fix beaker tests #258
fix beaker tests #258
Conversation
b4ldr
force-pushed
the
fix_beaker
branch
4 times, most recently
from
8b0db9d to
4389848
Compare
.github/workflows/ci.yml
Outdated
| steps: | ||
| - name: Enable IPv6 on docker | ||
| run: | | ||
| echo '{"ipv6":true,"fixed-cidr-v6":"2001:db8:1::/64"}' | sudo tee /etc/docker/daemon.json |
There was a problem hiding this comment.
My wild guess is that configuring a nonrouteable prefix might cause issues
There was a problem hiding this comment.
I can test that however Im not sure its what is causing the issue. The the tests are explicitly failing on the following (and only on some combinations of OS + puppet version)
dig +tcp +dnssec SOA dnssec-failed.org @127.0.0.1
but not:
dig +dnssec +cd SOA dnssec-failed.org @127.0.0.1
the nsset for dnssec-failed.org also has ipv4 and ipv6 nameservers so broken ipv6 shouldn't affect unbond in this way
There was a problem hiding this comment.
The fact that the latter command works suggests that unbound is able to fetch all the data it needs to answer the former questions but cant for what ever reason
There was a problem hiding this comment.
Ok turns out you where right, it seems to take a long time fetching all of the DNSSEC material as it needs to first get the DNSKEY/DS set from the the root, org and dnssec-failed.org zone. As the data on dnssec-failed.org is bad by design it checks all 6 name-servers. Further because it thinks it has Ipv6 it has to first timeout on the ipv6 address before trying the v4 address.
the subsequent query works within the time because we dont care about validation so unbound is just sending the bad data from the first thing to respond if its good or not. i have created voxpupuli/modulesync_config#694
b4ldr
force-pushed
the
fix_beaker
branch
10 times, most recently
from
8bda10c to
3293038
Compare
Seems that the beaker tests are sporadicly failing when running the following command dig +dnssec dnssec-failed.org @localhost Try fixing this by using 127.0.0.1 and +tcp
| @@ -15,7 +15,7 @@ | |||
| describe 'unbound class' do | |||
| describe 'running puppet code' do | |||
| it 'work with no errors' do | |||
| pp = "class {'unbound': }" | |||
| pp = "class {'unbound': verbosity => 5, logfile => '/tmp/unbound.log'}" | |||
There was a problem hiding this comment.
If this happens more often, https://github.com/voxpupuli/voxpupuli-acceptance/#environment-variables-to-facts may be a good way to make this easier.
There was a problem hiding this comment.
this was mainly to debug the ipv6 issue and not sure if its genrally usefull but thanks for the pointer
|
Given modulesync 4.0.0 was merged, I think this can be closed now. |
DO NOT MERGE (this is just a to troubleshoot the workspace builds)
Seems that the beacker tests are sporadicly failing when running the
following command
dig +dnssec dnssec-failed.org @localhost
Try fixing this by using 127.0.0.1 and +tcp