From d208896c468f827a953cd3f21c21299f5ec36679 Mon Sep 17 00:00:00 2001
From: Bogdan Dobrelya <bdobrelia@mirantis.com>
Date: Wed, 23 Nov 2016 15:49:10 +0100
Subject: [PATCH] Ensure /etc/resolv.conf content for CoreOS
Use cloud-init config to replace /etc/resolv.conf with the
content for kubelet to properly configure hostnet pods.
Do not use systemd-resolved yet, see
https://coreos.com/os/docs/latest/configuring-dns.html
"Only nss-aware applications can take advantage of the
systemd-resolved cache. Notably, this means that statically
linked Go programs and programs running within Docker/rkt
will use /etc/resolv.conf only, and will not use the
systemd-resolve cache."
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
---
roles/dnsmasq/defaults/main.yml | 4 ++++
roles/dnsmasq/handlers/main.yml | 12 ++++++++++++
roles/dnsmasq/tasks/resolvconf.yml | 24 ++++++++++++++++++++++++
roles/dnsmasq/templates/resolvconf.j2 | 10 ++++++++++
4 files changed, 50 insertions(+)
create mode 100644 roles/dnsmasq/templates/resolvconf.j2
diff --git a/roles/dnsmasq/defaults/main.yml b/roles/dnsmasq/defaults/main.yml
index 89ab02ab8..4889e7c12 100644
--- a/roles/dnsmasq/defaults/main.yml
+++ b/roles/dnsmasq/defaults/main.yml
@@ -11,6 +11,10 @@
#nameservers:
# - 127.0.0.1
+# CoreOS cloud init config file to define /etc/resolv.conf content
+# for hostnet pods and infra needs
+resolveconf_cloud_init_conf: /etc/resolveconf_cloud_init.conf
+
# Versions
dnsmasq_version: 2.72
diff --git a/roles/dnsmasq/handlers/main.yml b/roles/dnsmasq/handlers/main.yml
index 4bdfd10f6..b939189d7 100644
--- a/roles/dnsmasq/handlers/main.yml
+++ b/roles/dnsmasq/handlers/main.yml
@@ -21,11 +21,23 @@
notify:
- Dnsmasq | reload resolvconf
- Dnsmasq | reload kubelet
+ when: ansible_os_family != "CoreOS"
+
+- name: Dnsmasq | update resolvconf for CoreOS
+ command: /bin/true
+ notify:
+ - Dnsmasq | apply resolvconf cloud-init
+ - Dnsmasq | reload kubelet
+ when: ansible_os_family == "CoreOS"
- name: Dnsmasq | reload resolvconf
command: /sbin/resolvconf -u
ignore_errors: true
+- name: Dnsmasq | apply resolvconf cloud-init
+ command: /usr/bin/coreos-cloudinit --from-file {{ resolveconf_cloud_init_conf }}
+ when: ansible_os_family == "CoreOS"
+
- name: Dnsmasq | reload kubelet
service:
name: kubelet
diff --git a/roles/dnsmasq/tasks/resolvconf.yml b/roles/dnsmasq/tasks/resolvconf.yml
index b24ef17ab..9be70c7a5 100644
--- a/roles/dnsmasq/tasks/resolvconf.yml
+++ b/roles/dnsmasq/tasks/resolvconf.yml
@@ -9,6 +9,16 @@
set_fact:
resolvconffile: >-
{%- if resolvconf.rc == 0 -%}/etc/resolvconf/resolv.conf.d/head{%- else -%}/etc/resolv.conf{%- endif -%}
+ when: ansible_os_family != "CoreOS"
+
+- name: target temporary resolvconf cloud init file
+ set_fact:
+ resolvconffile: /tmp/resolveconf_cloud_init_conf
+ when: ansible_os_family == "CoreOS"
+
+- name: create temporary resolveconf cloud init file
+ command: cp -f /etc/resolv.conf "{{ resolvconffile }}"
+ when: ansible_os_family == "CoreOS"
- name: generate search domains to resolvconf
set_fact:
@@ -100,3 +110,17 @@
copy: src=dhclient_nodnsupdate dest=/etc/dhcp/dhclient.d/nodnsupdate mode=u+x
notify: Dnsmasq | restart network
when: ansible_os_family == "RedHat"
+
+- name: get temporary resolveconf cloud init file content
+ command: cat {{ resolvconffile }}
+ register: cloud_config
+ when: ansible_os_family == "CoreOS"
+
+- name: persist resolvconf cloud init file
+ template:
+ dest: "{{resolveconf_cloud_init_conf}}"
+ src: resolvconf.j2
+ owner: root
+ mode: 0644
+ notify: Dnsmasq | update resolvconf for CoreOS
+ when: ansible_os_family == "CoreOS"
diff --git a/roles/dnsmasq/templates/resolvconf.j2 b/roles/dnsmasq/templates/resolvconf.j2
new file mode 100644
index 000000000..807fdd081
--- /dev/null
+++ b/roles/dnsmasq/templates/resolvconf.j2
@@ -0,0 +1,10 @@
+#cloud-config
+write_files:
+ - path: "/etc/resolv.conf"
+ permissions: "0644"
+ owner: "root"
+ content: |
+ {% for l in cloud_config.stdout_lines %}
+ {{ l }}
+ {% endfor %}
+ #
--
GitLab