More changes

sdodson · sdodson · commit b321a60dca7d · 2017-10-12T17:38:38.000-04:00
diff --git a/playbooks/common/openshift-node/configure_nodes.yml b/playbooks/common/openshift-node/configure_nodes.yml
@@ -13,5 +13,6 @@
   roles:
   - role: os_firewall
   - role: openshift_node
+  - role: openshift_node_dnsmasq
   - role: tuned
   - role: nickhammond.logrotate
diff --git a/roles/openshift_node/meta/main.yml b/roles/openshift_node/meta/main.yml
@@ -18,4 +18,3 @@ dependencies:
 - role: openshift_clock
 - role: openshift_docker
 - role: openshift_cloud_provider
-- role: openshift_node_dnsmasq
diff --git a/roles/openshift_node/templates/node.service.j2 b/roles/openshift_node/templates/node.service.j2
@@ -14,10 +14,12 @@ After=dnsmasq.service
 Type=notify
 EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-node
 Environment=GOTRACEBACK=crash
-ExecStartPre=/usr/bin/cp /etc/origin/node/node-dnsmasq.conf /etc/dnsmasq.d/
+{% if not openshift.common.version_gte_3_7 %}
+ExecStartPre=-/usr/bin/cp /etc/origin/node/node-dnsmasq.conf /etc/dnsmasq.d/
 ExecStartPre=/usr/bin/dbus-send --system --dest=uk.org.thekelleys.dnsmasq /uk/org/thekelleys/dnsmasq uk.org.thekelleys.SetDomainServers array:string:/in-addr.arpa/127.0.0.1,/{{ openshift.common.dns_domain }}/127.0.0.1
-ExecStopPost=/usr/bin/rm /etc/dnsmasq.d/node-dnsmasq.conf
+ExecStopPost=-/usr/bin/rm /etc/dnsmasq.d/node-dnsmasq.conf
 ExecStopPost=/usr/bin/dbus-send --system --dest=uk.org.thekelleys.dnsmasq /uk/org/thekelleys/dnsmasq uk.org.thekelleys.SetDomainServers array:string:
+{% endif %}
 ExecStart=/usr/bin/openshift start node --config=${CONFIG_FILE} $OPTIONS
 LimitNOFILE=65536
 LimitCORE=infinity
diff --git a/roles/openshift_node/templates/node.yaml.v1.j2 b/roles/openshift_node/templates/node.yaml.v1.j2
@@ -1,9 +1,5 @@
 allowDisabledDocker: false
 apiVersion: v1
-{% if openshift.common.version_gte_3_6 %}
-dnsBindAddress: 127.0.0.1:53
-dnsRecursiveResolvConf: /etc/origin/node/resolv.conf
-{% endif %}
 dnsDomain: {{ openshift.common.dns_domain }}
 {% if 'dns_ip' in openshift.node %}
 dnsIP: {{ openshift.node.dns_ip }}
diff --git a/roles/openshift_node/templates/openshift.docker.node.service b/roles/openshift_node/templates/openshift.docker.node.service
@@ -20,8 +20,12 @@ After=dnsmasq.service
 EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-node
 EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-node-dep
 ExecStartPre=-/usr/bin/docker rm -f {{ openshift.common.service_type }}-node
-ExecStartPre=/usr/bin/cp /etc/origin/node/node-dnsmasq.conf /etc/dnsmasq.d/
+{% if not openshift.common.version_gte_3_7 %}
+ExecStartPre=-/usr/bin/cp /etc/origin/node/node-dnsmasq.conf /etc/dnsmasq.d/
 ExecStartPre=/usr/bin/dbus-send --system --dest=uk.org.thekelleys.dnsmasq /uk/org/thekelleys/dnsmasq uk.org.thekelleys.SetDomainServers array:string:/in-addr.arpa/127.0.0.1,/{{ openshift.common.dns_domain }}/127.0.0.1
+ExecStopPost=-/usr/bin/rm /etc/dnsmasq.d/node-dnsmasq.conf
+ExecStopPost=/usr/bin/dbus-send --system --dest=uk.org.thekelleys.dnsmasq /uk/org/thekelleys/dnsmasq uk.org.thekelleys.SetDomainServers array:string:
+{% endif %}
 ExecStart=/usr/bin/docker run --name {{ openshift.common.service_type }}-node \
   --rm --privileged --net=host --pid=host --env-file=/etc/sysconfig/{{ openshift.common.service_type }}-node \
   -v /:/rootfs:ro,rslave -e CONFIG_FILE=${CONFIG_FILE} -e OPTIONS=${OPTIONS} \
@@ -41,8 +45,6 @@ ExecStart=/usr/bin/docker run --name {{ openshift.common.service_type }}-node \
   {{ openshift.node.node_image }}:${IMAGE_VERSION}
 ExecStartPost=/usr/bin/sleep 10
 ExecStop=/usr/bin/docker stop {{ openshift.common.service_type }}-node
-ExecStopPost=/usr/bin/rm /etc/dnsmasq.d/node-dnsmasq.conf
-ExecStopPost=/usr/bin/dbus-send --system --dest=uk.org.thekelleys.dnsmasq /uk/org/thekelleys/dnsmasq uk.org.thekelleys.SetDomainServers array:string:
 SyslogIdentifier={{ openshift.common.service_type }}-node
 Restart=always
 RestartSec=5s
diff --git a/roles/openshift_node_dnsmasq/files/networkmanager/99-origin-dns.sh b/roles/openshift_node_dnsmasq/files/networkmanager/99-origin-dns.sh
@@ -23,13 +23,16 @@
 
 cd /etc/sysconfig/network-scripts
 . ./network-functions
+. /etc/sysconfig/atomic-openshift-node
 
 [ -f ../network ] && . ../network
 
 if [[ $2 =~ ^(up|dhcp4-change|dhcp6-change)$ ]]; then
   NEEDS_RESTART=0
   NEW_RESOLV_CONF=`mktemp`
-
+  if [ ! -f /etc/origin/node/resolv.conf ]; then
+    cp /etc/resolv.conf /etc/origin/node/resolv.conf
+  fi
   ######################################################################
   # couldn't find an existing method to determine if the interface owns the
   # default route
@@ -41,11 +44,18 @@ if [[ $2 =~ ^(up|dhcp4-change|dhcp6-change)$ ]]; then
       cat << EOF > /etc/dnsmasq.d/origin-dns.conf
 domain-needed
 enable-dbus
-bind-dynamic
-except-interface=lo
+bind-interfaces
 dns-loop-detect
 resolv-file=/etc/origin/node/resolv.conf
 EOF
+      if [ -z OPENSHIFT_NODE_DNSMASQ_INTERFACES ]; then
+        for i in OPENSHIFT_NODE_DNSMASQ_INTERFACES; do
+          echo "interface=${i}" >> /etc/dnsmasq.d/origin-dns.conf
+        done
+      else
+        echo "except-interface=lo" >> /etc/dnsmasq.d/origin-dns.conf
+      fi
+
       # New config file, must restart
       NEEDS_RESTART=1
     fi
@@ -59,10 +69,6 @@ EOF
     if [ "${NEEDS_RESTART}" -eq "1" ]; then
       systemctl restart dnsmasq
     fi
-    
-    if [ ! -f /etc/origin/node/resolv.conf ]; then
-      cp /etc/resolv.conf /etc/origin/node/resolv.conf
-    fi
 
     # Only if dnsmasq is running properly make it our only nameserver and place
     # a watermark on /etc/resolv.conf
diff --git a/roles/openshift_node_dnsmasq/tasks/main.yml b/roles/openshift_node_dnsmasq/tasks/main.yml
@@ -47,3 +47,14 @@
 # Relies on ansible in order to configure static config
 - include: ./no-network-manager.yml
   when: not network_manager_active | bool
+
+- name: Reconfigure the node for dnsmasq
+  yedit:
+    src: /etc/origin/node/node-config.yaml
+    key: "{{ item.key }}"
+    value: "{{ item.value }}"
+  with_items:
+  - key: "dnsBindAddress"
+    value: "127.0.0.1:53"
+  - key: "dnsRecursiveResolvConf"
+    value: "/etc/origin/node/resolv.conf"
diff --git a/roles/openshift_node_dnsmasq/tasks/network-manager.yml b/roles/openshift_node_dnsmasq/tasks/network-manager.yml
@@ -1,9 +1,25 @@
 ---
+
+- name: Configured dnsmasq interfaces
+  lineinfile:
+    path: /etc/sysconfig/atomic-openshift-node
+    line: "OPENSHIFT_NODE_DNSMASQ_INTERFACES={{ openshift_node_dnsmasq_interfaces | join (',') }}"
+  notify: restart NetworkManager
+  when: openshift_node_dnsmasq_interfaces is defined
+    
 - name: Install network manager dispatch script
   copy:
     src: networkmanager/99-origin-dns.sh
     dest: /etc/NetworkManager/dispatcher.d/
     mode: 0755
   notify: restart NetworkManager
+  
+- name: Ensure dnsmasq can read /etc/origin/node/resolv.conf
+  file:
+    path: "{{ item }}"
+    mode: "o+x"
+  with_items:
+  - "/etc/origin"
+  - "/etc/origin/node"
 
 - meta: flush_handlers
