From 0c74358b7d9ca77c78bf23e3cfcc6bcf6c03dbc3 Mon Sep 17 00:00:00 2001 From: Steven Hardy Date: Thu, 16 Jan 2020 16:47:30 +0000 Subject: [PATCH 1/2] baremetal: ipv6, switch to NM dispatcher for DNS VIP prepending The prepend via dhclient doesn't work via ipv6, so switch to a NetworkManager dispatcher that runs after dhclient instead as a workaround. Co-Authored-By: Antoni Segura Puimedon --- .../baremetal-NetworkManager-kni-conf.yaml | 1 + .../NetworkManager-resolv-prepender.yaml | 24 +++++++++++ .../baremetal/files/dhcp-dhclient-conf.yaml | 1 - ...tworkManager-non-virtual-ip-prepender.yaml | 41 ------------------- .../NetworkManager-resolv-prepender.yaml | 27 ++++++++++++ .../baremetal/files/dhcp-dhclient-conf.yaml | 1 - 6 files changed, 52 insertions(+), 43 deletions(-) create mode 100644 templates/master/00-master/baremetal/files/NetworkManager-resolv-prepender.yaml delete mode 100644 templates/worker/00-worker/baremetal/files/NetworkManager-non-virtual-ip-prepender.yaml create mode 100644 templates/worker/00-worker/baremetal/files/NetworkManager-resolv-prepender.yaml diff --git a/templates/common/baremetal/files/baremetal-NetworkManager-kni-conf.yaml b/templates/common/baremetal/files/baremetal-NetworkManager-kni-conf.yaml index 004c551320..07aca152a5 100644 --- a/templates/common/baremetal/files/baremetal-NetworkManager-kni-conf.yaml +++ b/templates/common/baremetal/files/baremetal-NetworkManager-kni-conf.yaml @@ -5,3 +5,4 @@ contents: inline: | [main] dhcp=dhclient + rc-manager=unmanaged diff --git a/templates/master/00-master/baremetal/files/NetworkManager-resolv-prepender.yaml b/templates/master/00-master/baremetal/files/NetworkManager-resolv-prepender.yaml new file mode 100644 index 0000000000..aa044018a5 --- /dev/null +++ b/templates/master/00-master/baremetal/files/NetworkManager-resolv-prepender.yaml @@ -0,0 +1,24 @@ +filesystem: "root" +mode: 0755 +path: "/etc/NetworkManager/dispatcher.d/30-resolv-prepender" +contents: + inline: | + #!/bin/bash + IFACE=$1 + STATUS=$2 + case "$STATUS" in + up|down|dhcp4-change|dhcp6-change) + logger -s "NM resolv-prepender triggered by ${1} ${2}." + NAMESERVER_IP="{{.Infra.Status.PlatformStatus.BareMetal.NodeDNSIP}}" + set +e + if [[ -n "$NAMESERVER_IP" ]]; then + logger -s "NM resolv-prepender: Prepending 'nameserver $NAMESERVER_IP' to other nameservers in /var/run/NetworkManager/resolv.conf" + sed "/^search .*$/a nameserver $NAMESERVER_IP" /var/run/NetworkManager/resolv.conf > /etc/resolv.conf + else + logger -s "NM resolv-prepender: Couldn't find a Virtual IP, just updating resolv.conf" + cp /var/run/NetworkManager/resolv.conf /etc/resolv.conf + fi + ;; + *) + ;; + esac diff --git a/templates/master/00-master/baremetal/files/dhcp-dhclient-conf.yaml b/templates/master/00-master/baremetal/files/dhcp-dhclient-conf.yaml index d4d1100398..0a3d18bc86 100644 --- a/templates/master/00-master/baremetal/files/dhcp-dhclient-conf.yaml +++ b/templates/master/00-master/baremetal/files/dhcp-dhclient-conf.yaml @@ -4,4 +4,3 @@ path: "/etc/dhcp/dhclient.conf" contents: inline: | supersede domain-search "{{ .EtcdDiscoveryDomain }}"; - prepend domain-name-servers {{ .Infra.Status.PlatformStatus.BareMetal.NodeDNSIP }}; diff --git a/templates/worker/00-worker/baremetal/files/NetworkManager-non-virtual-ip-prepender.yaml b/templates/worker/00-worker/baremetal/files/NetworkManager-non-virtual-ip-prepender.yaml deleted file mode 100644 index 98481685f7..0000000000 --- a/templates/worker/00-worker/baremetal/files/NetworkManager-non-virtual-ip-prepender.yaml +++ /dev/null @@ -1,41 +0,0 @@ -filesystem: "root" -mode: 0755 -path: "/etc/NetworkManager/dispatcher.d/pre-up.d/non-virtual-ip-prepender" -contents: - inline: | - #!/bin/bash - IFACE=$1 - STATUS=$2 - case "$STATUS" in - pre-up) - logger -s "NM non-virtual-ip-prepender triggered by pre-upping ${1}." - NON_VIRTUAL_IP=$(/usr/local/bin/non_virtual_ip \ - "{{.Infra.Status.PlatformStatus.BareMetal.APIServerInternalIP}}" \ - "{{.Infra.Status.PlatformStatus.BareMetal.NodeDNSIP}}" \ - "{{.Infra.Status.PlatformStatus.BareMetal.IngressIP}}") - set +e - if [[ -n $NON_VIRTUAL_IP ]]; then - logger -s "NM non-virtual-ip-prepender: Checking if worker non virtual IP is the first entry in resolv.conf" - if grep nameserver /etc/resolv.conf | head -n 1 | grep -q "$NON_VIRTUAL_IP" ; then - logger -s "NM non-virtual-ip-prepender: worker node non virtual IP already is the first entry in resolv.conf" - exit 0 - else - logger -s "NM non-virtual-ip-prepender: Setting dhclient to prepend non virtual IP in resolv.conf" - sed "s/{{`{{ .NonVirtualIP }}`}}/$NON_VIRTUAL_IP/" /etc/dhcp/dhclient.conf.template > /etc/dhcp/dhclient.conf - logger -s "NM non-virtual-ip-prepender: Looking for 'search' in /etc/resolv.conf to place 'nameserver $NON_VIRTUAL_IP'" - sed -i "/^search .*$/a nameserver $NON_VIRTUAL_IP" /etc/resolv.conf - fi - fi - ;; - down) - logger -s "NM non-virtual-ip-prepender triggered by downing $IFACE" - ;; - up) - logger -s "NM non-virtual-ip-prepender triggered by upping $IFACE" - ;; - post-down) - logger -s "NM non-virtual-ip-prepender triggered by post-downing $IFACE" - ;; - *) - ;; - esac \ No newline at end of file diff --git a/templates/worker/00-worker/baremetal/files/NetworkManager-resolv-prepender.yaml b/templates/worker/00-worker/baremetal/files/NetworkManager-resolv-prepender.yaml new file mode 100644 index 0000000000..a7e28c790e --- /dev/null +++ b/templates/worker/00-worker/baremetal/files/NetworkManager-resolv-prepender.yaml @@ -0,0 +1,27 @@ +filesystem: "root" +mode: 0755 +path: "/etc/NetworkManager/dispatcher.d/30-resolv-prepender" +contents: + inline: | + #!/bin/bash + IFACE=$1 + STATUS=$2 + case "$STATUS" in + up|down|dhcp4-change|dhcp6-change) + logger -s "NM resolv-prepender triggered by ${1} ${2}." + NAMESERVER_IP=$(/usr/local/bin/non_virtual_ip \ + "{{.Infra.Status.PlatformStatus.BareMetal.APIServerInternalIP}}" \ + "{{.Infra.Status.PlatformStatus.BareMetal.NodeDNSIP}}" \ + "{{.Infra.Status.PlatformStatus.BareMetal.IngressIP}}") + set +e + if [[ -n "$NAMESERVER_IP" ]]; then + logger -s "NM resolv-prepender: Prepending 'nameserver $NAMESERVER_IP' to other nameservers in /var/run/NetworkManager/resolv.conf" + sed "/^search .*$/a nameserver $NAMESERVER_IP" /var/run/NetworkManager/resolv.conf > /etc/resolv.conf + else + logger -s "Couldn't find a non-virtual IP, just updating resolv.conf" + cp /var/run/NetworkManager/resolv.conf /etc/resolv.conf + fi + ;; + *) + ;; + esac diff --git a/templates/worker/00-worker/baremetal/files/dhcp-dhclient-conf.yaml b/templates/worker/00-worker/baremetal/files/dhcp-dhclient-conf.yaml index ee141be526..167e787dac 100644 --- a/templates/worker/00-worker/baremetal/files/dhcp-dhclient-conf.yaml +++ b/templates/worker/00-worker/baremetal/files/dhcp-dhclient-conf.yaml @@ -4,4 +4,3 @@ path: "/etc/dhcp/dhclient.conf.template" contents: inline: | supersede domain-search "{{ .EtcdDiscoveryDomain }}"; - prepend domain-name-servers {{`{{ .NonVirtualIP }}`}}; From 33df2e01574f324f9957308296f5ba3a293dd797 Mon Sep 17 00:00:00 2001 From: Steven Hardy Date: Wed, 22 Jan 2020 10:31:08 +0000 Subject: [PATCH 2/2] baremetal: Clarify logger output in resolv-prepender Make it clear that we're writing /etc/resolv.conf but also reading the /var/run/NetworkManager/resolv.conf --- .../baremetal/files/NetworkManager-resolv-prepender.yaml | 2 +- .../baremetal/files/NetworkManager-resolv-prepender.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/templates/master/00-master/baremetal/files/NetworkManager-resolv-prepender.yaml b/templates/master/00-master/baremetal/files/NetworkManager-resolv-prepender.yaml index aa044018a5..2b0cb3e1ff 100644 --- a/templates/master/00-master/baremetal/files/NetworkManager-resolv-prepender.yaml +++ b/templates/master/00-master/baremetal/files/NetworkManager-resolv-prepender.yaml @@ -12,7 +12,7 @@ contents: NAMESERVER_IP="{{.Infra.Status.PlatformStatus.BareMetal.NodeDNSIP}}" set +e if [[ -n "$NAMESERVER_IP" ]]; then - logger -s "NM resolv-prepender: Prepending 'nameserver $NAMESERVER_IP' to other nameservers in /var/run/NetworkManager/resolv.conf" + logger -s "NM resolv-prepender: Prepending 'nameserver $NAMESERVER_IP' to /etc/resolv.conf (other nameservers from /var/run/NetworkManager/resolv.conf)" sed "/^search .*$/a nameserver $NAMESERVER_IP" /var/run/NetworkManager/resolv.conf > /etc/resolv.conf else logger -s "NM resolv-prepender: Couldn't find a Virtual IP, just updating resolv.conf" diff --git a/templates/worker/00-worker/baremetal/files/NetworkManager-resolv-prepender.yaml b/templates/worker/00-worker/baremetal/files/NetworkManager-resolv-prepender.yaml index a7e28c790e..22dd40e60d 100644 --- a/templates/worker/00-worker/baremetal/files/NetworkManager-resolv-prepender.yaml +++ b/templates/worker/00-worker/baremetal/files/NetworkManager-resolv-prepender.yaml @@ -15,7 +15,7 @@ contents: "{{.Infra.Status.PlatformStatus.BareMetal.IngressIP}}") set +e if [[ -n "$NAMESERVER_IP" ]]; then - logger -s "NM resolv-prepender: Prepending 'nameserver $NAMESERVER_IP' to other nameservers in /var/run/NetworkManager/resolv.conf" + logger -s "NM resolv-prepender: Prepending 'nameserver $NAMESERVER_IP' to /etc/resolv.conf (other nameservers from /var/run/NetworkManager/resolv.conf)" sed "/^search .*$/a nameserver $NAMESERVER_IP" /var/run/NetworkManager/resolv.conf > /etc/resolv.conf else logger -s "Couldn't find a non-virtual IP, just updating resolv.conf"