Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Refactor aro-dnsmasq-pre.sh to not overwrite /etc/resolv.conf #4100

Open
wants to merge 5 commits into
base: master
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -8,49 +8,25 @@ set -euo pipefail

# This file can be rerun and the effect is idempotent, output might change if the DHCP configuration changes

TMPSELFRESOLV=$(mktemp)
TMPNETRESOLV=$(mktemp)

echo "# Generated for dnsmasq.service - should point to self" > $TMPSELFRESOLV
echo "# Generated for dnsmasq.service - should contain DHCP configured DNS" > $TMPNETRESOLV

if nmcli device show br-ex; then
echo "OVN mode - br-ex device exists"
#getting DNS search strings
SEARCH_RAW=$(nmcli --get IP4.DOMAIN device show br-ex)
#getting DNS servers
NAMESERVER_RAW=$(nmcli --get IP4.DNS device show br-ex | tr -s " | " "\n")
LOCAL_IPS_RAW=$(nmcli --get IP4.ADDRESS device show br-ex)
else
NETDEV=$(nmcli --get device connection show --active | head -n 1) #there should be only one active device
echo "OVS SDN mode - br-ex not found, using device $NETDEV"
SEARCH_RAW=$(nmcli --get IP4.DOMAIN device show $NETDEV)
NAMESERVER_RAW=$(nmcli --get IP4.DNS device show $NETDEV | tr -s " | " "\n")
LOCAL_IPS_RAW=$(nmcli --get IP4.ADDRESS device show $NETDEV)
NODEIP=$(/sbin/ip --json route get 168.63.129.16 | /bin/jq -r ".[].prefsrc")

if [ "$NODEIP" != "" ]; then
/bin/cp -Z /etc/resolv.conf /etc/resolv.conf.dnsmasq
SEARCHDOMAIN=$(awk '/^search/ { print $2; }' /etc/resolv.conf.dnsmasq)
/bin/chmod 0744 /etc/resolv.conf.dnsmasq

cat <<EOF | /bin/tee /etc/NetworkManager/conf.d/aro-dns.conf
# Added by dnsmasq.service
[global-dns]
searches=$SEARCHDOMAIN

[global-dns-domain-*]
servers=$NODEIP
EOF

# network manager may already be running at this point.
# reload to update /etc/resolv.conf with this configuration
/usr/bin/nmcli general reload conf
/usr/bin/nmcli general reload dns-rc
fi

#search line
echo "search $SEARCH_RAW" | tr '\n' ' ' >> $TMPNETRESOLV
echo "" >> $TMPNETRESOLV
echo "search $SEARCH_RAW" | tr '\n' ' ' >> $TMPSELFRESOLV
echo "" >> $TMPSELFRESOLV

#nameservers as separate lines
echo "$NAMESERVER_RAW" | while read -r line
do
echo "nameserver $line" >> $TMPNETRESOLV
done
# device IPs are returned in address/mask format
echo "$LOCAL_IPS_RAW" | while read -r line
do
echo "nameserver $line" | cut -d'/' -f 1 >> $TMPSELFRESOLV
done
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Unless you were having trouble with the code to retrieve the search domains and IP addresses, I'd be tempted to keep it the same.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We do have problems with the existing code. It tries to make guesses about which network interface to use based on if the interface br-ex exists. We've seen a number of instances where this fails, particularly if the service startup order changes.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@zaneb Another approach to finding the search domain

for DEV in $(nmcli --fields device,state,type --terse device | awk 'BEGIN {FS=":"} ; {if ($2 == "connected") { print $1 }}'); do nmcli dev sho $DEV | awk 'BEGIN {FS=":\\s*"}; { if ($1 ~ /DOMAIN/ && $2 ~ /.+/) { print $2} }'; done | sort -u

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fair enough, non-determinism is definitely not what you want here 😄

Looping over all interfaces doesn't look that bad though.


# done, copying files to destination locations and cleaning up
/bin/cp $TMPNETRESOLV /etc/resolv.conf.dnsmasq
chmod 0744 /etc/resolv.conf.dnsmasq
/bin/cp $TMPSELFRESOLV /etc/resolv.conf
/usr/sbin/restorecon /etc/resolv.conf
/bin/rm $TMPNETRESOLV
/bin/rm $TMPSELFRESOLV
{{ end }}
{{ end }}
Original file line number Diff line number Diff line change
Expand Up @@ -11,9 +11,11 @@ Before=bootkube.service
# resolv.conf.dnsmasq upstream customer dns.
ExecStartPre=/bin/bash /usr/local/bin/aro-dnsmasq-pre.sh
ExecStart=/usr/sbin/dnsmasq -k
ExecStopPost=/bin/bash -c '/bin/mv /etc/resolv.conf.dnsmasq /etc/resolv.conf; /usr/sbin/restorecon /etc/resolv.conf'
ExecStopPost=/bin/bash -c '/bin/rm /etc/NetworkManager/conf.d/aro-dns.conf && /usr/bin/nmcli general reload conf && /usr/bin/nmcli general reload dns-rc'
Restart=always
StandardOutput=journal+console
StandardError=journal+console

[Install]
WantedBy=multi-user.target
{{ end }}
{{ end }}
Loading