Removing third-party dependencies

[subnetmarco]

Currently Kong relies on dnsmasq and Serf for the following operations:

• dnsmasq: to resolve DNS addresses following the rules in both /etc/hosts and resolv.conf (which nginx doesn't natively support)
• serf: clustering of Kong nodes leveraging its Gossip Protocol.

This functionalities can be written in pure Lua, thus removing the third-party dependencies and simplifying development and deployment of Kong.

Replacing dnsmasq is trivial. We would need to parse /etc/hosts and resolv.conf every x seconds and use that resolution to discover the IP address of the upstream server.

Replacing Serf is a little bit harder, since we would have to build a brand new Lua implementation (I couldn't find any existing library doing this), but having this dependency as a library would fix the current design and all its associated problems. On the bright side of this we wouldn't need to implement all the features that Serf currently implementes, but just the subset that we are using.

[Tieske]

regarding dnsmasq dependency removal;

I'd like to propose the following setup;

• resolver variable in the nginx config stays
• at start Kong parses config info and fills the resolver variable
  1. if the Kong config gets a specific setting, then that is used
  2. if not, Kong parses /etc/resolv.conf and extracts the nameserver entries and injects those in the nginx config
  3. if not found, it injects a default DNS; eg. 8.8.8.8 and 8.8.4.4
• base on an interval, the /etc/hosts file is parsed.
• every request will be matched against the parsed hosts file, If found, the request is adjusted by replacing the hostname with the IP address

This will;

• remove a dependency
• work out-of-the-box,
• reduce support, as Kong is no longer responsible for failed starting/stopping of dnsmasq

Would this work? Thoughts?

[thibaultcha]

base on an interval, the /etc/hosts file is parsed.

I have big doubts about this, since disk IO is blocking.

[subnetmarco]

since disk IO is blocking.

Which is also why nginx doesn't provide this functionality natively. So I retract my statement at the beginning of this issue when I said:

Replacing dnsmasq is trivial. We would need to parse /etc/hosts and resolv.conf every x seconds and use that resolution to discover the IP address of the upstream server.

On a second though, it's not trivial at all. Before dnsmasq we had 8.8.8.8 as a default DNS resolver, but this is wrong for a couple of reasons:

• It completely ignores all the local DNS settings in resolv.conf
• It requires access to the internet in order for Kong to work.

I am not 100% sure we can get rid of this dependency, and I am more inclined we could find a better way of dealing with dependencies like this with a process supervisor like discussed in #928. Thoughts?

[Tieske]

I have big doubts about this, since disk IO is blocking.

correct hadn't thought a bout that one. Alternatively, parse at startup (in master) and use nginx signals to reload. The way it was intended. Even better as it sticks to the standard way of working with nginx.

On a second though, it's not trivial at all. Before dnsmasq we had 8.8.8.8 as a default DNS resolver, but this is wrong for a couple of reasons:

Not if you want a fully compliant resolver. But two important things we do want to achieve are;

• maintain simplicity in setting up Kong, must work out-of-the-box
• no longer be responsible for the supporting processes

And those can be achieved. We need to document that anything more advanced needs a custom DNS. And specifically; when no nameservers are found in the resolv.conf file, we need to issue a big warning in the startup log.

especially dropping the responsibility of managing the dns service is important imo

[jayenashar]

can i chime in with a possibly stupid question? why is the default not like nginx? that is, to resolve hostnames on start using the local /etc/hosts file and resolv.conf configuration?

and another possibly stupid question: why not use inotify to monitor (instead of poll) the local /etc/hosts file and resolv.conf configuration?

[coopr]

dnsmasq was removed https://github.com/Mashape/kong/blob/master/CHANGELOG.md#changed-2

Serf removal is underway and will appear in a future release candidate.