[release-4.9] Bug 2058511: Prepend to search domains instead of replacing #2966
Conversation
Previously the resolv-prepender script overwrote the search domains with a specific set of domains, notably including the cluster domain so cluster addresses will resolve. However, this is not desirable as it may miss some configured search domains if they don't happen to come in via DHCP (for example, search domains configured on an interface via nmcli/nmstate). This change modifies the prepender logic to also prepend the cluster domain to the search domain list rather than overwrite it completely. This means that we don't have to manage the full list of search domains like we did before. We just add on to the default ones NetworkManager writes, which should result in less confusing DNS behavior from the script. One caveat is that I don't know if the same method can be used for the resolved case and I don't have any way to test that locally, so I've left the logic there alone for now. If this turns out to be a problem for OKD as well then someone will have to work with us to get that behavior changed too. (cherry picked from commit e1fbf07)
Commit e1fbf07 introduced a regression where the local nameserver was only prepended to the list of nameservers when the NM generated `resolv.conf` had a default search domain. This commit fix the regex to look for nameservers rather than search domain, and makes the script a little more robust by using start of line anchor in regexes. (cherry picked from commit 09fab1e)
In openshift#2835, we changed how the prepender finds the location to insert the prepended nameserver. Unfortunately, this caused it to prepend the nameserver before each existing nameserver line, which results in duplicate entries for the local nameserver. For example: search ostest.test.metalkube.org nameserver 192.168.111.23 nameserver 8.8.8.8 nameserver 192.168.111.23 This is mildly problematic since it pushes the second nameserver out of the list of 3 that are allowed. In general this probably won't cause problems because only the local nameserver is actually used, but it looks weird and will almost certainly result in a bug report from customers at some point. The replacement sed line is stolen from [0] and is specific to GNU sed, but that shouldn't be a problem for us since we only use that version of sed. 0: https://stackoverflow.com/questions/9970124/sed-to-insert-on-first-match-only (cherry picked from commit 88713b7)
|
@creydr: No Bugzilla bug is referenced in the title of this pull request. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
Thanks! We still need to reference a 4.9 bz in the PR title to make the bot happy: /retitle [release-4.9] Bug 2058511: Prepend to search domains instead of replacing I kept the title for the original issue that was fixed with the PR, the other commits are fixups to the fixes. |
openshift-ci
bot
changed the title
openshift-ci
bot
added
bugzilla/severity-urgent
|
@creydr: This pull request references Bugzilla bug 2058511, which is valid. The bug has been moved to the POST state. The bug has been updated to refer to the pull request using the external bug tracker. 6 validation(s) were run on this bug
Requesting review from QA contact: In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
/cherry-pick release-4.8 |
|
@creydr: once the present PR merges, I will cherry-pick it on top of release-4.8 in a new PR and assign it to you. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
/retest |
|
/assign @kikisdeliveryservice @cybertron |
|
/retest-required |
openshift-ci
bot
added
the
backport-risk-assessed
|
In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
What have I done?! O.O :-) |
|
@creydr: The following tests failed, say
Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
|
/approve |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: creydr, cybertron, kikisdeliveryservice, mandre The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci
bot
added
the
approved
|
/label cherry-pick-approved |
openshift-ci
bot
added
the
cherry-pick-approved
|
@creydr: All pull requests linked via external trackers have merged: Bugzilla bug 2058511 has been moved to the MODIFIED state. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
@creydr: new pull request created: #2970 In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Backport of: