Update error name resolution
Closed this issue · 5 comments
Bug Report
Since always zincaty refuse to "find" the hostname (even if the host himself can do it, even ping or curl the same domain perfectly as if zincaty where trying to force a dns (sub resolver or direct dns) who fail in my environment.
Environment
Environment that actively block any uncontrolled DNS, by blocking port 53 (and any other secure port), the host resolve himself (sub resolver is disabled of systemd since my server dns fail to start with it), and Network manager point the dns to himself.
What hardware/cloud provider/hypervisor is being used?
Miniforum device (testing purpose)/ bare metal direct internet connection.
Expected Behavior
Zincati resolve normally
Actual Behavior
May 07 23:27:56 wednesday systemd[1]: Starting zincati.service - Zincati Update Agent...
May 07 23:27:56 wednesday zincati[1267]: [INFO zincati::cli::agent] starting update agent (zincati 0.0.27)
May 07 23:27:57 wednesday zincati[1267]: [INFO zincati::cincinnati] Cincinnati service: https://updates.coreos.fedoraproject.org
May 07 23:27:57 wednesday zincati[1267]: [INFO zincati::cli::agent] agent running on node 'ebca538ce0d7419fa6b2b15bead00f45', in update group 'default'
May 07 23:27:57 wednesday zincati[1267]: [INFO zincati::update_agent::actor] registering as the update driver for rpm-ostree
May 07 23:27:57 wednesday zincati[1267]: [INFO zincati::update_agent::actor] initialization complete, auto-updates logic enabled
May 07 23:27:57 wednesday zincati[1267]: [INFO zincati::strategy] update strategy: immediate
May 07 23:27:57 wednesday zincati[1267]: [INFO zincati::update_agent::actor] reached steady state, periodically polling for updates
May 07 23:27:57 wednesday systemd[1]: Started zincati.service - Zincati Update Agent.
May 07 23:27:57 wednesday zincati[1267]: [ERROR zincati::cincinnati] failed to check Cincinnati for updates: client-side error: error sending request for url [...] fault): error trying to connect: dns error: failed to lookup address information: Temporary failure in name resolution
So my first reflex was to do a DIG on the same device for the "unresolvable domain" :
#dig updates.coreos.fedoraproject.org
; <<>> DiG 9.18.24 <<>> updates.coreos.fedoraproject.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37765
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 10, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;updates.coreos.fedoraproject.org. IN A
;; ANSWER SECTION:
updates.coreos.fedoraproject.org. 3356 IN CNAME wildcard.fedoraproject.org.
wildcard.fedoraproject.org. 3356 IN A 8.43.85.67
wildcard.fedoraproject.org. 3356 IN A 8.43.85.73
wildcard.fedoraproject.org. 3356 IN A 34.221.3.152
wildcard.fedoraproject.org. 3356 IN A 38.145.60.20
wildcard.fedoraproject.org. 3356 IN A 38.145.60.21
wildcard.fedoraproject.org. 3356 IN A 67.219.144.68
wildcard.fedoraproject.org. 3356 IN A 140.211.169.196
wildcard.fedoraproject.org. 3356 IN A 152.19.134.142
wildcard.fedoraproject.org. 3356 IN A 152.19.134.198
;; Query time: 0 msec
;; SERVER: 192.168.6.3#53(192.168.6.3) (UDP)
;; WHEN: Tue May 07 23:37:19 CEST 2024
;; MSG SIZE rcvd: 228
Witch mean he can resolve it only zincaty cannot, if you have any idea I take them.
Other Information
# rpm-ostree status
State: idle
AutomaticUpdatesDriver: Zincati
DriverState: active; periodically polling for updates (last checked Tue 2024-05-07 21:33:15 UTC)
Deployments:
● fedora:fedora/x86_64/coreos/stable
Version: 39.20240407.3.0 (2024-04-19T18:34:05Z)
Commit: 4f5997a887d92f19f6ce564069511115138916a37d7b30e2bfd027c5e5158e63
GPGSignature: Valid signature by E8F23996F23218640CB44CBE75CF5AC418B8E74C
This was closed.. Not an issue? Figure it out?
This was closed.. Not an issue? Figure it out?
More a new error message appeared, and I search to see if it's not a "local" issue before potentially losing precious time of dev / debug.
May 05 22:37:21 wednesday zincati[4057]: [INFO zincati::cincinnati] current release detected as not a dead-end
After that I may have done domthing that restarted zincati.
May 05 23:43:17 wednesday zincati[1766]: [INFO zincati::cli::agent] starting update agent (zincati 0.0.27)
May 05 23:43:17 wednesday zincati[1766]: [INFO zincati::cincinnati] Cincinnati service: https://updates.coreos.fedoraproject.org
May 05 23:43:17 wednesday zincati[1766]: [INFO zincati::cli::agent] agent running on node 'ebca538ce0d7419fa6b2b15bead00f45', in update group 'default'
May 05 23:43:17 wednesday zincati[1766]: [INFO zincati::update_agent::actor] registering as the update driver for rpm-ostree
May 05 23:43:17 wednesday zincati[1766]: [INFO zincati::update_agent::actor] initialization complete, auto-updates logic enabled
May 05 23:43:17 wednesday zincati[1766]: [INFO zincati::strategy] update strategy: immediate
May 05 23:43:17 wednesday zincati[1766]: [INFO zincati::update_agent::actor] reached steady state, periodically polling for updates
But since simply restarting it don't fix it every time I search what I may have done to "fix" it.
If I cannot find a definitive fix I will reopen, thanks for the answer.
The dns error you saw originally may have been zincati starting before networking was fully up on the machine. In that case it's normal and the next check (usually in about 5 minutes) will successfully resolve the domain and everything will work from there.
The dns error you saw originally may have been zincati starting before networking was fully up on the machine. In that case it's normal and the next check (usually in about 5 minutes) will successfully resolve the domain and everything will work from there.
So does that mean that
May 05 22:37:21 wednesday zincati[4057]: [INFO zincati::cincinnati] current release detected as not a dead-end
is the equivalent of "we have connected and this version is updatable (meaning supported to be updated)" ?
if it's the case I found the issue locally
May 05 22:37:21 wednesday zincati[4057]: [INFO zincati::cincinnati] current release detected as not a dead-end
All this means is that zincati recognizes the currently booted software as "not a dead-end", meaning it is eligible for updates. We have the concept of dead end releases that we deem aren't upgradable and we have code to handle that.
So yes: "we have connected and this version is updatable (meaning supported to be updated)" ✅