Bug 1916907 - dns-node-resolver corrupts /etc/hosts if internal registry is not in use
Summary: dns-node-resolver corrupts /etc/hosts if internal registry is not in use
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Networking
Version: 4.5
Hardware: Unspecified
OS: Linux
medium
medium
Target Milestone: ---
: 4.6.z
Assignee: Ryan Fredette
QA Contact: Hongan Li
URL:
Whiteboard:
Depends On: 1882485
Blocks:
TreeView+ depends on / blocked
 
Reported: 2021-01-15 19:36 UTC by Ryan Fredette
Modified: 2023-09-18 00:24 UTC (History)
12 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Cause: Intermittent DNS errors Consequence: dns-node-resolver created invalid entries in the node's /etc/hosts file Fix: Filtering error messages out of DNS requests that eventually return a valid record Result: dns-node-resolver no longer creates invalid /etc/hosts entries
Clone Of: 1882485
Environment:
Last Closed: 2021-02-08 13:51:25 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift cluster-dns-operator pull 231 0 None closed [release-4.6] Bug 1916907: Prevent dig errors from corrupting host's /etc/hosts 2021-02-13 21:00:05 UTC
Red Hat Product Errata RHSA-2021:0308 0 None None None 2021-02-08 13:51:43 UTC

Comment 1 Hongan Li 2021-01-22 09:09:58 UTC
verified with a cluster launch by cluster-bot and passed

$ oc get clusterversion
NAME      VERSION                                           AVAILABLE   PROGRESSING   SINCE   STATUS
version   4.6.0-0.ci.test-2021-01-22-080022-ci-ln-vimgw1t   True        False         9m51s   Cluster version is 4.6.0-0.ci.test-2021-01-22-080022-ci-ln-vimgw1t

$ oc edit configs.imageregistry.operator
(set spec.ManagementState.Removed)

$ oc -n openshift-image-registry get svc
NAME                      TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)     AGE
image-registry-operator   ClusterIP   None         <none>        60000/TCP   56m

$ oc debug node/ci-ln-vimgw1t-f76d1-lhh7x-master-0
Creating debug namespace/openshift-debug-node-n4drq ...
Starting pod/ci-ln-vimgw1t-f76d1-lhh7x-master-0-debug ...
To use host binaries, run `chroot /host`
Pod IP: 10.0.0.5
If you don't see a command prompt, try pressing enter.
sh-4.4# chroot /host
sh-4.4# 
sh-4.4# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
172.30.254.36 image-registry.openshift-image-registry.svc image-registry.openshift-image-registry.svc.cluster.local # openshift-generated-node-resolver
sh-4.4#

Comment 5 errata-xmlrpc 2021-02-08 13:51:25 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Important: OpenShift Container Platform 4.6.16 security and bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2021:0308

Comment 8 Red Hat Bugzilla 2023-09-18 00:24:15 UTC
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 120 days


Note You need to log in before you can comment on or make changes to this bug.