Copy correct resolv.conf for Bottlerocket in debug mode. #4186
Conversation
| err = c.copyFile(filepath.Join(netNSDir, ResolveConfFileName), "/etc/resolv.conf", taskDNSConfigFileMode) | ||
| // Check if the /run/netdog/resolv.conf file exists on the host. For Bottlerocket, instead of /etc/resolv.conf, | ||
| // this is the file we copy to the task network namespace dns config. | ||
| if _, err = c.os.Stat(srcBRResolv); err == nil { |
There was a problem hiding this comment.
Is there a better way to detect if the host is using a bottle rocket AMI?
There was a problem hiding this comment.
I think we should create a bottle-rocket specific platform in Network builder. Maybe not in this PR, but as a todo long-term. I can take that AI.
There was a problem hiding this comment.
Agreed. Thanks Jose
There was a problem hiding this comment.
Is /run/netdog/resolv.conf guaranteed to exist on Bottlerocket only and not on any other supported distros? I second @samjkon's comment.
There was a problem hiding this comment.
I checked with a Bottlerocket Engineer and he confirmed the /run/netdog/resolv.conf will only exist in Bottlerocket. Although we could add additional checks in the if condition to confirm its a BR AMI but I don't feel its necessary since checking for /run/netdog/resolv.conf is sufficient
There was a problem hiding this comment.
The risk with this approach is that you're coupling the ECS Agent with special behavior which is OS/distro-specific. Should Bottlerocket change this behavior, or if other OSes introduce different behavior, then this pattern suggests that we should update the ECS Agent to accommodate that behavior. Instead is it possible to introduce a configuration value to override the default resolv.conf location? By default the option can point to /etc/resolv.conf; should you need to override it, it can instead be configured with whatever distro the ECS Agent is included on.
| ) | ||
|
|
||
| var srcResolv = "/etc/resolv.conf" |
There was a problem hiding this comment.
Instead of making this a var, I would suggest keeping this a const. You can use a local var in the function instead of creating a global var if needed.
There was a problem hiding this comment.
Ack, will make that change
Summary
In EC2 debug mode, while setting up the dns config we copy the `/etc/resolv.conf` to `/etc/netns/(NetNSName)/`. This works fine on AL2 hosts, although on Bottlerocket hosts the `/etc/resolv.conf` is symlinked to a dummy stub `resolv.conf`. Instead the correct file to use for Bottlerocket is at `/run/netdog/resolv.conf`. This change copies the correct file to task network namespace dns config for debug mode on bottlerocket.Implementation details
Check if the file `/run/netdog/resolv.conf` exists on the host and copy it to task network namsepace.Testing
New tests cover the changes: NA
Description for the changelog
Copy correct resolv.conf for Bottlerocket to launch tasks in debug mode.
Does this PR include breaking model changes? If so, Have you added transformation functions? No
Licensing
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.