Remove "netinfo" from IPSources

[sargun]

We added NetInfo to IPSources in 0.4, which allows Mesos-DNS to pull A record information from the "NetworkInfo" field in state.json. In our understanding this was only to be used by the modules which were using this for customizing the IPs per container.

Unfortunately, this was not the case! The docker containerizer uses NetworkInfo as well, and can set the inside container of the IP in NetworkInfo. This means that this becomes the A record in Mesos-DNS, rendering the container inaccessible.

There are a couple things here:

• Remove NetInfo from the default list of IPSources in Mesos-DNS

• Add it back in, but with a reachability-checker, that does an ICMP ping before allowing an address to be marked as valid.

  This would require that people either run Mesos-DNS as root, or we configure: net.ipv4.ping_group_range

[sargun]

@jdef As a stop-gap, I think rather than removing "netinfo" as a source in config.go, we add the "sources" field to config.json.sample, and set it to ["mesos", "host"]. That way, it doesn't break old installations relying on the behaviour, but everyone who starts from the config.json.sample is in good shape.

https://github.com/mesosphere/mesos-dns/pull/370

[jdef]

Some thoughts:

• if we're not removing it from the coded defaults, then it needs to be very clear from the documentation that - by default - users can expect to encounter problems w/ mesos-dns and a docker-based cluster unless they remove netinfo from config.ipsources. though i'm more inclined to make the change to the coded defaults for ipsources since docker, by default, breaks mesos-dns for people (given our current defaults list).
• ideally we'd have a labels or source field associated with each IPAddress so that we could apply some better filtering, otherwise we have no idea which IP's come from the docker containerizer, or some random mesos networking module.
• reachability checks: i'd rather see this written up as a separate proposal so that we can flesh out requirements and any potential concerns (e.g. scalability of pinging for reachability in cluster w/ 1 million tasks).

On Tue, Nov 24, 2015 at 12:13 PM, Sargun Dhillon notifications@github.com wrote:

@jdef https://github.com/jdef As a stop-gap, I think rather than removing "netinfo" as a source in config.go, we add the "sources" field to config.json.sample, and set it to ["mesos", "host"]. That way, it doesn't break old installations relying on the behaviour, but everyone who starts from the config.json.sample is in good shape.

— Reply to this email directly or view it on GitHub https://github.com/mesosphere/mesos-dns/issues/369#issuecomment-159344444 .

[jdef]

477