From e5e43ecb4e48a2b99a44609abea5a39549b6dfa5 Mon Sep 17 00:00:00 2001
From: Sandhya Dasu <sdasu@redhat.com>
Date: Fri, 1 Aug 2025 12:24:06 -0400
Subject: [PATCH] CORS-4085: Azure custom-dns: Keep resolv.conf on bootstrap
 node updated

When custom-dns is enabled, the resolv.conf file on the bootstrap node
needs to be kept updated to point to localhost(127.0.0.1) where the
local static CoreDNS pod is providing DNS for API and API-Int.

After initial creation of the resolv.conf file it needs to be kept
upated in case it gets overwritten by Network Manager.
---
 .../30-local-dns-prepender.template           | 53 +++++++++++++++++++
 .../ignition/bootstrap/azure/template.go      | 21 ++++++++
 pkg/asset/ignition/bootstrap/common.go        |  4 ++
 3 files changed, 78 insertions(+)
 create mode 100644 data/data/bootstrap/azure/files/etc/NetworkManager/dispatcher.d/30-local-dns-prepender.template
 create mode 100644 pkg/asset/ignition/bootstrap/azure/template.go

diff --git a/data/data/bootstrap/azure/files/etc/NetworkManager/dispatcher.d/30-local-dns-prepender.template b/data/data/bootstrap/azure/files/etc/NetworkManager/dispatcher.d/30-local-dns-prepender.template
new file mode 100644
index 0000000000..67b01fe893
--- /dev/null
+++ b/data/data/bootstrap/azure/files/etc/NetworkManager/dispatcher.d/30-local-dns-prepender.template
@@ -0,0 +1,53 @@
+#!/bin/bash
+IFACE=$1
+STATUS=$2
+case "$STATUS" in
+    up|dhcp4-change|dhcp6-change|dns-change)
+{{if .PlatformData.Azure.UserProvisionedDNS}}
+    logger -s "NM local-dns-prepender triggered by ${1} ${2}."
+
+    # In DHCP connections, the resolv.conf content may be late, thus we wait for nameservers
+    timeout 45s /bin/bash <<EOF
+        if [[ "$STATUS" == dhcp* ]]; then
+            >&2 echo  "NM resolv-prepender: Checking for nameservers in /var/run/NetworkManager/resolv.conf"
+            while ! grep nameserver /var/run/NetworkManager/resolv.conf; do
+                >&2 echo  "NM resolv-prepender: NM resolv.conf still empty of nameserver"
+                sleep 0.5
+            done
+        fi
+EOF
+
+    DNS_IP="127.0.0.1"
+    set +e
+    if systemctl -q is-enabled systemd-resolved; then
+        >&2 echo "NM resolv-prepender: Setting up systemd-resolved for local DNS"
+        if [[ ! -f /etc/systemd/resolved.conf.d/60-kni.conf ]]; then
+            >&2 echo "NM resolv-prepender: Creating /etc/systemd/resolved.conf.d/60-kni.conf"
+            mkdir -p /etc/systemd/resolved.conf.d
+            echo "[Resolve]" > /etc/systemd/resolved.conf.d/60-kni.conf
+            echo "DNS=$DNS_IP" >> /etc/systemd/resolved.conf.d/60-kni.conf
+            echo "Domains=api.{{.ClusterDomain}} api-int.{{.ClusterDomain}} apps.{{.ClusterDomain}}" >> \
+                /etc/systemd/resolved.conf.d/60-kni.conf
+            if systemctl -q is-active systemd-resolved; then
+                >&2 echo "NM resolv-prepender: restarting systemd-resolved"
+                systemctl restart systemd-resolved
+            fi
+        fi
+    else
+	cp -f /var/run/NetworkManager/resolv.conf /etc/resolv.tmp
+        sed -i "/^# Generated by.*$/a nameserver $DNS_IP" /etc/resolv.tmp
+        if cmp -s /etc/resolv.tmp /etc/resolv.conf; then
+            logger -s "NM local-dns-prepender: /etc/resolv.conf is already up to date"
+            rm -f /etc/resolv.tmp
+            exit 0
+
+        else
+	    logger -s "NM local-dns-prepender: overwriting /etc/resolv.conf to add local DNS IP and DNS servers obtained by DHCP"
+            mv -f /etc/resolv.tmp /etc/resolv.conf
+        fi
+    fi
+{{end}}
+    ;;
+    *)
+    ;;
+esac
diff --git a/pkg/asset/ignition/bootstrap/azure/template.go b/pkg/asset/ignition/bootstrap/azure/template.go
new file mode 100644
index 0000000000..0689fdff4c
--- /dev/null
+++ b/pkg/asset/ignition/bootstrap/azure/template.go
@@ -0,0 +1,21 @@
+package azure
+
+import (
+	"github.com/openshift/installer/pkg/types/azure"
+	"github.com/openshift/installer/pkg/types/dns"
+)
+
+// TemplateData holds data specific to templates used for the azure platform.
+type TemplateData struct {
+	// UserProvisionedDNS indicates whether this feature has been enabled on Azure
+	UserProvisionedDNS bool
+}
+
+// GetTemplateData returns platform-specific data for bootstrap templates.
+func GetTemplateData(config *azure.Platform) *TemplateData {
+	var templateData TemplateData
+
+	templateData.UserProvisionedDNS = (config.UserProvisionedDNS == dns.UserProvisionedDNSEnabled)
+
+	return &templateData
+}
diff --git a/pkg/asset/ignition/bootstrap/common.go b/pkg/asset/ignition/bootstrap/common.go
index 60094546c0..832e6c7a0f 100644
--- a/pkg/asset/ignition/bootstrap/common.go
+++ b/pkg/asset/ignition/bootstrap/common.go
@@ -29,6 +29,7 @@ import (
 	"github.com/openshift/installer/pkg/asset"
 	"github.com/openshift/installer/pkg/asset/ignition"
 	"github.com/openshift/installer/pkg/asset/ignition/bootstrap/aws"
+	"github.com/openshift/installer/pkg/asset/ignition/bootstrap/azure"
 	"github.com/openshift/installer/pkg/asset/ignition/bootstrap/baremetal"
 	"github.com/openshift/installer/pkg/asset/ignition/bootstrap/gcp"
 	"github.com/openshift/installer/pkg/asset/ignition/bootstrap/vsphere"
@@ -103,6 +104,7 @@ type bootstrapTemplateData struct {
 // template files that are specific to one platform.
 type platformTemplateData struct {
 	AWS       *aws.TemplateData
+	Azure     *azure.TemplateData
 	BareMetal *baremetal.TemplateData
 	VSphere   *vsphere.TemplateData
 	GCP       *gcp.TemplateData
@@ -323,6 +325,8 @@ func (a *Common) getTemplateData(dependencies asset.Parents, bootstrapInPlace bo
 	switch installConfig.Config.Platform.Name() {
 	case awstypes.Name:
 		platformData.AWS = aws.GetTemplateData(installConfig.Config.Platform.AWS)
+	case aztypes.Name:
+		platformData.Azure = azure.GetTemplateData(installConfig.Config.Platform.Azure)
 	case baremetaltypes.Name:
 		platformData.BareMetal = baremetal.GetTemplateData(
 			installConfig.Config.Platform.BareMetal,