From bb2e7a08a03938ad7a40f0c58d02f8acd00ced28 Mon Sep 17 00:00:00 2001 From: Jesse Pretorius Date: Wed, 17 Aug 2016 17:13:28 +0100 Subject: [PATCH] Revise container DNS resolution implementation The current LXC cache preparation copies the DNS resolver config from the host into the container. When the host has been setup with a DNS caching system like 'unbound' running on it, the host's resolv.conf contains only a localhost nameserver entry which will not work from inside the container. The Ubuntu containers use resolvconf by default. Resolvconf gathers the DNS settings from each interface configured and compiles /etc/resolv.conf from the interface information. This results in a nameserver list which will start with the LXC dnsmasq service which runs on lxcbr0. This service uses the host's DNS configuration for name resolution. In effect, therefore, when the containers use the DNS service on lxcbr0, the host does the resolution and responds to the container. This means far less moving parts and a far more predictable implementation for name resolution. This patch implements the changes necessary for this strategy to work. Change-Id: Ib139af5221dbb1f479ca068e472cf0e8aa828a8d --- vars/redhat-7.yml | 11 +++++++++-- vars/ubuntu-14.04.yml | 12 +++++++++--- vars/ubuntu-16.04.yml | 13 +++++++++---- 3 files changed, 27 insertions(+), 9 deletions(-) diff --git a/vars/redhat-7.yml b/vars/redhat-7.yml index 8d805a5d..334b9da2 100644 --- a/vars/redhat-7.yml +++ b/vars/redhat-7.yml @@ -45,9 +45,11 @@ lxc_cache_map: copy_from_host: - /etc/yum.repos.d/ - /etc/pki/rpm-gpg/ - - /etc/resolv.conf - - /etc/systemd/resolved.conf cache_prep_commands: | + if [ -a /etc/resolv.conf ]; then + mv /etc/resolv.conf /etc/resolv.conf.org + fi + echo "nameserver {{ lxc_net_address }}" > /etc/resolv.conf yum install -y {{ lxc_cache_packages | join(' ') }} rm -f /usr/bin/python ln -s /usr/bin/python2.7 /usr/bin/python @@ -64,6 +66,11 @@ lxc_cache_map: ln -s /dev/null /etc/systemd/system/proc-sys-fs-binfmt_misc.automount || true echo -e '{{ lxc_container_default_interfaces }}' | tee /etc/sysconfig/network-scripts/ifcfg-eth0 chage -I -1 -d -1 -m 0 -M 99999 -E -1 root + if [ -a /etc/resolv.conf.org ]; then + mv /etc/resolv.conf.org /etc/resolv.conf + else + rm -f /etc/resolv.conf + fi lxc_cache_packages: - ca-certificates diff --git a/vars/ubuntu-14.04.yml b/vars/ubuntu-14.04.yml index 3df3ae61..308618bc 100644 --- a/vars/ubuntu-14.04.yml +++ b/vars/ubuntu-14.04.yml @@ -43,11 +43,12 @@ lxc_cache_map: copy_from_host: - /etc/apt/sources.list - /etc/apt/apt.conf.d/ - - /run/resolvconf/ - - /etc/resolvconf/ - - /etc/resolv.conf - /root/repo.keys cache_prep_commands: | + if [ -a /etc/resolv.conf ]; then + mv /etc/resolv.conf /etc/resolv.conf.org + fi + echo "nameserver {{ lxc_net_address }}" > /etc/resolv.conf apt-key add /root/repo.keys rm /root/repo.keys export DEBIAN_FRONTEND=noninteractive @@ -71,6 +72,11 @@ lxc_cache_map: echo -e '{{ lxc_container_default_interfaces }}' | tee /etc/network/interfaces mkdir -p /etc/network/interfaces.d chage -I -1 -d -1 -m 0 -M 99999 -E -1 root + if [ -a /etc/resolv.conf.org ]; then + mv /etc/resolv.conf.org /etc/resolv.conf + else + rm -f /etc/resolv.conf + fi # This forces any modified configurations to remain, and any unmodified configs to be replaced # ref: http://serverfault.com/questions/259226/automatically-keep-current-version-of-config-files-when-apt-get-install diff --git a/vars/ubuntu-16.04.yml b/vars/ubuntu-16.04.yml index fe5f4ab2..84e04e93 100644 --- a/vars/ubuntu-16.04.yml +++ b/vars/ubuntu-16.04.yml @@ -47,12 +47,12 @@ lxc_cache_map: copy_from_host: - /etc/apt/sources.list - /etc/apt/apt.conf.d/ - - /run/resolvconf/ - - /etc/resolvconf/ - - /etc/resolv.conf - - /etc/systemd/resolved.conf - /root/repo.keys cache_prep_commands: | + if [ -a /etc/resolv.conf ]; then + mv /etc/resolv.conf /etc/resolv.conf.org + fi + echo "nameserver {{ lxc_net_address }}" > /etc/resolv.conf apt-key add /root/repo.keys rm /root/repo.keys export DEBIAN_FRONTEND=noninteractive @@ -76,6 +76,11 @@ lxc_cache_map: echo -e '{{ lxc_container_default_interfaces }}' | tee /etc/network/interfaces mkdir -p /etc/network/interfaces.d chage -I -1 -d -1 -m 0 -M 99999 -E -1 root + if [ -a /etc/resolv.conf.org ]; then + mv /etc/resolv.conf.org /etc/resolv.conf + else + rm -f /etc/resolv.conf + fi # This forces any modified configurations to remain, and any unmodified configs to be replaced # ref: http://serverfault.com/questions/259226/automatically-keep-current-version-of-config-files-when-apt-get-install