Add additional listen-address to CRC dnsmasq service #1761
Conversation
This comment was marked as outdated.
This comment was marked as outdated.
lewisdenny
force-pushed
the
configure_listen-address
branch
3 times, most recently
from
5765fda to
9521796
Compare
This comment was marked as outdated.
This comment was marked as outdated.
lewisdenny
force-pushed
the
configure_listen-address
branch
3 times, most recently
from
ce1b86c to
2af85ca
Compare
| become: true | ||
| vars: | ||
| _original_listen_address: "listen-address={{ hostvars['crc'].ansible_host }}" | ||
| ansible.builtin.replace: |
There was a problem hiding this comment.
iirc, we could just use ansible.builtin.lineinfile and add the new listen-address - dnsmasq should listen on both. Might be even safer?
There was a problem hiding this comment.
So in the end have two listen-address= lines defined? I can quickly test that
There was a problem hiding this comment.
that's what we did for the reproducer a while ago, and it seems to work
There was a problem hiding this comment.
yup, imho that's probably better and safer than editing the default interface.
There was a problem hiding this comment.
Sorry guys, could you expand on this?
The link from @cescgina seems to match what I'm doing here. My patch as an example searches for listen-address=192.168.25.178 and replaces it with listen-address=192.168.25.178,192.168.122.10
There was a problem hiding this comment.
thanks for the clarification on Slack, I confirmed lineinfile works so if your happy to go that direction I'll update this patch
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
lewisdenny
force-pushed
the
configure_listen-address
branch
from
2af85ca to
f398f62
Compare
This comment was marked as outdated.
This comment was marked as outdated.
lewisdenny
force-pushed
the
configure_listen-address
branch
from
f398f62 to
f57840d
Compare
lewisdenny
force-pushed
the
configure_listen-address
branch
from
f57840d to
812f51a
Compare
lewisdenny
force-pushed
the
configure_listen-address
branch
from
812f51a to
f723622
Compare
|
Testing here: #1730 Proof adding two lines for |
|
Build failed (check pipeline). Post https://review.rdoproject.org/zuul/buildset/0662376f0e0440d1a0ea07cb76522cfb ✔️ openstack-k8s-operators-content-provider SUCCESS in 1h 32m 45s |
Due to this change [1] introduced in CRC 2.32.0[2] the dnsmasq service is now running as a systemd service rather than in a container. The behavior of the dnsmasq listen-address has now changed, the CRC dnsmasq only listens on the default address provided by Zuul. The Ansible controller is configured to query the interface we control on CRC, `ci-private-network`. This breaks domain name resolution as dns queries are blocked. This patch: - Adds additional dnsmasq listen-address line to CRC node include the `ci-private-network` address allowing the Ansible controller to query it. - Removes the hard coded `ci-private-network` address from the Ansible controllers default connection dns configuration. [1] crc-org/crc@5f49891 [2] https://github.com/crc-org/crc/releases/tag/v2.32.0
lewisdenny
force-pushed
the
configure_listen-address
branch
from
f723622 to
c3e3517
Compare
|
Build failed (check pipeline). Post https://review.rdoproject.org/zuul/buildset/0be4b3200d194facaf52bd73e01b61bf ✔️ openstack-k8s-operators-content-provider SUCCESS in 1h 42m 24s |
|
recheck |
|
Testing passed here and #1730 meaning it fixes 4.15 and doesn't break 4.14, we should be fine to merge now :) |
@lewisdenny I thought crc by default configures dnsmasq to listen only to localhost, do we set the |
I'm not sure mate, before we add |
Yeah so CRC sets the listen-address to the IP of the VM [1] or in our case "instance" of crc. We need to access it on the internal network we create as part of the network bootstrap which is why we need this change. So [1] is passed through a bunch of functions and ends up being I think your thought about CRC listening on localhost comes from the reproducer scenario, I guess there we start crc differently and it picks up 127.0.0.1 as it's IP? :) [1] https://github.com/crc-org/crc/blob/813c80a473046247eb232bb7e9e3da79a954118b/pkg/crc/machine/start.go#L399C1-L403C65 |
yes, you're right, I was thinking about the reproducer, where I looked at the stuff, thanks for digging! |
|
/approve |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: raukadah The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-merge-bot
bot
merged commit 6a7e9fb
into
openstack-k8s-operators:main
Due to this change [1] introduced in CRC 2.32.0[2] the dnsmasq service is now running as a systemd service rather than in a container.
The behavior of the dnsmasq listen-address has now changed, the CRC dnsmasq only listens on the default address provided by Zuul. The Ansible controller is configured to query the interface we control on CRC,
ci-private-network.This breaks domain name resolution as dns queries are blocked.
This patch:
Updates the CRC dnsmasq listen-address configuration to include the
ci-private-networkaddress allowing the Ansible controller to query it.Removes the hard coded
ci-private-networkaddress from the Ansible controllers default connection dns configuration to ensure they always match.[1] crc-org/crc@5f49891
[2] https://github.com/crc-org/crc/releases/tag/v2.32.0
As a pull request owner and reviewers, I checked that: