Skip to content

Commit 8b6cb11

Browse files
adrianrioboclaude
andcommitted
fix(gitlab): propagate host DNS servers into Podman build containers
Detect the host's upstream DNS servers at runner setup time and write them to /etc/containers/containers.conf so Podman propagates them into every container it creates, including the nested inner containers spawned by `podman build` RUN steps. Without this, inner build containers inherit the systemd-resolved loopback stub (127.0.0.53) which is unreachable from inside a container, causing intermittent "Could not resolve host" failures for external domains. Detection tries resolvectl, nmcli, and /etc/resolv.conf in order, filtering out loopback addresses at each step. The existence check and in-place replacement are scoped to the [containers] section via awk to avoid false-positive matches in other sections (e.g. [network]). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
1 parent 2a1f1fc commit 8b6cb11

1 file changed

Lines changed: 52 additions & 0 deletions

File tree

pkg/integrations/gitlab/snippet-linux.sh

Lines changed: 52 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -14,6 +14,58 @@ sudo restorecon -v /usr/bin/gitlab-runner 2>/dev/null || true
1414
# Enable Podman socket so the docker executor can reach it
1515
sudo systemctl enable --now podman.socket
1616

17+
# Detect the host's upstream DNS servers and propagate them into every Podman
18+
# container (including nested build containers created by `podman build`).
19+
# Without this, inner build containers inherit a loopback stub address
20+
# (127.0.0.53 / systemd-resolved) that is unreachable from inside a container,
21+
# causing DNS resolution failures like "Could not resolve host: github.com".
22+
_dns_servers=""
23+
if command -v resolvectl &>/dev/null; then
24+
_dns_servers=$(resolvectl dns 2>/dev/null \
25+
| awk '{for(i=2;i<=NF;i++) print $i}' \
26+
| grep -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$' \
27+
| sort -u | tr '\n' ' ' | xargs)
28+
fi
29+
if [ -z "$_dns_servers" ] && command -v nmcli &>/dev/null; then
30+
_dns_servers=$(nmcli dev show 2>/dev/null \
31+
| awk '/IP4\.DNS/ {print $2}' \
32+
| tr '\n' ' ' | xargs)
33+
fi
34+
if [ -z "$_dns_servers" ]; then
35+
_dns_servers=$(awk '/^nameserver/ && $2 !~ /^127\./ {print $2}' /etc/resolv.conf \
36+
| tr '\n' ' ' | xargs)
37+
fi
38+
if [ -n "$_dns_servers" ]; then
39+
_toml_list=""
40+
for _ip in $_dns_servers; do
41+
[ -n "$_toml_list" ] && _toml_list="${_toml_list}, "
42+
_toml_list="${_toml_list}\"${_ip}\""
43+
done
44+
sudo mkdir -p /etc/containers
45+
if [ ! -f /etc/containers/containers.conf ]; then
46+
printf '[containers]\ndns_servers = [%s]\n' "$_toml_list" \
47+
| sudo tee /etc/containers/containers.conf > /dev/null
48+
elif grep -q '^\[containers\]' /etc/containers/containers.conf; then
49+
# Scope the dns_servers check to the [containers] section only
50+
if awk '/^\[containers\]/{f=1;next} /^\[/{f=0} f && /^dns_servers/{found=1} END{exit !found}' \
51+
/etc/containers/containers.conf; then
52+
# Replace dns_servers only within [containers]
53+
awk -v "val=dns_servers = [${_toml_list}]" \
54+
'/^\[containers\]/{s=1} /^\[/ && !/^\[containers\]/{s=0}
55+
s && /^dns_servers/{$0=val} 1' \
56+
/etc/containers/containers.conf \
57+
| sudo tee /etc/containers/containers.conf.tmp > /dev/null \
58+
&& sudo mv /etc/containers/containers.conf.tmp /etc/containers/containers.conf
59+
else
60+
sudo sed -i "/^\[containers\]/a dns_servers = [${_toml_list}]" \
61+
/etc/containers/containers.conf
62+
fi
63+
else
64+
printf '\n[containers]\ndns_servers = [%s]\n' "$_toml_list" \
65+
| sudo tee -a /etc/containers/containers.conf > /dev/null
66+
fi
67+
fi
68+
1769
# Register runner using docker executor backed by Podman
1870
# --docker-privileged is required for Podman: containers need CAP_SYS_ADMIN to mount /proc
1971
sudo gitlab-runner register \

0 commit comments

Comments
 (0)