EOF
# New config file, must restart
NEEDS_RESTART=1
@@ -89,13 +90,17 @@ EOF
systemctl restart dnsmasq
fi
- # Only if dnsmasq is running properly make it our only nameserver
+ # Only if dnsmasq is running properly make it our only nameserver, copy
+ # original resolv.conf to /etc/origin/node/resolv.conf for node service to
+ # bypass dnsmasq
if `systemctl -q is-active dnsmasq.service`; then
- sed -e '/^nameserver.*$/d' /etc/resolv.conf > ${NEW_RESOLV_CONF}
- echo "nameserver "${def_route_ip}"" >> ${NEW_RESOLV_CONF}
if ! grep -q '99-origin-dns.sh' ${NEW_RESOLV_CONF}; then
echo "# nameserver updated by /etc/NetworkManager/dispatcher.d/99-origin-dns.sh" >> ${NEW_RESOLV_CONF}
+ cp /etc/resolv.conf /etc/origin/node/resolv.conf
fi
+ sed -e '/^nameserver.*$/d' /etc/resolv.conf > ${NEW_RESOLV_CONF}
+ echo "nameserver "${def_route_ip}"" >> ${NEW_RESOLV_CONF}
+
if ! grep -q 'search.*cluster.local' ${NEW_RESOLV_CONF}; then
sed -i '/^search/ s/$/ cluster.local/' ${NEW_RESOLV_CONF}
fi
diff --git a/roles/openshift_node_dnsmasq/tasks/main.yml b/roles/openshift_node_dnsmasq/tasks/main.yml
index 3311f7006..d0221a94b 100644
--- a/roles/openshift_node_dnsmasq/tasks/main.yml
+++ b/roles/openshift_node_dnsmasq/tasks/main.yml
@@ -14,6 +14,17 @@
package: name=dnsmasq state=installed
when: not openshift.common.is_atomic | bool
+# this file is copied to /etc/dnsmasq.d/ when the node starts and is removed
+# when the node stops. A dbus-message is sent to dnsmasq to add the same entries
+# so that dnsmasq doesn't need to be restarted. Once we can use dnsmasq 2.77 or
+# newer we can use --server-file option to update the servers dynamically and
+# reload them by sending dnsmasq a SIGHUP. We write the file in case someone else
+# triggers a restart of dnsmasq but not a node restart.
+- name: Install node-dnsmasq.conf
+ template:
+ src: node-dnsmasq.conf.j2
+ dest: /etc/origin/node/node-dnsmasq.conf
+
- name: Install dnsmasq configuration
template:
src: origin-dns.conf.j2
diff --git a/roles/openshift_node_dnsmasq/templates/node-dnsmasq.conf.j2 b/roles/openshift_node_dnsmasq/templates/node-dnsmasq.conf.j2
new file mode 100644
index 000000000..4377403df
--- /dev/null
+++ b/roles/openshift_node_dnsmasq/templates/node-dnsmasq.conf.j2
@@ -0,0 +1,2 @@
+server=/in-addr.arpa/127.0.0.1#{{ r_openshift_node_dnsmasq_port }}
+server=/{{ openshift.common.dns_domain }}/127.0.0.1#{{ r_openshift_node_dnsmasq_port }}
diff --git a/roles/openshift_node_dnsmasq/templates/origin-dns.conf.j2 b/roles/openshift_node_dnsmasq/templates/origin-dns.conf.j2
index 8bae9aaac..eac18cb4b 100644
--- a/roles/openshift_node_dnsmasq/templates/origin-dns.conf.j2
+++ b/roles/openshift_node_dnsmasq/templates/origin-dns.conf.j2
@@ -1,5 +1,5 @@
no-resolv
domain-needed
-server=/{{ openshift.common.dns_domain }}/{{ openshift.common.kube_svc_ip }}
no-negcache
max-cache-ttl=1
+enable-dbus
diff --git a/roles/openshift_node_upgrade/README.md b/roles/openshift_node_upgrade/README.md
index 66bce38ec..8b388cc6a 100644
--- a/roles/openshift_node_upgrade/README.md
+++ b/roles/openshift_node_upgrade/README.md
@@ -88,6 +88,7 @@ Including an example of how to use your role (for instance, with variables passe
roles:
