Make the LXC cache prep use the host resolver config

Currently the container cache preparation process uses a list of resolver addresses in order to prepare the container DNS resolution configuration. This presents a few problems: - The default value is set to Google's DNS addresses, which may not be accessible from a deployer's environment. This will cause an installation to fail and the deployer will have to dig around to find out why. This is counterintuitive - it would be better if the default process was to discover the host's configuration and to use that instead. - Nothing other than a very simple resolv.conf can be implemented. Deployers may wish to implement more advanced settings such as timeouts and round-robin queries. This patch changes the image cache preparation process to ensure that the container resolver configuration matches that of the host. This is simpler and more intuitive. Change-Id: I66b448dee361e231d172eb278b290ec4dccfdf97
2016-05-27 14:50:22 +01:00 · 2016-05-27 14:50:22 +01:00 · f11bbc4f34
parent c2266350c8
commit f11bbc4f34
5 changed files with 11 additions and 24 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -52,10 +52,6 @@ lxc_kernel_options:
 lxc_pip_packages:
  - lxc-python2

-lxc_cache_resolvers:
-  - 'nameserver 8.8.8.8'
-  - 'nameserver 8.8.4.4'
-
 lxc_cache_sshd_configuration:
    - { regexp: "^PermitRootLogin",         line: "PermitRootLogin yes" }
    - { regexp: "^TCPKeepAlive",            line: "TCPKeepAlive yes" }
--- a/releasenotes/notes/container-resolv-host-match-c6e3760cf4a8e5cd.yaml
+++ b/releasenotes/notes/container-resolv-host-match-c6e3760cf4a8e5cd.yaml
@ -0,0 +1,6 @@
+---
+upgrade:
+  - The LXC container cache preparation process now copies DNS
+    resolution configuration from the host instead of implementing
+    its own configuration. The ``lxc_cache_resolvers`` variable
+    is therefore unnecessary and has been removed.
--- a/vars/redhat-7.yml
+++ b/vars/redhat-7.yml
@ -44,11 +44,8 @@ lxc_cache_map:
  copy_from_host:
    - /etc/yum.repos.d/
    - /etc/pki/rpm-gpg/
+    - /etc/resolv.conf
  cache_prep_commands: |
-    rm /etc/resolv.conf
-    {% for resolver in lxc_cache_resolvers %}
-    echo "{{ resolver }}" | tee -a /etc/resolv.conf
-    {% endfor %}
    {{ lxc_cache_install_command }} {{ lxc_cache_packages | join(' ') }}
    rm -f /usr/bin/python
    ln -s /usr/bin/python2.7 /usr/bin/python
--- a/vars/ubuntu-14.04.yml
+++ b/vars/ubuntu-14.04.yml
@ -44,16 +44,10 @@ lxc_cache_map:
    - /etc/apt/sources.list
    - /etc/apt/sources.list.d/
    - /etc/apt/apt.conf.d/
+    - /etc/resolvconf/
+    - /etc/resolv.conf
    - /root/repo.keys
  cache_prep_commands: |
-    rm /run/resolvconf/resolv.conf
-    # This enforces the resolvers from within the image
-    {% for resolver in lxc_cache_resolvers %}
-    echo "{{ resolver }}" | tee -a /run/resolvconf/resolv.conf
-    {% endfor %}
-    cp /run/resolvconf/resolv.conf /etc/resolvconf/resolv.conf.d/base
-    echo "# NONE" > /etc/resolvconf/resolv.conf.d/tail
-    echo "# NONE" > /etc/resolvconf/resolv.conf.d/original
    rm -rf /var/lib/apt/lists/*
    apt-key add /root/repo.keys
    rm /root/repo.keys
--- a/vars/ubuntu-16.04.yml
+++ b/vars/ubuntu-16.04.yml
@ -47,16 +47,10 @@ lxc_cache_map:
    - /etc/apt/sources.list
    - /etc/apt/sources.list.d/
    - /etc/apt/apt.conf.d/
+    - /etc/resolvconf/
+    - /etc/resolv.conf
    - /root/repo.keys
  cache_prep_commands: |
-    rm /run/resolvconf/resolv.conf
-    # This enforces the resolvers from within the image
-    {% for resolver in lxc_cache_resolvers %}
-    echo "{{ resolver }}" | tee -a /run/resolvconf/resolv.conf
-    {% endfor %}
-    cp /run/resolvconf/resolv.conf /etc/resolvconf/resolv.conf.d/base
-    echo "# NONE" > /etc/resolvconf/resolv.conf.d/tail
-    echo "# NONE" > /etc/resolvconf/resolv.conf.d/original
    rm -rf /var/lib/apt/lists/*
    apt-key add /root/repo.keys
    rm /root/repo.keys