netavark, dns: don't double-fork aardvark instead wait for the aardvark process to return.
#308
Conversation
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: flouthoc The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
@Luap99 I tried this in combination with containers/aardvark-dns#148 and setup works fine for me. Now aardvark will return from parent when everything is ready and it is actually serving DNS requests on the assigned IP addresses ( only tries for 10 times with delay of 10ms ). |
|
@Luap99 PTAL again but we have to wait for aardvark PR to get reviewed first. |
|
Rebased. |
|
LGTM I think it is expected that the integration tests fail since we need the aardvark from the other PR. |
|
Is rebase enough to get latest aardvark from |
|
@flouthoc just rebase and see if it works |
|
I don't think aardvark is updated yet, integration is stuck on |
|
@flouthoc i'll take a peek |
|
( Just pasting here for info ) To make sure i ran tests on my local ( but my local could be different than CI) . So maybe we should confirm if [fl@fedora netavark]$ sudo bats test/
[sudo] password for fl:
✓ netavark version
✓ netavark error - invalid ns path
✓ netavark error - invalid config path
✓ check iptables driver is in use
✓ iptables - internal network
✓ iptables - simple bridge
✓ iptables - ipv6 bridge
✓ iptables - dual stack dns with alt port
✓ iptables - check error message from netns thread
✓ iptables - port forwarding ipv4 - tcp
✓ iptables - port forwarding ipv6 - tcp
✓ iptables - port forwarding dualstack - tcp
✓ iptables - port forwarding ipv4 - udp
✓ iptables - port forwarding ipv6 - udp
✓ iptables - port forwarding dualstack - udp
✓ iptables - port forwarding ipv4 - sctp
✓ iptables - port forwarding ipv6 - sctp
✓ iptables - port forwarding dualstack - sctp
✓ iptables - port range forwarding ipv4 - tcp
✓ iptables - port range forwarding ipv6 - tcp
✓ iptables - port range forwarding ipv4 - udp
✓ iptables - port range forwarding ipv6 - udp
✓ iptables - port range forwarding dual - udp
✓ iptables - port range forwarding dual - tcp
✓ iptables - port forwarding with hostip ipv4 - tcp
✓ iptables - port forwarding with hostip ipv4 dual stack- tcp
✓ iptables - port range forwarding with hostip ipv6 - tcp
✓ iptables - port range forwarding with hostip ipv6 dual stack - tcp
✓ iptables - port range forwarding with hostip ipv4 - udp
✓ iptables - port range forwarding with hostip ipv6 - udp
✓ bridge ipam none
✓ bridge unknown ipam driver
✓ iptables - isolate networks
✓ iptables - test read only /proc
- check firewalld driver is in use (skipped: TODO: Firewalld driver swapped with iptables until firewalld 1.1.0)
✓ firewalld - simple bridge
✓ firewalld - ipv6 bridge
✓ firewalld - dual stack dns with alt port
✓ firewalld - check error message from netns thread
✓ firewalld - port forwarding ipv4 - tcp
✓ firewalld - port forwarding ipv6 - tcp
✓ firewalld - port forwarding dualstack - tcp
✓ firewalld - port forwarding ipv4 - udp
/usr/libexec/bats-core/bats-exec-test: line 116: 39038 Killed nsenter -n -t $HOST_NS_PID firewalld --nopid --nofork --system-config "$NETAVARK_TMPDIR" &> "$NETAVARK_TMPDIR/firewalld.log" 44/65
✓ firewalld - port forwarding ipv6 - udp
✓ firewalld - port forwarding dualstack - udp
/usr/libexec/bats-core/bats-exec-test: line 161: 39742 Killed nsenter -n -t $HOST_NS_PID firewalld --nopid --nofork --system-config "$NETAVARK_TMPDIR" &> "$NETAVARK_TMPDIR/firewalld.log" 46/65
✓ firewalld - port forwarding ipv4 - sctp
✓ firewalld - port forwarding ipv6 - sctp
/usr/libexec/bats-core/bats-exec-test: line 159: 40353 Killed nsenter -n -t $HOST_NS_PID firewalld --nopid --nofork --system-config "$NETAVARK_TMPDIR" &> "$NETAVARK_TMPDIR/firewalld.log" 48/65
✓ firewalld - port forwarding dualstack - sctp
✓ firewalld - port range forwarding ipv4 - tcp
/usr/libexec/bats-core/bats-exec-test: line 173: 41079 Killed nsenter -n -t $HOST_NS_PID firewalld --nopid --nofork --system-config "$NETAVARK_TMPDIR" &> "$NETAVARK_TMPDIR/firewalld.log" 50/65
✓ firewalld - port range forwarding ipv6 - tcp
/usr/libexec/bats-core/bats-exec-test: line 102: 41406 Killed nsenter -n -t $HOST_NS_PID firewalld --nopid --nofork --system-config "$NETAVARK_TMPDIR" &> "$NETAVARK_TMPDIR/firewalld.log" 51/65
✓ firewalld - port range forwarding ipv4 - udp
✓ firewalld - port range forwarding ipv6 - udp
✓ firewalld - port range forwarding dual - udp
✓ firewalld - port range forwarding dual - tcp
✓ firewalld - port forwarding with hostip ipv4 - tcp
/usr/libexec/bats-core/bats-exec-test: line 161: 43286 Killed nsenter -n -t $HOST_NS_PID firewalld --nopid --nofork --system-config "$NETAVARK_TMPDIR" &> "$NETAVARK_TMPDIR/firewalld.log" 56/65
✓ firewalld - port forwarding with hostip ipv4 dual stack- tcp
✓ firewalld - port range forwarding with hostip ipv6 - tcp
✓ firewalld - port range forwarding with hostip ipv6 dual stack - tcp
/usr/libexec/bats-core/bats-exec-test: line 114: 44367 Killed nsenter -n -t $HOST_NS_PID firewalld --nopid --nofork --system-config "$NETAVARK_TMPDIR" &> "$NETAVARK_TMPDIR/firewalld.log" 59/65
✓ firewalld - port range forwarding with hostip ipv4 - udp
✓ firewalld - port range forwarding with hostip ipv6 - udp
✓ simple macvlan setup
✓ macvlan setup internal
✓ macvlan setup with mtu
✓ macvlan modes
✓ macvlan ipam none
65 tests, 0 failures, 1 skipped |
|
I am sure that aardvark is not updated, you could check with hack/get_ci_vm |
Yep. So it's suppose to come from CI runs on the 'main' branch, perhaps that is broken. You can see by going to We do collect an |
|
...oh! I'm an oaf. And my memory is failing me. It's using RPMs not the latest zip like we use to do in podman. -sigh- |
|
Okay, more poking. It's aardvark-dns CI I must have been thinking of. It pulls the netavark.zip binary. Here, the fedora RPMs are installed, though curiously at VM image-build time we specify |
|
Ahhh, figured it out from the build-logs.. The packages are coming in from the |
|
already fixed in #344 |
|
Yep @baude we need that. I'll work on fixing the images as well (for the future). |
|
To be clear: The new images I'm building are not required in this PR. I'm just referencing it in case someone wonders how/where/why in the future. |
flouthoc
force-pushed
the
remove-spawn
branch
2 times, most recently
from
861fc7e to
4010a74
Compare
Netavark now does not double-forks aardvark-dns's server instead it waits for aardvark-process to return back and success return means aardvark-dns is ready to serve requests and now forking happens at aardvark end. This needs: containers/aardvark-dns#148 Signed-off-by: Aditya R <[email protected]>
|
/lgtm |
Netavark now does not double-forks aardvark-dns's server instead it
waits for aardvark-process to return back and success return means
aardvark-dns is ready to serve requests and now forking happens at
aardvark end.
See: https://doc.rust-lang.org/std/process/struct.Command.html#method.spawn
This needs: containers/aardvark-dns#148
Should help in:
Alternative to: #300