Skip to content

OCPBUGS-60288: check ipv6 dns during bootkube #9876

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

OCPBUGS-60288: check ipv6 dns during bootkube #9876

wants to merge 1 commit into from

Conversation

patrickdillon
Copy link
Contributor

@patrickdillon patrickdillon commented Aug 11, 2025
edited
Loading

The dig command only returns results for A records by default. For single-stack ipv6, we need to also check for AAAA records so as not to block bootkube so we don't send false negative warnings that we can't resolve DNS when we actually can.

Should cut down on this warning in bootkube:

Aug 10 19:18:51 localhost.localdomain bootkube.sh[13821]: Check if API URL is resolvable during bootstrap
Aug 10 19:18:51 localhost.localdomain bootkube.sh[13821]: Checking if api.ck07.rh.ser.tn of type API_URL is resolvable
Aug 10 19:18:51 localhost.localdomain bootkube.sh[13821]: Starting stage resolve-api-url
Aug 10 19:18:51 localhost.localdomain bootkube.sh[13821]: Unable to resolve API_URL api.ck07.rh.ser.tn
Aug 10 19:18:51 localhost.localdomain bootkube.sh[13821]: Check if API-Int URL is resolvable during bootstrap
Aug 10 19:18:51 localhost.localdomain bootkube.sh[13821]: Checking if api-int.ck07.rh.ser.tn of type API_INT_URL is resolvable
Aug 10 19:18:51 localhost.localdomain bootkube.sh[13821]: Starting stage resolve-api-int-url
Aug 10 19:18:52 localhost.localdomain bootkube.sh[13821]: Unable to resolve API_INT_URL api-int.ck07.rh.ser.tn

@patrickdillon
OCPBUGS-60288: check ipv6 dns during bootkube
76dc81f 
The dig command only returns results for A records by default. For
single-stack ipv6, we need to also check for AAAA records so as not
to block bootkube.
@openshift-ci-robot openshift-ci-robot added jira/severity-critical Referenced Jira bug's severity is critical for the branch this PR is targeting. jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. jira/invalid-bug Indicates that a referenced Jira bug is invalid for the branch this PR is targeting. labels Aug 11, 2025
@openshift-ci-robot
Copy link
Contributor

@patrickdillon: This pull request references Jira Issue OCPBUGS-60288, which is invalid:

  • expected the bug to target the "4.20.0" version, but no target version was set

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

The bug has been updated to refer to the pull request using the external bug tracker.

In response to this:

The dig command only returns results for A records by default. For single-stack ipv6, we need to also check for AAAA records so as not to block bootkube.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@patrickdillon
Copy link
Contributor Author

/test ?

@openshift-ci OpenShift CI
Copy link
Contributor

openshift-ci bot commented Aug 11, 2025

@patrickdillon: The following commands are available to trigger required jobs:

/test artifacts-images

/test e2e-agent-compact-ipv4

/test e2e-aws-ovn

/test e2e-aws-ovn-edge-zones-manifest-validation

/test e2e-aws-ovn-upi

/test e2e-azure-nat-gateway-single-zone

/test e2e-azure-ovn

/test e2e-gcp-ovn

/test e2e-gcp-ovn-upi

/test e2e-metal-ipi-ovn-ipv6

/test e2e-openstack-ovn

/test e2e-vsphere-ovn

/test e2e-vsphere-ovn-upi

/test gofmt

/test golint

/test govet

/test images

/test integration-tests

/test integration-tests-nodejoiner

/test okd-scos-images

/test openstack-manifests

/test unit

/test verify-codegen

/test verify-deps

/test verify-vendor

The following commands are available to trigger optional jobs:

/test aws-private

/test azure-ovn-marketplace-images

/test azure-private

/test e2e-agent-4control-ipv4

/test e2e-agent-5control-ipv4

/test e2e-agent-compact-ipv4-appliance-diskimage

/test e2e-agent-compact-ipv4-none-platform

/test e2e-agent-compact-ipv6-minimaliso

/test e2e-agent-ha-dualstack

/test e2e-agent-sno-ipv4-pxe

/test e2e-agent-sno-ipv6

/test e2e-aws-byo-subnet-role-security-groups

/test e2e-aws-default-config

/test e2e-aws-overlay-mtu-ovn-1200

/test e2e-aws-ovn-custom-iam-profile

/test e2e-aws-ovn-edge-zones

/test e2e-aws-ovn-fips

/test e2e-aws-ovn-heterogeneous

/test e2e-aws-ovn-imdsv2

/test e2e-aws-ovn-proxy

/test e2e-aws-ovn-public-ipv4-pool

/test e2e-aws-ovn-public-ipv4-pool-disabled

/test e2e-aws-ovn-public-subnets

/test e2e-aws-ovn-shared-vpc-custom-security-groups

/test e2e-aws-ovn-shared-vpc-edge-zones

/test e2e-aws-ovn-single-node

/test e2e-aws-ovn-techpreview

/test e2e-aws-ovn-upgrade

/test e2e-aws-ovn-user-provisioned-dns

/test e2e-aws-upi-proxy

/test e2e-azure-default-config

/test e2e-azure-ovn-multidisk-techpreview

/test e2e-azure-ovn-resourcegroup

/test e2e-azure-ovn-shared-vpc

/test e2e-azure-ovn-techpreview

/test e2e-azure-ovn-upi

/test e2e-azurestack

/test e2e-azurestack-upi

/test e2e-crc

/test e2e-external-aws

/test e2e-external-aws-ccm

/test e2e-gcp-custom-endpoints

/test e2e-gcp-default-config

/test e2e-gcp-ovn-byo-vpc

/test e2e-gcp-ovn-heterogeneous

/test e2e-gcp-ovn-techpreview

/test e2e-gcp-ovn-xpn

/test e2e-gcp-secureboot

/test e2e-gcp-upgrade

/test e2e-gcp-upi-xpn

/test e2e-gcp-xpn-dedicated-dns-project

/test e2e-ibmcloud-ovn

/test e2e-metal-assisted

/test e2e-metal-ipi-ovn

/test e2e-metal-ipi-ovn-dualstack

/test e2e-metal-ipi-ovn-swapped-hosts

/test e2e-metal-ipi-ovn-virtualmedia

/test e2e-metal-ovn-two-node-arbiter

/test e2e-metal-ovn-two-node-fencing

/test e2e-metal-single-node-live-iso

/test e2e-nutanix-ovn

/test e2e-openstack-ccpmso

/test e2e-openstack-ccpmso-zone

/test e2e-openstack-dualstack

/test e2e-openstack-dualstack-upi

/test e2e-openstack-externallb

/test e2e-openstack-nfv-intel

/test e2e-openstack-proxy

/test e2e-openstack-singlestackv6

/test e2e-powervs-capi-ovn

/test e2e-vsphere-externallb-ovn

/test e2e-vsphere-host-groups-ovn-techpreview

/test e2e-vsphere-multi-vcenter-ovn

/test e2e-vsphere-ovn-disk-setup

/test e2e-vsphere-ovn-hybrid-env

/test e2e-vsphere-ovn-multi-disk

/test e2e-vsphere-ovn-multi-network

/test e2e-vsphere-ovn-techpreview

/test e2e-vsphere-ovn-upi-zones

/test e2e-vsphere-ovn-zones

/test e2e-vsphere-ovn-zones-techpreview

/test e2e-vsphere-static-ovn

/test gcp-custom-dns

/test gcp-private

/test okd-scos-e2e-aws-ovn

Use /test all to run the following jobs that were automatically triggered:

pull-ci-openshift-installer-main-artifacts-images

pull-ci-openshift-installer-main-e2e-aws-ovn

pull-ci-openshift-installer-main-e2e-azure-ovn-resourcegroup

pull-ci-openshift-installer-main-e2e-vsphere-host-groups-ovn-techpreview

pull-ci-openshift-installer-main-gofmt

pull-ci-openshift-installer-main-golint

pull-ci-openshift-installer-main-govet

pull-ci-openshift-installer-main-images

pull-ci-openshift-installer-main-okd-scos-e2e-aws-ovn

pull-ci-openshift-installer-main-okd-scos-images

pull-ci-openshift-installer-main-unit

pull-ci-openshift-installer-main-verify-codegen

pull-ci-openshift-installer-main-verify-deps

pull-ci-openshift-installer-main-verify-vendor

In response to this:

/test ?

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@openshift-ci openshift-ci bot requested review from rwsu and sadasu August 11, 2025 15:43
@iurygregory
Copy link
Contributor

/jira refresh

@openshift-ci-robot openshift-ci-robot added jira/valid-bug Indicates that a referenced Jira bug is valid for the branch this PR is targeting. and removed jira/invalid-bug Indicates that a referenced Jira bug is invalid for the branch this PR is targeting. labels Aug 11, 2025
@openshift-ci-robot
Copy link
Contributor

@iurygregory: This pull request references Jira Issue OCPBUGS-60288, which is valid. The bug has been moved to the POST state.

3 validation(s) were run on this bug
  • bug is open, matching expected state (open)
  • bug target version (4.20.0) matches configured target version for branch (4.20.0)
  • bug is in the state New, which is one of the valid states (NEW, ASSIGNED, POST)

Requesting review from QA contact:
/cc @jadhaj

In response to this:

/jira refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@openshift-ci openshift-ci bot requested a review from jadhaj August 11, 2025 16:13
@openshift-ci-robot
Copy link
Contributor

@patrickdillon: This pull request references Jira Issue OCPBUGS-60288, which is valid.

3 validation(s) were run on this bug
  • bug is open, matching expected state (open)
  • bug target version (4.20.0) matches configured target version for branch (4.20.0)
  • bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, POST)

Requesting review from QA contact:
/cc @jadhaj

In response to this:

The dig command only returns results for A records by default. For single-stack ipv6, we need to also check for AAAA records so as not to block bootkube so we don't send false negative warnings that we can't resolve DNS when we actually can.

Should cut down on this warning in bootkube:

Aug 10 19:18:51 localhost.localdomain bootkube.sh[13821]: Check if API URL is resolvable during bootstrap
Aug 10 19:18:51 localhost.localdomain bootkube.sh[13821]: Checking if api.ck07.rh.ser.tn of type API_URL is resolvable
Aug 10 19:18:51 localhost.localdomain bootkube.sh[13821]: Starting stage resolve-api-url
Aug 10 19:18:51 localhost.localdomain bootkube.sh[13821]: Unable to resolve API_URL api.ck07.rh.ser.tn
Aug 10 19:18:51 localhost.localdomain bootkube.sh[13821]: Check if API-Int URL is resolvable during bootstrap
Aug 10 19:18:51 localhost.localdomain bootkube.sh[13821]: Checking if api-int.ck07.rh.ser.tn of type API_INT_URL is resolvable
Aug 10 19:18:51 localhost.localdomain bootkube.sh[13821]: Starting stage resolve-api-int-url
Aug 10 19:18:52 localhost.localdomain bootkube.sh[13821]: Unable to resolve API_INT_URL api-int.ck07.rh.ser.tn

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@openshift-ci OpenShift CI
Copy link
Contributor

openshift-ci bot commented Aug 11, 2025

@patrickdillon: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/e2e-vsphere-host-groups-ovn-techpreview 76dc81f link false /test e2e-vsphere-host-groups-ovn-techpreview
ci/prow/okd-scos-e2e-aws-ovn 76dc81f link false /test okd-scos-e2e-aws-ovn

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

zaneb
zaneb reviewed Aug 12, 2025
View reviewed changes
Copy link
Member

@zaneb zaneb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/approve

data/data/bootstrap/files/usr/local/bin/bootstrap-verify-api-server-urls.sh
@@ -10,7 +10,8 @@ function lookup_url() {
unset IPS
Copy link
Member

@zaneb zaneb Aug 12, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think this is a bug (yet), but I'd sure feel more comfortable if this said local instead of unset.

data/data/bootstrap/files/usr/local/bin/bootstrap-verify-api-server-urls.sh
@@ -10,7 +10,8 @@ function lookup_url() {
unset IPS
unset IP
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

IP isn't even used in this function any more.

@openshift-ci OpenShift CI
Copy link
Contributor

openshift-ci bot commented Aug 12, 2025

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: zaneb

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Aug 12, 2025
zaneb
zaneb reviewed Aug 13, 2025
View reviewed changes
Copy link
Member

@zaneb zaneb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This whole lookup_url function (which looks up a domain name, not a URL) could be replaced with nslookup, which does both A and AAAA lookups by default, prints some helpful debugging information, and returns an error code indicating whether the domain resolved successfully or not:

$ nslookup www.google.com; echo "Result: $?"
Server:		127.0.0.53
Address:	127.0.0.53#53

Non-authoritative answer:
Name:	www.google.com
Address: 142.250.66.196
Name:	www.google.com
Address: 2404:6800:4006:811::2004

Result: 0
$ 
$ nslookup wvw.google.com; echo "Result: $?"
Server:		127.0.0.53
Address:	127.0.0.53#53

** server can't find wvw.google.com: NXDOMAIN

Result: 1

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zaneb zaneb zaneb left review comments

@rwsu rwsu Awaiting requested review from rwsu

@sadasu sadasu Awaiting requested review from sadasu

@jadhaj jadhaj Awaiting requested review from jadhaj

Assignees
No one assigned
Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. jira/severity-critical Referenced Jira bug's severity is critical for the branch this PR is targeting. jira/valid-bug Indicates that a referenced Jira bug is valid for the branch this PR is targeting. jira/valid-reference Indicates that this PR references a valid Jira ticket of any type.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@patrickdillon @openshift-ci-robot @iurygregory @zaneb