Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Alpine linux doesn't have nsswitch configuration file #367

Closed
wrfly opened this issue Dec 9, 2017 · 14 comments
Closed

Alpine linux doesn't have nsswitch configuration file #367

wrfly opened this issue Dec 9, 2017 · 14 comments
Labels
feedback question

Comments

@wrfly
Copy link

wrfly commented Dec 9, 2017 

~ docker pull alpine:latest                    
latest: Pulling from library/alpine
Digest: sha256:ccba511b1d6b5f1d83825a94f9d5b05528db456d9cf14a1ea1db892c939cda64
Status: Image is up to date for alpine:latest
➜  ~ docker run --rm -ti alpine:latest ls /etc/nsswitch.conf
ls: /etc/nsswitch.conf: No such file or directory
➜  ~

Due to this error, the program running based it will never resolve hosts via /etc/hosts but always use DNS.

Users using alpine as their based image should always add an extra nsswitch.conf to it, I think it's not very friendly and we should add the configuration file by default.
@wrfly
Copy link
Author

wrfly commented Dec 9, 2017

influxdata/influxdata-docker#76
ibmruntimes/ci.docker#1
https://gitlab.com/gitlab-org/gitlab-runner/issues/2142
...
...

@ApsOps
Copy link

ApsOps commented Dec 14, 2017

We're facing this too. I noticed that our pods in Kubernetes were making DNS calls for localhost as well.

@llitfkitfk
Copy link

same issue

@tianon
Copy link
Collaborator

tianon commented Dec 15, 2017

The only place we've seen issues with this in the official images is in Go-based binaries (since Go itself uses nsswitch.conf), which is why the Docker-in-Docker official image (and a few other Go-based images) includes a generated nsswitch.conf: https://github.com/docker-library/docker/pull/84/files (and we're likely to add something similar to the Alpine variants of the Go official image at some point)

What I'm not clear on is whether there are other bits of software in Alpine that aren't using Go which read this file?

In digging for docker-library/docker#84, I noticed that Alpine had /etc/nsswitch.conf once upon a time (https://git.alpinelinux.org/cgit/alpine-baselayout/tree/nsswitch.conf?id=d81dc473af456d97e670ccfe78a30dce96d01284), and it was removed years ago without much detail as to why (https://git.alpinelinux.org/cgit/alpine-baselayout/commit/nsswitch.conf?id=86d10e4ceb7c8a5aeb2b772f8b91c28cd6a82c6b), but I presume it's because it's not used by any of Alpine's packages.

@llitfkitfk
Copy link

@tianon
Thanks
It works. https://github.com/docker-library/docker/pull/84/files

@wrfly
Copy link
Author

wrfly commented Dec 15, 2017

Hello @tianon , I tested Python in alpine, and Python do read /etc/hosts before lookup in DNS.

I'm not sure missing nsswitch.conf is a bug since other software didn't use it nor alpine itself. But adding this configuration file by default maybe more friendly to other software who use it, as for many binary use alpine as its base image or run-time image.

What do you think?

@ncopa
Copy link
Collaborator

ncopa commented Dec 28, 2017

As @tianon mentions and as commented here: docker-library/docker#82 (comment) it is Go that is hardcoded to behave as glibc (dns first and then use hosts if it fails) if there is no /etc/nsswitch.conf. musl libc does not use this file at all since it does not implement NSS. I'd say that this is a bug in Go which assumes that linux always is glibc.

@wrfly
Copy link
Author

wrfly commented Dec 29, 2017

@ncopa got that

@wrfly wrfly closed this as completed Dec 29, 2017
@thaJeztah
Copy link

Does this need a bug/enhancement request in Golang?

@wrfly wrfly mentioned this issue Feb 1, 2018
Closed
@wrfly
Copy link
Author

wrfly commented Feb 1, 2018
edited
Loading

Helo @thaJeztah I'm really Sorry about the delay reply...

I'm not sure whether it is a bug because we can not create a nsswitch.conf for others nor help others made the choice. I'm pretty confused about that since it's not Alpine's fault nor the golang.I thought it's just because we chose alpine as our based image(because of the image size).

@thaJeztah
Copy link

Well, mainly was looking at;

I'd say that this is a bug in Go which assumes that linux always is glibc.

Wondering if that needs a solution / should be customisable

@grover grover mentioned this issue Feb 19, 2018
Closed
@aldiyen aldiyen mentioned this issue Apr 25, 2018
Closed
@primeroz
Copy link

Isn't GO one of the main reasons to use Alpine , especially in Kubernetes ?
As far as i understand that this is a GO issue for assuming it is running on glibc is still something that would require a better fix than just say "is a GO Bug" ... is there any known workaround other than having a "localhost" fixed record in the dns ?

I end up with hundreds of request in my dns for "localhost.(Any Number of search domains)"

@tianon
Copy link
Collaborator

tianon commented Sep 26, 2018

The simplest workaround is to create for yourself a trivial one-line nsswitch.conf, as in: https://github.com/docker-library/golang/blob/301d61ac921c9173086e6db1429a4916d894919f/1.11/alpine3.8/Dockerfile#L9

# set up nsswitch.conf for Go's "netgo" implementation
# - https://github.com/golang/go/blob/go1.9.1/src/net/conf.go#L194-L275
# - docker run --rm debian:stretch grep '^hosts:' /etc/nsswitch.conf
RUN [ ! -e /etc/nsswitch.conf ] && echo 'hosts: files dns' > /etc/nsswitch.conf

@BenTheElder BenTheElder mentioned this issue Sep 28, 2018
Closed
This was referenced Nov 14, 2018
Closed
Closed
@mprasil mprasil mentioned this issue Nov 23, 2018
Closed
2opremio pushed a commit to 2opremio/flux that referenced this issue Jan 3, 2019
create minimal nsswitch.conf file in Docker image
4ca0e04 
As a result, /etc/hosts will be prioritized over DNS queries

This resolves the conflict between:
 * fluxd using netgo for static compilation. netgo reads nsswitch.conf to mimic glibc,
   defaulting to prioritize DNS queries over /etc/hosts if nsswitch.conf is missing:
   golang/go#22846
 * Alpine not including a nsswitch.conf file. Since Alpine doesn't use glibc
   (it uses musl), maintainers argue that the need of nsswitch.conf is a Go bug:
   gliderlabs/docker-alpine#367 (comment)
This was referenced Jan 3, 2019
Closed
Merged
@TheBrigandier TheBrigandier mentioned this issue Jan 7, 2019
Closed
This was referenced Apr 22, 2019
Open
Closed
@sagikazarmark sagikazarmark mentioned this issue Jul 25, 2019
Merged
@dan-c-underwood dan-c-underwood mentioned this issue Oct 13, 2019
Closed
Closed
@schnoddelbotz schnoddelbotz mentioned this issue Nov 1, 2019
Closed
@SerialVelocity SerialVelocity mentioned this issue Apr 11, 2020
Closed
@riking
Copy link

riking commented Jun 6, 2020

A potential Go fix would be to implement https://tools.ietf.org/html/draft-ietf-dnsop-let-localhost-be-localhost-02

@tvon tvon mentioned this issue Jun 12, 2020
Closed
@cardil cardil mentioned this issue Aug 10, 2020
Merged
@ghost ghost mentioned this issue Aug 27, 2020
Open
@ecordell ecordell mentioned this issue Sep 2, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feedback question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
9 participants
@ncopa @tianon @andyshinn @riking @thaJeztah @primeroz @ApsOps @llitfkitfk @wrfly