Prepend to search domains instead of replacing

Previously the resolv-prepender script overwrote the search domains with a specific set of domains, notably including the cluster domain so cluster addresses will resolve. However, this is not desirable as it may miss some configured search domains if they don't happen to come in via DHCP (for example, search domains configured on an interface via nmcli/nmstate). This change modifies the prepender logic to also prepend the cluster domain to the search domain list rather than overwrite it completely. This means that we don't have to manage the full list of search domains like we did before. We just add on to the default ones NetworkManager writes, which should result in less confusing DNS behavior from the script. One caveat is that I don't know if the same method can be used for the resolved case and I don't have any way to test that locally, so I've left the logic there alone for now. If this turns out to be a problem for OKD as well then someone will have to work with us to get that behavior changed too.
creydr · Nov 4, 2021 · e1fbf07 · e1fbf07
1 parent b0511ee
commit e1fbf07
Showing 1 changed file with 6 additions and 2 deletions.
diff --git a/templates/common/on-prem/files/NetworkManager-resolv-prepender.yaml b/templates/common/on-prem/files/NetworkManager-resolv-prepender.yaml
@@ -67,9 +67,13 @@ contents:
                 fi
             else
                 >&2 echo "NM resolv-prepender: Prepending 'nameserver $NAMESERVER_IP' to /etc/resolv.conf (other nameservers from /var/run/NetworkManager/resolv.conf)"
-                sed -e "/^search/d" \
-                    -e "/Generated by/c# Generated by KNI resolv prepender NM dispatcher script\nsearch $DOMAINS\nnameserver $NAMESERVER_IP" \
+                sed -e "/Generated by/c# Generated by KNI resolv prepender NM dispatcher script" \
                     /var/run/NetworkManager/resolv.conf > /etc/resolv.tmp
+                sed -i "s/search.*/\0\nnameserver $NAMESERVER_IP/" /etc/resolv.tmp
+                # Make sure cluster domain is first in the search list
+                sed -i "s/search \(.*\)/search {{.DNS.Spec.BaseDomain}} \1/" /etc/resolv.tmp
+                # Remove duplicate cluster domain entries
+                sed -i "s/\(search {{.DNS.Spec.BaseDomain}}.*\) {{.DNS.Spec.BaseDomain}}\( .*\|$\)/\1\2/" /etc/resolv.tmp
                 # Only leave the first 3 nameservers in /etc/resolv.conf
                 sed -i ':a $!{N; ba}; s/\(^\|\n\)nameserver/\n# nameserver/4g' /etc/resolv.tmp
                 mv -f /etc/resolv.tmp /etc/resolv.conf