Uploaded image for project: 'Satellite'
  1. Satellite
  2. SAT-39941

aardvark-dns and thus IoP containers fail to start when Satellite is deployed with foreman-proxy-dns=true

XMLWordPrintable

    • False
    • sat-rocket
    • Known Issue
    • Hide
      .Red Hat Lightspeed might fail on Satellite servers with managed DNS

      When the `named` service is already running on a Satellite server, the `aardvark-dns` service, which is required for running containers, fails to start.
      This is caused by a conflict between `named` and `podman` configurations for IPv4 connections.
      As a consequence, Red Hat Lightspeed installations might fail on Satellite servers configured for managed DNS.
      To work around this problem, perform the following steps:

      . Set managed DNS in `satellite-installer` to `unmanaged`:
      +
      ----
      # satellite-installer --foreman-proxy-dns-managed=false
      ----
       
      . Configure your Satellite server to only listen on the local IP addresses by adding the following content to the `/etc/named/options.conf` file:
      +
      ----
      listen-on-v6 { fd00:4::25; };
      listen-on { 192.168.4.25; };
      ----

      . Restart the `named` service.

      . You can verify that the configuration works by checking that the DNS service is listening on port `53`:
      +
      ----
      [root@satellite6:/root]# netstat -tulpn| grep 53
      tcp 0 0 10.130.0.1:53 0.0.0.0:* LISTEN 2199/aardvark-dns
      tcp 0 0 192.168.122.1:53 0.0.0.0:* LISTEN 2252/dnsmasq
      tcp 0 0 192.168.4.25:53 0.0.0.0:* LISTEN 1016/named
      tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 1016/named
      tcp6 0 0 fd00:4::25:53 :::* LISTEN 1016/named
      ----
      Show
      .Red Hat Lightspeed might fail on Satellite servers with managed DNS When the `named` service is already running on a Satellite server, the `aardvark-dns` service, which is required for running containers, fails to start. This is caused by a conflict between `named` and `podman` configurations for IPv4 connections. As a consequence, Red Hat Lightspeed installations might fail on Satellite servers configured for managed DNS. To work around this problem, perform the following steps: . Set managed DNS in `satellite-installer` to `unmanaged`: + ---- # satellite-installer --foreman-proxy-dns-managed=false ----   . Configure your Satellite server to only listen on the local IP addresses by adding the following content to the `/etc/named/options.conf` file: + ---- listen-on-v6 { fd00:4::25; }; listen-on { 192.168.4.25; }; ---- . Restart the `named` service. . You can verify that the configuration works by checking that the DNS service is listening on port `53`: + ---- [ root@satellite6 :/root]# netstat -tulpn| grep 53 tcp 0 0 10.130.0.1:53 0.0.0.0:* LISTEN 2199/aardvark-dns tcp 0 0 192.168.122.1:53 0.0.0.0:* LISTEN 2252/dnsmasq tcp 0 0 192.168.4.25:53 0.0.0.0:* LISTEN 1016/named tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 1016/named tcp6 0 0 fd00:4::25:53 :::* LISTEN 1016/named ----
    • Done
    • Manual

      Description of problem:

      When named is already running on a Satellite the container for aardvark-dns  fails to start

      How reproducible:

      When named is already active on a Satellite

      Is this issue a regression from an earlier version:

      No

      Steps to Reproduce:

      1. Enable managed dns on a Satellite: foreman-installer --foreman-proxy-dns=true

      2. Enable IoP: foreman-installer --enable-iop

       
      Actual behavior:
      Installer fails with errors like

      2025-11-05 05:30:27 [ERROR ] [configure] Nov 05 05:30:27 satellite.example.com iop-core-host-inventory-api[61452]: Error: netavark: error while applying dns entries: IO error: aardvark-dns failed to start: Error from child process
2025-11-05 05:30:27 [ERROR ] [configure] Nov 05 05:30:27 satellite.example.com iop-core-host-inventory-api[61452]: Error starting server failed to bind udp listener on 10.130.0.1:53: IO error: Address already in use (os error 98)

      Expected behavior:
      It should be possible to use managed dns on Satellite and use IoP at the same time

      Business Impact / Additional info:

      IoP installation may fail for all customers who already use managed dns

      The issue is because we deploy named with a configuration that "listens on all interfaces", which includes the newly created podman ones.

              Unassigned Unassigned
              rhn-support-smeyer Stefan Meyer
              Jan Fiala Jan Fiala
              Votes:
              0 Vote for this issue
              Watchers:
              9 Start watching this issue

                Created:
                Updated: