Database connection fails because of failed name resolution

[MasinAD]

Subject of the issue

I configured the MariaDB connection in the environment file.

DATABASE_URL=mysql://vaultwarden:<password>@db:3306/vaultwarden

On startup I get

Dec 28 01:04:22 vaultwarden vaultwarden[1132]: [2022-12-28 01:04:22.611][vaultwarden::util][WARN] Can't connect to database, retrying: DieselCon.
Dec 28 01:04:22 vaultwarden vaultwarden[1132]: [CAUSE] BadConnection(
Dec 28 01:04:22 vaultwarden vaultwarden[1132]:     "Unknown server host 'db' (-3)",
Dec 28 01:04:22 vaultwarden vaultwarden[1132]: )

Deployment environment

• vaultwarden version: 1.27

• Install method: binary extracted from Docker image
• MySQL/MariaDB or PostgreSQL version: mariadb Ver 15.1 Distrib 10.5.18-MariaDB, for debian-linux-gnu (x86_64) using EditLine wrapper
• Other relevant details: My setup consists of systemd-nspawn containers connected in a private virtual network zone

  [Network]
  VirtualEthernet=yes
  Private=yes
  Zone=persephone

  The db nspawn container has a similar config. This setup works.

  root@vaultwarden:~# getent ahosts db
  169.254.102.26  STREAM db
  169.254.102.26  DGRAM  
  169.254.102.26  RAW    
  192.168.104.15  STREAM 
  192.168.104.15  DGRAM  
  192.168.104.15  RAW    
  fe80::f836:5aff:fe6c:d3fd STREAM 
  fe80::f836:5aff:fe6c:d3fd DGRAM  
  fe80::f836:5aff:fe6c:d3fd RAW    
  root@vaultwarden:~# host db
  db has address 169.254.102.26
  db has address 192.168.104.15
  db has IPv6 address fe80::f836:5aff:fe6c:d3fd

  Steps to reproduce

  Setup two systemd-nspawn containers by bootstrapping Debian Bullseye. Name one db and the other vaultwarden. Install MariaDB in the first and the vaultwarden binary in the second (together with the web-vault).

Create a systemd service unit file:

# /etc/systemd/system/vaultwarden.service
[Unit]
Description=Vaultwarden
Documentation=https://github.com/dani-garcia/vaultwarden
After=network.target

[Service]
Type=simple
EnvironmentFile=/etc/default/vaultwarden
ExecStart=/usr/local/bin/vaultwarden

# Set reasonable connection and process limits
LimitNOFILE=1048576
LimitNPROC=64
# Isolate vaultwarden from the rest of the system
PrivateTmp=true
PrivateDevices=true
ProtectHome=true
ProtectSystem=strict

Restart=always
RestartSec=10
WorkingDirectory=/srv/vaultwarden/
ReadWriteDirectories=/srv/vaultwarden/ 
User=vaultwarden
Group=vaultwarden

[Install]
WantedBy=multi-user.target

Create a system user and a system group, both named vaultwarden

Expected behaviour

Vaultwarden connects to the database by simply resolving the database name using system standards

Actual behaviour

Vaultwarden fails to connect because Diesel seems to not resolve the name correctly.

Troubleshooting data

[MasinAD]

For the record, my workaround is providing the db host's IP address. But I'd like to resolve names in case of rebooting everything and the host then getting a different IP address. DHCP and DNS are cool if they work and are properly applied ;-).

[BlackDex]

Not sure that we can help here. Resolving normally goes via the resolving provided by system it self. If this is a diesel issue, then a issue report there would be better.

What happens if you use getent to try and resolve the host within your nspawn container? Or any other resolving tool?

[MasinAD]

I agree I should report this to Diesel. Done here: https://github.com/diesel-rs/diesel/issues/3463

I already posted the output of getent ahosts db and host db but I paste it here:

root@vaultwarden:~# getent ahosts db
169.254.102.26  STREAM db
169.254.102.26  DGRAM  
169.254.102.26  RAW    
192.168.104.15  STREAM 
192.168.104.15  DGRAM  
192.168.104.15  RAW    
fe80::f836:5aff:fe6c:d3fd STREAM 
fe80::f836:5aff:fe6c:d3fd DGRAM  
fe80::f836:5aff:fe6c:d3fd RAW    
root@vaultwarden:~# host db
db has address 169.254.102.26
db has address 192.168.104.15
db has IPv6 address fe80::f836:5aff:fe6c:d3fd

Resolving actually works. But Diesel does not like it.