From 73bf3e7137d80ba5b225108f39240c43d385a1ea Mon Sep 17 00:00:00 2001 From: Michael Gugino Date: Mon, 27 Nov 2017 12:22:02 -0500 Subject: Combine openshift_node and openshift_node_dnsmasq This commit combines these two roles. This will prevent openshift_node_facts from running twice. --- playbooks/byo/openshift-cluster/enable_dnsmasq.yml | 4 - .../common/openshift-cluster/enable_dnsmasq.yml | 55 --------- roles/openshift_node/defaults/main.yml | 7 ++ .../files/networkmanager/99-origin-dns.sh | 128 +++++++++++++++++++++ roles/openshift_node/handlers/main.yml | 11 ++ roles/openshift_node/meta/main.yml | 1 - roles/openshift_node/tasks/dnsmasq.yml | 67 +++++++++++ .../tasks/dnsmasq/network-manager.yml | 10 ++ .../tasks/dnsmasq/no-network-manager.yml | 11 ++ roles/openshift_node/tasks/main.yml | 2 + roles/openshift_node/tasks/upgrade.yml | 3 +- .../openshift_node/templates/node-dnsmasq.conf.j2 | 2 + roles/openshift_node/templates/origin-dns.conf.j2 | 12 ++ roles/openshift_node_dnsmasq/README.md | 27 ----- roles/openshift_node_dnsmasq/defaults/main.yml | 7 -- .../files/networkmanager/99-origin-dns.sh | 128 --------------------- roles/openshift_node_dnsmasq/handlers/main.yml | 11 -- roles/openshift_node_dnsmasq/meta/main.yml | 15 --- roles/openshift_node_dnsmasq/tasks/main.yml | 67 ----------- .../tasks/network-manager.yml | 10 -- .../tasks/no-network-manager.yml | 11 -- .../templates/node-dnsmasq.conf.j2 | 2 - .../templates/origin-dns.conf.j2 | 12 -- 23 files changed, 251 insertions(+), 352 deletions(-) delete mode 100644 playbooks/byo/openshift-cluster/enable_dnsmasq.yml delete mode 100644 playbooks/common/openshift-cluster/enable_dnsmasq.yml create mode 100755 roles/openshift_node/files/networkmanager/99-origin-dns.sh create mode 100644 roles/openshift_node/tasks/dnsmasq.yml create mode 100644 roles/openshift_node/tasks/dnsmasq/network-manager.yml create mode 100644 roles/openshift_node/tasks/dnsmasq/no-network-manager.yml create mode 100644 roles/openshift_node/templates/node-dnsmasq.conf.j2 create mode 100644 roles/openshift_node/templates/origin-dns.conf.j2 delete mode 100644 roles/openshift_node_dnsmasq/README.md delete mode 100644 roles/openshift_node_dnsmasq/defaults/main.yml delete mode 100755 roles/openshift_node_dnsmasq/files/networkmanager/99-origin-dns.sh delete mode 100644 roles/openshift_node_dnsmasq/handlers/main.yml delete mode 100644 roles/openshift_node_dnsmasq/meta/main.yml delete mode 100644 roles/openshift_node_dnsmasq/tasks/main.yml delete mode 100644 roles/openshift_node_dnsmasq/tasks/network-manager.yml delete mode 100644 roles/openshift_node_dnsmasq/tasks/no-network-manager.yml delete mode 100644 roles/openshift_node_dnsmasq/templates/node-dnsmasq.conf.j2 delete mode 100644 roles/openshift_node_dnsmasq/templates/origin-dns.conf.j2 diff --git a/playbooks/byo/openshift-cluster/enable_dnsmasq.yml b/playbooks/byo/openshift-cluster/enable_dnsmasq.yml deleted file mode 100644 index b429e84e5..000000000 --- a/playbooks/byo/openshift-cluster/enable_dnsmasq.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -- include: ../../init/evaluate_groups.yml - -- include: ../../common/openshift-cluster/enable_dnsmasq.yml diff --git a/playbooks/common/openshift-cluster/enable_dnsmasq.yml b/playbooks/common/openshift-cluster/enable_dnsmasq.yml deleted file mode 100644 index f91361b67..000000000 --- a/playbooks/common/openshift-cluster/enable_dnsmasq.yml +++ /dev/null @@ -1,55 +0,0 @@ ---- -- name: Load openshift_facts - hosts: oo_masters_to_config:oo_nodes_to_config - roles: - - openshift_facts - -- name: Reconfigure masters to listen on our new dns_port - hosts: oo_masters_to_config - handlers: - - include: ../../../roles/openshift_master/handlers/main.yml - static: yes - vars: - os_firewall_allow: - - service: skydns tcp - port: "{{ openshift.master.dns_port }}/tcp" - - service: skydns udp - port: "{{ openshift.master.dns_port }}/udp" - roles: - - os_firewall - tasks: - - openshift_facts: - role: "{{ item.role }}" - local_facts: "{{ item.local_facts }}" - with_items: - - role: master - local_facts: - dns_port: '8053' - - modify_yaml: - dest: "{{ openshift.common.config_base }}/master/master-config.yaml" - yaml_key: dnsConfig.bindAddress - yaml_value: "{{ openshift.master.bind_addr }}:{{ openshift.master.dns_port }}" - notify: restart master api - - meta: flush_handlers - -- name: Configure nodes for dnsmasq - hosts: oo_nodes_to_config - handlers: - - include: ../../../roles/openshift_node/handlers/main.yml - static: yes - pre_tasks: - - openshift_facts: - role: "{{ item.role }}" - local_facts: "{{ item.local_facts }}" - with_items: - - role: node - local_facts: - dns_ip: "{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}" - roles: - - openshift_node_dnsmasq - post_tasks: - - modify_yaml: - dest: "{{ openshift.common.config_base }}/node/node-config.yaml" - yaml_key: dnsIP - yaml_value: "{{ openshift.node.dns_ip }}" - notify: restart node diff --git a/roles/openshift_node/defaults/main.yml b/roles/openshift_node/defaults/main.yml index 62208c155..5a0c09f5c 100644 --- a/roles/openshift_node/defaults/main.yml +++ b/roles/openshift_node/defaults/main.yml @@ -1,6 +1,13 @@ --- openshift_node_debug_level: "{{ debug_level | default(2) }}" +openshift_node_dnsmasq_install_network_manager_hook: true + +# lo must always be present in this list or dnsmasq will conflict with +# the node's dns service. +openshift_node_dnsmasq_except_interfaces: +- lo + r_openshift_node_firewall_enabled: "{{ os_firewall_enabled | default(True) }}" r_openshift_node_use_firewalld: "{{ os_firewall_use_firewalld | default(False) }}" diff --git a/roles/openshift_node/files/networkmanager/99-origin-dns.sh b/roles/openshift_node/files/networkmanager/99-origin-dns.sh new file mode 100755 index 000000000..f4e48b5b7 --- /dev/null +++ b/roles/openshift_node/files/networkmanager/99-origin-dns.sh @@ -0,0 +1,128 @@ +#!/bin/bash -x +# -*- mode: sh; sh-indentation: 2 -*- + +# This NetworkManager dispatcher script replicates the functionality of +# NetworkManager's dns=dnsmasq however, rather than hardcoding the listening +# address and /etc/resolv.conf to 127.0.0.1 it pulls the IP address from the +# interface that owns the default route. This enables us to then configure pods +# to use this IP address as their only resolver, where as using 127.0.0.1 inside +# a pod would fail. +# +# To use this, +# - If this host is also a master, reconfigure master dnsConfig to listen on +# 8053 to avoid conflicts on port 53 and open port 8053 in the firewall +# - Drop this script in /etc/NetworkManager/dispatcher.d/ +# - systemctl restart NetworkManager +# - Configure node-config.yaml to set dnsIP: to the ip address of this +# node +# +# Test it: +# host kubernetes.default.svc.cluster.local +# host google.com +# +# TODO: I think this would be easy to add as a config option in NetworkManager +# natively, look at hacking that up + +cd /etc/sysconfig/network-scripts +. ./network-functions + +[ -f ../network ] && . ../network + +if [[ $2 =~ ^(up|dhcp4-change|dhcp6-change)$ ]]; then + # If the origin-upstream-dns config file changed we need to restart + NEEDS_RESTART=0 + UPSTREAM_DNS='/etc/dnsmasq.d/origin-upstream-dns.conf' + # We'll regenerate the dnsmasq origin config in a temp file first + UPSTREAM_DNS_TMP=`mktemp` + UPSTREAM_DNS_TMP_SORTED=`mktemp` + CURRENT_UPSTREAM_DNS_SORTED=`mktemp` + NEW_RESOLV_CONF=`mktemp` + NEW_NODE_RESOLV_CONF=`mktemp` + + + ###################################################################### + # couldn't find an existing method to determine if the interface owns the + # default route + def_route=$(/sbin/ip route list match 0.0.0.0/0 | awk '{print $3 }') + def_route_int=$(/sbin/ip route get to ${def_route} | awk '{print $3}') + def_route_ip=$(/sbin/ip route get to ${def_route} | awk '{print $5}') + if [[ ${DEVICE_IFACE} == ${def_route_int} ]]; then + if [ ! -f /etc/dnsmasq.d/origin-dns.conf ]; then + cat << EOF > /etc/dnsmasq.d/origin-dns.conf +no-resolv +domain-needed +server=/cluster.local/172.30.0.1 +server=/30.172.in-addr.arpa/172.30.0.1 +enable-dbus +dns-forward-max=5000 +cache-size=5000 +EOF + # New config file, must restart + NEEDS_RESTART=1 + fi + + # If network manager doesn't know about the nameservers then the best + # we can do is grab them from /etc/resolv.conf but only if we've got no + # watermark + if ! grep -q '99-origin-dns.sh' /etc/resolv.conf; then + if [[ -z "${IP4_NAMESERVERS}" || "${IP4_NAMESERVERS}" == "${def_route_ip}" ]]; then + IP4_NAMESERVERS=`grep '^nameserver ' /etc/resolv.conf | awk '{ print $2 }'` + fi + ###################################################################### + # Write out default nameservers for /etc/dnsmasq.d/origin-upstream-dns.conf + # and /etc/origin/node/resolv.conf in their respective formats + for ns in ${IP4_NAMESERVERS}; do + if [[ ! -z $ns ]]; then + echo "server=${ns}" >> $UPSTREAM_DNS_TMP + echo "nameserver ${ns}" >> $NEW_NODE_RESOLV_CONF + fi + done + # Sort it in case DNS servers arrived in a different order + sort $UPSTREAM_DNS_TMP > $UPSTREAM_DNS_TMP_SORTED + sort $UPSTREAM_DNS > $CURRENT_UPSTREAM_DNS_SORTED + # Compare to the current config file (sorted) + NEW_DNS_SUM=`md5sum ${UPSTREAM_DNS_TMP_SORTED} | awk '{print $1}'` + CURRENT_DNS_SUM=`md5sum ${CURRENT_UPSTREAM_DNS_SORTED} | awk '{print $1}'` + if [ "${NEW_DNS_SUM}" != "${CURRENT_DNS_SUM}" ]; then + # DNS has changed, copy the temp file to the proper location (-Z + # sets default selinux context) and set the restart flag + cp -Z $UPSTREAM_DNS_TMP $UPSTREAM_DNS + NEEDS_RESTART=1 + fi + # compare /etc/origin/node/resolv.conf checksum and replace it if different + NEW_NODE_RESOLV_CONF_MD5=`md5sum ${NEW_NODE_RESOLV_CONF}` + OLD_NODE_RESOLV_CONF_MD5=`md5sum /etc/origin/node/resolv.conf` + if [ "${NEW_NODE_RESOLV_CONF_MD5}" != "${OLD_NODE_RESOLV_CONF_MD5}" ]; then + cp -Z $NEW_NODE_RESOLV_CONF /etc/origin/node/resolv.conf + fi + fi + + if ! `systemctl -q is-active dnsmasq.service`; then + NEEDS_RESTART=1 + fi + + ###################################################################### + if [ "${NEEDS_RESTART}" -eq "1" ]; then + systemctl restart dnsmasq + fi + + # Only if dnsmasq is running properly make it our only nameserver and place + # a watermark on /etc/resolv.conf + if `systemctl -q is-active dnsmasq.service`; then + if ! grep -q '99-origin-dns.sh' /etc/resolv.conf; then + echo "# nameserver updated by /etc/NetworkManager/dispatcher.d/99-origin-dns.sh" >> ${NEW_RESOLV_CONF} + fi + sed -e '/^nameserver.*$/d' /etc/resolv.conf >> ${NEW_RESOLV_CONF} + echo "nameserver "${def_route_ip}"" >> ${NEW_RESOLV_CONF} + if ! grep -qw search ${NEW_RESOLV_CONF}; then + echo 'search cluster.local' >> ${NEW_RESOLV_CONF} + elif ! grep -q 'search.*cluster.local' ${NEW_RESOLV_CONF}; then + sed -i '/^search/ s/$/ cluster.local/' ${NEW_RESOLV_CONF} + fi + cp -Z ${NEW_RESOLV_CONF} /etc/resolv.conf + fi + fi + + # Clean up after yourself + rm -f $UPSTREAM_DNS_TMP $UPSTREAM_DNS_TMP_SORTED $CURRENT_UPSTREAM_DNS_SORTED $NEW_RESOLV_CONF +fi diff --git a/roles/openshift_node/handlers/main.yml b/roles/openshift_node/handlers/main.yml index b102c1b18..229c6bbed 100644 --- a/roles/openshift_node/handlers/main.yml +++ b/roles/openshift_node/handlers/main.yml @@ -1,4 +1,15 @@ --- +- name: restart NetworkManager + systemd: + name: NetworkManager + state: restarted + enabled: True + +- name: restart dnsmasq + systemd: + name: dnsmasq + state: restarted + - name: restart openvswitch systemd: name: openvswitch diff --git a/roles/openshift_node/meta/main.yml b/roles/openshift_node/meta/main.yml index c32aa1600..373e0e1bd 100644 --- a/roles/openshift_node/meta/main.yml +++ b/roles/openshift_node/meta/main.yml @@ -22,6 +22,5 @@ dependencies: - role: openshift_docker - role: openshift_cloud_provider when: not (openshift_node_upgrade_in_progress | default(False)) -- role: openshift_node_dnsmasq - role: lib_utils when: openshift_node_upgrade_in_progress | default(False) diff --git a/roles/openshift_node/tasks/dnsmasq.yml b/roles/openshift_node/tasks/dnsmasq.yml new file mode 100644 index 000000000..22bdce6c6 --- /dev/null +++ b/roles/openshift_node/tasks/dnsmasq.yml @@ -0,0 +1,67 @@ +--- +- name: Check for NetworkManager service + command: > + systemctl show NetworkManager + register: nm_show + changed_when: false + ignore_errors: True + +- name: Set fact using_network_manager + set_fact: + network_manager_active: "{{ True if 'ActiveState=active' in nm_show.stdout else False }}" + +- name: Install dnsmasq + package: name=dnsmasq state=installed + when: not openshift.common.is_atomic | bool + +- name: ensure origin/node directory exists + file: + state: directory + path: "{{ item }}" + owner: root + group: root + mode: '0700' + with_items: + - /etc/origin + - /etc/origin/node + +# this file is copied to /etc/dnsmasq.d/ when the node starts and is removed +# when the node stops. A dbus-message is sent to dnsmasq to add the same entries +# so that dnsmasq doesn't need to be restarted. Once we can use dnsmasq 2.77 or +# newer we can use --server-file option to update the servers dynamically and +# reload them by sending dnsmasq a SIGHUP. We write the file in case someone else +# triggers a restart of dnsmasq but not a node restart. +- name: Install node-dnsmasq.conf + template: + src: node-dnsmasq.conf.j2 + dest: /etc/origin/node/node-dnsmasq.conf + +- name: Install dnsmasq configuration + template: + src: origin-dns.conf.j2 + dest: /etc/dnsmasq.d/origin-dns.conf + notify: restart dnsmasq + +- name: Deploy additional dnsmasq.conf + template: + src: "{{ openshift_node_dnsmasq_additional_config_file }}" + dest: /etc/dnsmasq.d/openshift-ansible.conf + owner: root + group: root + mode: 0644 + when: openshift_node_dnsmasq_additional_config_file is defined + notify: restart dnsmasq + +- name: Enable dnsmasq + systemd: + name: dnsmasq + enabled: yes + state: started + +# Dynamic NetworkManager based dispatcher +- include_tasks: dnsmasq/network-manager.yml + when: network_manager_active | bool + +# Relies on ansible in order to configure static config +- include_tasks: dnsmasq/no-network-manager.yml + when: not network_manager_active | bool diff --git a/roles/openshift_node/tasks/dnsmasq/network-manager.yml b/roles/openshift_node/tasks/dnsmasq/network-manager.yml new file mode 100644 index 000000000..e5a92a630 --- /dev/null +++ b/roles/openshift_node/tasks/dnsmasq/network-manager.yml @@ -0,0 +1,10 @@ +--- +- name: Install network manager dispatch script + copy: + src: networkmanager/99-origin-dns.sh + dest: /etc/NetworkManager/dispatcher.d/ + mode: 0755 + notify: restart NetworkManager + when: openshift_node_dnsmasq_install_network_manager_hook | default(true) | bool + +- meta: flush_handlers diff --git a/roles/openshift_node/tasks/dnsmasq/no-network-manager.yml b/roles/openshift_node/tasks/dnsmasq/no-network-manager.yml new file mode 100644 index 000000000..dede2fb8f --- /dev/null +++ b/roles/openshift_node/tasks/dnsmasq/no-network-manager.yml @@ -0,0 +1,11 @@ +--- +- fail: msg="Currently, NetworkManager must be installed and enabled prior to installation." + when: not openshift_node_bootstrap | bool + +- name: Install NetworkManager during node_bootstrap provisioning + package: + name: NetworkManager + state: present + notify: restart NetworkManager + +- include_tasks: network-manager.yml diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index 8e9d1d1b5..d46b1f9c3 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -6,6 +6,8 @@ - deployment_type == 'openshift-enterprise' - not openshift_use_crio | default(false) +- include: dnsmasq.yml + - name: setup firewall import_tasks: firewall.yml diff --git a/roles/openshift_node/tasks/upgrade.yml b/roles/openshift_node/tasks/upgrade.yml index fb21b39a1..ff3478800 100644 --- a/roles/openshift_node/tasks/upgrade.yml +++ b/roles/openshift_node/tasks/upgrade.yml @@ -179,5 +179,4 @@ retries: 24 delay: 5 -- include_role: - name: openshift_node_dnsmasq +- include_tasks: dnsmasq.yml diff --git a/roles/openshift_node/templates/node-dnsmasq.conf.j2 b/roles/openshift_node/templates/node-dnsmasq.conf.j2 new file mode 100644 index 000000000..3caa3bd4a --- /dev/null +++ b/roles/openshift_node/templates/node-dnsmasq.conf.j2 @@ -0,0 +1,2 @@ +server=/in-addr.arpa/127.0.0.1 +server=/{{ openshift.common.dns_domain }}/127.0.0.1 diff --git a/roles/openshift_node/templates/origin-dns.conf.j2 b/roles/openshift_node/templates/origin-dns.conf.j2 new file mode 100644 index 000000000..6543c7c3e --- /dev/null +++ b/roles/openshift_node/templates/origin-dns.conf.j2 @@ -0,0 +1,12 @@ +no-resolv +domain-needed +no-negcache +max-cache-ttl=1 +enable-dbus +dns-forward-max=5000 +cache-size=5000 +bind-dynamic +{% for interface in openshift_node_dnsmasq_except_interfaces %} +except-interface={{ interface }} +{% endfor %} +# End of config diff --git a/roles/openshift_node_dnsmasq/README.md b/roles/openshift_node_dnsmasq/README.md deleted file mode 100644 index 4596190d7..000000000 --- a/roles/openshift_node_dnsmasq/README.md +++ /dev/null @@ -1,27 +0,0 @@ -OpenShift Node DNS resolver -=========================== - -Configure dnsmasq to act as a DNS resolver for an OpenShift node. - -Requirements ------------- - -Role Variables --------------- - -From this role: - -| Name | Default value | Description | -|-----------------------------------------------------|---------------|-----------------------------------------------------------------------------------| -| openshift_node_dnsmasq_install_network_manager_hook | true | Install NetworkManager hook updating /etc/resolv.conf with local dnsmasq instance | - -Dependencies ------------- - -* openshift_common -* openshift_node_facts - -License -------- - -Apache License Version 2.0 diff --git a/roles/openshift_node_dnsmasq/defaults/main.yml b/roles/openshift_node_dnsmasq/defaults/main.yml deleted file mode 100644 index ebcff46b5..000000000 --- a/roles/openshift_node_dnsmasq/defaults/main.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -openshift_node_dnsmasq_install_network_manager_hook: true - -# lo must always be present in this list or dnsmasq will conflict with -# the node's dns service. -openshift_node_dnsmasq_except_interfaces: -- lo diff --git a/roles/openshift_node_dnsmasq/files/networkmanager/99-origin-dns.sh b/roles/openshift_node_dnsmasq/files/networkmanager/99-origin-dns.sh deleted file mode 100755 index f4e48b5b7..000000000 --- a/roles/openshift_node_dnsmasq/files/networkmanager/99-origin-dns.sh +++ /dev/null @@ -1,128 +0,0 @@ -#!/bin/bash -x -# -*- mode: sh; sh-indentation: 2 -*- - -# This NetworkManager dispatcher script replicates the functionality of -# NetworkManager's dns=dnsmasq however, rather than hardcoding the listening -# address and /etc/resolv.conf to 127.0.0.1 it pulls the IP address from the -# interface that owns the default route. This enables us to then configure pods -# to use this IP address as their only resolver, where as using 127.0.0.1 inside -# a pod would fail. -# -# To use this, -# - If this host is also a master, reconfigure master dnsConfig to listen on -# 8053 to avoid conflicts on port 53 and open port 8053 in the firewall -# - Drop this script in /etc/NetworkManager/dispatcher.d/ -# - systemctl restart NetworkManager -# - Configure node-config.yaml to set dnsIP: to the ip address of this -# node -# -# Test it: -# host kubernetes.default.svc.cluster.local -# host google.com -# -# TODO: I think this would be easy to add as a config option in NetworkManager -# natively, look at hacking that up - -cd /etc/sysconfig/network-scripts -. ./network-functions - -[ -f ../network ] && . ../network - -if [[ $2 =~ ^(up|dhcp4-change|dhcp6-change)$ ]]; then - # If the origin-upstream-dns config file changed we need to restart - NEEDS_RESTART=0 - UPSTREAM_DNS='/etc/dnsmasq.d/origin-upstream-dns.conf' - # We'll regenerate the dnsmasq origin config in a temp file first - UPSTREAM_DNS_TMP=`mktemp` - UPSTREAM_DNS_TMP_SORTED=`mktemp` - CURRENT_UPSTREAM_DNS_SORTED=`mktemp` - NEW_RESOLV_CONF=`mktemp` - NEW_NODE_RESOLV_CONF=`mktemp` - - - ###################################################################### - # couldn't find an existing method to determine if the interface owns the - # default route - def_route=$(/sbin/ip route list match 0.0.0.0/0 | awk '{print $3 }') - def_route_int=$(/sbin/ip route get to ${def_route} | awk '{print $3}') - def_route_ip=$(/sbin/ip route get to ${def_route} | awk '{print $5}') - if [[ ${DEVICE_IFACE} == ${def_route_int} ]]; then - if [ ! -f /etc/dnsmasq.d/origin-dns.conf ]; then - cat << EOF > /etc/dnsmasq.d/origin-dns.conf -no-resolv -domain-needed -server=/cluster.local/172.30.0.1 -server=/30.172.in-addr.arpa/172.30.0.1 -enable-dbus -dns-forward-max=5000 -cache-size=5000 -EOF - # New config file, must restart - NEEDS_RESTART=1 - fi - - # If network manager doesn't know about the nameservers then the best - # we can do is grab them from /etc/resolv.conf but only if we've got no - # watermark - if ! grep -q '99-origin-dns.sh' /etc/resolv.conf; then - if [[ -z "${IP4_NAMESERVERS}" || "${IP4_NAMESERVERS}" == "${def_route_ip}" ]]; then - IP4_NAMESERVERS=`grep '^nameserver ' /etc/resolv.conf | awk '{ print $2 }'` - fi - ###################################################################### - # Write out default nameservers for /etc/dnsmasq.d/origin-upstream-dns.conf - # and /etc/origin/node/resolv.conf in their respective formats - for ns in ${IP4_NAMESERVERS}; do - if [[ ! -z $ns ]]; then - echo "server=${ns}" >> $UPSTREAM_DNS_TMP - echo "nameserver ${ns}" >> $NEW_NODE_RESOLV_CONF - fi - done - # Sort it in case DNS servers arrived in a different order - sort $UPSTREAM_DNS_TMP > $UPSTREAM_DNS_TMP_SORTED - sort $UPSTREAM_DNS > $CURRENT_UPSTREAM_DNS_SORTED - # Compare to the current config file (sorted) - NEW_DNS_SUM=`md5sum ${UPSTREAM_DNS_TMP_SORTED} | awk '{print $1}'` - CURRENT_DNS_SUM=`md5sum ${CURRENT_UPSTREAM_DNS_SORTED} | awk '{print $1}'` - if [ "${NEW_DNS_SUM}" != "${CURRENT_DNS_SUM}" ]; then - # DNS has changed, copy the temp file to the proper location (-Z - # sets default selinux context) and set the restart flag - cp -Z $UPSTREAM_DNS_TMP $UPSTREAM_DNS - NEEDS_RESTART=1 - fi - # compare /etc/origin/node/resolv.conf checksum and replace it if different - NEW_NODE_RESOLV_CONF_MD5=`md5sum ${NEW_NODE_RESOLV_CONF}` - OLD_NODE_RESOLV_CONF_MD5=`md5sum /etc/origin/node/resolv.conf` - if [ "${NEW_NODE_RESOLV_CONF_MD5}" != "${OLD_NODE_RESOLV_CONF_MD5}" ]; then - cp -Z $NEW_NODE_RESOLV_CONF /etc/origin/node/resolv.conf - fi - fi - - if ! `systemctl -q is-active dnsmasq.service`; then - NEEDS_RESTART=1 - fi - - ###################################################################### - if [ "${NEEDS_RESTART}" -eq "1" ]; then - systemctl restart dnsmasq - fi - - # Only if dnsmasq is running properly make it our only nameserver and place - # a watermark on /etc/resolv.conf - if `systemctl -q is-active dnsmasq.service`; then - if ! grep -q '99-origin-dns.sh' /etc/resolv.conf; then - echo "# nameserver updated by /etc/NetworkManager/dispatcher.d/99-origin-dns.sh" >> ${NEW_RESOLV_CONF} - fi - sed -e '/^nameserver.*$/d' /etc/resolv.conf >> ${NEW_RESOLV_CONF} - echo "nameserver "${def_route_ip}"" >> ${NEW_RESOLV_CONF} - if ! grep -qw search ${NEW_RESOLV_CONF}; then - echo 'search cluster.local' >> ${NEW_RESOLV_CONF} - elif ! grep -q 'search.*cluster.local' ${NEW_RESOLV_CONF}; then - sed -i '/^search/ s/$/ cluster.local/' ${NEW_RESOLV_CONF} - fi - cp -Z ${NEW_RESOLV_CONF} /etc/resolv.conf - fi - fi - - # Clean up after yourself - rm -f $UPSTREAM_DNS_TMP $UPSTREAM_DNS_TMP_SORTED $CURRENT_UPSTREAM_DNS_SORTED $NEW_RESOLV_CONF -fi diff --git a/roles/openshift_node_dnsmasq/handlers/main.yml b/roles/openshift_node_dnsmasq/handlers/main.yml deleted file mode 100644 index 9f98126a0..000000000 --- a/roles/openshift_node_dnsmasq/handlers/main.yml +++ /dev/null @@ -1,11 +0,0 @@ ---- -- name: restart NetworkManager - systemd: - name: NetworkManager - state: restarted - enabled: True - -- name: restart dnsmasq - systemd: - name: dnsmasq - state: restarted diff --git a/roles/openshift_node_dnsmasq/meta/main.yml b/roles/openshift_node_dnsmasq/meta/main.yml deleted file mode 100644 index d80ed1b72..000000000 --- a/roles/openshift_node_dnsmasq/meta/main.yml +++ /dev/null @@ -1,15 +0,0 @@ ---- -galaxy_info: - author: Scott Dodson - description: OpenShift Node DNSMasq support - company: Red Hat, Inc. - license: Apache License, Version 2.0 - min_ansible_version: 2.2 - platforms: - - name: EL - versions: - - 7 - categories: - - cloud -dependencies: -- role: openshift_node_facts diff --git a/roles/openshift_node_dnsmasq/tasks/main.yml b/roles/openshift_node_dnsmasq/tasks/main.yml deleted file mode 100644 index a33b78780..000000000 --- a/roles/openshift_node_dnsmasq/tasks/main.yml +++ /dev/null @@ -1,67 +0,0 @@ ---- -- name: Check for NetworkManager service - command: > - systemctl show NetworkManager - register: nm_show - changed_when: false - ignore_errors: True - -- name: Set fact using_network_manager - set_fact: - network_manager_active: "{{ True if 'ActiveState=active' in nm_show.stdout else False }}" - -- name: Install dnsmasq - package: name=dnsmasq state=installed - when: not openshift.common.is_atomic | bool - -- name: ensure origin/node directory exists - file: - state: directory - path: "{{ item }}" - owner: root - group: root - mode: '0700' - with_items: - - /etc/origin - - /etc/origin/node - -# this file is copied to /etc/dnsmasq.d/ when the node starts and is removed -# when the node stops. A dbus-message is sent to dnsmasq to add the same entries -# so that dnsmasq doesn't need to be restarted. Once we can use dnsmasq 2.77 or -# newer we can use --server-file option to update the servers dynamically and -# reload them by sending dnsmasq a SIGHUP. We write the file in case someone else -# triggers a restart of dnsmasq but not a node restart. -- name: Install node-dnsmasq.conf - template: - src: node-dnsmasq.conf.j2 - dest: /etc/origin/node/node-dnsmasq.conf - -- name: Install dnsmasq configuration - template: - src: origin-dns.conf.j2 - dest: /etc/dnsmasq.d/origin-dns.conf - notify: restart dnsmasq - -- name: Deploy additional dnsmasq.conf - template: - src: "{{ openshift_node_dnsmasq_additional_config_file }}" - dest: /etc/dnsmasq.d/openshift-ansible.conf - owner: root - group: root - mode: 0644 - when: openshift_node_dnsmasq_additional_config_file is defined - notify: restart dnsmasq - -- name: Enable dnsmasq - systemd: - name: dnsmasq - enabled: yes - state: started - -# Dynamic NetworkManager based dispatcher -- include_tasks: ./network-manager.yml - when: network_manager_active | bool - -# Relies on ansible in order to configure static config -- include_tasks: ./no-network-manager.yml - when: not network_manager_active | bool diff --git a/roles/openshift_node_dnsmasq/tasks/network-manager.yml b/roles/openshift_node_dnsmasq/tasks/network-manager.yml deleted file mode 100644 index e5a92a630..000000000 --- a/roles/openshift_node_dnsmasq/tasks/network-manager.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- -- name: Install network manager dispatch script - copy: - src: networkmanager/99-origin-dns.sh - dest: /etc/NetworkManager/dispatcher.d/ - mode: 0755 - notify: restart NetworkManager - when: openshift_node_dnsmasq_install_network_manager_hook | default(true) | bool - -- meta: flush_handlers diff --git a/roles/openshift_node_dnsmasq/tasks/no-network-manager.yml b/roles/openshift_node_dnsmasq/tasks/no-network-manager.yml deleted file mode 100644 index dede2fb8f..000000000 --- a/roles/openshift_node_dnsmasq/tasks/no-network-manager.yml +++ /dev/null @@ -1,11 +0,0 @@ ---- -- fail: msg="Currently, NetworkManager must be installed and enabled prior to installation." - when: not openshift_node_bootstrap | bool - -- name: Install NetworkManager during node_bootstrap provisioning - package: - name: NetworkManager - state: present - notify: restart NetworkManager - -- include_tasks: network-manager.yml diff --git a/roles/openshift_node_dnsmasq/templates/node-dnsmasq.conf.j2 b/roles/openshift_node_dnsmasq/templates/node-dnsmasq.conf.j2 deleted file mode 100644 index 3caa3bd4a..000000000 --- a/roles/openshift_node_dnsmasq/templates/node-dnsmasq.conf.j2 +++ /dev/null @@ -1,2 +0,0 @@ -server=/in-addr.arpa/127.0.0.1 -server=/{{ openshift.common.dns_domain }}/127.0.0.1 diff --git a/roles/openshift_node_dnsmasq/templates/origin-dns.conf.j2 b/roles/openshift_node_dnsmasq/templates/origin-dns.conf.j2 deleted file mode 100644 index 6543c7c3e..000000000 --- a/roles/openshift_node_dnsmasq/templates/origin-dns.conf.j2 +++ /dev/null @@ -1,12 +0,0 @@ -no-resolv -domain-needed -no-negcache -max-cache-ttl=1 -enable-dbus -dns-forward-max=5000 -cache-size=5000 -bind-dynamic -{% for interface in openshift_node_dnsmasq_except_interfaces %} -except-interface={{ interface }} -{% endfor %} -# End of config -- cgit v1.2.3