Bug 2031685
| Summary: | Duplicated forward upstreams should be removed from the dns operator | ||
|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | Shudi Li <shudili> |
| Component: | Networking | Assignee: | Sherine Khoury <skhoury> |
| Networking sub component: | DNS | QA Contact: | Shudi Li <shudili> |
| Status: | CLOSED ERRATA | Docs Contact: | |
| Severity: | high | ||
| Priority: | medium | CC: | aos-bugs, hongli, mmasters |
| Version: | 4.10 | ||
| Target Milestone: | --- | ||
| Target Release: | 4.10.0 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | No Doc Update | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2022-03-10 16:33:22 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Marking as blocker- because the user has to specify invalid configuration to be affected by the bug, and the impact is minor. Assigning to Sherine, who is working on a fix for this. Tested it with 4.10.0-0.nightly-2022-01-07-004348, both duplicated ipv4 and ipv6 upstreams were removed, marked it verified(For the duplicated /etc/resolv.conf, I will contact Sherine Khoury to see if it is needed to be fixed)
1.
% oc get clusterversion
NAME VERSION AVAILABLE PROGRESSING SINCE STATUS
version 4.10.0-0.nightly-2022-01-07-004348 True False 12m Cluster version is 4.10.0-0.nightly-2022-01-07-004348
%
2.
% oc get dns.operator/default -o yaml | grep upstreamResolvers: -A20
upstreamResolvers:
policy: Sequential
upstreams:
- port: 53
type: SystemResolvConf
- address: 100.1.1.1
port: 5500
type: Network
- address: 100.1.1.1
port: 5500
type: Network
- port: 53
type: ""
- address: 1000::100
port: 53
type: Network
- address: 1000::100
port: 53
type: Network
status:
3. Check it in the config map
% oc -n openshift-dns get cm/dns-default -oyaml | grep forward -A2
forward . /etc/resolv.conf 100.1.1.1:5500 /etc/resolv.conf [1000::100]:53 {
policy sequential
}
%
4. Check it in the Corefile
oc -n openshift-dns exec dns-default-2htj4 -c dns -- cat /etc/coredns/Corefile | grep forward -A2
forward . /etc/resolv.conf 100.1.1.1:5500 /etc/resolv.conf [1000::100]:53 {
policy sequential
}
%
After talking with Sherine, duplicated /etc/resolv.conf should be fixed, so reopen it for fixing this issue. Verified it with 4.10.0-0.nightly-2022-01-11-065245
1.
% oc get clusterversion
NAME VERSION AVAILABLE PROGRESSING SINCE STATUS
version 4.10.0-0.nightly-2022-01-11-065245 True False 39m Cluster version is 4.10.0-0.nightly-2022-01-11-065245
%
2.
% oc get dns.operator/default -o yaml | grep upstreamResolvers -A18
upstreamResolvers:
policy: Sequential
upstreams:
- port: 53
type: SystemResolvConf
- address: 100.1.1.1
port: 5500
type: Network
- address: 100.1.1.1
port: 5500
type: Network
- port: 53
type: ""
- address: 1000::aaaa
port: 53
type: Network
- address: 1000::aaaa
port: 53
type: Network
%
3.
% oc -n openshift-dns get cm/dns-default -oyaml | grep forward -A2
forward . /etc/resolv.conf 100.1.1.1:5500 [1000::AAAA]:53 {
policy sequential
}
%
4.
% oc -n openshift-dns exec dns-default-6j8ls -c dns -- cat /etc/coredns/Corefile | grep forward -A2
forward . /etc/resolv.conf 100.1.1.1:5500 [1000::AAAA]:53 {
policy sequential
}
%
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.10.3 security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2022:0056 |
Description of problem: Duplicated forward upstreams can be input in the dns operator, and as a result, dns-default config map and Corefile of coredns have the duplicated forward upstreams. OpenShift release version: - OCP 4.10.0 Cluster Platform: How reproducible: Edit the default dns operator, add 4 forward upstreams with 2 are duplicated. Steps to Reproduce (in detail): 1. oc edit dns.operator/default, add one upstream, save and quit 2. oc edit dns.operator/default again, add the same upstream and the default, save and quit 3. Check the default dns operator % oc get dns.operator/default -o yaml | grep upstreamResolvers -A13 upstreamResolvers: policy: Sequential upstreams: - port: 53 type: SystemResolvConf - address: 100.1.1.1 port: 5500 type: Network - address: 100.1.1.1 port: 5500 type: Network - port: 53 type: "" status: % 4. Check the default dns config map % oc -n openshift-dns get cm/dns-default -oyaml | grep forward -A2 forward . /etc/resolv.conf 100.1.1.1:5500 100.1.1.1:5500 /etc/resolv.conf { policy sequential } % 5. Check the Corefile of coredns % oc -n openshift-dns rsh dns-default-b7tlw Defaulted container "dns" out of: dns, kube-rbac-proxy sh-4.4# cat /etc/coredns/Corefile | grep forward -A2 forward . /etc/resolv.conf 100.1.1.1:5500 100.1.1.1:5500 /etc/resolv.conf { policy sequential } sh-4.4# 6. oc get clusterversion NAME VERSION AVAILABLE PROGRESSING SINCE STATUS version 4.10.0-0.nightly-2021-12-12-184227 True False 6h42m Cluster version is 4.10.0-0.nightly-2021-12-12-184227 shudi@Shudis-MacBook-Pro vSphere % Actual results: There are 4 forward dns upstreams Expected results: There are 2 forward dns upstreams, the duplicated two should be removed. Impact of the problem: The max items is 15, the configurable forward dns upstreams will be decreased. Additional info: