From 003091a97480f12ea2fe948b6b9d8b4646d9463f Mon Sep 17 00:00:00 2001
From: armando-migliaccio <armamig@gmail.com>
Date: Tue, 19 Jan 2016 11:25:05 -0800
Subject: [PATCH] Set default value for dnsmasq_local_resolv to False

patch 0de1d8d4c introduced a new behavior whereby dnsmasq can rely
on dns resolvers defined in the host's resolv.conf, and it did
that by default.

However this may introduce dns timeouts if the dns servers
are not reachable for whatever reason. This may be especially
likely in certain gate configurations (where the VM under test
is a guest itself).

Regardless of the root-cause analysis, this option should have
defaulted to False to preserve backward compatibility, therefore
this patch restores the old behavior in a way that local DNS
resolution occurs only if the new option variable is set to
True, or the admin has not explicitly set the list of DNS
servers to be injected in the DHCP response.

DocImpact: document how to configure DNS resolution by dnsmasq

Change-Id: I90ab26bfa83c2d23c92110b8da73ef771e11f7bb
---
 neutron/agent/dhcp/config.py                  |  2 +-
 neutron/agent/linux/dhcp.py                   | 11 +++----
 neutron/tests/unit/agent/linux/test_dhcp.py   | 17 ++++++++---
 .../default-local-dns-a1c3fa1451f228fa.yaml   | 30 +++++++++++--------
 4 files changed, 38 insertions(+), 22 deletions(-)

diff --git a/neutron/agent/dhcp/config.py b/neutron/agent/dhcp/config.py
index ab0d9b7263a..e028fb17d6b 100644
--- a/neutron/agent/dhcp/config.py
+++ b/neutron/agent/dhcp/config.py
@@ -85,7 +85,7 @@ DNSMASQ_OPTS = [
                       "The log contains DHCP and DNS log information and "
                       "is useful for debugging issues with either DHCP or "
                       "DNS. If this section is null, disable dnsmasq log.")),
-    cfg.BoolOpt('dnsmasq_local_resolv', default=True,
+    cfg.BoolOpt('dnsmasq_local_resolv', default=False,
                 help=_("Enables the dnsmasq service to provide name "
                        "resolution for instances via DNS resolvers on the "
                        "host running the DHCP agent. Effectively removes the "
diff --git a/neutron/agent/linux/dhcp.py b/neutron/agent/linux/dhcp.py
index 77b3c7de57b..ddad16727c8 100644
--- a/neutron/agent/linux/dhcp.py
+++ b/neutron/agent/linux/dhcp.py
@@ -304,9 +304,15 @@ class Dnsmasq(DhcpLocalProcess):
             return []
 
     def _build_cmdline_callback(self, pid_file):
+        # We ignore local resolv.conf if dns servers are specified
+        # or if local resolution is explicitly disabled.
+        _no_resolv = (
+            '--no-resolv' if self.conf.dnsmasq_dns_servers or
+            not self.conf.dnsmasq_local_resolv else '')
         cmd = [
             'dnsmasq',
             '--no-hosts',
+            _no_resolv,
             '--strict-order',
             '--except-interface=lo',
             '--pid-file=%s' % pid_file,
@@ -383,11 +389,6 @@ class Dnsmasq(DhcpLocalProcess):
             cmd.extend(
                 '--server=%s' % server
                 for server in self.conf.dnsmasq_dns_servers)
-        else:
-            # We only look at 'dnsmasq_local_resolv' if 'dnsmasq_dns_servers'
-            # is not set, which explicitly overrides 'dnsmasq_local_resolv'.
-            if not self.conf.dnsmasq_local_resolv:
-                cmd.append('--no-resolv')
 
         if self.conf.dhcp_domain:
             cmd.append('--domain=%s' % self.conf.dhcp_domain)
diff --git a/neutron/tests/unit/agent/linux/test_dhcp.py b/neutron/tests/unit/agent/linux/test_dhcp.py
index 53ecd6033e4..b3461622f57 100644
--- a/neutron/tests/unit/agent/linux/test_dhcp.py
+++ b/neutron/tests/unit/agent/linux/test_dhcp.py
@@ -988,7 +988,7 @@ class TestDnsmasq(TestBase):
 
     def _test_spawn(self, extra_options, network=FakeDualNetwork(),
                     max_leases=16777216, lease_duration=86400,
-                    has_static=True):
+                    has_static=True, no_resolv='--no-resolv'):
         def mock_get_conf_file_name(kind):
             return '/dhcp/%s/%s' % (network.id, kind)
 
@@ -1000,6 +1000,7 @@ class TestDnsmasq(TestBase):
         expected = [
             'dnsmasq',
             '--no-hosts',
+            no_resolv,
             '--strict-order',
             '--except-interface=lo',
             '--pid-file=%s' % expected_pid_file,
@@ -1130,10 +1131,18 @@ class TestDnsmasq(TestBase):
                           ('--log-facility=%s' % dhcp_dns_log)],
                          network)
 
-    def test_spawn_cfg_no_local_resolv(self):
-        self.conf.set_override('dnsmasq_local_resolv', False)
+    def test_spawn_cfg_with_local_resolv(self):
+        self.conf.set_override('dnsmasq_local_resolv', True)
 
-        self._test_spawn(['--conf-file=', '--no-resolv',
+        self._test_spawn(['--conf-file=', '--domain=openstacklocal'],
+                         no_resolv='')
+
+    def test_spawn_cfg_with_local_resolv_overriden(self):
+        self.conf.set_override('dnsmasq_local_resolv', True)
+        self.conf.set_override('dnsmasq_dns_servers', ['8.8.8.8'])
+
+        self._test_spawn(['--conf-file=',
+                          '--server=8.8.8.8',
                           '--domain=openstacklocal'])
 
     def test_spawn_max_leases_is_smaller_than_cap(self):
diff --git a/releasenotes/notes/default-local-dns-a1c3fa1451f228fa.yaml b/releasenotes/notes/default-local-dns-a1c3fa1451f228fa.yaml
index 0c77e96a074..29f4a4e7235 100644
--- a/releasenotes/notes/default-local-dns-a1c3fa1451f228fa.yaml
+++ b/releasenotes/notes/default-local-dns-a1c3fa1451f228fa.yaml
@@ -1,14 +1,20 @@
 ---
 fixes:
-  - Prior to Mitaka, neither specifying DNS resolvers via the
-    'dnsmasq_dns_servers' option in the DHCP agent configuration file nor via
-    neutron subnet options causes the dnsmasq service to offer the IP address
-    on which it resides to instances for name resolution. However, the static
-    dnsmasq '--no-resolv' process argument prevents name resolution via dnsmasq
-    leaving instances without name resolution. In Mitaka+, the
-    'dnsmasq_local_resolv' option in the DHCP agent configuration file enables
-    (by default) the dnsmasq service to provide name resolution for instances
-    via DNS resolvers on the host running the DHCP agent by effectively
-    removing the '--no-resolv' option from the dnsmasq process arguments.
-    Adding custom DNS resolvers to the 'dnsmasq_dns_servers' option in the DHCP
-    agent configuration file disables this feature.
+  - Prior to Mitaka, name resolution in instances requires specifying DNS
+    resolvers via the 'dnsmasq_dns_servers' option in the DHCP agent
+    configuration file or via neutron subnet options. In this case, the
+    data plane must provide connectivity between instances and upstream DNS
+    resolvers. Omitting both of these methods causes the dnsmasq service
+    to offer the IP address on which it resides to instances for name
+    resolution. However, the static dnsmasq '--no-resolv' process argument
+    prevents name resolution via dnsmasq, leaving instances without name
+    resolution.
+    Mitaka introduces the 'dnsmasq_local_resolv' option, default value False
+    to preserve backward-compatibility, that enables the dnsmasq service to
+    provide name resolution for instances via DNS resolvers on the host
+    running the DHCP agent. In this case, the data plane must provide
+    connectivity between the host and upstream DNS resolvers rather than
+    between the instances and upstream DNS resolvers. Specifying DNS
+    resolvers via the 'dnsmasq_dns_servers' option in the DHCP agent
+    configuration overrides the 'dnsmasq_local_resolv' option for all subnets
+    using the DHCP agent.