Improve DNS setup and allow overriding

cloudfoundry-attic / garden-linux

Garden with a linux backend

Apache License 2.0

44 stars 37 forks source link

Improve DNS setup and allow overriding #60

Closed mook-as closed 8 years ago

mook-as commented 8 years ago

The container DNS configuration is initialized in setup.sh, which currently assumes that if /etc/resolv.conf contains exactly the string nameserver 127.0.0.1 it should use the host's IP address instead. This has two problems:

/etc/resolv.conf can contain other things, such as search example.com, or comments (e.g. from having resolvconf(8) installed).
All of 127.0.0.0/8 actually points at localhost (and the DNS server might not listen on non-loopback addresses).

I'd like to:

Be smarter about the localhost check: grep for nameserver lines, and check if anything in the list does not start with 127..
Make it possible to override the list of DNS servers explicitly in a command line argument (something like -dnsServer 8.8.8.8 -dnsServer 4.2.2.1) in case even that fails.

(I'm happy to do the work; got a local concourse setup and everything.)

cf-gitbot commented 8 years ago

We have created an issue in Pivotal Tracker to manage this. You can view the current status of your issue at: https://www.pivotaltracker.com/story/show/114419729.

goonzoid commented 8 years ago

Hi @Mook-as, thanks for raising this.

I think we should probably split this into two issues. 1 is essentially a bug (or just naivety in the existing implementation, take your pick). 2 is a new feature.

What's your use case for Gaden-Linux? Are you using it with Cloud Foundry, Concourse, or something else entirely?

I'm not sure if you're aware, but we're actually in the process of retiring Garden-Linux and replacing it with Guardian, so it may make more sense to fix this there, though we might have to delay that for a little while as we're making a big effort to keep the behaviour of Guardian the same as that of Garden-Linux (warts and all) while we're in the transitional period in order to make the switchover as seamless as possible for Cloud Foundry.

mook-as commented 8 years ago

Hi @goonzoid!

FWIW, I've been chatting with @julz on the public Slack channel; just want to make sure we don't lose track of what's happened so far.

I'm using this with CF, except that our setup is a bit stranger (and less BOSH-y). For reasons that are mostly outside our control, the host has nameserver 127.0.0.n where n > 1. It could also have non-nameserver lines.

Discussion result was that, if we only add the part where we get to specify DNS server overrides, and also do the same with Guardian, it might be acceptable to everybody and get things upstreamed. The only behaviour change would be opt-in, and (for us too) transitioning to Guardian would be easier.

Hopefully everybody agrees with that :) In the mean time, trying to figure out how to propagate that all the way to this kawasaki thing...

mook-as commented 8 years ago

Resolved in those PRs above, no need to keep this alive.