yahoo-eng-team team mailing list archive

Thread
Date
[Bug 1734167] Re: DNS doesn't work in no-cloud as launched by ubuntu

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1734167@xxxxxxxxxxxxxxxxxx>
Date: Wed, 21 Mar 2018 11:42:35 -0000
Reply-to: Bug 1734167 <1734167@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
This bug was fixed in the package systemd - 234-2ubuntu12.3

---------------
systemd (234-2ubuntu12.3) artful; urgency=medium

  [ Dimitri John Ledkov ]
  * Fix test-functions failing with Ubuntu units. LP: #1750608
  * tests: switch to using ext4 by default, instead of ext3. LP: #1750608
  * Fix kdump service not starting, due to systemd not loading dropins.
    Cherrypick a fix from upstream. (LP: #1708409)
  * systemd-fsckd: Fix ADT tests to work on s390x too. (LP: #1736955)
  * netwokrd: add support for RequiredForOnline stanza. (LP: #1737570)
  * resolved.service: set DefaultDependencies=no (LP: #1734167)
  * systemd.postinst: enable persistent journal. (LP: #1618188)
  * core: add support for non-writable unified cgroup hierarchy for container support.
    Rebase and de-fuzz. (LP: #1734410)
  * Prevent MemoryDenyWriteExecution policy bypass, by disallowing pkey_mprotect when mprotect is disallowed.
    CVE-2017-15908 (LP: #1725348)
  * networkd: enable promote_secondaries on networkd managed dhcp links.
    This fixes failing to renew DHCP lease, on networkd managed devices.
    (LP: #1721223)

  [ Kleber Sacilotto de Souza ]
  * systemd-rfkill service times out when a new rfkill device is added
    - rfkill-fix-erroneous-behavior-when-polling-the-udev-.patch: Comparing
    udev_device_get_sysname(device) and sysname will always return true. We need to
    check the device received from udev monitor instead.
    - rfkill-fix-typo.patch: Fix typo in rfkill log message. (LP: #1734908)

 -- Dimitri John Ledkov <xnox@xxxxxxxxxx>  Tue, 20 Feb 2018 16:11:58
+0000

** Changed in: systemd (Ubuntu Artful)
       Status: Fix Committed => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-15908

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to cloud-init.
https://bugs.launchpad.net/bugs/1734167

Title:
  DNS doesn't work in no-cloud as launched by ubuntu

Status in cloud-init:
  Confirmed
Status in cloud-init package in Ubuntu:
  Fix Released
Status in systemd package in Ubuntu:
  Fix Released
Status in cloud-init source package in Zesty:
  Fix Released
Status in systemd source package in Zesty:
  Fix Released
Status in cloud-init source package in Artful:
  Confirmed
Status in systemd source package in Artful:
  Fix Released
Status in systemd source package in Bionic:
  Fix Released

Bug description:
  [Impact]

   * resolved does not start early enough in the boot-process preventing
  DNS resolution to be operational during early boot, for example as
  required by special early stages of cloud-init, resulting in failure
  to boot / provision the instance fully.

  [Test Case]

   * Boot container or a VM with a nocloud-net data source, and a URL pointing to the datasource as explained below
   * Observe that boot completes and provisioning is successful
   * Check that there are no dns-resolution errors in the cloud-init log / boot log

  [Regression Potential]

   * starting resolved earlier may prevent it from connecting to dbus,
  and may require a restart later on when re-triggered over dbus. This
  is on artful only, as in bionic resolved has gained ability to
  reconnected to dbus post-start. Backporting that, however, is too
  large for an SRU as it requires sd-bus changes.

  [Other Info]
   
   * Original bug report.

  I use no-cloud to test the kernel in CI (I am maintainer of the bcache
  subsystem), and have been running it successfully under 16.04 cloud
  images from qemu, using a qemu command that includes:

  -smbios "type=1,serial=ds=nocloud-
  net;s=https://raw.githubusercontent.com/mlyle/mlyle/master/cloud-
  metadata/linuxtst/"

  As documented here:

  http://cloudinit.readthedocs.io/en/latest/topics/datasources/nocloud.html

  Under the new 17.10 cloud images, this doesn't work: the network comes
  up, but name resolution doesn't work-- /etc/resolv.conf is a symlink
  to a nonexistent file at this point of the boot and systemd-resolved
  is not running.  When I manually hack /etc/resolv.conf in the cloud
  image to point to 4.2.2.1 it works fine.

  I don't know if nameservice not working is by design, but it seems
  like it should work.  The documentation states:

  "With ds=nocloud-net, the seedfrom value must start with http://,
  https:// or ftp://";

  And https is not going to work for a raw IP address.

  Related bugs:
   * bug 1734939: #include fails silently.

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-init/+bug/1734167/+subscriptions
References

[Bug 1734167] [NEW] DNS doesn't work in no-cloud as launched by ubuntu
From: Michael Lyle, 2017-11-23