2014-08-19

OpenShift Enterprise and DNS resolution

After installing OpenShift Enterprise using local Virtual Machine managed by libvirt we can access the applications running on OSE from host machine simply by adding correct nameserver to /etc/resolv.conf.

This will however break DNS name resolution inside guest machine. The reason is the way how libvirt set's up networking for guests.

libvirt runs dnsmasq DHCP and caching DNS server and it's visible from guest machines (by default) under 192.168.122.1 IPv4 address. Here's /etc/resolv.conf from guest machine:

# Generated by NetworkManager
search openshift.example.com
nameserver 127.0.0.1     # local named daemon configured to resolve names under openshift.example.com domain
nameserver 192.168.122.1 # DNS server from libvirt. this by default uses host's /etc/resolv.conf

If you add nameserver OSE guest IP to host's /etc/resolv.conf you may be able to resolve *.openshift.example.com addresses from your host, but it will prevent guest from resolving DNS names. Guest will try:

  • 127.0.0.1 which resolves only names under openshift.example.com domain
  • 192.168.122.1 - host's dnsmasq daemon which uses /etc/resolv.conf and ... tries guests DNS server first which fails to resolve names

I wasn't able to configure libvirt to specify other options for dnsmasq. The simplest thing to do is to restart dnsmasq daemon specyfying alternative DNS servers found in your /etc/resolv.conf without OSE DNS nameserver:

# ps -ef | grep dnsmasq | grep -v grep
nobody   32399     1  0 11:01 ?        00:00:00 /sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf
# kill $(pgrep dnsmasq)
# /sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf --local <one of nameservers from /etc/resolv.conf>

After this I was able to resolve both *.openshift.example.com names from host machine and all names from OSE VM.