- openshift_facts
- docker
+ - openshift_node_dnsmasq
- openshift_node_upgrade
post_tasks:
diff --git a/roles/openshift_node_upgrade/defaults/main.yml b/roles/openshift_node_upgrade/defaults/main.yml
new file mode 100644
index 000000000..1272c347c
--- /dev/null
+++ b/roles/openshift_node_upgrade/defaults/main.yml
@@ -0,0 +1,2 @@
+---
+r_openshift_node_dns_port: "{{ openshift_node_dns_port | default(8054) }}"
diff --git a/roles/openshift_node_upgrade/tasks/rpm_upgrade.yml b/roles/openshift_node_upgrade/tasks/rpm_upgrade.yml
index 06a2d16ba..a998acf21 100644
--- a/roles/openshift_node_upgrade/tasks/rpm_upgrade.yml
+++ b/roles/openshift_node_upgrade/tasks/rpm_upgrade.yml
@@ -16,7 +16,7 @@
- name: Install Node service file
template:
dest: "/etc/systemd/system/{{ openshift.common.service_type }}-node.service"
- src: "{{ openshift.common.service_type }}-node.service.j2"
+ src: "node.service.j2"
register: l_node_unit
# NOTE: This is needed to make sure we are using the correct set
diff --git a/roles/openshift_node_upgrade/templates/atomic-openshift-node.service.j2 b/roles/openshift_node_upgrade/templates/atomic-openshift-node.service.j2
deleted file mode 120000
index 6041fb13a..000000000
--- a/roles/openshift_node_upgrade/templates/atomic-openshift-node.service.j2
+++ /dev/null
@@ -1 +0,0 @@
-../../openshift_node/templates/atomic-openshift-node.service.j2
\ No newline at end of file
diff --git a/roles/openshift_node_upgrade/templates/node.service.j2 b/roles/openshift_node_upgrade/templates/node.service.j2
new file mode 100644
index 000000000..fed8e21f5
--- /dev/null
+++ b/roles/openshift_node_upgrade/templates/node.service.j2
@@ -0,0 +1,30 @@
+[Unit]
+Description=OpenShift Node
+After={{ openshift.docker.service_name }}.service
+Wants=openvswitch.service
+After=ovsdb-server.service
+After=ovs-vswitchd.service
+Wants={{ openshift.docker.service_name }}.service
+Documentation=https://github.com/openshift/origin
+Requires=dnsmasq.service
+After=dnsmasq.service
+
+[Service]
+Type=notify
+EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-node
+Environment=GOTRACEBACK=crash
+ExecStartPre=/usr/bin/cp /etc/origin/node/node-dnsmasq.conf /etc/dnsmasq.d/
+ExecStartPre=/usr/bin/dbus-send --system --dest=uk.org.thekelleys.dnsmasq /uk/org/thekelleys/dnsmasq uk.org.thekelleys.SetDomainServers array:string:/in-addr.arpa/127.0.0.1#{{ r_openshift_node_dns_port}},/{{ openshift.common.dns_domain }}/127.0.0.1#{{ r_openshift_node_dns_port}}
+ExecStopPost=/usr/bin/rm /etc/dnsmasq.d/node-dnsmasq.conf
+ExecStopPost=/usr/bin/dbus-send --system --dest=uk.org.thekelleys.dnsmasq /uk/org/thekelleys/dnsmasq uk.org.thekelleys.SetDomainServers array:string:
+ExecStart=/usr/bin/openshift start node --config=${CONFIG_FILE} $OPTIONS
+LimitNOFILE=65536
+LimitCORE=infinity
+WorkingDirectory=/var/lib/origin/
+SyslogIdentifier={{ openshift.common.service_type }}-node
+Restart=always
+RestartSec=5s
+OOMScoreAdjust=-999
+
+[Install]
+WantedBy=multi-user.target
diff --git a/roles/openshift_node_upgrade/templates/openshift.docker.node.service b/roles/openshift_node_upgrade/templates/openshift.docker.node.service
index 2a099301a..9649fec38 100644
--- a/roles/openshift_node_upgrade/templates/openshift.docker.node.service
