Bug 1916907 - dns-node-resolver corrupts /etc/hosts if internal registry is not in use [NEEDINFO]
Summary: dns-node-resolver corrupts /etc/hosts if internal registry is not in use
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: DNS
Version: 4.5
Hardware: Unspecified
OS: Linux
medium
medium
Target Milestone: ---
: 4.6.z
Assignee: Ryan Fredette
QA Contact: Hongan Li
URL:
Whiteboard:
Depends On: 1882485
Blocks:
TreeView+ depends on / blocked
 
Reported: 2021-01-15 19:36 UTC by Ryan Fredette
Modified: 2021-05-21 14:08 UTC (History)
11 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Cause: Intermittent DNS errors Consequence: dns-node-resolver created invalid entries in the node's /etc/hosts file Fix: Filtering error messages out of DNS requests that eventually return a valid record Result: dns-node-resolver no longer creates invalid /etc/hosts entries
Clone Of: 1882485
Environment:
Last Closed: 2021-02-08 13:51:25 UTC
Target Upstream Version:
dpateriy: needinfo? (rfredette)


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift cluster-dns-operator pull 231 0 None closed [release-4.6] Bug 1916907: Prevent dig errors from corrupting host's /etc/hosts 2021-02-13 21:00:05 UTC
Red Hat Product Errata RHSA-2021:0308 0 None None None 2021-02-08 13:51:43 UTC

Comment 1 Hongan Li 2021-01-22 09:09:58 UTC
verified with a cluster launch by cluster-bot and passed

$ oc get clusterversion
NAME      VERSION                                           AVAILABLE   PROGRESSING   SINCE   STATUS
version   4.6.0-0.ci.test-2021-01-22-080022-ci-ln-vimgw1t   True        False         9m51s   Cluster version is 4.6.0-0.ci.test-2021-01-22-080022-ci-ln-vimgw1t

$ oc edit configs.imageregistry.operator
(set spec.ManagementState.Removed)

$ oc -n openshift-image-registry get svc
NAME                      TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)     AGE
image-registry-operator   ClusterIP   None         <none>        60000/TCP   56m

$ oc debug node/ci-ln-vimgw1t-f76d1-lhh7x-master-0
Creating debug namespace/openshift-debug-node-n4drq ...
Starting pod/ci-ln-vimgw1t-f76d1-lhh7x-master-0-debug ...
To use host binaries, run `chroot /host`
Pod IP: 10.0.0.5
If you don't see a command prompt, try pressing enter.
sh-4.4# chroot /host
sh-4.4# 
sh-4.4# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
172.30.254.36 image-registry.openshift-image-registry.svc image-registry.openshift-image-registry.svc.cluster.local # openshift-generated-node-resolver
sh-4.4#

Comment 5 errata-xmlrpc 2021-02-08 13:51:25 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Important: OpenShift Container Platform 4.6.16 security and bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2021:0308


Note You need to log in before you can comment on or make changes to this bug.