Multiple dnsmasq::dnsserver statements end up being re-ordered all of the time

[berlincount]

Tested with Puppet 3.7.3 on Ruby 1.8.7 on CentOS 6.7 with a minimal wrapper recipe:

class our_dnsmasq(
  $dnsservers,
  $domain,
  $searchpath = [],
  $interface  = 'eth0',
) {
    # run locally only, try to resolve everything (via upstream)
    class { '::dnsmasq':
      interface => 'lo',
      domain    => $domain
    }

    # give explicit upstream domains / servers
    create_resources(dnsmasq::dnsserver, $dnsservers)

    file {
      # this should not be necessary, but deps are broken in lex-dnsmasq
      '/etc/dnsmasq.conf':
        ensure  => present,
        notify  => Service['dnsmasq'],
        require => Concat_File['/etc/dnsmasq.conf'];
      # inject --all-servers parameter that can't be given via config
      '/etc/init.d/dnsmasq':
        ensure  => present,
        source  => 'puppet:///modules/our_dnsmasq/dnsmasq.rc',
        mode    => '0555',
        require => Package['dnsmasq'],
        notify  => Service['dnsmasq'];
    }
     # define network interface explicitly, and disable resolv.conf rewriting
    our_network::interface {
        $interface:
          peerdns => 'no';
    }

    # configure resolv.conf explicitly
    class { '::resolv_conf':
      nameservers => ['127.0.0.1'],
      searchpath  => $searchpath,
      domainname  => $domain
    }
}

when $dnsservers = { "ns1" => "1.2.3.4", "ns2" => "4.3.2.1" }, /etc/dnsmasq.conf oscillates between

# MAIN CONFIG START
domain-needed
bogus-priv
strict-order
port=53

interface=lo
expand-hosts
domain=my.domain
cache-size=1000
conf-dir=/etc/dnsmasq.d
#MAIN CONFIG END

# EXTENDED CONFIG
# EXTENDED CONFIG END

server=1.2.3.4
server=4.3.2.1

and

# MAIN CONFIG START
domain-needed
bogus-priv
strict-order
port=53

interface=lo
expand-hosts
domain=in.here.com
cache-size=1000
conf-dir=/etc/dnsmasq.d
#MAIN CONFIG END

# EXTENDED CONFIG
# EXTENDED CONFIG END

server=4.3.2.1
server=1.2.3.4

... with dnsmasq restarts on almost every Puppet run.

(the weird dependency issue and adding --all-servers are out of scope for this moderately urgent issue)

My usecase is caching multiple high(er) latency upstream forwarders.

Do you have any advice?

[rlex]

Honestly never tried it this way (and i hasn't used this module for a long time now).

what happens if you just specify multiple dnsmasq::dnsserver classes?

[berlincount]

I'd guess the same. order = 12 for the concat fragment would make them end up the same way in a non-ordered hash. I'd have to test - but maybe writing a test-case for this module might be more useful. I can't really get around having this configurable / using create_resources in our setup.

[rlex]

the one with first name (by alphabet) will run first, at least it was working before.
so something like this

dnsmasq::dnsserver { '1-server': 
  ip => '1.1.1.1'
}

dnsmasq::dnsserver { '2-server':
  ip => '2.2.2.2'
}

And 1-server should be first. Again, it was that way. Maybe something has changed in concat/puppet.

[berlincount]

Are you sure this holds for Ruby < 1.9?

[berlincount]

I'm tempted to solve this by dropping files in /etc/dnsmasq.d/server-${name}.conf with the same template.

[rlex]

Should be irrelevant to ruby version. This module was written back in the day when puppet 2.7 was "newest release" and 1.8.7 was default package in debian.

[berlincount]

Ruby >= 1.9 has ordered hashes while Ruby 1.8.7 hasn't. We're always suffering from that here ;)

[rlex]

well then, strange that it worked before.
At least we had really big config (more than 1000 lines) and we never faced random restarts of dnsmasq by puppet. I still have it stashed somewhere...

But right now i can't help - i do not have puppet box near me and i can't test it.

[berlincount]

I just noticed I'm using the Puppetforge version, which is quite different to the current one on github ...

[rlex]

checked master version yet?

[berlincount]

nope, just abandoned using the module altogether - I can only use Puppetforge modules here right now, and just reimplemented what I need myself.

[rlex]

ah, ok then. Module on puppetforge is "stable" and i can't test new version right now due to absence of test env, sadly.