Hi Rawlin and thank you very much for your help! The link to http://www.verisignlabs.com/jdnssec-tools/packages/ old-releases/jdnssec-tools-0.12.tar.gz is not available from our environment (in Israel). Curl first tries IPv4 and when failed, fallback to IPv6... (see output below). Pinging verisignlabs.com <http://www.verisignlabs.com/jdnssec-tools/packages/old-releases/jdnssec-tools-0.12.tar.gz> also fails. It is trying to approach an IPv4 address, but fails to connect to it - as if I'm blocked by a firewall.
I'll discuss our IT team about method to resolve the issue, possibly trying to connect verisignlabs (are there any contact information in their website?). 10x, Nir curl -vvv http://www.verisignlabs.com/jdnssec-tools/packages/old-releases/jdnssec-tools-0.12.tar.gz * About to connect() to www.verisignlabs.com port 80 (#0) * Trying 72.13.58.64... Connection timed out * Trying 2620:74:13:4400::201... Failed to connect to 2620:74:13:4400::201: Network is unreachable * Success * couldn't connect to host * Closing connection #0 curl: (7) Failed to connect to 2620:74:13:4400::201: Network is unreachable On Thu, Oct 5, 2017 at 11:49 PM, Rawlin Peters <[email protected]> wrote: > Hey Nir, > > Are you still having build issues? > > I found an interesting tidbit from `curl --manual` using Curl version > 7.29.0 (x86_64-redhat-linux-gnu) inside a centos:7 Docker container > (what the build uses): > > IPv6 > > curl will connect to a server with IPv6 when a host lookup returns an > IPv6 > address and fall back to IPv4 if the connection fails. The --ipv4 and > --ipv6 > options can specify which address to use when both are available. > > So assuming curl would've fallen back to an IPv4 address if it was > able to get an A record, I think we can assume that in this case your > local resolver did not get an A record when it resolved that hostname > or your build environment is ipv6-only. Is it possible that happened > in your environment, Nir? > > To fix builds in IPv6-only environments, I think we'd have to > configure the docker network to enable ipv6. This doesn't appear > possible using docker-compose format version 2 (what the build > currently uses), but maybe in format version 2.1 [1]. However, > enabling IPv6 might then require an IPv6-enabled host, and IPv6 > doesn't appear to be supported on at least Docker For Mac [2]. On > operating systems that support it, maybe you'd just have to configure > the Docker daemon for IPv6 and update the docker-compose.yml file to > enable it for the build. > > - Rawlin > > [1] https://docs.docker.com/compose/compose-file/compose-file-v2/#network- > configuration-reference > [2] https://docs.docker.com/docker-for-mac/troubleshoot/#known-issues > > On Tue, Oct 3, 2017 at 10:06 PM, Mark Torluemke <[email protected]> > wrote: > > I think we should be resilient and try both address families...curl might > > even do this 'for free' if we enable retries. > > > > On Tue, Oct 3, 2017 at 3:21 PM, Rawlin Peters <[email protected]> > > wrote: > > > >> It's possible that Docker isn't playing nicely with IPv6 in your build > >> environment. The RPM build script is curling > >> http://www.verisignlabs.com/jdnssec-tools/packages/old- > >> releases/jdnssec-tools-0.12.tar.gz, > >> and in your case is using the AAAA record for some reason. My guess is > >> that the container doing the build probably only routes IPv4 by > >> default in some environments. Checking in my build environment, none > >> of the Docker networks have IPv6 enabled. > >> > >> Should we pass `-4` to the curl command here [1] to force it to > >> resolve to IPv4 addresses only? > >> > >> - Rawlin > >> > >> [1] https://github.com/apache/incubator-trafficcontrol/blob/ > >> master/traffic_router/build/build_rpm.sh#L41 > >> > >> On Tue, Oct 3, 2017 at 3:02 PM, Nir Sopher <[email protected]> wrote: > >> > I now see that "./pkg traffic_portal_build" fails as well. This time > with > >> > no log. > >> > It worked before, back when I was building it from master. > >> > Where is jdnssec brought from? Is it built during the process? I > failed > >> to > >> > find it in the standard public repositories. > >> > Nir > >> > > >> > On Tue, Oct 3, 2017 at 11:56 PM, David Neuman < > [email protected]> > >> > wrote: > >> > > >> >> I have not seen this issue. It's interesting that it is trying ipv6 > for > >> >> that. > >> >> > >> >> On Tue, Oct 3, 2017 at 2:33 PM, Nir Sopher <[email protected]> wrote: > >> >> > >> >> > Hi, > >> >> > > >> >> > Yesterday I tried to build the latest 2.1.x traffic-control, > calling > >> the > >> >> > ./pkg command. > >> >> > The command failed on traffic-router build, and according to the > below > >> >> log, > >> >> > it is related to bringing the JDNSSEC tools library, not sure from > >> which > >> >> > repository. > >> >> > > >> >> > Does anybody else encountered a similar issue? > >> >> > > >> >> > Thanks, > >> >> > Nir > >> >> > > >> >> > Building the rpm. > >> >> > % Total % Received % Xferd Average Speed Time Time > Time > >> >> > Current > >> >> > Dload Upload Total Spent > Left > >> >> > Speed > >> >> > 0 0 0 0 0 0 0 0 --:--:-- 0:02:07 > >> --:--:-- > >> >> > 0curl: (7) Failed to connect to 2620:74:13:4400::201: Network is > >> >> > unreachable > >> >> > Could not download required jdnssec-tools-0.12 library: 7 > >> >> > > >> >> > >> >
