From 03bd0b7f23d4ba7b39016fe0df842baf56cc31be Mon Sep 17 00:00:00 2001
From: Loic Dachary <ldachary@redhat.com>
Date: Thu, 9 Feb 2017 11:21:07 +0100
Subject: [PATCH] dnsmasq must respond to all requests

It is a security issue that should be addressed when running long lived
clusters. But teuthology-openstack is meant to not last more than a few
days.

Signed-off-by: Loic Dachary <ldachary@redhat.com>
---
 teuthology/openstack/setup-openstack.sh | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/teuthology/openstack/setup-openstack.sh b/teuthology/openstack/setup-openstack.sh
index b4c6b2052d..ec52e3a85e 100755
--- a/teuthology/openstack/setup-openstack.sh
+++ b/teuthology/openstack/setup-openstack.sh
@@ -374,6 +374,9 @@ function setup_dnsmasq() {
     local dev=$2
 
     if ! test -f /etc/dnsmasq.d/resolv ; then
+        # FIXME: this opens up dnsmasq to DNS reflection/amplification attacks, and can be reverted
+        # FIXME: once we figure out how to configure dnsmasq to accept DNS queries from all subnets
+        sudo perl -pi -e 's/--local-service//' /etc/init.d/dnsmasq
         resolver=$(grep nameserver /etc/resolv.conf | head -1 | perl -ne 'print $1 if(/\s*nameserver\s+([\d\.]+)/)')
         sudo apt-get -qq install -y --force-yes dnsmasq resolvconf
         echo resolv-file=/etc/dnsmasq-resolv.conf | sudo tee /etc/dnsmasq.d/resolv
-- 
2.39.5