https://rancher.com/ logo
#rancher-desktop
Title
# rancher-desktop
t

tall-kite-83186

05/31/2022, 12:07 PM
Hi here! I tried to add *.start script from my wsl container to do stuff over resolv file but I feel my script is never taken in account when starting rancher-desktop (and thus rancher wsl distro). The file is located here:
C:\Users\casimir.bonnet\AppData\Local\rancher-desktop\resolv.start
w

wide-mechanic-33041

05/31/2022, 1:49 PM
Are you sure you meant /Local and not /Roaming? https://docs.rancherdesktop.io/how-to-guides/provisioning-scripts has them in %APPDATA% and not %LOCALAPPDATA%.
t

tall-kite-83186

05/31/2022, 1:49 PM
Will check now
w

wide-mechanic-33041

05/31/2022, 1:53 PM
I have used them in %APPDATA%\rancher-desktop\provisioning and I see the results both in the UI dialogs, but also in the changes i have scripted
t

tall-kite-83186

05/31/2022, 1:58 PM
I just have been adding them (with LF EOL), but it appears not to be applied... Should I "reset to factory" to get them applied?
w

wide-mechanic-33041

05/31/2022, 1:58 PM
so they are in Roaming but are not being launched?
t

tall-kite-83186

05/31/2022, 1:59 PM
~ # ls /etc/local.d/
README insecure.start resolv.start
I can see them from the wsl distro
But they appears not to have been triggered
if I run "bash -c /etc/local.d/resolv.start" it does work (from the distro)
w

wide-mechanic-33041

05/31/2022, 2:09 PM
you can see if they are being run in %localappdata%/rancher-desktop/logs/wsl-exec.log
should have entries for /etc/local.d/<yourstartfile>
t

tall-kite-83186

05/31/2022, 2:12 PM
Both are present... Perhaps my script doesn't work in the context of wsl during the boostrap... May I hare my snippet here?
w

wide-mechanic-33041

05/31/2022, 2:13 PM
sure and also what you were expecting to occur
t

tall-kite-83186

05/31/2022, 2:15 PM
Copy code
#!/bin/sh
# shellcheck shell=dash

tmp=$(mktemp)
powershell="/mnt/c/Windows/System32/WindowsPowerShell/v1.0/powershell.exe"

removeTempFiles() {
    rm -f "$tmp"
}

echo "Current resolv.conf"
echo "-------------------"
cat /etc/resolv.conf
echo
echo "Creating new resolv.conf"
echo "------------------------"

initial=$(cat /etc/resolv.conf | grep '^nameserver')
added=$($powershell -Command "Get-DnsClientServerAddress -AddressFamily ipv4 | Select-Object -ExpandProperty ServerAddresses")

{
    echo "search mydomain.cpy.local"
    for i in $initial; do
        [ "$i" = "nameserver" ] && continue
        echo nameserver "$i"
    done
    for a in $added; do
        item=$(echo $a | sed -e 's/^[[:space:]]*//' | sed -e 's/\r//g')
        [ "$item" = "nameserver" ] && continue
        contains=0
        for j in $initial; do
            [ "$j" = "nameserver" ] && continue
            [ "$item" = "$j" ] && contains=1 && break
        done
        [ $contains = 0 ] && echo nameserver "$item"
    done
} | tr -d '\r' | tee "$tmp"
(set -x; cp -r "$tmp" /etc/resolv.conf)

removeTempFiles
I expect this to update the resolv file with nameserver from the corporate vpn I use
w

wide-mechanic-33041

05/31/2022, 2:15 PM
well RD doesn’t use resolv.conf really?
t

tall-kite-83186

05/31/2022, 2:16 PM
I uses dnsmask, which is using resolv.conf I guess
"I assume" it to use it
t

tall-kite-83186

05/31/2022, 2:17 PM
BTW, when getting to distro, I can see the resolv file not updated
w

wide-mechanic-33041

05/31/2022, 2:17 PM
i would update data-resolv-conf
yeah doing this in powershell might be a fun activity. 😉
t

tall-kite-83186

05/31/2022, 2:17 PM
I've been trying to update data-resolv-conf, but it would need restart dnsmasq I guess
w

wide-mechanic-33041

05/31/2022, 2:18 PM
not in my experience
t

tall-kite-83186

05/31/2022, 2:18 PM
BTW I'm not sure data-resolv-conf support "search" terms
I can change my script to update the other file, that's not a deal
w

wide-mechanic-33041

05/31/2022, 2:19 PM
is your dns provided by your VPN changing that much?
t

tall-kite-83186

05/31/2022, 2:19 PM
I don't know, really, I'm already fed of it
w

wide-mechanic-33041

05/31/2022, 2:20 PM
i would try and just add one of your internal DNS servers to your data-resolv-conf or use the experimental host resolver
t

tall-kite-83186

05/31/2022, 2:21 PM
I tried the experimental resolver but that didn't cover my case I'm affraid
w

wide-mechanic-33041

05/31/2022, 2:23 PM
well thats interesting since it works outside of the VM be like if Chrome couldn’t look up records on your Intranet
you sure its not some route control policy dropping traffic or a firewall?
t

tall-kite-83186

05/31/2022, 2:25 PM
That's possible, company goes wild with security... 😕 wsl range should be allowed but I have troubles 😞
w

wide-mechanic-33041

05/31/2022, 2:25 PM
well in hostresolver its not coming from WSL any longer
and WSL not using a defined ip space and only rfc1918 is not super helpful
t

tall-kite-83186

05/31/2022, 2:29 PM
Hmmm, I don't get everything about this but I understand it's not that easy
w

wide-mechanic-33041

05/31/2022, 2:31 PM
does DNS work with other WSL distros?
often starting with a known good and working back is helpful
t

tall-kite-83186

05/31/2022, 2:32 PM
not out of the box, I have to trick the resolv.conf file
w

wide-mechanic-33041

05/31/2022, 2:33 PM
you mean add an intranet IP to resolve and then it works
t

tall-kite-83186

05/31/2022, 2:34 PM
In the main wsl2 distro I use (arch) I have to change the resolv.conf file to add VPN DNS entries + search terms to ensure it can reach internet or company network
w

wide-mechanic-33041

05/31/2022, 2:39 PM
i usually skip the search domains personally, but try hard coding a single internal DNS into the dnsmasq.d file and test with dig or whatever
t

tall-kite-83186

05/31/2022, 2:40 PM
Will try so
It appears I almost succeed to allow dns resolution but now I'm failing with "et/http: TLS handshake timeout"
w

wide-mechanic-33041

05/31/2022, 3:31 PM
i use a prov script for MTU for that one.
t

tall-kite-83186

05/31/2022, 3:32 PM
Can you share this?
w

wide-mechanic-33041

05/31/2022, 3:32 PM
sure
Copy code
#!/bin/sh
ip link set mtu 1250 dev eth0
👍 1
t

tall-kite-83186

05/31/2022, 3:36 PM
I believe mtu value should match the one defined in the adapter, isn't it?
w

wide-mechanic-33041

05/31/2022, 3:36 PM
nope
t

tall-kite-83186

05/31/2022, 3:37 PM
Ok, I'll just try this way
w

wide-mechanic-33041

05/31/2022, 3:37 PM
your adapter just uses the default, but with layers of virtualization and then the VPN you will find the header bloat causes fragmentation and that I usually find kills TLS
t

tall-kite-83186

05/31/2022, 3:38 PM
I works with it
Awesome
w

wide-mechanic-33041

05/31/2022, 3:38 PM
now TLS breakdowns can happen for a lot of reasons. but that has been one of the most common in my experience
t

tall-kite-83186

05/31/2022, 3:39 PM
I've seen this as well number of times over troubleshooting threads
f

fast-garage-66093

05/31/2022, 4:34 PM
@tall-kite-83186 Could you let us know why the experimental host resolver does not cover your use case? We want to improve it so it covers most configurations correctly without any further configuration.
t

tall-kite-83186

06/01/2022, 6:46 AM
Well I initially gave a try and got this feature not working. After a 2nd attempt I got it working. I guess I wrongly restarted my RD the first time
15 Views