From f11bbc4f349eac869c7b5ae38f73432ae2dd9ca8 Mon Sep 17 00:00:00 2001
From: Jesse Pretorius <jesse.pretorius@rackspace.co.uk>
Date: Fri, 27 May 2016 14:50:22 +0100
Subject: [PATCH] Make the LXC cache prep use the host resolver config

Currently the container cache preparation process uses a list of
resolver addresses in order to prepare the container DNS resolution
configuration.

This presents a few problems:
- The default value is set to Google's DNS addresses, which may not
  be accessible from a deployer's environment. This will cause an
  installation to fail and the deployer will have to dig around to
  find out why. This is counterintuitive - it would be better if the
  default process was to discover the host's configuration and to use
  that instead.
- Nothing other than a very simple resolv.conf can be implemented.
  Deployers may wish to implement more advanced settings such as
  timeouts and round-robin queries.

This patch changes the image cache preparation process to ensure that
the container resolver configuration matches that of the host. This is
simpler and more intuitive.

Change-Id: I66b448dee361e231d172eb278b290ec4dccfdf97
---
 defaults/main.yml                                      |  4 ----
 .../container-resolv-host-match-c6e3760cf4a8e5cd.yaml  |  6 ++++++
 vars/redhat-7.yml                                      |  5 +----
 vars/ubuntu-14.04.yml                                  | 10 ++--------
 vars/ubuntu-16.04.yml                                  | 10 ++--------
 5 files changed, 11 insertions(+), 24 deletions(-)
 create mode 100644 releasenotes/notes/container-resolv-host-match-c6e3760cf4a8e5cd.yaml

diff --git a/defaults/main.yml b/defaults/main.yml
index b5a33ce7..aa2cba53 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -52,10 +52,6 @@ lxc_kernel_options:
 lxc_pip_packages:
   - lxc-python2
 
-lxc_cache_resolvers:
-  - 'nameserver 8.8.8.8'
-  - 'nameserver 8.8.4.4'
-
 lxc_cache_sshd_configuration:
     - { regexp: "^PermitRootLogin",         line: "PermitRootLogin yes" }
     - { regexp: "^TCPKeepAlive",            line: "TCPKeepAlive yes" }
diff --git a/releasenotes/notes/container-resolv-host-match-c6e3760cf4a8e5cd.yaml b/releasenotes/notes/container-resolv-host-match-c6e3760cf4a8e5cd.yaml
new file mode 100644
index 00000000..e1e93c26
--- /dev/null
+++ b/releasenotes/notes/container-resolv-host-match-c6e3760cf4a8e5cd.yaml
@@ -0,0 +1,6 @@
+---
+upgrade:
+  - The LXC container cache preparation process now copies DNS
+    resolution configuration from the host instead of implementing
+    its own configuration. The ``lxc_cache_resolvers`` variable
+    is therefore unnecessary and has been removed.
diff --git a/vars/redhat-7.yml b/vars/redhat-7.yml
index 1647faea..26502e8d 100644
--- a/vars/redhat-7.yml
+++ b/vars/redhat-7.yml
@@ -44,11 +44,8 @@ lxc_cache_map:
   copy_from_host:
     - /etc/yum.repos.d/
     - /etc/pki/rpm-gpg/
+    - /etc/resolv.conf
   cache_prep_commands: |
-    rm /etc/resolv.conf
-    {% for resolver in lxc_cache_resolvers %}
-    echo "{{ resolver }}" | tee -a /etc/resolv.conf
-    {% endfor %}
     {{ lxc_cache_install_command }} {{ lxc_cache_packages | join(' ') }}
     rm -f /usr/bin/python
     ln -s /usr/bin/python2.7 /usr/bin/python
diff --git a/vars/ubuntu-14.04.yml b/vars/ubuntu-14.04.yml
index 7206117e..a581bed3 100644
--- a/vars/ubuntu-14.04.yml
+++ b/vars/ubuntu-14.04.yml
@@ -44,16 +44,10 @@ lxc_cache_map:
     - /etc/apt/sources.list
     - /etc/apt/sources.list.d/
     - /etc/apt/apt.conf.d/
+    - /etc/resolvconf/
+    - /etc/resolv.conf
     - /root/repo.keys
   cache_prep_commands: |
-    rm /run/resolvconf/resolv.conf
-    # This enforces the resolvers from within the image
-    {% for resolver in lxc_cache_resolvers %}
-    echo "{{ resolver }}" | tee -a /run/resolvconf/resolv.conf
-    {% endfor %}
-    cp /run/resolvconf/resolv.conf /etc/resolvconf/resolv.conf.d/base
-    echo "# NONE" > /etc/resolvconf/resolv.conf.d/tail
-    echo "# NONE" > /etc/resolvconf/resolv.conf.d/original
     rm -rf /var/lib/apt/lists/*
     apt-key add /root/repo.keys
     rm /root/repo.keys
diff --git a/vars/ubuntu-16.04.yml b/vars/ubuntu-16.04.yml
index 2a3b8709..2141d412 100644
--- a/vars/ubuntu-16.04.yml
+++ b/vars/ubuntu-16.04.yml
@@ -47,16 +47,10 @@ lxc_cache_map:
     - /etc/apt/sources.list
     - /etc/apt/sources.list.d/
     - /etc/apt/apt.conf.d/
+    - /etc/resolvconf/
+    - /etc/resolv.conf
     - /root/repo.keys
   cache_prep_commands: |
-    rm /run/resolvconf/resolv.conf
-    # This enforces the resolvers from within the image
-    {% for resolver in lxc_cache_resolvers %}
-    echo "{{ resolver }}" | tee -a /run/resolvconf/resolv.conf
-    {% endfor %}
-    cp /run/resolvconf/resolv.conf /etc/resolvconf/resolv.conf.d/base
-    echo "# NONE" > /etc/resolvconf/resolv.conf.d/tail
-    echo "# NONE" > /etc/resolvconf/resolv.conf.d/original
     rm -rf /var/lib/apt/lists/*
     apt-key add /root/repo.keys
     rm /root/repo.keys