Public bug reported:
Inside a docker container DNS lookups are routed to 127.0.0.11:53 which is
provided by the docker environment in some way. The real DNS service is taken
from the hosts /etc/resolv.conf. The docker man page claims that selecting a
good automatic default would not work if the hosts uses local resolvers
(127.0.0.0/8).
Since switching to netplan/systemd-resolvd there is only a local resolver
(127.0.0.53) added to /etc/resolv.conf on the host. Surprisingly this does not
seem to be an issue for an artful(or later) VM running on my own local desktop.
But in the Canonical CI environment DNS lookups fail inside a docker container.
SRU Justification:
Impact: DNS lookups inside docker containers can fail if the host
environment is set up to only use a local resolver. The built-in docker
test of fanatic will always fail in that case.
Fix: Add code to built-in tests which detect systemd-resolvd being in
use and pass the IP address which systemd-resolv is using as forwarder
with the --dns option to the docker run command.
Testcase:
- If the test host is using systemd-resolvd as its primary DNS
server, there will be the following message in the test log:
local docker test: *** Using DNS override ***
--dns=<ip>
- Otherwise no message is printed.
- For all cases docker ADT test should (continue to) pass
Risk of regression: minimal, only testing affected which is run as ADT
tests.
** Affects: ubuntu-fan (Ubuntu)
Importance: Medium
Assignee: Stefan Bader (smb)
Status: In Progress
** Changed in: ubuntu-fan (Ubuntu)
Status: New => In Progress
** Description changed:
Inside a docker container DNS lookups are routed to 127.0.0.11:53 which is
provided by the docker environment in some way. The real DNS service is taken
from the hosts /etc/resolv.conf. The docker man page claims that selecting a
good automatic default would not work if the hosts uses local resolvers
(127.0.0.0/8).
Since switching to netplan/systemd-resolvd there is only a local resolver
(127.0.0.53) added to /etc/resolv.conf on the host. Surprisingly this does not
seem to be an issue for an artful(or later) VM running on my own local desktop.
But in the Canonical CI environment DNS lookups fail inside a docker container.
SRU Justification:
Impact: DNS lookups inside docker containers can fail if the host
environment is set up to only use a local resolver. The built-in docker
test of fanatic will always fail in that case.
Fix: Add code to built-in tests which detect systemd-resolvd being in
use and pass the IP address which systemd-resolv is using as forwarder
with the --dns option to the docker run command.
Testcase:
- - If the test host is using systemd-resolvd as its primary DNS
- server, there will be the following message in the test log:
- local docker test: *** Using DNS override ***
- --dns=<ip>
- - Otherwise no message is printed.
- - For all cases docker ADT test should (continue to) pass
+ - If the test host is using systemd-resolvd as its primary DNS
+ server, there will be the following message in the test log:
+ local docker test: *** Using DNS override ***
+ --dns=<ip>
+ - Otherwise no message is printed.
+ - For all cases docker ADT test should (continue to) pass
+
+ Risk of regression: minimal, only testing affected which is run as ADT
+ tests.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1732717
Title:
docker test broken by systemd-resolv environment
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-fan/+bug/1732717/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
