Channels
academy
amazon
arm
azure
cabpr
chinese
ci-cd
danish
deutsch
developer
elemental
epinio
espanol
events
extensions
fleet
français
gcp
general
harvester
harvester-dev
hobbyfarm
hypper
japanese
k3d
k3os
k3s
k3s-contributor
kim
kubernetes
kubewarden
lima
logging
longhorn-dev
longhorn-storage
masterclass
mesos
mexico
nederlands
neuvector-security
office-hours
one-point-x
onlinemeetup
onlinetraining
opni
os
ozt
phillydotnet
portugues
rancher-desktop
rancher-extensions
rancher-setup
rancher-wrangler
random
rfed_ara
rio
rke
rke2
russian
s3gw
service-mesh
storage
submariner
supermicro-sixsq
swarm
terraform-controller
terraform-provider-rancher2
terraform-provider-rke
theranchcast
training-0110
training-0124
training-0131
training-0207
training-0214
training-1220
ukranian
v16-v21-migration
vsphere
windows
Title
t
tall-kite-83186
05/31/2022, 12:07 PMHi here!
I tried to add *.start script from my wsl container to do stuff over resolv file but I feel my script is never taken in account when starting rancher-desktop (and thus rancher wsl distro). The file is located here:
C:\Users\casimir.bonnet\AppData\Local\rancher-desktop\resolv.start
w
wide-mechanic-33041
05/31/2022, 1:49 PMAre you sure you meant /Local and not /Roaming? https://docs.rancherdesktop.io/how-to-guides/provisioning-scripts has them in %APPDATA% and not %LOCALAPPDATA%.
t
tall-kite-83186
05/31/2022, 1:49 PMWill check now
w
wide-mechanic-33041
05/31/2022, 1:53 PMI have used them in %APPDATA%\rancher-desktop\provisioning and I see the results both in the UI dialogs, but also in the changes i have scripted
t
tall-kite-83186
05/31/2022, 1:58 PMI just have been adding them (with LF EOL), but it appears not to be applied... Should I "reset to factory" to get them applied?
w
wide-mechanic-33041
05/31/2022, 1:58 PMso they are in Roaming but are not being launched?
t
tall-kite-83186
05/31/2022, 1:59 PM~ # ls /etc/local.d/
README insecure.start resolv.start
I can see them from the wsl distro
But they appears not to have been triggered
if I run "bash -c /etc/local.d/resolv.start" it does work (from the distro)
w
wide-mechanic-33041
05/31/2022, 2:09 PMyou can see if they are being run in %localappdata%/rancher-desktop/logs/wsl-exec.log
should have entries for /etc/local.d/<yourstartfile>
t
tall-kite-83186
05/31/2022, 2:12 PMBoth are present... Perhaps my script doesn't work in the context of wsl during the boostrap... May I hare my snippet here?
w
wide-mechanic-33041
05/31/2022, 2:13 PMsure and also what you were expecting to occur
t
tall-kite-83186
05/31/2022, 2:15 PM#!/bin/sh
# shellcheck shell=dash
tmp=$(mktemp)
powershell="/mnt/c/Windows/System32/WindowsPowerShell/v1.0/powershell.exe"
removeTempFiles() {
rm -f "$tmp"
}
echo "Current resolv.conf"
echo "-------------------"
cat /etc/resolv.conf
echo
echo "Creating new resolv.conf"
echo "------------------------"
initial=$(cat /etc/resolv.conf | grep '^nameserver')
added=$($powershell -Command "Get-DnsClientServerAddress -AddressFamily ipv4 | Select-Object -ExpandProperty ServerAddresses")
{
echo "search mydomain.cpy.local"
for i in $initial; do
[ "$i" = "nameserver" ] && continue
echo nameserver "$i"
done
for a in $added; do
item=$(echo $a | sed -e 's/^[[:space:]]*//' | sed -e 's/\r//g')
[ "$item" = "nameserver" ] && continue
contains=0
for j in $initial; do
[ "$j" = "nameserver" ] && continue
[ "$item" = "$j" ] && contains=1 && break
done
[ $contains = 0 ] && echo nameserver "$item"
done
} | tr -d '\r' | tee "$tmp"
(set -x; cp -r "$tmp" /etc/resolv.conf)
removeTempFilesI expect this to update the resolv file with nameserver from the corporate vpn I use
w
wide-mechanic-33041
05/31/2022, 2:15 PMwell RD doesn’t use resolv.conf really?
t
tall-kite-83186
05/31/2022, 2:16 PMI uses dnsmask, which is using resolv.conf I guess
"I assume" it to use it
w
wide-mechanic-33041
05/31/2022, 2:16 PMt
tall-kite-83186
05/31/2022, 2:17 PMBTW, when getting to distro, I can see the resolv file not updated
w
wide-mechanic-33041
05/31/2022, 2:17 PMi would update data-resolv-conf
yeah doing this in powershell might be a fun activity. 😉
t
tall-kite-83186
05/31/2022, 2:17 PMI've been trying to update data-resolv-conf, but it would need restart dnsmasq I guess
w
wide-mechanic-33041
05/31/2022, 2:18 PMnot in my experience
t
tall-kite-83186
05/31/2022, 2:18 PMBTW I'm not sure data-resolv-conf support "search" terms
I can change my script to update the other file, that's not a deal
w
wide-mechanic-33041
05/31/2022, 2:19 PMis your dns provided by your VPN changing that much?
t
tall-kite-83186
05/31/2022, 2:19 PMI don't know, really, I'm already fed of it
w
wide-mechanic-33041
05/31/2022, 2:20 PMi would try and just add one of your internal DNS servers to your data-resolv-conf or use the experimental host resolver
t
tall-kite-83186
05/31/2022, 2:21 PMI tried the experimental resolver but that didn't cover my case I'm affraid
w
wide-mechanic-33041
05/31/2022, 2:23 PMwell thats interesting since it works outside of the VM be like if Chrome couldn’t look up records on your Intranet
you sure its not some route control policy dropping traffic or a firewall?
t
tall-kite-83186
05/31/2022, 2:25 PMThat's possible, company goes wild with security... 😕 wsl range should be allowed but I have troubles 😞
w
wide-mechanic-33041
05/31/2022, 2:25 PMwell in hostresolver its not coming from WSL any longer
and WSL not using a defined ip space and only rfc1918 is not super helpful
t
tall-kite-83186
05/31/2022, 2:29 PMHmmm, I don't get everything about this but I understand it's not that easy
w
wide-mechanic-33041
05/31/2022, 2:31 PMdoes DNS work with other WSL distros?
often starting with a known good and working back is helpful
t
tall-kite-83186
05/31/2022, 2:32 PMnot out of the box, I have to trick the resolv.conf file
w
wide-mechanic-33041
05/31/2022, 2:33 PMyou mean add an intranet IP to resolve and then it works
t
tall-kite-83186
05/31/2022, 2:34 PMIn the main wsl2 distro I use (arch) I have to change the resolv.conf file to add VPN DNS entries + search terms to ensure it can reach internet or company network
w
wide-mechanic-33041
05/31/2022, 2:39 PMi usually skip the search domains personally, but try hard coding a single internal DNS into the dnsmasq.d file and test with dig or whatever
t
tall-kite-83186
05/31/2022, 2:40 PMWill try so
It appears I almost succeed to allow dns resolution but now I'm failing with "et/http: TLS handshake timeout"
w
wide-mechanic-33041
05/31/2022, 3:31 PMi use a prov script for MTU for that one.
t
tall-kite-83186
05/31/2022, 3:32 PMCan you share this?
w
wide-mechanic-33041
05/31/2022, 3:32 PMsure
#!/bin/sh
ip link set mtu 1250 dev eth0👍 1
t
tall-kite-83186
05/31/2022, 3:36 PMI believe mtu value should match the one defined in the adapter, isn't it?
w
wide-mechanic-33041
05/31/2022, 3:36 PMnope
t
tall-kite-83186
05/31/2022, 3:37 PMOk, I'll just try this way
w
wide-mechanic-33041
05/31/2022, 3:37 PMyour adapter just uses the default, but with layers of virtualization and then the VPN you will find the header bloat causes fragmentation and that I usually find kills TLS
t
tall-kite-83186
05/31/2022, 3:38 PMI works with it
Awesome
w
wide-mechanic-33041
05/31/2022, 3:38 PMnow TLS breakdowns can happen for a lot of reasons. but that has been one of the most common in my experience
t
tall-kite-83186
05/31/2022, 3:39 PMI've seen this as well number of times over troubleshooting threads
f
fast-garage-66093
05/31/2022, 4:34 PM@tall-kite-83186 Could you let us know why the experimental host resolver does not cover your use case? We want to improve it so it covers most configurations correctly without any further configuration.
t
tall-kite-83186
06/01/2022, 6:46 AMWell I initially gave a try and got this feature not working. After a 2nd attempt I got it working. I guess I wrongly restarted my RD the first time