Remove internal nameserver and host file manipulation

Author: markllama

README.adoc

@@ -480,16 +480,6 @@ The above DNS records should be set on the DNS server authoritative for the
 domain used in OpenShift cluster (`example.com` in the example above).
 ====
 
-[NOTE]
-====
-A DNS server is set also on bastion node during deployment but this
-server is used only by OpenShift nodes internally and should not be used
-for resolving OpenShift user entry points. We plan to use Designate service
-in near future. Alternatively `skip_dns=true` parameter can be used, then
-instead of DNS server on bastion node openshift-ansible deploys dnsmasq on
-each node.
-====
-
 == Retrieving the CA certificate
 
 You can retrieve the CA certificate that was generated during the OpenShift

bastion.yaml

@@ -173,9 +173,6 @@ parameters:
     type: number
     default: 4000
 
-  skip_dns:
-    type: boolean
-
   system_update:
     type: boolean
 
@@ -249,7 +246,6 @@ resources:
       config:
         str_replace:
           params:
-            $SKIP_DNS: {get_param: skip_dns}
             $OPENSHIFT_ANSIBLE_GIT_URL: {get_param: openshift_ansible_git_url}
             $OPENSHIFT_ANSIBLE_GIT_REV: {get_param: openshift_ansible_git_rev}
             $DOCKER_VOLUME_ID: {get_resource: docker_volume}
@@ -362,13 +358,11 @@ resources:
         - "\n"
         - - "#!/bin/bash"
           - "set -eux"
-          - get_file: templates/var/lib/ansible/templates/etc/resolv.conf
           - get_file: templates/var/lib/ansible/group_vars/masters.yml
           - get_file: templates/var/lib/ansible/group_vars/nodes.yml
           - get_file: templates/var/lib/ansible/host_vars/loadbalancer.yml
           - get_file: templates/var/lib/ansible/group_vars/OSv3.yml
           - get_file: templates/var/lib/ansible/playbooks/registry.yml
-          - get_file: templates/var/lib/ansible/playbooks/dns.yml
           - get_file: templates/var/lib/ansible/playbooks/main.yml
           - get_file: templates/var/lib/ansible/playbooks/scaleup.yml
           - get_file: templates/var/lib/ansible/playbooks/scaledown.yml

fragments/bastion-ansible.sh

@@ -70,10 +70,8 @@ function create_metadata_json() {
     "heat_outputs_path": "$heat_outputs_path",
     "ssh_user": "$ssh_user",
     "deployment_type": "$deployment_type",
-    "skip_dns": $([ "$skip_dns" == "True" ] && echo true || echo false),
     "lb_ip": "$lb_ip",
     "dns_forwarders": "$dns_forwarders",
-    "dns_ip": "$dns_ip",
     "ldap_url": "$ldap_url",
     "ldap_bind_dn": "$ldap_bind_dn",
     "ldap_bind_password": "$ldap_bind_password",
@@ -136,22 +134,6 @@ function is_scaleup() {
         grep -v '.*-node') && return 1 || return 0
 }
 
-function update_etc_hosts() {
-    # $1 - IP
-    # $2 - hostname
-    grep -q "$2" /etc/hosts || echo "$1 $2" >> /etc/hosts
-}
-
-if [ "$lb_type" == "external" ]; then
-    # for external loadbalancer override LB's IP to point to the first master
-    # node (because the LB can not be pre-set and working). This is done
-    # only for the initial run, for next scale up/down it's expected
-    # that the LB is already set.
-    [ -e ${ANSDIR}.deployed ] || update_etc_hosts "$master_ip" "$lb_hostname"
-else
-    update_etc_hosts "$lb_ip" "$lb_hostname"
-fi
-
 [ "$prepare_ansible" == "False" ] && exit 0
 
 mkdir -p /var/lib/ansible/group_vars

fragments/bastion-boot.sh

@@ -5,7 +5,6 @@
 # ENVVARS
 #   WC_NOTIFY - a curl URL fragment from an OpenStack WaitCondition
 #               used to signal OpenStack of completion status
-#   DNS_IP    - The IP address of the nearest resolver host
 #
 #   OPENSHIFT_ANSIBLE_GIT_URL - the URL of a git repository containing the
 #                               openshift ansible playbooks and configs
@@ -34,16 +33,6 @@ HEAT_AGENT_CONTAINER_IMAGE=jprovaznik/ooshift-heat-agent
 # Select the EPEL release to make it easier to update
 EPEL_RELEASE_VERSION=7-7
 
