修复在未配置DNS时，出现解析HOST失败的问题

2023-06-29 18:45:15 +08:00
parent 2ae5c6aaa3
commit 21c33d832b
3 changed files with 75 additions and 0 deletions
--- a/ansible/roles/k3s-install/files/service_set_coredns_forwarding.conf
+++ b/ansible/roles/k3s-install/files/service_set_coredns_forwarding.conf
@@ -0,0 +1,2 @@
+[Service]
+ExecStartPost=/usr/bin/timeout 600 /usr/libexec/k3s/update-coredns-forwarding.sh
--- a/ansible/roles/k3s-install/files/update-coredns-forwarding.sh
+++ b/ansible/roles/k3s-install/files/update-coredns-forwarding.sh
@@ -0,0 +1,62 @@
+#!/bin/bash
+set -eufo pipefail
+
+# The absolute path to the containerd socket.
+readonly CONTAINERD_SOCK='/run/k3s/containerd/containerd.sock'
+
+# The absolute path to the CoreDNS manifest file.
+readonly COREDNS_YAML='/var/lib/rancher/k3s/server/manifests/coredns.yaml'
+
+get_file_mtime() {
+    # Get file "$1" mtime in Epoch seconds.
+    stat -c '%Y' "$1"
+}
+
+wait_for_file() {
+    # Wait for file "$1" to exist.
+    until [[ -e "$1" ]]; do
+        sleep 1
+    done
+}
+
+wait_for_newer_mtime() {
+    # Wait for file "$1" to have newer mtime than file "$2".
+    until [[ $(get_file_mtime "$1") -gt $(get_file_mtime "$2") ]]; do
+        sleep 1
+    done
+}
+
+get_nameservers() {
+    # Get a list of DNS nameservers defined in /etc/resolv.conf.
+    if [[ -e /etc/resolv.conf ]]; then
+        awk '($1=="nameserver"){print $2}' /etc/resolv.conf
+    fi
+}
+
+restart_coredns_deployment() {
+    # Restart the CoreDNS deployment.
+    kubectl --kubeconfig /etc/rancher/k3s/k3s.yaml --namespace kube-system \
+        rollout restart deployment coredns
+}
+
+update_coredns_forwarding() {
+    # Comment out "forward" line in the CoreDNS manifest (i.e., Corefile) if
+    # there are no DNS nameservers configured on the host. If the manifest
+    # was updated, restart CoreDNS.
+    local nameservers
+    mapfile -t nameservers < <(get_nameservers)
+    if [[ "${#nameservers[@]}" -eq 0 ]]; then
+        echo 'Disabling CoreDNS host forwarding ...'
+        sed -i 's/\(^\s\+\)forward/\1#forward/' "$COREDNS_YAML"
+        restart_coredns_deployment
+    fi
+}
+
+main() {
+    wait_for_file "$CONTAINERD_SOCK"
+    wait_for_file "$COREDNS_YAML"
+    wait_for_newer_mtime "$COREDNS_YAML" "$CONTAINERD_SOCK"
+    update_coredns_forwarding
+}
+
+main
--- a/ansible/roles/k3s-install/tasks/main.yml
+++ b/ansible/roles/k3s-install/tasks/main.yml
@@ -84,6 +84,17 @@
    src: "{{ role_path }}/files/service_set_RuntimeMaxSec.conf"
    dest: /usr/lib/systemd/system/k3s.service.d/

+- name: "copy update-coredns-forwarding file to dest"
+  copy:
+    src: "{{ role_path }}/files/service_set_coredns_forwarding.conf"
+    dest: /usr/lib/systemd/system/k3s.service.d/
+
+- name: "copy  update-coredns-forwarding to dest"
+  copy:
+    src: "{{ role_path }}/files/update-coredns-forwarding.sh"
+    dest: /usr/libexec/k3s/update-coredns-forwarding.sh
+    mode: 0755
+
 - name: "copy k3s-orphaned-pods-dir-clean.service to destination"
  copy:
    src: "{{ role_path }}/files/k3s-orphaned-pods-dir-clean.service"