Commit fc2350ec authored by David Johnson's avatar David Johnson

Add a Capnet dhcp Dnsmasq wrapper to stop DNS recursive resolution.

Capnet networks cannot get to the external world.  However, the default
Cloudlab/OpenStack dnsmasq arrangment (of course) specifies an external
resolver.  This slows all kinds of queries from the VMs, and slows bootup,
while the local resolver waits for the remote one to timeout.

Dnsmasq in openstack doesn't give up per-network config ability, so we
add some of our own.  There is now a custom capnet dnsmasq config file
sans external resolver; and the wrapper class strips out any --server
CLI options that the base class might have added due to the dhcp/dnsmasq
config file opts.  It warns when it does this.

We may not want that behavior in the future; hopefully we remember to
get rid of it then.  But there's no other way to allow recursive public
resolution for non-capnet networks, and then disallow it for Capnet
networks, without this.
parent ba46694b
Pipeline #1252 skipped
......@@ -66,6 +66,21 @@ crudini --set /etc/neutron/plugins/ml2/ml2_conf_capnet.ini capnet pythonpath \
crudini --set /etc/neutron/plugins/ml2/ml2_conf_capnet.ini capnet \
neutron_metadata_service_location l3
##
## Setup our custom Dnsmasq config.
##
crudini --set /etc/neutron/dhcp_agent.ini DEFAULT dhcp_driver \
networking_capnet.agent.linux.dhcp.CapnetDnsmasq
crudini --set /etc/neutron/dhcp_agent.ini capnet dnsmasq_config_file \
/etc/neutron/capnet-dnsmasq-neutron.conf
echo <<EOF > /etc/neutron/capnet-dnsmasq-neutron.conf
dhcp-option-force=26,1454
log-queries
log-dhcp
no-resolv
EOF
##
## Setup our physical Capnet connections
##
......
from oslo_config import cfg
from oslo_log import log as logging
from neutron.agent.linux.dhcp import Dnsmasq
from networking_capnet.common import config as cn_config
from networking_capnet.common import constants as cn_const
LOG = logging.getLogger(__name__)
class CapnetDnsmasq(Dnsmasq):
"""
A simple Dnsmasq wrapper that substitutes a separate Capnet dnsmasq,
and strips out any --server options from the default config. Capnet
networks cannot access external world, so we cannot stall DNS
queries based on dnsmasq trying to forward the query onto the
default resolver.
"""
def _build_cmdline_callback(self, pid_file):
cmd = super(CapnetDnsmasq,self)._build_cmdline_callback(pid_file)
LOG.debug("network = %s" % (str(self.network),))
ccf = cfg.CONF.CAPNET.dnsmasq_config_file
LOG.debug("CAPNET.dnsmasq_config_file = %s" % (ccf,))
if 'provider:network_type' in self.network \
and self.network['provider:network_type'] == cn_const.TYPE_CAPNET:
# We need to change the config file to point to ours:
if ccf:
found = False
for i in range(0,len(cmd)):
if cmd[i].startswith('--conf-file='):
cmd[i] = "--conf-file=%s" % (ccf,)
found = True
break
pass
if not found:
cmd.append("--conf-file=%s" % (ccf,))
pass
pass
# If there is a --server option, we have to get rid of it!
# Capnet does not allow external access right now.
newcmd = []
for c in cmd:
if c.startswith('--server='):
LOG.warn("removed dnsmasq opt %s !" % (c,))
else:
newcmd.append(c)
pass
pass
cmd = newcmd
pass
return cmd
pass
......@@ -111,7 +111,9 @@ capnet_opts = [
cfg.StrOpt('neutron_metadata_service_location',
default="",
help="Specify where, if any, the Neutron metadata service proxy is running. This is configurable in Neutron to run either in the DHCP agent or in the L3 agent. Thus, here you can set either 'dhcp', 'l3', or '' (if you don't want the metadata service to be automatically enabled."),
cfg.StrOpt('dnsmasq_config_file',default='',
help="A custom dnsmasq config file for Capnet networks."),
]
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment