Merge "Set default value for dnsmasq_local_resolv to False"

neutron/agent/dhcp/config.py

@@ -85,7 +85,7 @@ DNSMASQ_OPTS = [
                       "The log contains DHCP and DNS log information and "
                       "is useful for debugging issues with either DHCP or "
                       "DNS. If this section is null, disable dnsmasq log.")),
-    cfg.BoolOpt('dnsmasq_local_resolv', default=True,
+    cfg.BoolOpt('dnsmasq_local_resolv', default=False,
                 help=_("Enables the dnsmasq service to provide name "
                        "resolution for instances via DNS resolvers on the "
                        "host running the DHCP agent. Effectively removes the "

neutron/agent/linux/dhcp.py

@@ -304,9 +304,15 @@ class Dnsmasq(DhcpLocalProcess):
             return []
 
     def _build_cmdline_callback(self, pid_file):
+        # We ignore local resolv.conf if dns servers are specified
+        # or if local resolution is explicitly disabled.
+        _no_resolv = (
+            '--no-resolv' if self.conf.dnsmasq_dns_servers or
+            not self.conf.dnsmasq_local_resolv else '')
         cmd = [
             'dnsmasq',
             '--no-hosts',
+            _no_resolv,
             '--strict-order',
             '--except-interface=lo',
             '--pid-file=%s' % pid_file,
@@ -383,11 +389,6 @@ class Dnsmasq(DhcpLocalProcess):
             cmd.extend(
                 '--server=%s' % server
                 for server in self.conf.dnsmasq_dns_servers)
-        else:
-            # We only look at 'dnsmasq_local_resolv' if 'dnsmasq_dns_servers'
-            # is not set, which explicitly overrides 'dnsmasq_local_resolv'.
-            if not self.conf.dnsmasq_local_resolv:
-                cmd.append('--no-resolv')
 
         if self.conf.dhcp_domain:
             cmd.append('--domain=%s' % self.conf.dhcp_domain)

neutron/tests/unit/agent/linux/test_dhcp.py

@@ -988,7 +988,7 @@ class TestDnsmasq(TestBase):
 
     def _test_spawn(self, extra_options, network=FakeDualNetwork(),
                     max_leases=16777216, lease_duration=86400,
-                    has_static=True):
+                    has_static=True, no_resolv='--no-resolv'):
         def mock_get_conf_file_name(kind):
             return '/dhcp/%s/%s' % (network.id, kind)
 
@@ -1000,6 +1000,7 @@ class TestDnsmasq(TestBase):
         expected = [
             'dnsmasq',
             '--no-hosts',
+            no_resolv,
             '--strict-order',
             '--except-interface=lo',
             '--pid-file=%s' % expected_pid_file,
@@ -1130,10 +1131,18 @@ class TestDnsmasq(TestBase):
                           ('--log-facility=%s' % dhcp_dns_log)],
                          network)
 
-    def test_spawn_cfg_no_local_resolv(self):
-        self.conf.set_override('dnsmasq_local_resolv', False)
+    def test_spawn_cfg_with_local_resolv(self):
+        self.conf.set_override('dnsmasq_local_resolv', True)
 
-        self._test_spawn(['--conf-file=', '--no-resolv',
+        self._test_spawn(['--conf-file=', '--domain=openstacklocal'],
+                         no_resolv='')
+
+    def test_spawn_cfg_with_local_resolv_overriden(self):
+        self.conf.set_override('dnsmasq_local_resolv', True)
+        self.conf.set_override('dnsmasq_dns_servers', ['8.8.8.8'])
+
+        self._test_spawn(['--conf-file=',
+                          '--server=8.8.8.8',
                           '--domain=openstacklocal'])
 
     def test_spawn_max_leases_is_smaller_than_cap(self):

releasenotes/notes/default-local-dns-a1c3fa1451f228fa.yaml

@@ -1,14 +1,20 @@
 ---
 fixes:
-  - Prior to Mitaka, neither specifying DNS resolvers via the
-    'dnsmasq_dns_servers' option in the DHCP agent configuration file nor via
-    neutron subnet options causes the dnsmasq service to offer the IP address
-    on which it resides to instances for name resolution. However, the static
-    dnsmasq '--no-resolv' process argument prevents name resolution via dnsmasq
-    leaving instances without name resolution. In Mitaka+, the
-    'dnsmasq_local_resolv' option in the DHCP agent configuration file enables
-    (by default) the dnsmasq service to provide name resolution for instances
-    via DNS resolvers on the host running the DHCP agent by effectively
-    removing the '--no-resolv' option from the dnsmasq process arguments.
-    Adding custom DNS resolvers to the 'dnsmasq_dns_servers' option in the DHCP
-    agent configuration file disables this feature.
+  - Prior to Mitaka, name resolution in instances requires specifying DNS
+    resolvers via the 'dnsmasq_dns_servers' option in the DHCP agent
+    configuration file or via neutron subnet options. In this case, the
+    data plane must provide connectivity between instances and upstream DNS
+    resolvers. Omitting both of these methods causes the dnsmasq service
+    to offer the IP address on which it resides to instances for name
+    resolution. However, the static dnsmasq '--no-resolv' process argument
+    prevents name resolution via dnsmasq, leaving instances without name
+    resolution.
+    Mitaka introduces the 'dnsmasq_local_resolv' option, default value False
+    to preserve backward-compatibility, that enables the dnsmasq service to
+    provide name resolution for instances via DNS resolvers on the host
+    running the DHCP agent. In this case, the data plane must provide
+    connectivity between the host and upstream DNS resolvers rather than
+    between the instances and upstream DNS resolvers. Specifying DNS
+    resolvers via the 'dnsmasq_dns_servers' option in the DHCP agent
+    configuration overrides the 'dnsmasq_local_resolv' option for all subnets
+    using the DHCP agent.