From 164a77ee6d24fb2b1d61f8ad3403a51d8453899e Mon Sep 17 00:00:00 2001 From: Tibor Vass Date: Fri, 31 May 2019 19:16:20 +0000 Subject: [PATCH 1/2] resolvconf: use /run/systemd/resolve/resolv.conf if systemd-resolved manages DNS Signed-off-by: Tibor Vass --- resolvconf/resolvconf.go | 42 ++++++++++++++++++++++++++++++++++++---- sandbox_dns_unix.go | 4 ++-- 2 files changed, 40 insertions(+), 6 deletions(-) diff --git a/resolvconf/resolvconf.go b/resolvconf/resolvconf.go index 23caf7f120..946bb87123 100644 --- a/resolvconf/resolvconf.go +++ b/resolvconf/resolvconf.go @@ -15,10 +15,44 @@ import ( ) const ( - // DefaultResolvConf points to the default file used for dns configuration on a linux machine - DefaultResolvConf = "/etc/resolv.conf" + // defaultPath is the default path to the resolv.conf that contains information to resolve DNS. See Path(). + defaultPath = "/etc/resolv.conf" + // alternatePath is a path different from defaultPath, that may be used to resolve DNS. See Path(). + alternatePath = "/run/systemd/resolve/resolv.conf" ) +var ( + detectSystemdResolvConfOnce sync.Once + pathAfterSystemdDetection = defaultPath +) + +// Path returns the path to the resolv.conf file that libnetwork should use. +// +// When /etc/resolv.conf contains 127.0.0.53 as the only nameserver, then +// it is assumed systemd-resolved manages DNS. Because inside the container 127.0.0.53 +// is not a valid DNS server, Path() returns /run/systemd/resolve/resolv.conf +// which is the resolv.conf that systemd-resolved generates and manages. +// Otherwise Path() returns /etc/resolv.conf. +// +// Errors are silenced as they will inevitably resurface at future open/read calls. +// +// More information at https://www.freedesktop.org/software/systemd/man/systemd-resolved.service.html#/etc/resolv.conf +func Path() string { + detectSystemdResolvConfOnce.Do(func() { + candidateResolvConf, err := ioutil.ReadFile(defaultPath) + if err != nil { + // silencing error as it will resurface at next calls trying to read defaultPath + return + } + ns := GetNameservers(candidateResolvConf, types.IP) + if len(ns) == 1 && ns[0] == "127.0.0.53" { + pathAfterSystemdDetection = alternatePath + logrus.Infof("detected 127.0.0.53 nameserver, assuming systemd-resolved, so using resolv.conf: %s", alternatePath) + } + }) + return pathAfterSystemdDetection +} + var ( // Note: the default IPv4 & IPv6 resolvers are set to Google's Public DNS defaultIPv4Dns = []string{"nameserver 8.8.8.8", "nameserver 8.8.4.4"} @@ -55,7 +89,7 @@ type File struct { // Get returns the contents of /etc/resolv.conf and its hash func Get() (*File, error) { - return GetSpecific(DefaultResolvConf) + return GetSpecific(Path()) } // GetSpecific returns the contents of the user specified resolv.conf file and its hash @@ -78,7 +112,7 @@ func GetIfChanged() (*File, error) { lastModified.Lock() defer lastModified.Unlock() - resolv, err := ioutil.ReadFile("/etc/resolv.conf") + resolv, err := ioutil.ReadFile(Path()) if err != nil { return nil, err } diff --git a/sandbox_dns_unix.go b/sandbox_dns_unix.go index db1b66b190..f43b5d6035 100644 --- a/sandbox_dns_unix.go +++ b/sandbox_dns_unix.go @@ -213,8 +213,8 @@ func (sb *sandbox) setupDNS() error { originResolvConfPath := sb.config.originResolvConfPath if originResolvConfPath == "" { - // if not specified fallback to default /etc/resolv.conf - originResolvConfPath = resolvconf.DefaultResolvConf + // fallback if not specified + originResolvConfPath = resolvconf.Path() } currRC, err := resolvconf.GetSpecific(originResolvConfPath) if err != nil { From 23fc2c97e0c05ba4cb279a655cdd810cdcca8417 Mon Sep 17 00:00:00 2001 From: Tibor Vass Date: Fri, 31 May 2019 20:52:43 +0000 Subject: [PATCH 2/2] remove gosimple - package is gone and it's not important Also fixes issue reported by ineffassign Signed-off-by: Tibor Vass --- Dockerfile | 3 +-- Makefile | 8 ++------ controller.go | 1 - 3 files changed, 3 insertions(+), 9 deletions(-) diff --git a/Dockerfile b/Dockerfile index 6eac5c46a2..9ffe9971d2 100644 --- a/Dockerfile +++ b/Dockerfile @@ -11,8 +11,7 @@ RUN go get golang.org/x/lint/golint \ golang.org/x/tools/cmd/cover \ github.com/mattn/goveralls \ github.com/gordonklaus/ineffassign \ - github.com/client9/misspell/cmd/misspell \ - honnef.co/go/tools/cmd/gosimple + github.com/client9/misspell/cmd/misspell WORKDIR /go/src/github.com/docker/libnetwork diff --git a/Makefile b/Makefile index d4795d4f9e..90f2a36625 100644 --- a/Makefile +++ b/Makefile @@ -1,4 +1,4 @@ -.PHONY: all all-local build build-local clean cross cross-local gosimple vet lint misspell check check-local check-code check-format unit-tests protobuf protobuf-local check-protobuf +.PHONY: all all-local build build-local clean cross cross-local vet lint misspell check check-local check-code check-format unit-tests protobuf protobuf-local check-protobuf SHELL=/bin/bash dockerbuildargs ?= --target dev - < Dockerfile @@ -115,7 +115,7 @@ check: builder check-local: check-code check-format -check-code: check-protobuf lint gosimple vet ineffassign +check-code: check-protobuf lint vet ineffassign check-format: fmt misspell @@ -164,10 +164,6 @@ ineffassign: ## run ineffassign @echo "🐳 $@" @test -z "$$(ineffassign . | grep -v vendor/ | grep -v ".pb.go:" | grep -v ".mock.go" | tee /dev/stderr)" -gosimple: ## run gosimple - @echo "🐳 $@" - @test -z "$$(gosimple . | grep -v vendor/ | grep -v ".pb.go:" | grep -v ".mock.go" | tee /dev/stderr)" - # check-protobuf rebuilds .pb.go files and fails if they have changed check-protobuf: PROTOC_CHECK=1 check-protobuf: $(PB_FILES) diff --git a/controller.go b/controller.go index 2896011dbf..ed05c0ace7 100644 --- a/controller.go +++ b/controller.go @@ -339,7 +339,6 @@ func (c *controller) clusterAgentInit() { } } case cluster.EventNodeLeave: - keysAvailable = false c.agentOperationStart() c.Lock() c.keys = nil