dragonfly
dragonfly copied to clipboard
dragonflydb
Error when systemd `PrivateNetwork=true` is set
Describe the bug
When PrivateNetwork=true is set an error is printed:
dns_resolve.cc:106 Error calling getaddrinfo Temporary failure in name resolution
To Reproduce
- set
PrivateNetwork=trueon the service unit - restart the service
Expected behavior
Detect PrivateNetwork=true setting and bypass DNS.
Environment (please complete the following information):
- OS: Ubuntu 22.0.4
- Kernel: 5.15.0-67-generic
- Dragonfly Version: 1.0
I am not familiar with this setting. If no DNS service is available, are you setting IPs directly?
Main goal of PrivateNetwork=true is to allow a service to listen on loopback only regardless of how the service binary is configured. So, any hostname or IP other than localhost/127.0.0.1/unixsocket can't be used on the service unit, making getaddrinfo useless here.
Other services supports this quite well (redis, nginx...).
Maybe this is connected to https://github.com/dragonflydb/dragonfly/issues/979 as when using that option on redis, TCP is disabled and getaddrinfo is not used.
I will check. (also curious how "localhost" is resolved in that case)
On Thu, Mar 23, 2023 at 7:11 PM solracsf @.***> wrote:
Main goal of PrivateNetwork=true is to allow a service to listen on loopback only regardless of how the service binary is configured. So, any hostname or IP other than localhost/127.0.0.1 can't be used, making getaddrinfo useless here.
Other services supports this quite well (redis, nginx...).
Maybe this is connected to #979 https://github.com/dragonflydb/dragonfly/issues/979 as when using that option on redis, TCP is disabled and getaddrinfo is not used.
— Reply to this email directly, view it on GitHub https://github.com/dragonflydb/dragonfly/issues/983#issuecomment-1481571247, or unsubscribe https://github.com/notifications/unsubscribe-auth/AA4BFCAYFTRXWB3VPEDXTWDW5R753ANCNFSM6AAAAAAWFO6IFA . You are receiving this because you commented.Message ID: @.***>
No problem. Here is how redis is actually configured, if it helps:
[Service]
ProtectSystem=full
RestrictAddressFamilies=AF_UNIX
PrivateNetwork=true
...
and redis.conf
port 0
unixsocket /var/run/redis/redis.sock
also curious how "localhost" is resolved in that case
I think it is not; with port 0 redis is expecting a unixsocket so no need to resolve anything.
https://github.com/redis/redis/blob/e26a769d9627ebecb8607375580970a740348956/redis.conf#L136-L138
Hi, @solracsf, could you provide a minimal working example? When I run Dragonfly as a service with the same parameters as yours, I instead get the error:
Could not open port 6379, error: Address family not supported by protocol
Which makes sense, as Dragonfly attempts to open port 6379 but is instead blocked by PrivateNetwork=true. I could not get the DNS error you mentioned.
Here is the steps I used:
- Create a new service (
myservice.service) by creating a file under/etc/systemd/system/:
# /etc/systemd/system/myservice.service
[Unit]
Description=Testing running Dragonfly as a system service.
[Service]
ExecStart=/path/to/dragonfly --logtostderr
PrivateNetwork=true
ProtectSystem=full
RestrictAddressFamilies=AF_UNIX
- Reload daemons:
sudo systemctl daemon-reload - Launch the service:
sudo systemctl start myservice.service - Dragonfly crashes (by the same reasons as above), but with the error
Could not open port 6379, error: Address family not supported by protocol
which can be viewed using systemctl status myservice.service.
For additional reference, I compiled from source (and tried both debug and release builds).
Did you also set the unixsocket?
I must confess that in the meanwhile I've switched to TCP socket so I can't recall the full config 😞
I have tried to do that as well, no luck there.
I guess now that --port 0 is supported this isn't relevant anymore.