detiber
commented
7 years ago Does this break the dnsmasq config? Or is that being handled in a different way?
Closed markllama closed 7 years ago
detiber
commented
7 years ago Does this break the dnsmasq config? Or is that being handled in a different way?
markllama
commented
7 years ago @detiber this should actually help the dnsmasq setup. On RHEL 7.3, if you set /etc/resolv.conf to point to the bastion host (where the dnsmasq lives) NM will wipe your changes unless you set dns=none in /etc/NetworkManager/NetworkManager.conf.
detiber
commented
7 years ago @markllama I was more worried about the dnsmasq config that is done by openshift-ansible for ensuring that the node can resolve cluster dns addresses: https://github.com/openshift/openshift-ansible/tree/master/roles/openshift_node_dnsmasq
markllama
commented
7 years ago @detiber I can make it conditional on skip_dns=True if you prefer. However I suspect that you have a bug you don't yet know about installing on RHEL7.3.
Without this change, /etc/resolv.conf ends up empty. I suspect your resolver will no longer point to your bastion containing the dnsmasq. Have you done this on RHEL7.3?
detiber
commented
7 years ago @sdodson ^
sdodson
commented
7 years ago Yeah, we need NetworkManager enabled for openshift-ansible to deploy node local dnsmasq. If you're having to alter /etc/resolv.conf I think it'd be better to configure it in /etc/sysconfig/network or /etc/sysconfig/network-scripts/ifcfg-ethX DNS1= or simply have your dhcp server do it for you. Manually editting /etc/resolv.conf should be avoided at all costs.
markllama
commented
7 years ago @sdodson @detieber We're leaving NetworkManager enabled, we're just not allowing it to control /etc/resolv.conf.
I kind of agree that editing /etc/sysconfig/network-scripts/ifcfg-eth0:DNS
sdodson
commented
7 years ago That's what we suggest as a supported method to configuring DNS servers. The dispatcher script that we provide needs NetworkManager to know about the dns servers so that it can manage /etc/resolv.conf, I think PEERDNS=yes also needs to be set but I'm not 100% on that.
markllama
commented
7 years ago I think that the openshift-heat-templates have a built in confusion around the use of skip_dns at the heat level and at the ansible level.
If I understand now, for openshift ansible:
skip_dns=false means use the provided nameserver IP addresses on all openshift hosts and fix them in place. It is assumed that the dns server will have host/ip pairs in place for all openshift hosts.
skip_dns=true means create a dnsmasq on each host, populate /etc/hosts with all of the host IPs of members and change NetworkManager settings to force a single resolver pointing to the local dnsmasq
In heat templates:
skip_dns=false -> create a dnsmasq on the bastion host, pass that IP address to openshift-ansible with skip_dns=>false
skip_dns=true -> do not create a dnsmasq on the bastion host, pass in provided nameservers with openshift-ansible skip_dns=false
CONFUSION. I think what the openshift-heat-templates are actually doing is passing it's own skip_dns down to openshift-ansible and then it thinks it needs to manipulate the hosts to control the nameserver values.
markllama
commented
7 years ago This was made irrelevant by PR 324.
[1] https://github.com/redhat-openstack/openshift-on-openstack/pull/324
This PR is a response to a change in NetworkManager behavior on RHEL 7.3. With this change NetworkManager is instructed not to make any alterations to DNS related control files before attempting installation of OpenShift.
openshift-ansiblerestarts NetworkManager several times during the installation process, resulting in a faulty/etc/resolv.confwithout this change.The change is to add
dns=noneto the[main]section of the Network Manager configuration file: