NameServer baked into default qcow2 image in /etc/resolv.conf?

General support questions
Post Reply
User avatar
zimmertr
Posts: 4
Joined: 2018/10/29 23:04:59
Location: Seattle, Wa
Contact:

NameServer baked into default qcow2 image in /etc/resolv.conf?

Post by zimmertr » 2018/10/29 23:17:47

Hello, I have been writing an Ansible project to automatically deploy a Kubernetes cluster on my Proxmox server using qemu. I was repeatedly encountering an issue where SSH would not respond fast enough to the Gathering Facts stage, when Ansible tried to connect to the VMs for the first time to configure them.

After some research, I learned that this was because my VMs had 10.0.2.3 listed as the first nameserver in /etc/resolv.conf. I learned that this is injected when a NAT interface is configured because a Bridge interface is not specified. From the documentation for Proxmox qm:
The NIC you added to the VM can follow one of two different models:

in the default Bridged mode each virtual NIC is backed on the host by a tap device, ( a software loopback device simulating an Ethernet NIC ). This tap device is added to a bridge, by default vmbr0 in Proxmox VE. In this mode, VMs have direct access to the Ethernet LAN on which the host is located.

in the alternative NAT mode, each virtual NIC will only communicate with the Qemu user networking stack, where a built-in router and DHCP server can provide network access. This built-in DHCP will serve addresses in the private 10.0.2.0/24 range. The NAT mode is much slower than the bridged mode, and should only be used for testing. This mode is only available via CLI or the API, but not via the WebUI.
The thing is, I was configuring the VM to use a Bridge Interface in the --net0 flag for qm create. Here are my commands:

Code: Select all

qm create 170 --cores 2 --memory 4096 --net0 "virtio,bridge=vmbr0" --ipconfig0 "gw=192.168.1.1,ip=192.168.1.170/24" --nameserver 192.168.1.10 --searchdomain "sol.milkyway" --sshkeys /root/.ssh/sol.milkyway.kubernetes.pub

wget https://cloud.centos.org/centos/7/images/CentOS-7-x86_64-GenericCloud.qcow2c -O /tmp/CentOS7.qcow2c

qm importdisk 170 /tmp/CentOS7.qcow2c Proxmox_lvm-thin

qm set 170 --scsihw virtio-scsi-pci --scsi0 Proxmox_lvm-thin:vm-170-disk-0

qm resize 170 scsi0 50G

qm set 170 --ide2 Proxmox_lvm-thin:cloudinit

qm set 170 --boot c --bootdisk scsi0

qm start 170
Much to my chagrin though, when I would manually connect to these instances and check /etc/resolv.conf, I would find that 10.0.2.3 was there.

Code: Select all

[centos@VM170 ~]$ cat /etc/resolv.conf
; Created by cloud-init on instance boot automatically, do not edit.
;
# Generated by NetworkManager
nameserver 10.0.2.3
nameserver 192.168.1.10
search sol.milkyway
So, I decided to mount the raw qcow2 image I downloaded from the CentOS servers and check the content of /etc/resolv.conf before it was used to bootstrap my VMs.

Code: Select all

modprobe nbd max_part=8

qemu-nbd --connect=/dev/nbd0 /tmp/CentOS7.qcow2c 

fdisk -l /dev/nbd0

mount /dev/nbd0p1 /mnt/tmp

cat /mnt/tmp/etc/resolv.conf 
And I found something quite strange.

Code: Select all

# Generated by NetworkManager
nameserver 10.0.2.3
Why is this nameserver baked into an official qcow2 image? Is this a bug? If not, this effectively breaks Ansible as this DNS server does not exist on my network. And, since sshd is configured to use the UseDNS yes directive by default, it attempts to perform a reverse NS lookup against my workstation when I connect to the server. Using that DNS server, which does not exist. Effectively causing Ansible to timeout.

EDIT: If it wasn't clear from my wget command above, this is the source of the qcow2 image: https://cloud.centos.org/centos/7/image ... oud.qcow2c

However, I can confirm it also exists in these images as well:

Code: Select all

CentOS-7-x86_64-GenericCloud.qcow2
CentOS-7-x86_64-GenericCloud-1809.qcow2
CentOS-7-x86_64-GenericCloud-1808.qcow2

User avatar
zimmertr
Posts: 4
Joined: 2018/10/29 23:04:59
Location: Seattle, Wa
Contact:

Re: NameServer baked into default qcow2 image in /etc/resolv.conf?

Post by zimmertr » 2018/10/31 17:13:48

https://media.giphy.com/media/sW6P26sp3HFvy/giphy.gif

Should I be posting somewhere else for this?

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: NameServer baked into default qcow2 image in /etc/resolv.conf?

Post by TrevorH » 2018/10/31 17:25:29

The correct place would be bugs.centos.org but I see you already reported it there. In any case, 7.6 just dropped so this is unlikely to get any attention until that's built and release and as part of that there will doubtless be new images so hopefully it'll get fixed. Save me searching for it, what was the bugs.c.o. ticket number and I'll add something to the checklist for 7.6 to try to get it fixed.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

User avatar
zimmertr
Posts: 4
Joined: 2018/10/29 23:04:59
Location: Seattle, Wa
Contact:

Re: NameServer baked into default qcow2 image in /etc/resolv.conf?

Post by zimmertr » 2018/10/31 20:14:41

TrevorH wrote:
2018/10/31 17:25:29
The correct place would be bugs.centos.org but I see you already reported it there. In any case, 7.6 just dropped so this is unlikely to get any attention until that's built and release and as part of that there will doubtless be new images so hopefully it'll get fixed. Save me searching for it, what was the bugs.c.o. ticket number and I'll add something to the checklist for 7.6 to try to get it fixed.
Hi TrevorH, thanks for your response.

I actually haven't posted it there. Not sure if you saw a similar issue or not. I did hop on IRC about a week ago and asked about this but no one responded to me. So maybe one of them filed a bug silently?

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: NameServer baked into default qcow2 image in /etc/resolv.conf?

Post by TrevorH » 2018/10/31 22:31:25

No, I went and looked for a bug afterwards and didn't find one. If you raise one there then I think that's the best idea.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

User avatar
zimmertr
Posts: 4
Joined: 2018/10/29 23:04:59
Location: Seattle, Wa
Contact:

Re: NameServer baked into default qcow2 image in /etc/resolv.conf?

Post by zimmertr » 2018/11/01 01:44:29


Post Reply