New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Configure systemd-resolved on bionic+ images #1135
Conversation
In Ubuntu Bionic onwards, systemd-resolved is enabled by default. We have glean to setup the interfaces and the resolvers from config-drive. Ideally we'd like glean to configure systemd-resolved properly, but it can't do that right now. We've tried the following: 1. Disabling systemd-resolved. This causes other services which are set to depend on it not to start, so the VM never boots. 2. Using resolvconf. This has the same problem as glean - systemd-resolved keeps changing the config to something broken. So, as a workaround, we implement a static config here with public DNS servers. JIRA: RI-514
# resolver. | ||
echo 'nameserver 8.8.8.8' > /etc/resolv.conf | ||
sed -i 's/^#DNS=.*/DNS=8.8.8.8/' /etc/systemd/resolved.conf | ||
sed -i 's/^#FallbackDNS=.*/FallbackDNS=8.8.4.4/' /etc/systemd/resolved.conf |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd prefer just one or the other. I think you should just set fallbackdns (you can set both servers there). Once /etc/resolv.conf is configured by glean that would be used. If you set DNS it will not get overridden.
For compatibility reasons, if this setting is not specified, the DNS servers listed in /etc/resolv.conf are used instead, if that file exists and any servers are configured in it. This setting defaults to the empty list.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
fallbackdns
A space-separated list of IPv4 and IPv6 addresses to use as the fallback DNS servers. Any per-link DNS servers obtained from systemd-networkd.service(8) take precedence over this setting, as do any servers set via DNS= above or /etc/resolv.conf. This setting is hence only used if no other DNS server information is known. If this option is not given, a compiled-in list of DNS servers is used instead.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That does make sense, except that this is a tested to work config. Once clean is updated we'll remove this whole block again. I'm skeptical about the statement that the fallbackdns has a hard-coded set which it uses if not configured, because we had jobs failing with nothing configured here. At this point I'd rather just get this in and move on.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
you have to define a fallback in order for it to be used
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah, OK. Perhaps it'll make sense to keep a fallback in place, even when glean is fixed. I'll do a PR on Monday and test with it. Thanks for digging into this and helping!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
wfm, as you say, this can all hopefully be removed eventually
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
PR up to switch to fallbackdns only: #1137
In rcbops#1135 we configured systemd-resolved in nodepool bionic images to ensure that they are able to resolve DNS until glean is fixed to configured the systemd-networkd interfaces with DNS as well. To ensure that the glean configuration will take preference when a fix is included in the release, we switch the DNS configuration here to be a fallback only. Any systemd-networkd will then take preference, but fall back to this configuration if that does not work. JIRA: RI-514
In rcbops#1135 we configured systemd-resolved in nodepool bionic images to ensure that they are able to resolve DNS until glean is fixed to configured the systemd-networkd interfaces with DNS as well. To ensure that the glean configuration will take preference when a fix is included in the release, we switch the DNS configuration here to be a fallback only. Any systemd-networkd will then take preference, but fall back to this configuration if that does not work. JIRA: RI-514
In Ubuntu Bionic onwards, systemd-resolved is enabled by
default.
We have glean to setup the interfaces and the resolvers
from config-drive. Ideally we'd like glean to configure
systemd-resolved properly, but it can't do that right
now.
We've tried the following:
which are set to depend on it not to start, so the VM
never boots.
systemd-resolved keeps changing the config to something
broken.
So, as a workaround, we implement a static config here with
public DNS servers.
Issue: RI-514