No network on Azure
jsommr opened this issue · 2 comments
I'm using Axum and Reqwest in Rust, and it works in QEMU. I just ops run -p 3000 target/release/program.
I can deploy it to Azure with
ops pkg from-run target/release/program --name program -v 1 --imagename program
ops image create -t azure -c config.cloud.json -l --package program_1
where config.cloud.json has CloudConfig { Zone, BucketName }.
It boots, the web server runs and I can access it on the VM's public ip.
But I can't make http requests due to a dns resolution failure. So I copied /lib/x86_64-linux-gnu/libnss_dns.so.2 and /etc/ssl/certs/ca-certificates.crt into the image, so tree ~/.ops/local_packages/program/sysroot/ looks like this:
├── etc
│ └── ssl
│ └── certs
│ └── ca-certificates.crt
├── lib
│ └── x86_64-linux-gnu
│ ├── libcrypto.so.3
│ ├── libc.so.6
│ ├── libgcc_s.so.1
│ ├── libm.so.6
│ ├── libnss_dns.so.2
│ └── libssl.so.3
└── lib64
└── ld-linux-x86-64.so.2
7 directories, 9 files
It didn't make a difference.
I then saw that ops add resolve.conf. I created VM in Azure and cat /etc/resolv.conf gave:
nameserver 168.63.129.16
search .
I tried to add it, but ops overwrites it. I then added "NameServers": ["168.63.129.16"] to the config.json for the pkg --from-run command and have verified that it turns up in the image, but without search .. I deployed the image and couldn't access the http server anymore.
What am I doing wrong?
this could be related to how you are building your rust - I know diff. frameworks/targets can and will use diff. tls; not sure if that is what you are hitting though
ops does by default inject 8.8.8.8
when you say it works locally - you are able to make the outgoing connection && it does dns resolution locally? if not can you try this?
https://gist.github.com/eyberg/b5811f16632d48f6168ac1192ac0f308
if that works locally then something else is going on
Ian, I'm a total noob. Thank you for taking the time to answer my question. I have been deploying a million times, and when I finally found the fix (copying libnss and the certificates to the machine) I forgot to open port 80. Sorry for wasting your time.
At least it's documented now: To be able to resolve DNS names on Azure, you also need to have { "NameServers": ["168.63.129.16"] } in your config.json.