-# --- DNS functions ----------------------------------------------------------
-#
-# Disable automatic updates of resolv.conf when an interface comes up
-function disable_resolv_updates() {
-    # INTERFACE=$1
-    sed -i -e '/^PEERDNS=/s/=.*/="no"/' \
-        /etc/sysconfig/network-scripts/ifcfg-$1
-}
-
-
 # ----------------------------------------------------------------------------
 # Functions for Atomic Host systems
 # ----------------------------------------------------------------------------
@@ -131,9 +120,6 @@ function clone_openshift_ansible() {
         notify_failure "could not check out openshift-ansible rev $2"
 }
 
-# Do not update resolv.conf from eth0 when the system boots
-disable_resolv_updates eth0
-
 sudo_enable_from_ssh
 
 if is_atomic_host

fragments/bastion-node-add.sh

@@ -18,6 +18,3 @@ NODESFILE=/var/lib/ansible/${node_type}_list
 mkdir -p /var/lib/ansible/
 touch $NODESFILE
 grep -q "$node_hostname" $NODESFILE || echo $node_hostname >> $NODESFILE
-
-echo "$node_etc_host" >> /etc/hosts
-[ -e /run/ostree-booted ] && cp /etc/hosts /host/etc/hosts || true

fragments/bastion-node-cleanup.sh

@@ -1,6 +1,5 @@
 #!/bin/bash
 # ENVVARS
-#   SKIP_DNS = boolean: local DNS updates are disabled
 #   node_name = "<hostname>"
 
 # Exit on fail or bad VAR expansion
@@ -38,11 +37,4 @@ fi
         -u $ssh_user --sudo -i $INVENTORY \
         -a "subscription-manager unregister && subscription-manager clean" || true
 
-# Save a copy of the current host file
-cp /etc/hosts{,.bkp}
-
-# Remove the node IP entry from the hosts file (saving the backup)
-grep -v "$node_name" /etc/hosts.bkp > /etc/hosts
-[ -e /run/ostree-booted ] && cp /etc/hosts /host/etc/hosts
-
 echo "Deleted node $node_name"

fragments/common_functions.sh

@@ -17,12 +17,6 @@ function sudo_enable_from_ssh() {
     sed -i "/requiretty/s/^/#/" /etc/sudoers
 }
 
-# add the local nameserver to the beginning of the local resolver list
-function add_nameserver() {
-    # NAMESERVER_IP=$1
-    sed -i "/search openstacklocal.*/anameserver $1" /etc/resolv.conf
-}
-
 # All hosts must have an external disk device (cinder?) for docker storage
 function docker_set_storage_device() {
     # By default the cinder volume is mapped to virtio-first_20_chars of cinder

fragments/common_openshift_functions.sh

@@ -1,8 +1,3 @@
-function disable_peerdns() {
-    # INTERFACE=$1
-    sed -i '/^PEERDNS=/s/=.*/="no"/' /etc/sysconfig/network-scripts/ifcfg-$1
-}
-
 # workaround for openshift-ansible - symlinks are created in /usr/local/bin but
 # this path is not by default in sudo secure_path so ansible fails
 function sudo_set_secure_path() {

fragments/infra-boot.sh

@@ -2,9 +2,6 @@
 #
 # Prepare an OpenShift node VM for configuration by Ansible
 #
-# ENVVARS
-#   SKIP_DNS - local DNS is disabled: do not try to make updates
-#
 # CONSTANTS
 #
 # The device to mount to store Docker images and containers
@@ -20,9 +17,7 @@ set -o pipefail
 source /usr/local/share/openshift-on-openstack/common_functions.sh
 source /usr/local/share/openshift-on-openstack/common_openshift_functions.sh
 
-[ "$SKIP_DNS" != "True" ] && add_nameserver $DNS_IP
 
-disable_peerdns eth0
 ifup eth1
 
 sudo_set_secure_path "/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin"

fragments/lb-boot.sh

@@ -3,7 +3,6 @@
 # Prepare the Load Balancer host to run ansible for host configuration
 #
 # ENVVARS
-#   DNS_IP:    The IP address of the closest DNS server for name resolution
 #   WC_NOTIFY: A curl query prefix to provide status to OpenStack WaitCondition
 
 # Exit immediately on error or on reference to an undefined variable
@@ -19,15 +18,6 @@ source /usr/local/share/openshift-on-openstack/common_functions.sh
 # MAIN
 # ==============================================================================
 
-# Add a nameserver line for the local DNS server
-if [ -n "$DNS_IP" ]
-then
-    sed -i '/search openstacklocal.*/a\nnameserver $DNS_IP' /etc/resolv.conf
-fi
-
-# Disable updates to the /etc/resolv.conf file for DNS when starting eth0
-sed -i '/^PEERDNS=/s/=.*/=no/' /etc/sysconfig/network-scripts/ifcfg-eth0
-
 # workaround for openshift-ansible - Add /usr/local/bin to sudo PATH
 #   symlinks are created in /usr/local/bin but this path is not by
 #   default in sudo secure_path so ansible fails