Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[resty.resolver] support ipv6 resolvers #511

Merged
merged 4 commits into from
Nov 30, 2017
Merged

[resty.resolver] support ipv6 resolvers #511

merged 4 commits into from
Nov 30, 2017

Conversation

mikz
Copy link
Contributor

@mikz mikz commented Nov 29, 2017
edited
Loading

Fixes #510

@nmasse-itix do you mind trying it out?

TODO

  • write unit tests
  • try with ipv6 tunnel

@mikz mikz force-pushed the resolver-ipv6 branch 2 times, most recently from ce246d5 to 438c327 Compare November 29, 2017 16:11
@mikz mikz mentioned this pull request Nov 29, 2017
Closed
@mikz mikz requested a review from davidor November 29, 2017 16:12
@nmasse-itix
Copy link
Contributor

Hi @mikz !

I had a look and it seems to work on my machine ! 👍

Just one side note: this time there is no port at the end of the IPv6 address in my resolv.conf. I don't know why there is such difference with my tests this morning...

If I do the test with the ':53' at the end it does not seems correct.

2017/11/29 17:32:12 [info] 97696#2766655: [lua] resolver.lua:132: init_nameservers(): adding [fe80::ba26:6cff:fef6:e526:53]:53 as default nameserver

Otherwise, without the port at the end of the IPv6 address, it works.
I suggest we leave it as is. I will investigate on the ':53' at the end of the IPv6 addresses... :(

$ git pull upstream resolver-ipv6
remote: Counting objects: 47, done.
remote: Compressing objects: 100% (8/8), done.
remote: Total 47 (delta 20), reused 26 (delta 20), pack-reused 19
Unpacking objects: 100% (47/47), done.
From https://github.com/3scale/apicast
 * branch            resolver-ipv6 -> FETCH_HEAD
 * [new branch]      resolver-ipv6 -> upstream/resolver-ipv6
Updating 0613e63..438c327
Fast-forward
 CHANGELOG.md                            |  1 +
 examples/policy_chain/README.md         | 13 +++++++++++++
 examples/policy_chain/configuration.lua | 13 +++++++++++++
 gateway/http.d/init.conf                |  7 +++++++
 gateway/src/apicast/cli/environment.lua |  4 ++++
 gateway/src/apicast/policy/echo.lua     | 35 +++++++++++++++++++++++++++++++----
 gateway/src/resty/resolver.lua          | 30 ++++++++++++++++++++++++++----
 t/resolver.t                            | 34 +++++++++++++++++++++++++++++-----
 8 files changed, 124 insertions(+), 13 deletions(-)
 create mode 100644 examples/policy_chain/README.md
 create mode 100644 examples/policy_chain/configuration.lua


$ cat /etc/resolv.conf 
#
# macOS Notice
#
# This file is not consulted for DNS hostname resolution, address
# resolution, or the DNS query routing mechanism used by most
# processes on this system.
#
# To view the DNS configuration used by this system, use:
#   scutil --dns
#
# SEE ALSO
#   dns-sd(1), scutil(8)
#
# This file is automatically generated.
#
search home
nameserver fe80::ba26:6cff:fef6:e526
nameserver 192.168.1.1

$ ./bin/apicast --dev -vvvv
loading production environment configuration: /Users/nmasse/git/3scale-apicast/gateway/config/production.lua
loading development environment configuration: /Users/nmasse/git/3scale-apicast/gateway/config/development.lua
nginx: [alert] lua_code_cache is off; this will hurt performance in /tmp/lua_CHnQGI:35
2017/11/29 17:29:43 [debug] 96615#2758434: [lua] resolver.lua:90: parse_nameservers(): /etc/resolv.conf:
#
# macOS Notice
#
# This file is not consulted for DNS hostname resolution, address
# resolution, or the DNS query routing mechanism used by most
# processes on this system.
#
# To view the DNS configuration used by this system, use:
#   scutil --dns
#
# SEE ALSO
#   dns-sd(1), scutil(8)
#
# This file is automatically generated.
#
search home
nameserver fe80::ba26:6cff:fef6:e526
nameserver 192.168.1.1

2017/11/29 17:29:43 [debug] 96615#2758434: [lua] resolver.lua:97: parse_nameservers(): search home
2017/11/29 17:29:43 [debug] 96615#2758434: [lua] resolver.lua:99: parse_nameservers(): search domain: home
2017/11/29 17:29:43 [info] 96615#2758434: [lua] resolver.lua:132: init_nameservers(): adding [fe80::ba26:6cff:fef6:e526]:53 as default nameserver
2017/11/29 17:29:43 [info] 96615#2758434: [lua] resolver.lua:132: init_nameservers(): adding 192.168.1.1:53 as default nameserver
2017/11/29 17:29:43 [info] 96615#2758434: [lua] resolver.lua:137: init_nameservers(): adding home as search domain
2017/11/29 17:29:43 [debug] 96615#2758434: [lua] env.lua:86: fetch(): env: SSL_CERT_FILE = nil
2017/11/29 17:29:43 [debug] 96615#2758434: [lua] policy_chain.lua:75: load(): loading policy module: apicast.policy.apicast
2017/11/29 17:29:43 [debug] 96615#2758434: [lua] policy_chain.lua:75: load(): loading policy module: apicast.policy.load_configuration
2017/11/29 17:29:43 [debug] 96615#2758434: [lua] env.lua:86: fetch(): env: APICAST_PATH_ROUTING_ENABLED = nil
2017/11/29 17:29:43 [debug] 96615#2758434: [lua] env.lua:86: fetch(): env: BACKEND_ENDPOINT_OVERRIDE = nil
2017/11/29 17:29:43 [debug] 96615#2758434: [lua] env.lua:86: fetch(): env: PWD = /Users/nmasse/git/3scale-apicast
2017/11/29 17:29:43 [debug] 96615#2758434: [lua] env.lua:86: fetch(): env: APICAST_CONFIGURATION_LOADER = lazy
2017/11/29 17:29:43 [info] 96615#2758434: [lua] configuration_loader.lua:222: new(): using lazy configuration loader
2017/11/29 17:29:43 [debug] 96615#2758434: [lua] policy_chain.lua:75: load(): loading policy module: apicast.policy.find_service
2017/11/29 17:29:43 [debug] 96615#2758434: [lua] policy_chain.lua:75: load(): loading policy module: apicast.policy.local_chain
2017/11/29 17:29:43 [debug] 96615#2758434: [lua] env.lua:86: fetch(): env: APICAST_CUSTOM_CONFIG = nil
2017/11/29 17:29:43 [debug] 96615#2758434: [lua] env.lua:86: fetch(): env: APICAST_REPORTING_THREADS = nil
2017/11/29 17:29:43 [debug] 96615#2758434: [lua] env.lua:86: fetch(): env: APICAST_RESPONSE_CODES = nil
2017/11/29 17:29:43 [debug] 96615#2758434: [lua] env.lua:86: fetch(): env: APICAST_MODULE = nil
2017/11/29 17:29:43 [debug] 96615#2758434: [lua] policy_chain.lua:75: load(): loading policy module: apicast.policy.apicast
2017/11/29 17:29:43 [debug] 96615#2758434: [lua] resolver.lua:90: parse_nameservers(): /etc/resolv.conf:
#
# macOS Notice
#
# This file is not consulted for DNS hostname resolution, address
# resolution, or the DNS query routing mechanism used by most
# processes on this system.
#
# To view the DNS configuration used by this system, use:
#   scutil --dns
#
# SEE ALSO
#   dns-sd(1), scutil(8)
#
# This file is automatically generated.
#
search home
nameserver fe80::ba26:6cff:fef6:e526
nameserver 192.168.1.1

2017/11/29 17:29:43 [debug] 96615#2758434: [lua] resolver.lua:97: parse_nameservers(): search home
2017/11/29 17:29:43 [debug] 96615#2758434: [lua] resolver.lua:99: parse_nameservers(): search domain: home
2017/11/29 17:29:43 [info] 96615#2758434: [lua] resolver.lua:132: init_nameservers(): adding [fe80::ba26:6cff:fef6:e526]:53 as default nameserver
2017/11/29 17:29:43 [info] 96615#2758434: [lua] resolver.lua:132: init_nameservers(): adding 192.168.1.1:53 as default nameserver
2017/11/29 17:29:43 [info] 96615#2758434: [lua] resolver.lua:137: init_nameservers(): adding home as search domain
2017/11/29 17:29:43 [debug] 96615#2758434: [lua] env.lua:86: fetch(): env: APICAST_LOADED_ENVIRONMENTS = /Users/nmasse/git/3scale-apicast/gateway/config/production.lua|/Users/nmasse/git/3scale-apicast/gateway/config/development.lua
2017/11/29 17:29:43 [debug] 96615#2758434: [lua] env.lua:86: fetch(): env: APICAST_DIR = nil
2017/11/29 17:29:43 [notice] 96615#2758434: [lua] environment.lua:124: add(): loading environment configuration: /Users/nmasse/git/3scale-apicast/gateway/config/production.lua
2017/11/29 17:29:43 [notice] 96615#2758434: [lua] environment.lua:124: add(): loading environment configuration: /Users/nmasse/git/3scale-apicast/gateway/config/development.lua
sh: sw_vers: command not found
2017/11/29 17:29:43 [debug] 96615#2758434: [lua] policy_chain.lua:75: load(): loading policy module: apicast.policy.load_configuration
2017/11/29 17:29:43 [debug] 96615#2758434: [lua] policy_chain.lua:75: load(): loading policy module: apicast.policy.find_service
2017/11/29 17:29:43 [debug] 96615#2758434: [lua] policy_chain.lua:75: load(): loading policy module: apicast.policy.local_chain
2017/11/29 17:29:43 [debug] 96615#2758434: [lua] env.lua:86: fetch(): env: THREESCALE_DEPLOYMENT_ENV = development
2017/11/29 17:29:43 [notice] 96615#2758434: using the "kqueue" event method
2017/11/29 17:29:43 [warn] 96615#2758434: 16192 worker_connections exceed open file resource limit: 256
2017/11/29 17:29:43 [notice] 96615#2758434: openresty/1.11.2.3
2017/11/29 17:29:43 [notice] 96615#2758434: built by clang 8.1.0 (clang-802.0.42)
2017/11/29 17:29:43 [notice] 96615#2758434: OS: Darwin 17.2.0
2017/11/29 17:29:43 [notice] 96615#2758434: hw.ncpu: 8
2017/11/29 17:29:43 [notice] 96615#2758434: net.inet.tcp.sendspace: 131072
2017/11/29 17:29:43 [notice] 96615#2758434: kern.ipc.somaxconn: 128
2017/11/29 17:29:43 [notice] 96615#2758434: getrlimit(RLIMIT_NOFILE): 256:9223372036854775807

@mikz
Copy link
Contributor Author

mikz commented Nov 29, 2017

@nmasse-itix I think the :53 was coming from APIcast itself and was not in the resolv.conf.
There is no way to determine if the trailing :53 is a port or part of the IPv6 address. Thats why they need to have [] around if they appear with a port like [dead::beef]:53 because dead::beef:53 is also a valid IPv6 address.

@mikz
Copy link
Contributor Author

mikz commented Nov 29, 2017

@nmasse-itix thanks for the thorough investigation! And sorry it broke. Unfortunately IPv6 is not as widespread as it should be.

Hopefully we can merge this soon.

davidor
davidor reviewed Nov 29, 2017
View reviewed changes
t/resolver.t Outdated

=== TEST 3: can have ipv6 RESOLVER
RESOLVER env variable can be IPv6 address
--- ONLY
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👀

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hah! I'm going to fix the CI to catch this.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed. And verified it was failing.

@mikz mikz force-pushed the resolver-ipv6 branch 2 times, most recently from 4344391 to c367185 Compare November 29, 2017 18:13
@mikz mikz requested a review from davidor November 29, 2017 18:19
davidor
davidor reviewed Nov 30, 2017
View reviewed changes
gateway/src/resty/resolver.lua Outdated
-- see https://github.com/3scale/apicast/issues/321 for more details
local m

m, err = re_match(resolver, '^(.+?)(?<!:)(?:\\:(\\d+))?$', 'oj')
Copy link
Contributor

@davidor davidor Nov 30, 2017
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If we extract the regex to a constant, readers will be able to know what we need to match here without understanding the regex.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It matches anything optionally followed by just one : and a series of numbers.
I'm not even sure how to call it :)

It needs to match 1.2.3.4:53 and [dead::beef]:53 but not dead::beef::53.

Actually I see there is a bug as it matches the 3rd example as a port. http://rubular.com/r/j6rm3ObFIM

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Updated to extended regex with comments 9226b0b

@mikz mikz force-pushed the resolver-ipv6 branch 2 times, most recently from 9226b0b to 1df4cf4 Compare November 30, 2017 12:42
@mikz
[busted] don't print error logs in tests
7560435 
just print the most critical errors
so we don't see ngx.log statements when running busted
@mikz
[resty.resolver] properly serialize ipv6 nameserver
70720c2
@mikz
[t] use RESOLVER just when necessary
95b0c85 
* the second test does not need it
* and init_worker can get variables set by the env directive
@mikz
[resty.resolver] properly parse ipv6 RESOLVER env
f4fa5b3
davidor
davidor approved these changes Nov 30, 2017
View reviewed changes
Copy link
Contributor

@davidor davidor left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good @mikz 👍

Thanks for your help @nmasse-itix !

@davidor davidor merged commit 1657f15 into master Nov 30, 2017
@davidor davidor deleted the resolver-ipv6 branch November 30, 2017 13:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@davidor davidor davidor approved these changes

Assignees

@mikz mikz

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@mikz @nmasse-itix @davidor