CORS-4085: Azure custom-dns: Keep resolv.conf on bootstrap node updated

When custom-dns is enabled, the resolv.conf file on the bootstrap node needs to be kept updated to point to localhost(127.0.0.1) where the local static CoreDNS pod is providing DNS for API and API-Int. After initial creation of the resolv.conf file it needs to be kept upated in case it gets overwritten by Network Manager.
2026-02-05 15:47:14 +01:00 · 2025-08-01 12:24:06 -04:00
parent dbba6e304f
commit e5e43ecb4e
3 changed files with 78 additions and 0 deletions
--- a/data/data/bootstrap/azure/files/etc/NetworkManager/dispatcher.d/30-local-dns-prepender.template
+++ b/data/data/bootstrap/azure/files/etc/NetworkManager/dispatcher.d/30-local-dns-prepender.template
@@ -0,0 +1,53 @@
+#!/bin/bash
+IFACE=$1
+STATUS=$2
+case "$STATUS" in
+    up|dhcp4-change|dhcp6-change|dns-change)
+{{if .PlatformData.Azure.UserProvisionedDNS}}
+    logger -s "NM local-dns-prepender triggered by ${1} ${2}."
+
+    # In DHCP connections, the resolv.conf content may be late, thus we wait for nameservers
+    timeout 45s /bin/bash <<EOF
+        if [[ "$STATUS" == dhcp* ]]; then
+            >&2 echo  "NM resolv-prepender: Checking for nameservers in /var/run/NetworkManager/resolv.conf"
+            while ! grep nameserver /var/run/NetworkManager/resolv.conf; do
+                >&2 echo  "NM resolv-prepender: NM resolv.conf still empty of nameserver"
+                sleep 0.5
+            done
+        fi
+EOF
+
+    DNS_IP="127.0.0.1"
+    set +e
+    if systemctl -q is-enabled systemd-resolved; then
+        >&2 echo "NM resolv-prepender: Setting up systemd-resolved for local DNS"
+        if [[ ! -f /etc/systemd/resolved.conf.d/60-kni.conf ]]; then
+            >&2 echo "NM resolv-prepender: Creating /etc/systemd/resolved.conf.d/60-kni.conf"
+            mkdir -p /etc/systemd/resolved.conf.d
+            echo "[Resolve]" > /etc/systemd/resolved.conf.d/60-kni.conf
+            echo "DNS=$DNS_IP" >> /etc/systemd/resolved.conf.d/60-kni.conf
+            echo "Domains=api.{{.ClusterDomain}} api-int.{{.ClusterDomain}} apps.{{.ClusterDomain}}" >> \
+                /etc/systemd/resolved.conf.d/60-kni.conf
+            if systemctl -q is-active systemd-resolved; then
+                >&2 echo "NM resolv-prepender: restarting systemd-resolved"
+                systemctl restart systemd-resolved
+            fi
+        fi
+    else
+	cp -f /var/run/NetworkManager/resolv.conf /etc/resolv.tmp
+        sed -i "/^# Generated by.*$/a nameserver $DNS_IP" /etc/resolv.tmp
+        if cmp -s /etc/resolv.tmp /etc/resolv.conf; then
+            logger -s "NM local-dns-prepender: /etc/resolv.conf is already up to date"
+            rm -f /etc/resolv.tmp
+            exit 0
+
+        else
+	    logger -s "NM local-dns-prepender: overwriting /etc/resolv.conf to add local DNS IP and DNS servers obtained by DHCP"
+            mv -f /etc/resolv.tmp /etc/resolv.conf
+        fi
+    fi
+{{end}}
+    ;;
+    *)
+    ;;
+esac
--- a/pkg/asset/ignition/bootstrap/azure/template.go
+++ b/pkg/asset/ignition/bootstrap/azure/template.go
@@ -0,0 +1,21 @@
+package azure
+
+import (
+	"github.com/openshift/installer/pkg/types/azure"
+	"github.com/openshift/installer/pkg/types/dns"
+)
+
+// TemplateData holds data specific to templates used for the azure platform.
+type TemplateData struct {
+	// UserProvisionedDNS indicates whether this feature has been enabled on Azure
+	UserProvisionedDNS bool
+}
+
+// GetTemplateData returns platform-specific data for bootstrap templates.
+func GetTemplateData(config *azure.Platform) *TemplateData {
+	var templateData TemplateData
+
+	templateData.UserProvisionedDNS = (config.UserProvisionedDNS == dns.UserProvisionedDNSEnabled)
+
+	return &templateData
+}
--- a/pkg/asset/ignition/bootstrap/common.go
+++ b/pkg/asset/ignition/bootstrap/common.go
@@ -29,6 +29,7 @@ import (
 	"github.com/openshift/installer/pkg/asset"
 	"github.com/openshift/installer/pkg/asset/ignition"
 	"github.com/openshift/installer/pkg/asset/ignition/bootstrap/aws"
+	"github.com/openshift/installer/pkg/asset/ignition/bootstrap/azure"
 	"github.com/openshift/installer/pkg/asset/ignition/bootstrap/baremetal"
 	"github.com/openshift/installer/pkg/asset/ignition/bootstrap/gcp"
 	"github.com/openshift/installer/pkg/asset/ignition/bootstrap/vsphere"
@@ -103,6 +104,7 @@ type bootstrapTemplateData struct {
 // template files that are specific to one platform.
 type platformTemplateData struct {
 	AWS       *aws.TemplateData
+	Azure     *azure.TemplateData
 	BareMetal *baremetal.TemplateData
 	VSphere   *vsphere.TemplateData
 	GCP       *gcp.TemplateData
@@ -323,6 +325,8 @@ func (a *Common) getTemplateData(dependencies asset.Parents, bootstrapInPlace bo
 	switch installConfig.Config.Platform.Name() {
 	case awstypes.Name:
 		platformData.AWS = aws.GetTemplateData(installConfig.Config.Platform.AWS)
+	case aztypes.Name:
+		platformData.Azure = azure.GetTemplateData(installConfig.Config.Platform.Azure)
 	case baremetaltypes.Name:
 		platformData.BareMetal = baremetal.GetTemplateData(
 			installConfig.Config.Platform.BareMetal,