Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Configure systemd-resolved on bionic+ images #1135

Merged
merged 1 commit into from Oct 12, 2018

Conversation

odyssey4me
Copy link
Contributor

@odyssey4me odyssey4me commented Oct 12, 2018

In Ubuntu Bionic onwards, systemd-resolved is enabled by
default.

We have glean to setup the interfaces and the resolvers
from config-drive. Ideally we'd like glean to configure
systemd-resolved properly, but it can't do that right
now.

We've tried the following:

  1. Disabling systemd-resolved. This causes other services
    which are set to depend on it not to start, so the VM
    never boots.
  2. Using resolvconf. This has the same problem as glean -
    systemd-resolved keeps changing the config to something
    broken.

So, as a workaround, we implement a static config here with
public DNS servers.

Issue: RI-514

In Ubuntu Bionic onwards, systemd-resolved is enabled by
default.

We have glean to setup the interfaces and the resolvers
from config-drive. Ideally we'd like glean to configure
systemd-resolved properly, but it can't do that right
now.

We've tried the following:

1. Disabling systemd-resolved. This causes other services
   which are set to depend on it not to start, so the VM
   never boots.
2. Using resolvconf. This has the same problem as glean -
   systemd-resolved keeps changing the config to something
   broken.

So, as a workaround, we implement a static config here with
public DNS servers.

JIRA: RI-514
@odyssey4me odyssey4me self-assigned this Oct 12, 2018
@odyssey4me odyssey4me requested review from d34dh0r53, prometheanfire, Alfano93 and dealako and removed request for Alfano93 October 12, 2018 19:16
# resolver.
echo 'nameserver 8.8.8.8' > /etc/resolv.conf
sed -i 's/^#DNS=.*/DNS=8.8.8.8/' /etc/systemd/resolved.conf
sed -i 's/^#FallbackDNS=.*/FallbackDNS=8.8.4.4/' /etc/systemd/resolved.conf
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd prefer just one or the other. I think you should just set fallbackdns (you can set both servers there). Once /etc/resolv.conf is configured by glean that would be used. If you set DNS it will not get overridden.

For compatibility reasons, if this setting is not specified, the DNS servers listed in /etc/resolv.conf are used instead, if that file exists and any servers are configured in it. This setting defaults to the empty list.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fallbackdns

A space-separated list of IPv4 and IPv6 addresses to use as the fallback DNS servers. Any per-link DNS servers obtained from systemd-networkd.service(8) take precedence over this setting, as do any servers set via DNS= above or /etc/resolv.conf. This setting is hence only used if no other DNS server information is known. If this option is not given, a compiled-in list of DNS servers is used instead.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That does make sense, except that this is a tested to work config. Once clean is updated we'll remove this whole block again. I'm skeptical about the statement that the fallbackdns has a hard-coded set which it uses if not configured, because we had jobs failing with nothing configured here. At this point I'd rather just get this in and move on.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

you have to define a fallback in order for it to be used

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah, OK. Perhaps it'll make sense to keep a fallback in place, even when glean is fixed. I'll do a PR on Monday and test with it. Thanks for digging into this and helping!

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

wfm, as you say, this can all hopefully be removed eventually

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

PR up to switch to fallbackdns only: #1137

@odyssey4me odyssey4me merged commit 500764e into rcbops:master Oct 12, 2018
@odyssey4me odyssey4me deleted the RI-514 branch October 12, 2018 19:36
odyssey4me pushed a commit to odyssey4me/rpc-gating that referenced this pull request Oct 15, 2018
In rcbops#1135 we configured
systemd-resolved in nodepool bionic images to ensure that they
are able to resolve DNS until glean is fixed to configured the
systemd-networkd interfaces with DNS as well.

To ensure that the glean configuration will take preference when
a fix is included in the release, we switch the DNS configuration
here to be a fallback only. Any systemd-networkd will then take
preference, but fall back to this configuration if that does not
work.

JIRA: RI-514
odyssey4me pushed a commit to odyssey4me/rpc-gating that referenced this pull request Oct 15, 2018
In rcbops#1135 we configured
systemd-resolved in nodepool bionic images to ensure that they
are able to resolve DNS until glean is fixed to configured the
systemd-networkd interfaces with DNS as well.

To ensure that the glean configuration will take preference when
a fix is included in the release, we switch the DNS configuration
here to be a fallback only. Any systemd-networkd will then take
preference, but fall back to this configuration if that does not
work.

JIRA: RI-514
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

4 participants