+++ b/roles/openshift_node_upgrade/templates/openshift.docker.node.service
@@ -6,18 +6,26 @@ PartOf={{ openshift.docker.service_name }}.service
Requires={{ openshift.docker.service_name }}.service
{% if openshift.common.use_openshift_sdn %}
Wants=openvswitch.service
+After=ovsdb-server.service
+After=ovs-vswitchd.service
{% endif %}
Wants={{ openshift.common.service_type }}-master.service
Requires={{ openshift.common.service_type }}-node-dep.service
After={{ openshift.common.service_type }}-node-dep.service
+Requires=dnsmasq.service
+After=dnsmasq.service
[Service]
EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-node
EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-node-dep
ExecStartPre=-/usr/bin/docker rm -f {{ openshift.common.service_type }}-node
-ExecStart=/usr/bin/docker run --name {{ openshift.common.service_type }}-node --rm --privileged --net=host --pid=host --env-file=/etc/sysconfig/{{ openshift.common.service_type }}-node -v /:/rootfs:ro,rslave -e CONFIG_FILE=${CONFIG_FILE} -e OPTIONS=${OPTIONS} -e HOST=/rootfs -e HOST_ETC=/host-etc -v {{ openshift.common.data_dir }}:{{ openshift.common.data_dir }}{{ ':rslave' if openshift.docker.gte_1_10 | default(False) | bool else '' }} -v {{ openshift.common.config_base }}/node:{{ openshift.common.config_base }}/node {% if openshift_cloudprovider_kind | default('') != '' -%} -v {{ openshift.common.config_base }}/cloudprovider:{{ openshift.common.config_base}}/cloudprovider {% endif -%} -v /etc/localtime:/etc/localtime:ro -v /etc/machine-id:/etc/machine-id:ro -v /run:/run -v /sys:/sys:rw -v /sys/fs/cgroup:/sys/fs/cgroup:rw -v /usr/bin/docker:/usr/bin/docker:ro -v /var/lib/docker:/var/lib/docker -v /lib/modules:/lib/modules -v /etc/origin/openvswitch:/etc/openvswitch -v /etc/origin/sdn:/etc/openshift-sdn -v /var/lib/cni:/var/lib/cni -v /etc/systemd/system:/host-etc/systemd/system -v /var/log:/var/log -v /dev:/dev $DOCKER_ADDTL_BIND_MOUNTS {{ openshift.node.node_image }}:${IMAGE_VERSION}
+ExecStartPre=/usr/bin/cp /etc/origin/node/node-dnsmasq.conf /etc/dnsmasq.d/
+ExecStartPre=/usr/bin/dbus-send --system --dest=uk.org.thekelleys.dnsmasq /uk/org/thekelleys/dnsmasq uk.org.thekelleys.SetDomainServers array:string:/in-addr.arpa/127.0.0.1#{{ r_openshift_node_dns_port}},/{{ openshift.common.dns_domain }}/127.0.0.1#{{ r_openshift_node_dns_port}}
+ExecStart=/usr/bin/docker run --name {{ openshift.common.service_type }}-node --rm --privileged --net=host --pid=host --env-file=/etc/sysconfig/{{ openshift.common.service_type }}-node -v /:/rootfs:ro,rslave -e CONFIG_FILE=${CONFIG_FILE} -e OPTIONS=${OPTIONS} -e HOST=/rootfs -e HOST_ETC=/host-etc -v {{ openshift.common.data_dir }}:{{ openshift.common.data_dir }}{{ ':rslave' if openshift.docker.gte_1_10 | default(False) | bool else '' }} -v {{ openshift.common.config_base }}/node:{{ openshift.common.config_base }}/node {% if openshift_cloudprovider_kind | default('') != '' -%} -v {{ openshift.common.config_base }}/cloudprovider:{{ openshift.common.config_base}}/cloudprovider {% endif -%} -v /etc/localtime:/etc/localtime:ro -v /etc/machine-id:/etc/machine-id:ro -v /run:/run -v /sys:/sys:rw -v /sys/fs/cgroup:/sys/fs/cgroup:rw -v /usr/bin/docker:/usr/bin/docker:ro -v /var/lib/docker:/var/lib/docker -v /lib/modules:/lib/modules -v /etc/origin/openvswitch:/etc/openvswitch -v /etc/origin/sdn:/etc/openshift-sdn -v /var/lib/cni:/var/lib/cni -v /etc/systemd/system:/host-etc/systemd/system -v /var/log:/var/log -v /dev:/dev $DOCKER_ADDTL_BIND_MOUNTS -v /etc/pki:/etc/pki:ro {{ openshift.node.node_image }}:${IMAGE_VERSION}
ExecStartPost=/usr/bin/sleep 10
ExecStop=/usr/bin/docker stop {{ openshift.common.service_type }}-node
+ExecStopPost=/usr/bin/rm /etc/dnsmasq.d/node-dnsmasq.conf
+ExecStopPost=/usr/bin/dbus-send --system --dest=uk.org.thekelleys.dnsmasq /uk/org/thekelleys/dnsmasq uk.org.thekelleys.SetDomainServers array:string:
SyslogIdentifier={{ openshift.common.service_type }}-node
Restart=always
RestartSec=5s
diff --git a/roles/openshift_node_upgrade/templates/origin-node.service.j2 b/roles/openshift_node_upgrade/templates/origin-node.service.j2
deleted file mode 120000
index 79c45a303..000000000
--- a/roles/openshift_node_upgrade/templates/origin-node.service.j2
+++ /dev/null
@@ -1 +0,0 @@
-../../openshift_node/templates/origin-node.service.j2
\ No newline at end of file
diff --git a/roles/openshift_sanitize_inventory/tasks/main.yml b/roles/openshift_sanitize_inventory/tasks/main.yml
index f15dc16d1..59ce505d3 100644
--- a/roles/openshift_sanitize_inventory/tasks/main.yml
+++ b/roles/openshift_sanitize_inventory/tasks/main.yml
@@ -46,3 +46,7 @@
msg: |-
openshift_release is "{{ openshift_release }}" which is not a valid version string.
Please set it to a version string like "3.4".
+
+- include: unsupported.yml
+ when:
+ - not openshift_enable_unsupported_configurations | default(false) | bool
diff --git a/roles/openshift_sanitize_inventory/tasks/unsupported.yml b/roles/openshift_sanitize_inventory/tasks/unsupported.yml
new file mode 100644
index 000000000..24e44ea85
--- /dev/null
+++ b/roles/openshift_sanitize_inventory/tasks/unsupported.yml
@@ -0,0 +1,12 @@
+---
+# This task list checks for unsupported configurations. Values here should yield
+# a partially functioning cluster but would not be supported for production use.
+
+- name: Ensure that openshift_use_dnsmasq is true
+ when:
+ - not openshift_use_dnsmasq | default(true) | bool
+ fail:
+ msg: |-
+ Starting in 3.6 openshift_use_dnsmasq must be true or critical features
+ will not function. This also means that NetworkManager must be installed
+ enabled and responsible for management of the primary interface.
--
cgit v1.2.3
From d9c30f08cebe462a62e9c5131b6e3cec6b01e80a Mon Sep 17 00:00:00 2001
From: Scott Dodson <sdodson@redhat.com>
Date: Fri, 30 Jun 2017 08:06:17 -0400
Subject: Use default ports for dnsmasq and node dns
---
roles/openshift_node/defaults/main.yml | 1 -
roles/openshift_node/meta/main.yml | 1 -
roles/openshift_node/templates/node.service.j2 | 2 +-
roles/openshift_node/templates/node.yaml.v1.j2 | 2 +-
roles/openshift_node/templates/openshift.docker.node.service | 2 +-
roles/openshift_node_dnsmasq/defaults/main.yml | 1 -
roles/openshift_node_dnsmasq/templates/node-dnsmasq.conf.j2 | 4 ++--
roles/openshift_node_dnsmasq/templates/origin-dns.conf.j2 | 2 ++
roles/openshift_node_upgrade/defaults/main.yml | 1 -
roles/openshift_node_upgrade/templates/node.service.j2 | 2 +-
roles/openshift_node_upgrade/templates/openshift.docker.node.service | 2 +-
11 files changed, 9 insertions(+), 11 deletions(-)
diff --git a/roles/openshift_node/defaults/main.yml b/roles/openshift_node/defaults/main.yml
index 80049fdd1..5904ca9bc 100644
--- a/roles/openshift_node/defaults/main.yml
+++ b/roles/openshift_node/defaults/main.yml
@@ -12,4 +12,3 @@ os_firewall_allow:
- service: Calico BGP Port
port: 179/tcp
when: openshift.common.use_calico | bool
-r_openshift_node_dns_port: "{{ openshift_node_dns_port | default(8054) }}"
diff --git a/roles/openshift_node/meta/main.yml b/roles/openshift_node/meta/main.yml
index 508bb751d..3b7e8126a 100644
--- a/roles/openshift_node/meta/main.yml
+++ b/roles/openshift_node/meta/main.yml
@@ -45,5 +45,4 @@ dependencies:
port: "{{ openshift_node_port_range | default('') }}/udp"
when: openshift_node_port_range is defined
- role: openshift_node_dnsmasq
- r_openshift_node_dnsmasq_port: "{{ r_openshift_node_dns_port }}"
when: openshift.common.use_dnsmasq | bool
diff --git a/roles/openshift_node/templates/node.service.j2 b/roles/openshift_node/templates/node.service.j2
index fed8e21f5..d4f0b7762 100644
--- a/roles/openshift_node/templates/node.service.j2
+++ b/roles/openshift_node/templates/node.service.j2
@@ -14,7 +14,7 @@ Type=notify
EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-node
Environment=GOTRACEBACK=crash
ExecStartPre=/usr/bin/cp /etc/origin/node/node-dnsmasq.conf /etc/dnsmasq.d/
-ExecStartPre=/usr/bin/dbus-send --system --dest=uk.org.thekelleys.dnsmasq /uk/org/thekelleys/dnsmasq uk.org.thekelleys.SetDomainServers array:string:/in-addr.arpa/127.0.0.1#{{ r_openshift_node_dns_port}},/{{ openshift.common.dns_domain }}/127.0.0.1#{{ r_openshift_node_dns_port}}
+ExecStartPre=/usr/bin/dbus-send --system --dest=uk.org.thekelleys.dnsmasq /uk/org/thekelleys/dnsmasq uk.org.thekelleys.SetDomainServers array:string:/in-addr.arpa/127.0.0.1,/{{ openshift.common.dns_domain }}/127.0.0.1
ExecStopPost=/usr/bin/rm /etc/dnsmasq.d/node-dnsmasq.conf
ExecStopPost=/usr/bin/dbus-send --system --dest=uk.org.thekelleys.dnsmasq /uk/org/thekelleys/dnsmasq uk.org.thekelleys.SetDomainServers array:string:
ExecStart=/usr/bin/openshift start node --config=${CONFIG_FILE} $OPTIONS
diff --git a/roles/openshift_node/templates/node.yaml.v1.j2 b/roles/openshift_node/templates/node.yaml.v1.j2
index 8e6b3e070..351c8c9f6 100644
--- a/roles/openshift_node/templates/node.yaml.v1.j2
+++ b/roles/openshift_node/templates/node.yaml.v1.j2
@@ -1,7 +1,7 @@
allowDisabledDocker: false
apiVersion: v1
{% if openshift.common.version_gte_3_6 %}
-dnsBindAddress: 0.0.0.0:{{ r_openshift_node_dns_port }}
+dnsBindAddress: 127.0.0.1:53
dnsRecursiveResolvConf: /etc/origin/node/resolv.conf
{% endif %}
dnsDomain: {{ openshift.common.dns_domain }}
diff --git a/roles/openshift_node/templates/openshift.docker.node.service b/roles/openshift_node/templates/openshift.docker.node.service
index 9649fec38..639b6f6c8 100644
--- a/roles/openshift_node/templates/openshift.docker.node.service
+++ b/roles/openshift_node/templates/openshift.docker.node.service
@@ -20,7 +20,7 @@ EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-node
EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-node-dep
ExecStartPre=-/usr/bin/docker rm -f {{ openshift.common.service_type }}-node
ExecStartPre=/usr/bin/cp /etc/origin/node/node-dnsmasq.conf /etc/dnsmasq.d/
-ExecStartPre=/usr/bin/dbus-send --system --dest=uk.org.thekelleys.dnsmasq /uk/org/thekelleys/dnsmasq uk.org.thekelleys.SetDomainServers array:string:/in-addr.arpa/127.0.0.1#{{ r_openshift_node_dns_port}},/{{ openshift.common.dns_domain }}/127.0.0.1#{{ r_openshift_node_dns_port}}
+ExecStartPre=/usr/bin/dbus-send --system --dest=uk.org.thekelleys.dnsmasq /uk/org/thekelleys/dnsmasq uk.org.thekelleys.SetDomainServers array:string:/in-addr.arpa/127.0.0.1,/{{ openshift.common.dns_domain }}/127.0.0.1
ExecStart=/usr/bin/docker run --name {{ openshift.common.service_type }}-node --rm --privileged --net=host --pid=host --env-file=/etc/sysconfig/{{ openshift.common.service_type }}-node -v /:/rootfs:ro,rslave -e CONFIG_FILE=${CONFIG_FILE} -e OPTIONS=${OPTIONS} -e HOST=/rootfs -e HOST_ETC=/host-etc -v {{ openshift.common.data_dir }}:{{ openshift.common.data_dir }}{{ ':rslave' if openshift.docker.gte_1_10 | default(False) | bool else '' }} -v {{ openshift.common.config_base }}/node:{{ openshift.common.config_base }}/node {% if openshift_cloudprovider_kind | default('') != '' -%} -v {{ openshift.common.config_base }}/cloudprovider:{{ openshift.common.config_base}}/cloudprovider {% endif -%} -v /etc/localtime:/etc/localtime:ro -v /etc/machine-id:/etc/machine-id:ro -v /run:/run -v /sys:/sys:rw -v /sys/fs/cgroup:/sys/fs/cgroup:rw -v /usr/bin/docker:/usr/bin/docker:ro -v /var/lib/docker:/var/lib/docker -v /lib/modules:/lib/modules -v /etc/origin/openvswitch:/etc/openvswitch -v /etc/origin/sdn:/etc/openshift-sdn -v /var/lib/cni:/var/lib/cni -v /etc/systemd/system:/host-etc/systemd/system -v /var/log:/var/log -v /dev:/dev $DOCKER_ADDTL_BIND_MOUNTS -v /etc/pki:/etc/pki:ro {{ openshift.node.node_image }}:${IMAGE_VERSION}
ExecStartPost=/usr/bin/sleep 10
ExecStop=/usr/bin/docker stop {{ openshift.common.service_type }}-node
diff --git a/roles/openshift_node_dnsmasq/defaults/main.yml b/roles/openshift_node_dnsmasq/defaults/main.yml
index 06b2c4123..ed97d539c 100644
--- a/roles/openshift_node_dnsmasq/defaults/main.yml
+++ b/roles/openshift_node_dnsmasq/defaults/main.yml
@@ -1,2 +1 @@
---
-r_openshift_node_dnsmasq_port: 8054
diff --git a/roles/openshift_node_dnsmasq/templates/node-dnsmasq.conf.j2 b/roles/openshift_node_dnsmasq/templates/node-dnsmasq.conf.j2
index 4377403df..3caa3bd4a 100644
--- a/roles/openshift_node_dnsmasq/templates/node-dnsmasq.conf.j2
+++ b/roles/openshift_node_dnsmasq/templates/node-dnsmasq.conf.j2
@@ -1,2 +1,2 @@
-server=/in-addr.arpa/127.0.0.1#{{ r_openshift_node_dnsmasq_port }}
-server=/{{ openshift.common.dns_domain }}/127.0.0.1#{{ r_openshift_node_dnsmasq_port }}
+server=/in-addr.arpa/127.0.0.1
+server=/{{ openshift.common.dns_domain }}/127.0.0.1
diff --git a/roles/openshift_node_dnsmasq/templates/origin-dns.conf.j2 b/roles/openshift_node_dnsmasq/templates/origin-dns.conf.j2
index eac18cb4b..779b4d2f5 100644
--- a/roles/openshift_node_dnsmasq/templates/origin-dns.conf.j2
