@@ -261,6 +261,93 @@ kubernetesMasterConfig:
261261# systemctl enable origin-master-controllers
262262----
263263
264+ . Configure Dnsmasq. Because of changes made in {product-title} 3.6, you will need to
265+ perform the following steps to configure dnsmasq as part of the upgrade. See DNS Changes
266+ under xref:../../release_notes/ocp_3_6_release_notes.adoc#ocp-36-notable-technical-changes[Notable Technical Changes]
267+ in the {product-title} 3.6 Release Notes.
268+ +
269+ .. Create a *_/etc/origin/node/node-dnsmasq.conf_* node configuration file.
270+ +
271+ ----
272+ server=/in-addr.arpa/127.0.0.1
273+ server=/cluster.local/127.0.0.1
274+ ----
275+
276+ .. Edit the *_/etc/dnsmasq.d/origin-dns.conf_* file as follows:
277+ +
278+ ----
279+ no-resolv
280+ domain-needed
281+ no-negcache
282+ max-cache-ttl=1
283+ enable-dbus
284+ bind-interfaces
285+ listen-address=<node_ip_address> <1>
286+ ----
287+ +
288+ <1> This is the IP address of the node host.
289+
290+ .. Edit the *_/etc/dnsmasq.d/origin-upstream-dns.conf_* file as follows:
291+ +
292+ ----
293+ server=<dns_server1_ip_address>
294+ server=<dns_server2_ip_address>
295+ ----
296+
297+ .. Edit the *_/etc/origin/node/node-config.yaml_* as follows:
298+ +
299+ ----
300+ dnsBindAddress: 127.0.0.1:53
301+ dnsRecursiveResolvConf: /etc/origin/node/resolv.conf
302+ dnsDomain: cluster.local
303+ dnsIP: <node_ip_address> <1>
304+ ----
305+ +
306+ <1> This is the IP address of the node host.
307+
308+ .. Update the *_/etc/systemd/system/atomic-openshift-node.service_* node systemd unit file:
309+ +
310+ ----
311+ [Unit]
312+ Description=OpenShift Node
313+ After=docker.service
314+ Wants=openvswitch.service
315+ After=ovsdb-server.service
316+ After=ovs-vswitchd.service
317+ Wants=docker.service
318+ Documentation=https://github.com/openshift/origin
319+ Requires=dnsmasq.service
320+ After=dnsmasq.service
321+
322+ [Service]
323+ Type=notify
324+ EnvironmentFile=/etc/sysconfig/atomic-openshift-node
325+ Environment=GOTRACEBACK=crash
326+ ExecStartPre=/usr/bin/cp /etc/origin/node/node-dnsmasq.conf /etc/dnsmasq.d/
327+ ExecStartPre=/usr/bin/dbus-send --system --dest=uk.org.thekelleys.dnsmasq /uk/org/thekelleys/dnsmasq uk.org.thekelleys.SetDomainServers array:string:/in-addr.arpa/127.0.0.1,/cluster.local/127.0.0.1
328+ ExecStopPost=/usr/bin/rm /etc/dnsmasq.d/node-dnsmasq.conf
329+ ExecStopPost=/usr/bin/dbus-send --system --dest=uk.org.thekelleys.dnsmasq /uk/org/thekelleys/dnsmasq uk.org.thekelleys.SetDomainServers array:string:
330+ ExecStart=/usr/bin/openshift start node --config=${CONFIG_FILE} $OPTIONS
331+ LimitNOFILE=65536
332+ LimitCORE=infinity
333+ WorkingDirectory=/var/lib/origin/
334+ SyslogIdentifier=atomic-openshift-node
335+ Restart=always
336+ RestartSec=5s
337+ TimeoutStartSec=300
338+ OOMScoreAdjust=-999
339+
340+ [Install]
341+ WantedBy=multi-user.target
342+ ----
343+ +
344+ .. Reload systemd and restart node service.
345+ +
346+ ----
347+ # systemctl daemon-reload
348+ # systemctl restart atomic-openshift-node dnsmaq
349+ ----
350+
264351. Restart the master service(s) on each master and review logs to ensure they
265352restart successfully.
266353+
@@ -311,6 +398,31 @@ IMAGE_VERSION=<tag>
311398+
312399Replace `<tag>` with `{latest-tag}` for the latest version.
313400
401+ . Configure Dnsmasq. Because of changes made in {product-title} 3.6, you will need to
402+ perform the following steps to configure dnsmasq as part of the upgrade. See DNS Changes
403+ under xref:../../release_notes/ocp_3_6_release_notes.adoc#ocp-36-notable-technical-changes[Notable Technical Changes]
404+ in the {product-title} 3.6 Release Notes.
405+ +
406+ .. Download the following script:
407+ +
408+ ----
409+ # wget https://raw.githubusercontent.com/openshift/openshift-ansible/release-3.6/roles/openshift_node_dnsmasq/files/networkmanager/99-origin-dns.sh -O /etc/NetworkManager/dispatcher.d/99-origin-dns.sh
410+ # chmod 755 /etc/NetworkManager/dispatcher.d/99-origin-dns.sh
411+ ----
412+ +
413+ This command downloads the *99-origin-dns.sh* script and copies the script to the *_/etc/NetworkManager/dispatcher.d/_* directory.
414+ This script configure pods to use the node IP address as resolver. Using 127.0.0.1 inside a pod would fail.
415+
416+ .. Edit the master DNS configuration file to listen on port 8053. This avoids conflicts on port 53 and opens port 8053 in the firewall.
417+
418+ .. Restart Network Manager:
419+ +
420+ ----
421+ # systemctl restart NetworkManager
422+ ----
423+
424+ .. Edit the *_/etc/origin/node/node-config.yaml_* file to set the `dnsIP` field to the IP address of this node.
425+
314426. Restart the master service(s) on each master and review logs to ensure they
315427restart successfully.
316428+
0 commit comments