openstack
/
neutron
Code Issues Proposed changes

Set default value for dnsmasq_local_resolv to False 

patch 0de1d8d4c introduced a new behavior whereby dnsmasq can rely
on dns resolvers defined in the host's resolv.conf, and it did
that by default.

However this may introduce dns timeouts if the dns servers
are not reachable for whatever reason. This may be especially
likely in certain gate configurations (where the VM under test
is a guest itself).

Regardless of the root-cause analysis, this option should have
defaulted to False to preserve backward compatibility, therefore
this patch restores the old behavior in a way that local DNS
resolution occurs only if the new option variable is set to
True, or the admin has not explicitly set the list of DNS
servers to be injected in the DHCP response.

DocImpact: document how to configure DNS resolution by dnsmasq

Change-Id: I90ab26bfa83c2d23c92110b8da73ef771e11f7bb
This commit is contained in:
armando-migliaccio 2016-01-19 11:25:05 -08:00 committed by Armando Migliaccio
parent 8ea3b36a44
commit 003091a974
4 changed files with 38 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
neutron/agent/dhcp/config.py
View File

@ -85,7 +85,7 @@ DNSMASQ_OPTS = [
"The log contains DHCP and DNS log information and "
"is useful for debugging issues with either DHCP or "
"DNS. If this section is null, disable dnsmasq log.")),
cfg.BoolOpt('dnsmasq_local_resolv', default=True,
cfg.BoolOpt('dnsmasq_local_resolv', default=False,
help=_("Enables the dnsmasq service to provide name "
"resolution for instances via DNS resolvers on the "
"host running the DHCP agent. Effectively removes the "

11
neutron/agent/linux/dhcp.py
View File

@ -304,9 +304,15 @@ class Dnsmasq(DhcpLocalProcess):
return []
def _build_cmdline_callback(self, pid_file):
# We ignore local resolv.conf if dns servers are specified
# or if local resolution is explicitly disabled.
_no_resolv = (
'--no-resolv' if self.conf.dnsmasq_dns_servers or
not self.conf.dnsmasq_local_resolv else '')
cmd = [
'dnsmasq',
'--no-hosts',
_no_resolv,
'--strict-order',
'--except-interface=lo',
'--pid-file=%s' % pid_file,
@ -383,11 +389,6 @@ class Dnsmasq(DhcpLocalProcess):
cmd.extend(
'--server=%s' % server
for server in self.conf.dnsmasq_dns_servers)
else:
# We only look at 'dnsmasq_local_resolv' if 'dnsmasq_dns_servers'
# is not set, which explicitly overrides 'dnsmasq_local_resolv'.
if not self.conf.dnsmasq_local_resolv:
cmd.append('--no-resolv')
if self.conf.dhcp_domain:
cmd.append('--domain=%s' % self.conf.dhcp_domain)

17
neutron/tests/unit/agent/linux/test_dhcp.py
View File

@ -988,7 +988,7 @@ class TestDnsmasq(TestBase):
def _test_spawn(self, extra_options, network=FakeDualNetwork(),
max_leases=16777216, lease_duration=86400,
has_static=True):
has_static=True, no_resolv='--no-resolv'):
def mock_get_conf_file_name(kind):
return '/dhcp/%s/%s' % (network.id, kind)
@ -1000,6 +1000,7 @@ class TestDnsmasq(TestBase):
expected = [
'dnsmasq',
'--no-hosts',
no_resolv,
'--strict-order',
'--except-interface=lo',
'--pid-file=%s' % expected_pid_file,
@ -1130,10 +1131,18 @@ class TestDnsmasq(TestBase):
('--log-facility=%s' % dhcp_dns_log)],
network)
def test_spawn_cfg_no_local_resolv(self):
self.conf.set_override('dnsmasq_local_resolv', False)
def test_spawn_cfg_with_local_resolv(self):
self.conf.set_override('dnsmasq_local_resolv', True)
self._test_spawn(['--conf-file=', '--no-resolv',
self._test_spawn(['--conf-file=', '--domain=openstacklocal'],
no_resolv='')
def test_spawn_cfg_with_local_resolv_overriden(self):
self.conf.set_override('dnsmasq_local_resolv', True)
self.conf.set_override('dnsmasq_dns_servers', ['8.8.8.8'])
self._test_spawn(['--conf-file=',
'--server=8.8.8.8',
'--domain=openstacklocal'])
def test_spawn_max_leases_is_smaller_than_cap(self):

30
releasenotes/notes/default-local-dns-a1c3fa1451f228fa.yaml
View File

@ -1,14 +1,20 @@
---
fixes:
- Prior to Mitaka, neither specifying DNS resolvers via the
'dnsmasq_dns_servers' option in the DHCP agent configuration file nor via
neutron subnet options causes the dnsmasq service to offer the IP address
on which it resides to instances for name resolution. However, the static
dnsmasq '--no-resolv' process argument prevents name resolution via dnsmasq
leaving instances without name resolution. In Mitaka+, the
'dnsmasq_local_resolv' option in the DHCP agent configuration file enables
(by default) the dnsmasq service to provide name resolution for instances
via DNS resolvers on the host running the DHCP agent by effectively
removing the '--no-resolv' option from the dnsmasq process arguments.
Adding custom DNS resolvers to the 'dnsmasq_dns_servers' option in the DHCP
agent configuration file disables this feature.
- Prior to Mitaka, name resolution in instances requires specifying DNS
resolvers via the 'dnsmasq_dns_servers' option in the DHCP agent
configuration file or via neutron subnet options. In this case, the
data plane must provide connectivity between instances and upstream DNS
resolvers. Omitting both of these methods causes the dnsmasq service
to offer the IP address on which it resides to instances for name
resolution. However, the static dnsmasq '--no-resolv' process argument
prevents name resolution via dnsmasq, leaving instances without name
resolution.
Mitaka introduces the 'dnsmasq_local_resolv' option, default value False
to preserve backward-compatibility, that enables the dnsmasq service to
provide name resolution for instances via DNS resolvers on the host
running the DHCP agent. In this case, the data plane must provide
connectivity between the host and upstream DNS resolvers rather than
between the instances and upstream DNS resolvers. Specifying DNS
resolvers via the 'dnsmasq_dns_servers' option in the DHCP agent
configuration overrides the 'dnsmasq_local_resolv' option for all subnets
using the DHCP agent.