New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Alpine linux doesn't have nsswitch configuration file #367

Closed
wrfly opened this Issue Dec 9, 2017 · 13 comments

Comments

Projects
None yet
8 participants
@wrfly

wrfly commented Dec 9, 2017

~ docker pull alpine:latest                    
latest: Pulling from library/alpine
Digest: sha256:ccba511b1d6b5f1d83825a94f9d5b05528db456d9cf14a1ea1db892c939cda64
Status: Image is up to date for alpine:latest
➜  ~ docker run --rm -ti alpine:latest ls /etc/nsswitch.conf
ls: /etc/nsswitch.conf: No such file or directory
➜  ~ 

Due to this error, the program running based it will never resolve hosts via /etc/hosts but always use DNS.

Users using alpine as their based image should always add an extra nsswitch.conf to it, I think it's not very friendly and we should add the configuration file by default.

@ApsOps

This comment has been minimized.

ApsOps commented Dec 14, 2017

We're facing this too. I noticed that our pods in Kubernetes were making DNS calls for localhost as well.

@llitfkitfk

This comment has been minimized.

llitfkitfk commented Dec 15, 2017

same issue

@tianon

This comment has been minimized.

Collaborator

tianon commented Dec 15, 2017

The only place we've seen issues with this in the official images is in Go-based binaries (since Go itself uses nsswitch.conf), which is why the Docker-in-Docker official image (and a few other Go-based images) includes a generated nsswitch.conf: https://github.com/docker-library/docker/pull/84/files (and we're likely to add something similar to the Alpine variants of the Go official image at some point)

What I'm not clear on is whether there are other bits of software in Alpine that aren't using Go which read this file?

In digging for docker-library/docker#84, I noticed that Alpine had /etc/nsswitch.conf once upon a time (https://git.alpinelinux.org/cgit/alpine-baselayout/tree/nsswitch.conf?id=d81dc473af456d97e670ccfe78a30dce96d01284), and it was removed years ago without much detail as to why (https://git.alpinelinux.org/cgit/alpine-baselayout/commit/nsswitch.conf?id=86d10e4ceb7c8a5aeb2b772f8b91c28cd6a82c6b), but I presume it's because it's not used by any of Alpine's packages.

@llitfkitfk

This comment has been minimized.

@wrfly

This comment has been minimized.

wrfly commented Dec 15, 2017

Hello @tianon , I tested Python in alpine, and Python do read /etc/hosts before lookup in DNS.

I'm not sure missing nsswitch.conf is a bug since other software didn't use it nor alpine itself. But adding this configuration file by default maybe more friendly to other software who use it, as for many binary use alpine as its base image or run-time image.

What do you think?

@ncopa

This comment has been minimized.

Collaborator

ncopa commented Dec 28, 2017

As @tianon mentions and as commented here: docker-library/docker#82 (comment) it is Go that is hardcoded to behave as glibc (dns first and then use hosts if it fails) if there is no /etc/nsswitch.conf. musl libc does not use this file at all since it does not implement NSS. I'd say that this is a bug in Go which assumes that linux always is glibc.

@wrfly

This comment has been minimized.

wrfly commented Dec 29, 2017

@ncopa got that

@wrfly wrfly closed this Dec 29, 2017

@thaJeztah

This comment has been minimized.

thaJeztah commented Dec 29, 2017

Does this need a bug/enhancement request in Golang?

@wrfly

This comment has been minimized.

wrfly commented Feb 1, 2018

Helo @thaJeztah I'm really Sorry about the delay reply...

I'm not sure whether it is a bug because we can not create a nsswitch.conf for others nor help others made the choice. I'm pretty confused about that since it's not Alpine's fault nor the golang.I thought it's just because we chose alpine as our based image(because of the image size).

@thaJeztah

This comment has been minimized.

thaJeztah commented Feb 1, 2018

Well, mainly was looking at;

I'd say that this is a bug in Go which assumes that linux always is glibc.

Wondering if that needs a solution / should be customisable

@primeroz

This comment has been minimized.

primeroz commented Sep 25, 2018

Isn't GO one of the main reasons to use Alpine , especially in Kubernetes ?
As far as i understand that this is a GO issue for assuming it is running on glibc is still something that would require a better fix than just say "is a GO Bug" ... is there any known workaround other than having a "localhost" fixed record in the dns ?

I end up with hundreds of request in my dns for "localhost.(Any Number of search domains)"

@tianon

This comment has been minimized.

Collaborator

tianon commented Sep 26, 2018

The simplest workaround is to create for yourself a trivial one-line nsswitch.conf, as in: https://github.com/docker-library/golang/blob/301d61ac921c9173086e6db1429a4916d894919f/1.11/alpine3.8/Dockerfile#L9

# set up nsswitch.conf for Go's "netgo" implementation
# - https://github.com/golang/go/blob/go1.9.1/src/net/conf.go#L194-L275
# - docker run --rm debian:stretch grep '^hosts:' /etc/nsswitch.conf
RUN [ ! -e /etc/nsswitch.conf ] && echo 'hosts: files dns' > /etc/nsswitch.conf
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment