[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Configure resolv.conf Pods



Ok, I think maybe that was a limitation of old versions. Any chance
you'll be upgrading soon?

On Wed, Oct 5, 2016 at 12:12 PM, Fran Barrera <franbarrera6 gmail com> wrote:
> Ok, I think that now it's working good, the problem was in kubernetes
> service, I had to edit manually and change the port 5353 to 53 and
> targetPort was 5353 so was ok.
>
> But if origin-master is restarted it is changed again.
>
> Fran.
>
> 2016-10-05 17:56 GMT+02:00 Scott Dodson <sdodson redhat com>:
>>
>> Is the node running on the host in question? That would be required
>> for dnsmasq to connect to 172.30.0.1:53 as the kubelet provides those
>> iptables rules. Can you verify that the kubernetes service looks like
>> you'd expect it with the right ports and endpoints? `oc -n default
>> describe svc/kubernetes`
>>
>> --
>> Scott
>>
>> On Wed, Oct 5, 2016 at 11:51 AM, Fran Barrera <franbarrera6 gmail com>
>> wrote:
>> > I tried this:
>> >
>> > # dig @master_ip -p 5353 kubernetes.default.svc.cluster.local
>> > 172.30.0.1
>> >
>> > # dig @master_ip kubernetes.default.svc.cluster.local
>> > -
>> >
>> > If i do this in the other environment, working good. Iptables is
>> > allowing
>> > port 53 and 5353(skydns). It's like dnsmasq isn't working good but the
>> > logs
>> > appears ok
>> >
>> > Fran.
>> >
>> > 2016-10-05 14:05 GMT+02:00 Scott Dodson <sdodson redhat com>:
>> >>
>> >> If skydns is running on a port other than 53 you'll need to pass -p
>> >> flag to dig to specify the port. The kubernetes service (172.30.0.1)
>> >> translates port 53 into the port that skydns is running on so when
>> >> using the service ip that's not necessary, but if you're accessing the
>> >> master's ip you'll have to account for that. Also, this means you need
>> >> firewall rules allowing access on that port between all nodes and your
>> >> master, maybe that's the missing piece?
>> >>
>> >> --
>> >> Scott
>> >>
>> >> On Wed, Oct 5, 2016 at 5:17 AM, Fran Barrera <franbarrera6 gmail com>
>> >> wrote:
>> >> > Ok, I found this:
>> >> >
>> >> > # dig @IP_MASTER kubernetes.default.svc.cluster.local
>> >> > no resolve
>> >> >
>> >> > And if I do this on the other environment resolved correctly.
>> >> >
>> >> > The logs of dnsmasq seems look good:
>> >> >
>> >> > using nameserver 8.8.8.8#53
>> >> > using nameserver 172.30.0.1#53 for domain 30.172.in-addr.arpa
>> >> > using nameserver 172.30.0.1#53 for domain cluster.local
>> >> > read /etc/hosts - 11 addresses
>> >> >
>> >> > Is the same in both environments.
>> >> >
>> >> > And node-config.yaml the dnsIP is set correctly.
>> >> >
>> >> > Thanks,
>> >> > Fran.
>> >> >
>> >> >
>> >> > 2016-10-04 18:08 GMT+02:00 Scott Dodson <sdodson redhat com>:
>> >> >>
>> >> >> Ok, to debug this, at the host level `dig @node-ip
>> >> >> kubernetes.default.svc.cluster.local` and `dig @node-ip
>> >> >> www.google.es`
>> >> >> replace node-ip with the node's ip address, and then review the
>> >> >> journal for dnsmasq, `journalctl -lu dnsmasq`. If everything looks
>> >> >> fine there then I'd verify that the dnsIP is set correctly in
>> >> >> node-config.yaml
>> >> >>
>> >> >> --
>> >> >> Scott
>> >> >>
>> >> >> On Tue, Oct 4, 2016 at 11:35 AM, Fran Barrera
>> >> >> <franbarrera6 gmail com>
>> >> >> wrote:
>> >> >> > No, the problem isn't a conflict port because i've moved skydns to
>> >> >> > port
>> >> >> > 5353.
>> >> >> >
>> >> >> > Now, I have seen a bit more the problem, from a pod I can't
>> >> >> > resolver
>> >> >> > any
>> >> >> > openshift service and if I try a ping to www.google.es for example
>> >> >> > take
>> >> >> > ~ 10
>> >> >> > seconds. It's like dnsmasq is not forwarding to skydns? but my
>> >> >> > configuration
>> >> >> > is the same in both environments.
>> >> >> >
>> >> >> > Thanks,
>> >> >> > Fran.
>> >> >> >
>> >> >> >
>> >> >> >
>> >> >> >
>> >> >> > 2016-10-04 14:53 GMT+02:00 Scott Dodson <sdodson redhat com>:
>> >> >> >>
>> >> >> >> Hmm, I thought it was there in more recent versions too? The
>> >> >> >> reason
>> >> >> >> that this is there is because we want 'fran.project' or 'frans'
>> >> >> >> to
>> >> >> >> use
>> >> >> >> the search path to resolve 'fransapp.project.svc.cluster.local'
>> >> >> >> so
>> >> >> >> pods can reference the service without knowing the FQDN.
>> >> >> >>
>> >> >> >> Can you elaborate on how it's failing in the 1.0.8 environment? I
>> >> >> >> imagine the problem there is that there's probably a conflict on
>> >> >> >> port
>> >> >> >> 53 on your masters which are also nodes? To work around this
>> >> >> >> we've
>> >> >> >> moved skydns to port 8053, check master-config.yaml for
>> >> >> >> dnsConfig.bindAddress and see if it's binding to port 53 or 8053.
>> >> >> >> If
>> >> >> >> you move it to 8053 and restart the master does it help?
>> >> >> >>
>> >> >> >> --
>> >> >> >> Scott
>> >> >> >>
>> >> >> >> On Tue, Oct 4, 2016 at 4:25 AM, Fran Barrera
>> >> >> >> <franbarrera6 gmail com>
>> >> >> >> wrote:
>> >> >> >> > Hi Scott,
>> >> >> >> >
>> >> >> >> > I have configured dnsmasq as you commented and working good in
>> >> >> >> > my
>> >> >> >> > environment, but I have another environment in 1.0.8 version
>> >> >> >> > and
>> >> >> >> > the
>> >> >> >> > problem
>> >> >> >> > is the "option ndots:5" If i delete this option everything
>> >> >> >> > working
>> >> >> >> > good
>> >> >> >> > but
>> >> >> >> > I don't know why Openshift set this automatically in
>> >> >> >> > /etc/resolv.conf
>> >> >> >> >
>> >> >> >> > I see in other version that this options is dissapeared but in
>> >> >> >> > older
>> >> >> >> > version
>> >> >> >> > not. Is there any way to delete this option?
>> >> >> >> >
>> >> >> >> > Thanks,
>> >> >> >> > Fran
>> >> >> >> >
>> >> >> >> > 2016-10-03 14:43 GMT+02:00 Scott Dodson <sdodson redhat com>:
>> >> >> >> >>
>> >> >> >> >> Maybe I'm misunderstanding the question, but you'd configure
>> >> >> >> >> dnsmasq
>> >> >> >> >> to forward 'cluster.local' to skydns and all other requests to
>> >> >> >> >> your
>> >> >> >> >> desired nameservers, place a file in /etc/dnsmasq.d/ like this
>> >> >> >> >>
>> >> >> >> >> strict-order
>> >> >> >> >> no-resolv
>> >> >> >> >> domain-needed
>> >> >> >> >> server=/cluster.local/172.30.0.1
>> >> >> >> >> server=/30.172.in-addr.arpa/172.30.0.1
>> >> >> >> >> server=4.4.4.4
>> >> >> >> >> server=8.8.8.8
>> >> >> >> >>
>> >> >> >> >> Again, the installer does this for you automatically using a
>> >> >> >> >> NetworkManager dispatcher script to configure dnsmasq. You can
>> >> >> >> >> see
>> >> >> >> >> what it does here
>> >> >> >> >>
>> >> >> >> >>
>> >> >> >> >>
>> >> >> >> >>
>> >> >> >> >>
>> >> >> >> >> https://github.com/openshift/openshift-ansible/blob/master/roles/openshift_node_dnsmasq/files/networkmanager/99-origin-dns.sh
>> >> >> >> >>
>> >> >> >> >> On Mon, Oct 3, 2016 at 3:41 AM, Fran Barrera
>> >> >> >> >> <franbarrera6 gmail com>
>> >> >> >> >> wrote:
>> >> >> >> >> > Hi Scott,
>> >> >> >> >> >
>> >> >> >> >> > If I set dnsmasq in the node-config.yaml. How I can forward
>> >> >> >> >> > cluster
>> >> >> >> >> > dns
>> >> >> >> >> > to
>> >> >> >> >> > skydns? Because Openshift services don't have any domain,
>> >> >> >> >> > right?
