-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Regression 3.4: missing entries in /etc/hosts #12003
Comments
I cannot access the url: https://1drv.ms/u/s!ApqEOOKoIKfoeo7T9Yp5pk5cM9U?e=c0Q086 |
Sure. |
I was just about to post my own report on pod-internal containers failing to resolve hostnames, but while filling out the bug report I learned it was an issue with the hosts file. Rechecking the issues for "hosts" and... this issue already exists. sigh If you need more details, or just want another sample, let me know and I'll post my details here too. |
@zhangguanzhang I forgot to mention that @o-alquimista is another account of mine. Sorry about that. |
Could you show the podman command used to create the /etc/hosts file? |
Sorry, what do you mean? The pod building scripts are here: https://github.com/containers/podman/files/7388549/LegulasPod.zip |
Could you make a simple repeater that we could examine. |
I've added a virtual host and an example webpage. To reproduce:
Expected results (before v3.4):
Actual results (now with v3.4):
|
@Luap99 PTAL |
A friendly reminder that this issue had no activity for 30 days. |
Were you able to reproduce the issue? |
@Luap99 did you ever get a chance to look at this? |
No I have no spare time at the moment to look at this unfortunately.I am very busy with netavark work |
@douglas-legulas any chance you get this to happen without docker-compose? IE Can you get it to happen with a simpler podman run or podman -remote run? |
I'm using But I'll try to produce something more simple, starting from scratch. I'll do it this weekend. |
Here's a greatly simplified pod setup: It builds, without any modification, two local images named To reproduce
Expected
|
I can reproduce it as well. Setup $ sudo podman pod create --name friendica --hostname friendica -p 8012:80
$ sudo podman run -d --name friendica-mariadb --pod friendica -e PUID=1001 -e PGID=1001 --mount type=bind,src=/tmp/friendica/db,dst=/var/lib/mysql --restart=unless-stopped --env MYSQL_HOST=localhost --env MYSQL_PORT=3306 --env MYSQL_DATABASE=friendica --env MYSQL_USER=friendica --env MYSQL_PASSWORD=friendica --env MYSQL_RANDOM_ROOT_PASSWORD=yes mariadb:latest
$ sudo podman run -d --name friendica-fpm --pod friendica --env TZ=Europe/Berlin -e PUID=1001 -e PGID=1001 --mount type=bind,src=/tmp/friendica/html,dst=/var/www/html --restart=unless-stopped --env MYSQL_USER=friendica --env MYSQL_PASSWORD=friendica --env MYSQL_DATABASE=friendica --env MYSQL_HOST=friendica-mariadb --env [email protected] --env FRIENDICA_SITENAME=friendica.at.home --env FRIENDICA_TZ='Europe/Zurich' --env FRIENDICA_URL='https://friendica.at.home' friendica:fpm Output $ sudo podman exec friendica-fpm cat /etc/hosts
[...] (copied lines from my host)
# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
10.88.0.2 friendica 672deab3f9e2-infra
10.88.0.1 host.containers.internal Additional info
|
@douglas-legulas Thanks
|
@douglas-legulas WDYT? |
As long as the containers can reach each other by hostname (e.g. |
The hosts file format proposed by @Luap99 doesn't work for me universally because services running in my containers are configured to listen for connections on 127.0.0.1. I'm not sure how to work around this without assigning fixed IPs or changing them to listen on everything. I also don't like the idea of changing daemon configs in images to listen on every interface in the containers and pods. Either way, that's not going to be fun to fix. |
A friendly reminder that this issue had no activity for 30 days. |
Hows this look?
|
Looks fine, though I'm still iffy about having it read-only, if that's the plan. |
I will leave them read/write, although I am not sure if we should consider this an attack vector, resolv.conf and hostname might fall in the same category. I just need to get time to work on tests. |
Just wanted to highlight that there are users like me running Here's a simple reproducer (running rootless under Fedora 35)
apiVersion: apps/v1
kind: Pod
metadata:
name: helloworld
spec:
containers:
- name: webserver
image: docker.io/library/nginx:stable
- name: webclient
image: docker.io/library/alpine:3.15
command: ["/bin/sh", "-xc"]
args:
# sleep at start due to occasional short delay before /etc/hosts is fully populated
# sleep at the end to allow time to manually inspect before container exit/restart
- "sleep 2; cat /etc/hosts; echo; nc -vz helloworld-webserver 80; sleep 60"
podman 3.3.1
podman 3.4.4
Anyway, sounds like you have a plan to resolve this. Looking forward to a fix. |
I believe this is fixed, Please check on podman 4.0 or against master. |
There is no PR linked so when was this fixed? I do not remember PRs for this. |
Perhaps not, I know I looked into this, but not sure if I ever fixed it. |
When one container shares the network namespace with another container or with a Pod, there should be an entry added to the /etc/hosts file for the second container. Fixes: containers#12003 Signed-off-by: Daniel J Walsh <[email protected]>
FWIW, I found this issue when googling for problems with DNS resolution among my containers. Turns out I was just missing the |
A friendly reminder that this issue had no activity for 30 days. |
Use the new logic from c/common to create the hosts file. This will help to better allign the hosts files between buildah and podman. Also this fixes several bugs: - remove host entries when container is stopped and has a netNsCtr - add entries for containers in a pod - do not duplicate entries in the hosts file - use the correct slirp ip when an userns is used Features: - configure host.containers.internal entry in containers.conf - configure base hosts file in containers.conf Fixes containers#12003 Fixes containers#13224 Signed-off-by: Paul Holzinger <[email protected]>
Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line)
/kind bug
Description
Example: a pod starts 3 containers named
example-mariadb
,example-php
andexample-httpd
. Because their/etc/hosts
file is missing the required entries, they cannot locate one another through hostname resolution. In this example, PHP fails to locate the MariaDB container by hostnameexample-mariadb
. As a symptom PHP logs the error:/etc/hosts
available inside containers before v3.4:/etc/hosts
available inside containers in v3.4:Changes in v3.4 that may have caused the regression: #11411, #11596
Steps to reproduce the issue:
Build and start the pod at https://1drv.ms/u/s!ApqEOOKoIKfoeo7T9Yp5pk5cM9U?e=c0Q086
Exec into the shell of one of the containers and check its
/etc/hosts
.Output of
podman version
:Output of
podman info --debug
:Package info (e.g. output of
rpm -q podman
orapt list podman
):Have you tested with the latest version of Podman and have you checked the Podman Troubleshooting Guide? (https://github.com/containers/podman/blob/master/troubleshooting.md)
Yes
Additional environment details (AWS, VirtualBox, physical, etc.):
Fedora Workstation 34 (amd64).
The text was updated successfully, but these errors were encountered: