From patchwork Sun Jan 19 16:32:14 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Michael Tremer <michael.tremer@ipfire.org>
X-Patchwork-Id: 2708
Return-Path: <development-bounces@lists.ipfire.org>
Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384
	 client-signature ECDSA (P-384) client-digest SHA384)
	(Client CN "mail01.haj.ipfire.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
	by web04.haj.ipfire.org (Postfix) with ESMTPS id 4810hG4HDwz3xY5
	for <patchwork@web04.haj.ipfire.org>; Sun, 19 Jan 2020 16:32:30 +0000 (UTC)
Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384
	 client-signature ECDSA (P-384) client-digest SHA384)
	(Client CN "mail02.haj.ipfire.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
	by mail01.ipfire.org (Postfix) with ESMTPS id 4810hD75fmz24D;
	Sun, 19 Jan 2020 16:32:28 +0000 (UTC)
Received: from mail02.haj.ipfire.org (localhost [127.0.0.1])
	by mail02.haj.ipfire.org (Postfix) with ESMTP id 4810hD5bRJz2yK5;
	Sun, 19 Jan 2020 16:32:28 +0000 (UTC)
Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384
 client-signature ECDSA (P-384) client-digest SHA384)
 (Client CN "mail01.haj.ipfire.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4810hB4vwPz2xmW
 for <development@lists.ipfire.org>; Sun, 19 Jan 2020 16:32:26 +0000 (UTC)
Received: from [127.0.0.1] (localhost [127.0.0.1])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384)
 (Client did not present a certificate)
 by mail01.ipfire.org (Postfix) with ESMTPSA id 4810hB1gqQz24D;
 Sun, 19 Jan 2020 16:32:26 +0000 (UTC)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org;
 s=201909ed25519; t=1579451546;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:cc:mime-version:mime-version:
 content-transfer-encoding:content-transfer-encoding;
 bh=tqUohqbtP3S91XRUN37o89LvrPQgEfFQA00L/4VVsU4=;
 b=K+OMLZ+4CmhmzwAxYfD2/CsfvuhyBrnmfUFsAGOTr0bwewQlbQhksyDA0c2fxMLFHWAVtw
 3g6GejqTWXyxxvCA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org;
 s=201909rsa;
 t=1579451546;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:cc:mime-version:mime-version:
 content-transfer-encoding:content-transfer-encoding;
 bh=tqUohqbtP3S91XRUN37o89LvrPQgEfFQA00L/4VVsU4=;
 b=D2tGP80OMdco5B5F5aKwCFG92Mz3OVzWwXIb540G5c/p4c5bqMeli4Ww6LJSOVEYHA2uKN
 PljHaobyrWhlnnTlH44ctaRK4MkNN2QZGy7bx7GDlOkhGV4CapkrMj7HtowHO0AXbXvosq
 MgvAhxp/wESZ6aZAgpqydcL+5FszVSBUaAT2ZZ00tNGX/5l7plXRnhEQ4B+DsmcMDpMtB9
 eoq+p/WGg/bpf0VMb08k173M6gBI0RW8j7qfFD1MQpc4GOQtOGdWNdq0q0VnFQGmScL/TG
 bBeeVywKGxAHGyKtmGhC/hnBj2p8NmM3M3IUbRDj394K3JwNc89FIQPwMnaOQg==
From: Michael Tremer <michael.tremer@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH] cloud-init: Remove importing DNS settings
Date: Sun, 19 Jan 2020 16:32:14 +0000
Message-Id: <20200119163214.26709-1-michael.tremer@ipfire.org>
MIME-Version: 1.0
X-BeenThere: development@lists.ipfire.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IPFire development talk <development.lists.ipfire.org>
List-Unsubscribe: <https://lists.ipfire.org/mailman/options/development>,
 <mailto:development-request@lists.ipfire.org?subject=unsubscribe>
List-Archive: <http://lists.ipfire.org/pipermail/development/>
List-Post: <mailto:development@lists.ipfire.org>
List-Help: <mailto:development-request@lists.ipfire.org?subject=help>
List-Subscribe: <https://lists.ipfire.org/mailman/listinfo/development>,
 <mailto:development-request@lists.ipfire.org?subject=subscribe>
Cc: Michael Tremer <michael.tremer@ipfire.org>
Errors-To: development-bounces@lists.ipfire.org
Sender: "Development" <development-bounces@lists.ipfire.org>

Those scripts used to import settings from the meta-data services
and wrote them to the local configuration files.

For the DNS settings and Amazon, this is no longer possible because
their DNS servers do not support DNSSEC at all. Therefore we default
to recursor mode.

To be consistent across cloud providers, we are doing the same for
Azure.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 src/initscripts/helper/aws-setup   |  9 ---------
 src/initscripts/helper/azure-setup | 10 ----------
 2 files changed, 19 deletions(-)

diff --git a/src/initscripts/helper/aws-setup b/src/initscripts/helper/aws-setup
index af6d24c8b..cee78a283 100644
--- a/src/initscripts/helper/aws-setup
+++ b/src/initscripts/helper/aws-setup
@@ -115,9 +115,6 @@ import_aws_configuration() {
 		fi
 	fi
 
-	# Import any DNS server settings
-	eval $(/usr/local/bin/readhash <(grep -E "^DNS([0-9])=" /var/ipfire/ethernet/settings 2>/dev/null))
-
 	# Import network configuration
 	# After this, no network connectivity will be available from this script due to the
 	# renaming of the network interfaces for which they have to be shut down
@@ -161,10 +158,6 @@ import_aws_configuration() {
 				# The gateway is always the first IP address in the subnet
 				local gateway="$(to_address $(( netaddress_num + 1 )))"
 
-				# The AWS internal DNS service is available on the second IP address of the VPC
-				local dns1="$(to_address $(( vpc_netaddress_num + 2 )))"
-				local dns2=
-
 				(
 					echo "RED_TYPE=STATIC"
 					echo "RED_DEV=${interface_name}"
@@ -175,8 +168,6 @@ import_aws_configuration() {
 					echo "RED_NETADDRESS=${netaddress}"
 					echo "RED_BROADCAST=${broadcast}"
 					echo "DEFAULT_GATEWAY=${gateway}"
-					echo "DNS1=${DNS1:-${dns1}}"
-					echo "DNS2=${DNS2:-${dns2}}"
 				) >> /var/ipfire/ethernet/settings
 
 				# Import aliases for RED
diff --git a/src/initscripts/helper/azure-setup b/src/initscripts/helper/azure-setup
index 86042a204..d497c43b2 100644
--- a/src/initscripts/helper/azure-setup
+++ b/src/initscripts/helper/azure-setup
@@ -138,9 +138,6 @@ import_azure_configuration() {
 		fi
 	fi
 
-	# Import any DNS server settings
-	eval $(/usr/local/bin/readhash <(grep -E "^DNS([0-9])=" /var/ipfire/ethernet/settings 2>/dev/null))
-
 	# Import network configuration
 	# After this, no network connectivity will be available from this script due to the
 	# renaming of the network interfaces for which they have to be shut down
@@ -175,11 +172,6 @@ import_azure_configuration() {
 				# The gateway is always the first IP address in the subnet
 				local gateway="$(to_address $(( netaddress_num + 1 )))"
 
-				# Microsoft uses a special IP address for DNS
-				# https://blogs.msdn.microsoft.com/mast/2015/05/18/what-is-the-ip-address-168-63-129-16/
-				local dns1="168.63.129.16"
-				local dns2=
-
 				(
 					echo "RED_TYPE=STATIC"
 					echo "RED_DEV=${interface_name}"
@@ -190,8 +182,6 @@ import_azure_configuration() {
 					echo "RED_NETADDRESS=${netaddress}"
 					echo "RED_BROADCAST=${broadcast}"
 					echo "DEFAULT_GATEWAY=${gateway}"
-					echo "DNS1=${DNS1:-${dns1}}"
-					echo "DNS2=${DNS2:-${dns2}}"
 				) >> /var/ipfire/ethernet/settings
 
 				# Import aliases for RED