>> >> >> >> >> >
>> >> >> >> >> > Thanks,
>> >> >> >> >> > Fran
>> >> >> >> >> >
>> >> >> >> >> > 2016-09-30 14:56 GMT+02:00 Scott Dodson
>> >> >> >> >> > <sdodson redhat com>:
>> >> >> >> >> >>
>> >> >> >> >> >> Fran,
>> >> >> >> >> >>
>> >> >> >> >> >> If you set dnsIP in your node-config.yaml file it will make
>> >> >> >> >> >> that
>> >> >> >> >> >> IP
>> >> >> >> >> >> address the first nameserver in your pod's resolv.conf. I
>> >> >> >> >> >> don't
>> >> >> >> >> >> know
>> >> >> >> >> >> how to add timeout options to pod's resolv.conf, but
>> >> >> >> >> >> hopefully
>> >> >> >> >> >> you
>> >> >> >> >> >> should have timeout issues.
>> >> >> >> >> >>
>> >> >> >> >> >> BTW, the installer should be configuring dnsmasq on each
>> >> >> >> >> >> node
>> >> >> >> >> >> and
>> >> >> >> >> >> setting dnsIP to the local host's IP address starting with
>> >> >> >> >> >> Origin
>> >> >> >> >> >> 1.2
>> >> >> >> >> >> and OCP 3.2. dnsmasq is then responsible for forwarding
>> >> >> >> >> >> cluster
>> >> >> >> >> >> dns
>> >> >> >> >> >> to
>> >> >> >> >> >> skydns and other requests to the host's default resolver.
>> >> >> >> >> >>
>> >> >> >> >> >> --
>> >> >> >> >> >> Scott
>> >> >> >> >> >>
>> >> >> >> >> >> On Fri, Sep 30, 2016 at 8:39 AM, Fran Barrera
>> >> >> >> >> >> <franbarrera6 gmail com>
>> >> >> >> >> >> wrote:
>> >> >> >> >> >> > Hi All,
>> >> >> >> >> >> >
>> >> >> >> >> >> > In my environment, the master is the DNS server (dnsmasq)
>> >> >> >> >> >> > and
>> >> >> >> >> >> > my
>> >> >> >> >> >> > problem
>> >> >> >> >> >> > is
>> >> >> >> >> >> > that I have very slow resolution. The resolv.conf of pods
>> >> >> >> >> >> > is:
>> >> >> >> >> >> >
>> >> >> >> >> >> > nameserver 172.30.0.1
>> >> >> >> >> >> > nameserver master_ip
>> >> >> >> >> >> >
>> >> >> >> >> >> > I need to change this conf adding first the master IP or
>> >> >> >> >> >> > add
>> >> >> >> >> >> > a
>> >> >> >> >> >> > options
>> >> >> >> >> >> > timeout because the slow is because try first with
>> >> >> >> >> >> > kubernetes
>> >> >> >> >> >> > dns
>> >> >> >> >> >> > and
>> >> >> >> >> >> > 10
>> >> >> >> >> >> > seconds later try with dns master. I've followed this
>> >> >> >> >> >> > guide
>> >> >> >> >> >> > https://access.redhat.com/solutions/2215521 but not
>> >> >> >> >> >> > change
>> >> >> >> >> >> > anything.
>> >> >> >> >> >> >
>> >> >> >> >> >> > Any helps?
>> >> >> >> >> >> >
>> >> >> >> >> >> >
>> >> >> >> >> >> >
>> >> >> >> >> >> > _______________________________________________
>> >> >> >> >> >> > users mailing list
>> >> >> >> >> >> > users lists openshift redhat com
>> >> >> >> >> >> >
>> >> >> >> >> >> > http://lists.openshift.redhat.com/openshiftmm/listinfo/users
>> >> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >
>> >> >> >> >
>> >> >> >
>> >> >> >
>> >> >
>> >> >
>> >
>> >
>
>



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]