diff --git a/ci/tasks/test-main-docker-cpi.sh b/ci/tasks/test-main-docker-cpi.sh index 0410506c..4ada0576 100755 --- a/ci/tasks/test-main-docker-cpi.sh +++ b/ci/tasks/test-main-docker-cpi.sh @@ -24,7 +24,8 @@ SHA1=$(cat stemcell/sha1) bosh upload-stemcell --sha1 "$SHA1" "$URL" -bosh -n update-runtime-config "${bosh_deployment}/runtime-configs/dns.yml" +bosh -n update-runtime-config "${bosh_deployment}/runtime-configs/dns.yml" \ + --ops-file "${bosh_deployment}/warden/noble-dns.yml" echo "-----> $(date): Deploy" bosh -n -d zookeeper deploy "${bosh_deployment}/ci/assets/zookeeper.yml" diff --git a/ci/tasks/test-main-warden-cpi.sh b/ci/tasks/test-main-warden-cpi.sh index 5ebf2a48..40f9b318 100755 --- a/ci/tasks/test-main-warden-cpi.sh +++ b/ci/tasks/test-main-warden-cpi.sh @@ -22,7 +22,8 @@ SHA1=$(cat stemcell/sha1) bosh upload-stemcell --sha1 "$SHA1" "$URL" -bosh -n update-runtime-config "${bosh_deployment}/runtime-configs/dns.yml" +bosh -n update-runtime-config "${bosh_deployment}/runtime-configs/dns.yml" \ + --ops-file "${bosh_deployment}/warden/noble-dns.yml" echo "-----> $(date): Deploy" bosh -n -d zookeeper deploy "${bosh_deployment}/ci/assets/zookeeper.yml" diff --git a/virtualbox/create-env.sh b/virtualbox/create-env.sh index de7b53a3..2969f821 100755 --- a/virtualbox/create-env.sh +++ b/virtualbox/create-env.sh @@ -101,6 +101,7 @@ STEP "Updating Runtime Config" #### bosh -n update-runtime-config "${bosh_deployment}/runtime-configs/dns.yml" \ + --ops-file "${bosh_deployment}/warden/noble-dns.yml" \ > /dev/null echo Succeeded diff --git a/warden/noble-dns.yml b/warden/noble-dns.yml new file mode 100644 index 00000000..0626a7cb --- /dev/null +++ b/warden/noble-dns.yml @@ -0,0 +1,18 @@ +--- +# Overrides bosh-dns configuration for ubuntu-noble on warden/bosh-lite. +# +# On non-warden noble VMs, disable_recursors=true is correct — systemd-resolved +# handles external DNS via DHCP-provided upstream (e.g. 169.254.169.254 on GCP). +# +# On warden containers there is no physical NIC and no DHCP, so systemd-resolved +# has no global upstream. bosh-dns must handle external resolution directly via +# an explicit recursor. 169.254.169.254 is the link-local metadata DNS available +# on GCP, AWS, and Azure. +- type: replace + path: /addons/name=bosh-dns-systemd/jobs/name=bosh-dns/properties/disable_recursors + value: false + +- type: replace + path: /addons/name=bosh-dns-systemd/jobs/name=bosh-dns/properties/recursors? + value: + - 169.254.169.254