+++ b/roles/openshift_node_dnsmasq/templates/origin-dns.conf.j2
@@ -3,3 +3,5 @@ domain-needed
no-negcache
max-cache-ttl=1
enable-dbus
+bind-interfaces
+listen-address={{ ansible_default_ipv4.address }}
diff --git a/roles/openshift_node_upgrade/defaults/main.yml b/roles/openshift_node_upgrade/defaults/main.yml
index 1272c347c..ed97d539c 100644
--- a/roles/openshift_node_upgrade/defaults/main.yml
+++ b/roles/openshift_node_upgrade/defaults/main.yml
@@ -1,2 +1 @@
---
-r_openshift_node_dns_port: "{{ openshift_node_dns_port | default(8054) }}"
diff --git a/roles/openshift_node_upgrade/templates/node.service.j2 b/roles/openshift_node_upgrade/templates/node.service.j2
index fed8e21f5..d4f0b7762 100644
--- a/roles/openshift_node_upgrade/templates/node.service.j2
+++ b/roles/openshift_node_upgrade/templates/node.service.j2
@@ -14,7 +14,7 @@ Type=notify
EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-node
Environment=GOTRACEBACK=crash
ExecStartPre=/usr/bin/cp /etc/origin/node/node-dnsmasq.conf /etc/dnsmasq.d/
-ExecStartPre=/usr/bin/dbus-send --system --dest=uk.org.thekelleys.dnsmasq /uk/org/thekelleys/dnsmasq uk.org.thekelleys.SetDomainServers array:string:/in-addr.arpa/127.0.0.1#{{ r_openshift_node_dns_port}},/{{ openshift.common.dns_domain }}/127.0.0.1#{{ r_openshift_node_dns_port}}
+ExecStartPre=/usr/bin/dbus-send --system --dest=uk.org.thekelleys.dnsmasq /uk/org/thekelleys/dnsmasq uk.org.thekelleys.SetDomainServers array:string:/in-addr.arpa/127.0.0.1,/{{ openshift.common.dns_domain }}/127.0.0.1
ExecStopPost=/usr/bin/rm /etc/dnsmasq.d/node-dnsmasq.conf
ExecStopPost=/usr/bin/dbus-send --system --dest=uk.org.thekelleys.dnsmasq /uk/org/thekelleys/dnsmasq uk.org.thekelleys.SetDomainServers array:string:
ExecStart=/usr/bin/openshift start node --config=${CONFIG_FILE} $OPTIONS
diff --git a/roles/openshift_node_upgrade/templates/openshift.docker.node.service b/roles/openshift_node_upgrade/templates/openshift.docker.node.service
index 9649fec38..639b6f6c8 100644
--- a/roles/openshift_node_upgrade/templates/openshift.docker.node.service
+++ b/roles/openshift_node_upgrade/templates/openshift.docker.node.service
@@ -20,7 +20,7 @@ EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-node
EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-node-dep
ExecStartPre=-/usr/bin/docker rm -f {{ openshift.common.service_type }}-node
ExecStartPre=/usr/bin/cp /etc/origin/node/node-dnsmasq.conf /etc/dnsmasq.d/
-ExecStartPre=/usr/bin/dbus-send --system --dest=uk.org.thekelleys.dnsmasq /uk/org/thekelleys/dnsmasq uk.org.thekelleys.SetDomainServers array:string:/in-addr.arpa/127.0.0.1#{{ r_openshift_node_dns_port}},/{{ openshift.common.dns_domain }}/127.0.0.1#{{ r_openshift_node_dns_port}}
+ExecStartPre=/usr/bin/dbus-send --system --dest=uk.org.thekelleys.dnsmasq /uk/org/thekelleys/dnsmasq uk.org.thekelleys.SetDomainServers array:string:/in-addr.arpa/127.0.0.1,/{{ openshift.common.dns_domain }}/127.0.0.1
ExecStart=/usr/bin/docker run --name {{ openshift.common.service_type }}-node --rm --privileged --net=host --pid=host --env-file=/etc/sysconfig/{{ openshift.common.service_type }}-node -v /:/rootfs:ro,rslave -e CONFIG_FILE=${CONFIG_FILE} -e OPTIONS=${OPTIONS} -e HOST=/rootfs -e HOST_ETC=/host-etc -v {{ openshift.common.data_dir }}:{{ openshift.common.data_dir }}{{ ':rslave' if openshift.docker.gte_1_10 | default(False) | bool else '' }} -v {{ openshift.common.config_base }}/node:{{ openshift.common.config_base }}/node {% if openshift_cloudprovider_kind | default('') != '' -%} -v {{ openshift.common.config_base }}/cloudprovider:{{ openshift.common.config_base}}/cloudprovider {% endif -%} -v /etc/localtime:/etc/localtime:ro -v /etc/machine-id:/etc/machine-id:ro -v /run:/run -v /sys:/sys:rw -v /sys/fs/cgroup:/sys/fs/cgroup:rw -v /usr/bin/docker:/usr/bin/docker:ro -v /var/lib/docker:/var/lib/docker -v /lib/modules:/lib/modules -v /etc/origin/openvswitch:/etc/openvswitch -v /etc/origin/sdn:/etc/openshift-sdn -v /var/lib/cni:/var/lib/cni -v /etc/systemd/system:/host-etc/systemd/system -v /var/log:/var/log -v /dev:/dev $DOCKER_ADDTL_BIND_MOUNTS -v /etc/pki:/etc/pki:ro {{ openshift.node.node_image }}:${IMAGE_VERSION}
ExecStartPost=/usr/bin/sleep 10
ExecStop=/usr/bin/docker stop {{ openshift.common.service_type }}-node
--
cgit v1.2.3
From e20748de5b679c8a5747dd94b6603a97a64450ae Mon Sep 17 00:00:00 2001
From: Steve Teuber <steveteuber@users.noreply.github.com>
Date: Wed, 17 May 2017 07:53:12 +0200
Subject: Prevent the script to use default route ip as upstream nameserver.
---
roles/openshift_node_dnsmasq/files/networkmanager/99-origin-dns.sh | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/roles/openshift_node_dnsmasq/files/networkmanager/99-origin-dns.sh b/roles/openshift_node_dnsmasq/files/networkmanager/99-origin-dns.sh
index 2c466e4f0..924226d09 100755
--- a/roles/openshift_node_dnsmasq/files/networkmanager/99-origin-dns.sh
+++ b/roles/openshift_node_dnsmasq/files/networkmanager/99-origin-dns.sh
@@ -45,7 +45,8 @@ if [[ $2 =~ ^(up|dhcp4-change|dhcp6-change)$ ]]; then
def_route_int=$(/sbin/ip route get to ${def_route} | awk '{print $3}')
def_route_ip=$(/sbin/ip route get to ${def_route} | awk '{print $5}')
if [[ ${DEVICE_IFACE} == ${def_route_int} && \
- -n "${IP4_NAMESERVERS}" ]]; then
+ -n "${IP4_NAMESERVERS}" && \
+ "${IP4_NAMESERVERS}" != "${def_route_ip}" ]]; then
if [ ! -f /etc/dnsmasq.d/origin-dns.conf ]; then
cat << EOF > /etc/dnsmasq.d/origin-dns.conf
no-resolv
--
cgit v1.2.3
From 841cefdae64bf6e01ff85b3fcec3a12e6aeabf7e Mon Sep 17 00:00:00 2001
From: Scott Dodson <sdodson@redhat.com>
Date: Fri, 30 Jun 2017 17:16:18 -0400
Subject: Fix upgrade
---
roles/openshift_node_upgrade/tasks/main.yml | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/roles/openshift_node_upgrade/tasks/main.yml b/roles/openshift_node_upgrade/tasks/main.yml
index 8eaa68cc9..9807aa9a3 100644
--- a/roles/openshift_node_upgrade/tasks/main.yml
+++ b/roles/openshift_node_upgrade/tasks/main.yml
@@ -133,6 +133,17 @@
- ansible_selinux is defined
- ansible_selinux.status == 'enabled'
+- name: Apply 3.6 dns config changes
+ yedit:
+ src: /etc/origin/node/node-config.yaml
+ key: "{{ item.key }}"
+ value: "{{ item.value }}"
+ with_items:
+ - key: "dnsBindAddress"
+ value: "127.0.0.1:53"
+ - key: "dnsRecursiveResolvConf"
+ value: "/etc/origin/node/resolv.conf"
+
# Restart all services
- include: restart.yml
--
cgit v1.2.3