Consul / dnsmasq setup with DHCP
308 views
Skip to first unread message
Ameir Abdeldayem
Aug 19, 2016, 10:48:17 AM8/19/16
to Consul
Hey everyone,
I'm setting up dnsmasq locally on my instances in order to forward requests to consul for the `.consul` zone. I manually set nameserver 127.0.0.1 in my resolv.conf, and am able to query things (in Consul and not) just fine.
My question, which I haven't seen an answer to after a good bit of searching, is: what happens when DHCP options change to pass new resolvers?
Note that my question isn't: how do I keep nameserver 127.0.0.1 constant in resolv.conf? I know that I can set that in dhclient options. Instead, what if a network change is made to use a different set of resolvers? Most posts seem to have something like resolv-file=/etc/resolv.dnsmasq.conf in the dnsmasq config, but that file is manually-updated. Has anyone gotten dhclient to update that file instead? That appears to be the most fool-proof way, but I'm not finding much on that.
Any tips would be well-appreciated.
Thanks!
-Ameir
Brian Lalor
Aug 19, 2016, 10:56:57 AM8/19/16
to Consul
On CentOS 7, I’m doing the following:
> /etc/NetworkManager/conf.d/000-hands-of-my-resolv.conf
# -*- ini -*-
[main]
## configure NetworkManager to not manage /etc/resolv.conf, as we'll bring our own
## man NetworkManager.conf
dns=none
> /etc/NetworkManager/dispatcher.d/50-update-dnsmasq-resolv-conf
#!/bin/bash
## script to be executed when dhcp changes are made; maintains /etc/resolv.conf
## man NetworkManager
interface="${1}"
action="${2}"
/bin/logger -t "${0}" \
"invoked for interface ${interface:-<not_provided>} and action ${action} with nameservers '${IP4_NAMESERVERS}', domains '${IP4_DOMAINS}'"
if [ -n "${IP4_NAMESERVERS}" ] && [ -n "${IP4_DOMAINS}" ]; then
echo "# generated by ${0}; do not edit" >| /etc/resolv.conf.dnsmasq
for ns in ${IP4_NAMESERVERS}; do
echo "nameserver ${ns}" >> /etc/resolv.conf.dnsmasq
done
## use IP of eth0, so we can use the same resolv.conf and mount it in
## containers
local_ip=$( ip addr show eth0 | awk '/inet / {print substr($2, 0, index($2, "/") - 1)}' )
echo "# generated by ${0}; do not edit" >| /etc/resolv.conf
echo "nameserver ${local_ip:-127.0.0.1}" >> /etc/resolv.conf
if [ -n "${IP4_DOMAINS}" ]; then
echo "search ${IP4_DOMAINS}" >> /etc/resolv.conf
fi
fi
> --
> This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
>
> GitHub Issues: https://github.com/hashicorp/consul/issues
> IRC: #consul on Freenode
> ---
> You received this message because you are subscribed to the Google Groups "Consul" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to consul-tool...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/consul-tool/af5f85ab-4d9e-4a9a-8ad8-2e2edbef3912%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
—
Brian Lalor
bla...@bravo5.org
> /etc/NetworkManager/conf.d/000-hands-of-my-resolv.conf
# -*- ini -*-
[main]
## configure NetworkManager to not manage /etc/resolv.conf, as we'll bring our own
## man NetworkManager.conf
dns=none
> /etc/NetworkManager/dispatcher.d/50-update-dnsmasq-resolv-conf
#!/bin/bash
## script to be executed when dhcp changes are made; maintains /etc/resolv.conf
## man NetworkManager
interface="${1}"
action="${2}"
/bin/logger -t "${0}" \
"invoked for interface ${interface:-<not_provided>} and action ${action} with nameservers '${IP4_NAMESERVERS}', domains '${IP4_DOMAINS}'"
if [ -n "${IP4_NAMESERVERS}" ] && [ -n "${IP4_DOMAINS}" ]; then
echo "# generated by ${0}; do not edit" >| /etc/resolv.conf.dnsmasq
for ns in ${IP4_NAMESERVERS}; do
echo "nameserver ${ns}" >> /etc/resolv.conf.dnsmasq
done
## use IP of eth0, so we can use the same resolv.conf and mount it in
## containers
local_ip=$( ip addr show eth0 | awk '/inet / {print substr($2, 0, index($2, "/") - 1)}' )
echo "# generated by ${0}; do not edit" >| /etc/resolv.conf
echo "nameserver ${local_ip:-127.0.0.1}" >> /etc/resolv.conf
if [ -n "${IP4_DOMAINS}" ]; then
echo "search ${IP4_DOMAINS}" >> /etc/resolv.conf
fi
fi
> This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
>
> GitHub Issues: https://github.com/hashicorp/consul/issues
> IRC: #consul on Freenode
> ---
> You received this message because you are subscribed to the Google Groups "Consul" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to consul-tool...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/consul-tool/af5f85ab-4d9e-4a9a-8ad8-2e2edbef3912%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
—
Brian Lalor
bla...@bravo5.org
Ameir Abdeldayem
Aug 19, 2016, 1:32:05 PM8/19/16
to consu...@googlegroups.com
Thanks for that snippet, Brian. We're on CentOS 7 as well, but not using NetworkManager; I'll dig into this a bit and see if I can adapt this to our environment.
Thanks!
-Ameir
> To unsubscribe from this group and stop receiving emails from it, send an email to consul-tool+unsubscribe@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/consul-tool/af5f85ab-4d9e-4a9a-8ad8-2e2edbef3912%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
—
Brian Lalor
bla...@bravo5.org
--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
GitHub Issues: https://github.com/hashicorp/consul/issues
IRC: #consul on Freenode
---
You received this message because you are subscribed to the Google Groups "Consul" group.
To unsubscribe from this group and stop receiving emails from it, send an email to consul-tool+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/consul-tool/34C6A4BB-79C5-4450-8706-A32A626C333F%40bravo5.org.
Brian Lalor
Aug 19, 2016, 1:42:37 PM8/19/16
to Consul
I think I found the RHEL docs a little more complete when using NetworkManager than without. I’ve attached what I’m using for CentOS 6 with dhclient. It’s installed at /etc/dhcp/dhclient-enter-hooks. There may be more required to make this work, and I seem to recall it being a really-big-hammer approach, but it Works For Me™. :-)
Michael Fischer
Aug 20, 2016, 2:26:11 PM8/20/16
to consu...@googlegroups.com
You're not using the dnsmasq plugin for NetworkManager? It seems to
make everything work for us.
> https://groups.google.com/d/msgid/consul-tool/34C6A4BB-79C5-4450-8706-A32A626C333F%40bravo5.org.
make everything work for us.
Reply all
Reply to author
Forward
0 new messages